Re: asa5510 connection from dmz to same dmz over public ip
Within the segment, or in your case, DMZ, all hosts in that segment need to communicate with their own physical IP (under the same subnet group), not NATted public IP.
Example, the 192.168.101.119 server must and can only talk to 192.168.101.118, not the 192.168.101.118's Public IP, which is 126.96.36.199. No communication can and will ever take place if any 192.168.101.x host try to talk to any server within the same segment using the target server's Public IP Address, and PIX will never allow it.
The reason you NAT or MAP your private IP to a Public IP is only to allow outside/internet users to access your DMZ server via a routable/recognize Public IP.
As far as PIX is concerned, this is only a virtual IP for DMZ host to have external connection/session be initiated from outside, not by any member hosts within the same DMZ segment, or any other segment with lower security level.
So, if you want to allow any host in DMZ to talk to each other, use their own physical IP Addresses (192.168.101.x), not the NATted address. I am sure you can always ping any host/server in DMZ using their own 192.168.101.x IP, but not the Public IP of the machine (will get timed-out).
If you wanted to simply test the reachability of your DMZ server from internet, you can do it either from your internet router, or connect your laptop to the same segment of your PIX Outside interface and internet router FE, or have somebody who has internet access to ping or access it via whatever services you opened, i.e ftp, www and so on.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :