02-28-2007 02:44 PM - edited 03-11-2019 02:39 AM
I would be grateful if anyone can enlighten me with regards to what I am doing wrong in setting up my asas5510. I?m unable to ping out to the Internet from my DMZ or from the inside out to the internet. I can ping devices on the inside and I can ping from inside to devices in the DMZ. I?m also like to place my DNS server in the DMZ and unclear on DNS rewrites works or what needs to done to lace a dns server in the dmz .
Thanks
03-01-2007 12:55 AM
Add another access-list
access-list outside_access_in extended permit icmp any x.x.x.x y.y.y.y
For ICMP alone you need to specify an acceslist on the outside interface to allow replies to come back...
HTH
Hoogen
Do rate if this helped :)
03-01-2007 08:36 AM
You can restrict ICMP even further if you only allow inbound echo replies instead of all inbound ICMP. This will prevent attackers from gleaning information using pings to your public range.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide