09-02-2007 12:16 AM - edited 03-05-2019 06:14 PM
hi
we have server on DMZ area (front exchange) which we need to make it able pinging a server on protected lan (and open ssl tunnel) .
the problem is i coudlnt make my server on DMZ area which sec50 able to ping the servere on my protected lan how to do that?
what is wrong in our current configuration
check it put please
: Saved
:
ASA Version 7.0(6)
!
hostname VOOASAGATE
domain-name xxx.com
enable password xxx
names
dns-guard
!
interface GigabitEthernet0/0
nameif OUTSIDE
security-level 0
ip address 62.240.*.* 255.255.*.*
!
interface GigabitEthernet0/1
nameif INSIDELAN
security-level 100
ip address 192.168.*.* 255.255.*.*
!
interface GigabitEthernet0/2
nameif DMZ
security-level 50
ip address 10.55.*.* 255.255.*.*
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 172.16.0.1 255.240.0.0
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in remark PINGING
access-list DMZ_access_in extended permit ip any host 10.55.*.*
access-list INSIDELAN_access_in extended permit icmp any any
pager lines 24
logging asdm informational
mtu OUTSIDE 1500
mtu INSIDELAN 1500
mtu DMZ 1500
mtu management 1500
no failover
asdm image disk0:/asdm506.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
global (DMZ) 1 interface
nat (INSIDELAN) 1 0.0.0.0 0.0.0.0
nat (DMZ) 1 0.0.0.0 0.0.0.0
static (INSIDELAN,DMZ) 10.55.*.* 192.168.*.* netmask 255.255.255.255
access-group INSIDELAN_access_in in interface INSIDELAN
access-group DMZ_access_in in interface DMZ
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 172.16.0.0 255.240.0.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 172.16.0.2-172.16.0.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
Cryptochecksum:xxx
: end
09-02-2007 12:21 AM
Hi
Is the server on the protected LAN a 192.168.x.x address ?
If so try changing
static (INSIDELAN,DMZ) 10.55.*.* 192.168.*.* netmask 255.255.255.255
to
static (INSIDELAN,DMZ) 192.168.x.x 192.168.x.x netmask 255.255.255.255
HTH
Jon
09-02-2007 01:39 AM
hi my nobel sir
you are such a gift
May God lead you to the best way he knows
thank you sooo much
you deserve to be a acisco expert with honour
thank you
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: