01-29-2008 07:39 AM - edited 03-11-2019 04:55 AM
If I had a server on the DMZ with a static nat, could someone give me a rough example of what the access list line would look on the firewall AND outside router if I wanted to allow anyone from the Internet to ping it and have it reply.
Solved! Go to Solution.
01-29-2008 07:46 AM
Generaly from Internet to DMZ you need permit ICMP echo (ping) and from DMZ to Internet you need to permit ICMP echo-reply (ping respose)
On firewall
access-list out_dmz permit icmp any host Public_IP_of_server echo
access-list dmz_out permit icmp host private_IP_of_server any echo-reply
On router it should be similar in the direction public - private echo in the direction private - public echo-reply
01-29-2008 07:46 AM
Generaly from Internet to DMZ you need permit ICMP echo (ping) and from DMZ to Internet you need to permit ICMP echo-reply (ping respose)
On firewall
access-list out_dmz permit icmp any host Public_IP_of_server echo
access-list dmz_out permit icmp host private_IP_of_server any echo-reply
On router it should be similar in the direction public - private echo in the direction private - public echo-reply
01-29-2008 12:37 PM
I'm not sure I understand the placement of the firewall access-lists since there is the outside interface and the dmz interface where the server resides. Can you explain that better? Thank you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: