Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
5
Helpful
2
Replies

ASA5540 Issue

haifazakr
Level 1
Level 1

‎09-02-2007 12:16 AM - edited ‎03-05-2019 06:14 PM

hi

we have server on DMZ area (front exchange) which we need to make it able pinging a server on protected lan (and open ssl tunnel) .

the problem is i coudlnt make my server on DMZ area which sec50 able to ping the servere on my protected lan how to do that?

what is wrong in our current configuration

check it put please

: Saved

:

ASA Version 7.0(6)

!

hostname VOOASAGATE

domain-name xxx.com

enable password xxx

names

dns-guard

!

interface GigabitEthernet0/0

nameif OUTSIDE

security-level 0

ip address 62.240.*.* 255.255.*.*

!

interface GigabitEthernet0/1

nameif INSIDELAN

security-level 100

ip address 192.168.*.* 255.255.*.*

!

interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 10.55.*.* 255.255.*.*

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 172.16.0.1 255.240.0.0

management-only

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

access-list DMZ_access_in extended permit icmp any any

access-list DMZ_access_in remark PINGING

access-list DMZ_access_in extended permit ip any host 10.55.*.*

access-list INSIDELAN_access_in extended permit icmp any any

pager lines 24

logging asdm informational

mtu OUTSIDE 1500

mtu INSIDELAN 1500

mtu DMZ 1500

mtu management 1500

no failover

asdm image disk0:/asdm506.bin

no asdm history enable

arp timeout 14400

global (OUTSIDE) 1 interface

global (DMZ) 1 interface

nat (INSIDELAN) 1 0.0.0.0 0.0.0.0

nat (DMZ) 1 0.0.0.0 0.0.0.0

static (INSIDELAN,DMZ) 10.55.*.* 192.168.*.* netmask 255.255.255.255

access-group INSIDELAN_access_in in interface INSIDELAN

access-group DMZ_access_in in interface DMZ

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 172.16.0.0 255.240.0.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 172.16.0.2-172.16.0.254 management

dhcpd lease 3600

dhcpd ping_timeout 50

Cryptochecksum:xxx

: end

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎09-02-2007 12:21 AM

Hi

Is the server on the protected LAN a 192.168.x.x address ?

If so try changing

static (INSIDELAN,DMZ) 10.55.*.* 192.168.*.* netmask 255.255.255.255

to

static (INSIDELAN,DMZ) 192.168.x.x 192.168.x.x netmask 255.255.255.255

HTH

Jon

haifazakr
Level 1
Level 1
In response to Jon Marshall

‎09-02-2007 01:39 AM

hi my nobel sir

you are such a gift

May God lead you to the best way he knows

thank you sooo much

you deserve to be a acisco expert with honour

thank you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card