Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

No connectivity between Inside host and Outside,DMZ hosts

Unanswered Question
Nov 4th, 2014
User Badges:

Dear All,

           I built  a simple network in GNS3 where i have ASA with 3 interfaces. eth1  interface of ASA is connected to my Windows Host Machine (MS Loopback adapter) which is representing an Inside Host. Interface eth0 of ASA is connected to an outside network which is a Qemu  host(microcore) and third interface eth2 is representing DMZ network which is  again a Qemu host(microcore).

The problem that i am facing is that i am not able to ping from my Inside Host to DMZ or Outside and vice versa. Security level of all three interfaces of ASA are set to 0 and i have enabled allow traffic from one or more interfaces with the same level of security.

Any idea? You can refer to the images attached

Thanks in adance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Vibhor Amrodia Tue, 11/04/2014 - 08:40
User Badges:
  • Cisco Employee,


From these end devices are you able to ping the connected interfaces on the ASA device ? If yes , try to enable fixup protocol icmp and see if that resolves the issue ?

Thanks and Regards,

Vibhor Amrodia

sabonasdasdasd Tue, 11/04/2014 - 08:55
User Badges:

My issue has been resolved, but i dont exactly know which step i performed out of several steps which resolved my issue.

First of all i added a route on my windows cmd for both DMZ and Outside qemu host like this:

route add mask   --> for outside host 

route add mask    --> for DMZ  host


Also i did this in my ASA command shell:

ASA(config)# policy-map global_policy
ASA(config-pmap)# class inspection_default
ASA(config-pmap-c)# inspect icmp


Another important thing which i did was i added default gateway for my Outside host to the interface IP address of ASA which connected that outside qemu host like this:

ifconfig eth1 netmask up
route add default gw       --> is IP address of outside interface of ASA

I repeated above step for DMZ like below:

ifconfig eth1 netmask up
route add default gw     --> is ASA's DMZ interface IP


After doing above three steps i have full connectivity between my inside host and dmz and outside host.


I didnt get one thing i,e ASA is not a router then why i needed to add route in windows for communicating with dmz and outside host? and i needed to set asa's interface IP's as default gateway for DMZ and Outside Qemu hosts? could you clarify my concepts? Thanks


This Discussion