04-04-2008 12:27 AM - edited 03-09-2019 08:26 PM
I'm setting up ASA5540 to replace PIX525. I have a problem, traffic is not flowing from the DMZ to Outside interface. I enabled ping from the outside interface to dmz and debugged icmp trace. This is what i found, "ICMP echo request untranslating Outside:172.18.124.3 to DMZ:exchange
ICMP echo request from Outside:172.18.124.1 to DMZ:172.18.124.3 ID=1024 seq=24576 len=32"
Simply, there was no reply from the DMZ. And when i ping from DMZ to Outside, i dont see any traffic passing in ASA. Please help as my emails are not going out. Attached is my configuration file.
04-04-2008 06:25 AM
You need to allow icmp in your outside and dmz access lists. Also, you are only allowing your exchange server to smtp to 172.16.0.0.
04-04-2008 07:07 AM
Sorry that config is rather old, i have this access list in my current config.
access-list outside_access_dmz extended permit icmp any host 172.18.124.3
but still i get the same.
04-04-2008 07:38 AM
I looked at your config and was extremely confused at what you're trying to accomplish. But, I only glanced at it and not trying to construct your network.
My suggestions, albeit a novice one, would be to add ICMP to your inspection. As far as the connectivity, I'm hard pressed to find what you're doing with the IP scheme and your nat0.
Sorry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide