cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
195
Views
3
Helpful
2
Replies

inside doesnt see dmz

mrmozaffari
Level 1
Level 1

Hi

i have a cisco pix firewall (515E)

i ve configured it with :

inside 10.1.1.1 255.255.0.0

dmz 192.168.100.1 255.255.255.0

outside 100.100.85.2

route outside 0.0.0.0 0.0.0.0 100.100.85.1(internet router)

global (dmz) 1 192.168.100.10-192.168.100.20

global (outside) 1 100.100.85.10-100.100.85.20

nat (inside) 1 10.1.0.0 255.255.0.0

conduit permit icmp any any

conduit permit tcp any any

but when i do ping from host at inside with ip address 10.1.1.10 to 192.168.100.10 (host at dmz) i have request timeout message.

and when i ping internet from inside its work and i have reply.

please help me . emergency

2 Replies 2

jackko
Level 7
Level 7

for inside to access dmz,

no global (dmz) 1 192.168.100.10-192.168.100.20

static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0

clear xlate

fzamora
Cisco Employee
Cisco Employee

The rules you configured allow internal host to go to the dmz

nat (inside) 1 10.1.0.0 255.255.0.0

global (dmz) 1 192.168.100.10-192.168.100.20

The conduit allows you to ping

conduit permit icmp any any

Why are you not getting a response? In order to get an answer you need to do more troubleshooting

check if the packets are making it to the inside interface

debug packet inside dst 192.168.100.10 proto icmp

Try to ping, if you see the packet, remove the debug and place it on the dmz

debug packet dmz dst 192.168.100.10 proto icmp

If you see the requests passing, check the computers default gateway

You can use the "debug icmp trace" command as well

For more info

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1059143

If you don't see the packets, send your configuration so I can check it out,

Franco Zamora

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: