Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Please help me with configuration ASA 5540

Dear friends my name is kamil and i am new in firewall configuration.please help me with configuration in asa access from dmz to inside interface and access from inside to dmz interface.here is attachment of my configuration.i want to ping from inside dmz host and from dmz inside host.please tell me where is my mistakes thanks in advance

1 REPLY
Cisco Employee

Re: Please help me with configuration ASA 5540

You are only allowing two hosts to ping each other. This will also deny all other traffic as the implicit deny any any will kick in.

Pls. remove these two lines below

access-group inside_access_in in interface inside

access-group dmz3_access_in in interface dmz3

and try the ping again. Make sure to source the ping from the inside interface or from a high security to a low security interface. You do have icmp inspection enabled and the replies should will be automatically allowed.

99
Views
0
Helpful
1
Replies