Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Communication to both dmz address and inside address


I had an problem yesterday when i try to upgrade my fwsm from version 2.3 to 3.2.

In version 2.3 i was able to connect to an dmz address directly and to it's inside nat address.

But after the upgrade it was not possible anymore to connect to the dmz address. Connecting to its inside address was no problem.

Dmz addres is natted inside address is

In version 2.3 when i was pinging to address i got an replay from

Is this normal behaviour or is this an bug in version 2.3 and normal operation in version 3.2.

This is the only rule i configured

"static (DMZ_2244,inside) netmask"

"static (inside,DMZ_2244) netmask "

I saw no deny's in the acl logging.

So nothing is blocked.

Are there people with similar issues ?



Re: Communication to both dmz address and inside address

Just 2 commands is what you need to permit access from the DMZ FES to the Inside BES. Remember that depending on your translation timout (xlate timeout) if its at the default of 3 hours you will need to wait for this to timeout before this takes affect. Although a simple "clear xlate" will cause it to take immediate affect, but please remember that this command will cause temporary loss of connection through the PIX for all your traffic.

CreatePlease to create content