I have tried below situation that I have a host in DMZ and set its IP to 192.168.50.101 and after static NAT map to 192.168.20.101 to outside.
This host with physical IP is 192.168.50.101 at DMZ zone and I tried to ping this host from a different host at outside zone to this 192.168.50.101 and it is not successful. Same apply when I ping the outside host from this host at DMZ and it is not successful too. However, when I use the outside host to ping the mapped address 192.168.20.101, it is OK.
Below is the extract from the ASA command line :
ciscoasa(config)# sh nat
NAT policies on Interface dmz: match ip dmz host DRMServer outside any static translation to MapAddDMZtoOutside translate_hits = 5, untranslate_hits = 8
whereby MapAddDMZtoOutside is 192.168.20.101 and whenever the ping is ok, the translate_hits will increase and when not ok, the untranslate_hits will increase.
May I know is it possible that to activate any command or rule so that the IP for static NAT mapped address 192.168.20.101 can be ping from DMZ and not only at outside network?
Now, this host in DMZ can only ping at outside with the mapped address. Is it only way and it shoudl be like that?
With other IP address in DMZ and Outside network, they are able to ping each other in both directions.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :