Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access List for ICMP traffic to server on DMZ

If I had a server on the DMZ with a static nat, could someone give me a rough example of what the access list line would look on the firewall AND outside router if I wanted to allow anyone from the Internet to ping it and have it reply.

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Access List for ICMP traffic to server on DMZ

Generaly from Internet to DMZ you need permit ICMP echo (ping) and from DMZ to Internet you need to permit ICMP echo-reply (ping respose)

On firewall

access-list out_dmz permit icmp any host Public_IP_of_server echo

access-list dmz_out permit icmp host private_IP_of_server any echo-reply

On router it should be similar in the direction public - private echo in the direction private - public echo-reply

2 REPLIES
Gold

Re: Access List for ICMP traffic to server on DMZ

Generaly from Internet to DMZ you need permit ICMP echo (ping) and from DMZ to Internet you need to permit ICMP echo-reply (ping respose)

On firewall

access-list out_dmz permit icmp any host Public_IP_of_server echo

access-list dmz_out permit icmp host private_IP_of_server any echo-reply

On router it should be similar in the direction public - private echo in the direction private - public echo-reply

New Member

Re: Access List for ICMP traffic to server on DMZ

I'm not sure I understand the placement of the firewall access-lists since there is the outside interface and the dmz interface where the server resides. Can you explain that better? Thank you.

157
Views
0
Helpful
2
Replies