Please help me with configuration ASA 5540

Unanswered Question
Sep 5th, 2009

Dear friends my name is kamil and i am new in firewall configuration.please help me with configuration in asa access from dmz to inside interface and access from inside to dmz interface.here is attachment of my configuration.i want to ping from inside dmz host and from dmz inside host.please tell me where is my mistakes thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Sat, 09/05/2009 - 18:51

You are only allowing two hosts to ping each other. This will also deny all other traffic as the implicit deny any any will kick in.

Pls. remove these two lines below

access-group inside_access_in in interface inside

access-group dmz3_access_in in interface dmz3

and try the ping again. Make sure to source the ping from the inside interface or from a high security to a low security interface. You do have icmp inspection enabled and the replies should will be automatically allowed.

Actions

This Discussion