DMZ and Ping issue when changing ip address for a server

zillah2004 · ‎01-03-2007

I have got a media server 2003 installed in DMZ zone (Cisco PIX 525) , with an ip address 192.168.101.204/24, it was able to ping other servers (sql server , help server, etc ) which are in DMZ zone as well. Basically all servers are in DMZ area

Recently this media server is not able to ping these servers (sql server , help server, etc) , I do not why, but if I changed the ip address (last octet only) for this media server to 192.168.101.222 , it would be able to ping other servers (sql server , help server, etc).

There is no firewall on the media server and there is no firewall on the other servers as well.

All servers have got win2003 OS.

The error message for ping is : timed out

This is no entry with our cisco PIX for both IP addresses 192.168.101.204 and 192.168.101.222

bthibode · ‎01-06-2007

Sounds like an ARP issue. On your PIX, issue a clear arp and then test the ping.

zillah2004 · ‎01-07-2007

I forgot to tell that we have got two cisco switches in dmz zone 3550, and both of them as connected to each other. The servers in MDZ are spreaded between these two switches.

zillah2004 · ‎01-08-2007

((Sounds like an ARP issue. On your PIX, issue a clear arp and then test the ping.))

Since the PIX won't do anything with the ICMP traffic on the DMZ local network.

ICMP traffic will go into one port of the switch and out the relevant one to the receiving server, and never reach the PIX.

But "arp -d" command on the server solved this issue,,,,thanks for reminding me about arp cache