Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

inside doesnt see dmz

Hi

i have a cisco pix firewall (515E)

i ve configured it with :

inside 10.1.1.1 255.255.0.0

dmz 192.168.100.1 255.255.255.0

outside 100.100.85.2

route outside 0.0.0.0 0.0.0.0 100.100.85.1(internet router)

global (dmz) 1 192.168.100.10-192.168.100.20

global (outside) 1 100.100.85.10-100.100.85.20

nat (inside) 1 10.1.0.0 255.255.0.0

conduit permit icmp any any

conduit permit tcp any any

but when i do ping from host at inside with ip address 10.1.1.10 to 192.168.100.10 (host at dmz) i have request timeout message.

and when i ping internet from inside its work and i have reply.

please help me . emergency

2 REPLIES
Gold

Re: inside doesnt see dmz

for inside to access dmz,

no global (dmz) 1 192.168.100.10-192.168.100.20

static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0

clear xlate

Cisco Employee

Re: inside doesnt see dmz

The rules you configured allow internal host to go to the dmz

nat (inside) 1 10.1.0.0 255.255.0.0

global (dmz) 1 192.168.100.10-192.168.100.20

The conduit allows you to ping

conduit permit icmp any any

Why are you not getting a response? In order to get an answer you need to do more troubleshooting

check if the packets are making it to the inside interface

debug packet inside dst 192.168.100.10 proto icmp

Try to ping, if you see the packet, remove the debug and place it on the dmz

debug packet dmz dst 192.168.100.10 proto icmp

If you see the requests passing, check the computers default gateway

You can use the "debug icmp trace" command as well

For more info

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1059143

If you don't see the packets, send your configuration so I can check it out,

Franco Zamora

86
Views
3
Helpful
2
Replies
CreatePlease to create content