I applied ASA 5510 in my network,
I configured 3 interfaces DMZ, Inside and Outside
From the ASA, I can access Inside, DMZ and Outside (Internet)
Inside users can communicate with DMZ Servers
Inside users can goto Internet via outside interface
DMZ servers can goto Internet via outside interface
DMZ servers CANNOT Ping Inside network
I was using IpSec VPN on my router,
clients connect to the router using Cisco VPN Client software,
NOW, when I included ASA in the network, VPN clients are unable to communicate with DMZ servers
security level 0 for outside
50 for DMZ
100 for Inside
NAT is off using no nat-control command
Do I need to ON the NAT and some ACL should be in place...
Please advise me, what ACL should I implement, interface? direction?
What NAT statement should I include?
I want to access my network via VPN...
ICMP Pings are not stateful. The firewall needs special handling to dynamically permit the pings back, this is done via the 'ICMP inspection'. By default the ICMP inspection is disabled. You can either enable inspection or use an ACL to permit the ICMP traffic. Here is a useful link:
Please rate if helpful.