Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5540 Issue

hi

we have server on DMZ area (front exchange) which we need to make it able pinging a server on protected lan (and open ssl tunnel) .

the problem is i coudlnt make my server on DMZ area which sec50 able to ping the servere on my protected lan how to do that?

what is wrong in our current configuration

check it put please

: Saved

:

ASA Version 7.0(6)

!

hostname VOOASAGATE

domain-name xxx.com

enable password xxx

names

dns-guard

!

interface GigabitEthernet0/0

nameif OUTSIDE

security-level 0

ip address 62.240.*.* 255.255.*.*

!

interface GigabitEthernet0/1

nameif INSIDELAN

security-level 100

ip address 192.168.*.* 255.255.*.*

!

interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 10.55.*.* 255.255.*.*

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 172.16.0.1 255.240.0.0

management-only

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

access-list DMZ_access_in extended permit icmp any any

access-list DMZ_access_in remark PINGING

access-list DMZ_access_in extended permit ip any host 10.55.*.*

access-list INSIDELAN_access_in extended permit icmp any any

pager lines 24

logging asdm informational

mtu OUTSIDE 1500

mtu INSIDELAN 1500

mtu DMZ 1500

mtu management 1500

no failover

asdm image disk0:/asdm506.bin

no asdm history enable

arp timeout 14400

global (OUTSIDE) 1 interface

global (DMZ) 1 interface

nat (INSIDELAN) 1 0.0.0.0 0.0.0.0

nat (DMZ) 1 0.0.0.0 0.0.0.0

static (INSIDELAN,DMZ) 10.55.*.* 192.168.*.* netmask 255.255.255.255

access-group INSIDELAN_access_in in interface INSIDELAN

access-group DMZ_access_in in interface DMZ

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 172.16.0.0 255.240.0.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 172.16.0.2-172.16.0.254 management

dhcpd lease 3600

dhcpd ping_timeout 50

Cryptochecksum:xxx

: end

2 REPLIES
Hall of Fame Super Blue

Re: ASA5540 Issue

Hi

Is the server on the protected LAN a 192.168.x.x address ?

If so try changing

static (INSIDELAN,DMZ) 10.55.*.* 192.168.*.* netmask 255.255.255.255

to

static (INSIDELAN,DMZ) 192.168.x.x 192.168.x.x netmask 255.255.255.255

HTH

Jon

New Member

Re: ASA5540 Issue

hi my nobel sir

you are such a gift

May God lead you to the best way he knows

thank you sooo much

you deserve to be a acisco expert with honour

thank you

90
Views
5
Helpful
2
Replies
CreatePlease login to create content