TRAFFIC Between 2 DMZs

Unanswered Question
Oct 1st, 2010
User Badges:

Hi Pros,

               I have a problem with traffic in two DMZs. Let's call them DMZ10 and DMZ20. DMZ10 has a security level of 40 and dmz20 has a security level of 90. By default, the higher sec level is able to access, the lower sec level, but if you want the lower sec level to access the higher one, you need to create an access rule. Using the Packet tracert, my highest sec level,in this case DMZ20, can't ping any device in DMZ10. Packet tracert shows that the interface of the DMZ20 drop the packet, i tried to add and access to explicitely permit dmz10 that didn't change a thing. I add a simular rule of dmz10 with no success result.

Can someone help me shed some light on this issue?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mirober2 Fri, 10/01/2010 - 09:16
User Badges:
  • Cisco Employee,

Hi Paul,

Can you please post a copy of your config? We would need to see the ACLs and NAT rules that apply to these interfaces. Also, the full packet-tracer output may help as well (i.e. what step was the packet being dropped on?).



This Discussion