Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

dmz unable to access the internet

I have DMZ interface with 192.168.1.0\24with the following config on the firewall:

nat (dmz) 2 192.168.1.0 255.255.255.0

global (outside) 2 <publicIP>

the dmz interface on the firewall is 192.168.1.1 and it can ping all dmz servers, so routing is not the issue

and no access-group for the dmz interface.

yet dmz servers are unable to access the internet.

is there anything missing in this config?

when I run a capture I see the traffic hitting the dmz interface yet nothing coming back, ie:

158: 06:27:07.126000 192.168.1.13 > 4.2.2.2: icmp: echo request
159: 06:27:12.625822 192.168.1.13 > 4.2.2.2: icmp: echo request
160: 06:27:18.125771 192.168.1.13 > 4.2.2.2: icmp: echo request
161: 06:27:23.625639 192.168.1.13 > 4.2.2.2: icmp: echo request
162: 06:27:29.125573 192.168.1.13 > 4.2.2.2: icmp: echo request

3 REPLIES
New Member

Re: dmz unable to access the internet

Looks good from my point.

Please check the security lvl of your interfaces.

Maybe you need to assign a higher security lvl to your DMZ interface

HTH (if so please rate )

cheers Michael

Super Bronze

Re: dmz unable to access the internet

If you are testing with ping, please make sure that icmp inspection has been turned on/enabled.

If you are using the default policy map on the ASA, the configuration will be as follows:

policy-map global_policy
class inspection_default

     inspect icmp

Hope that helps.

Cisco Employee

Re: dmz unable to access the internet

Have you enabled ICMP traffic on the outside interface of the firewall? If no, please try "icmp permit any outside". Also, which firewall you are using? Is it 5505? If it is 5505, you might have license limitations.

244
Views
0
Helpful
3
Replies