Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ping and other config issues perim int tomdmz e3 to inside e1

PLEASE SEE CONFIG

I wanted to write net a config from a pc on inside to a pc on the tomdmz and vice versa. Sho log reports " No Route to 192.168.2.2 from 192.168.1.1"

I believe my ACLs and Group are correct. I also believe my Static statement from inside to tomdmz is correct. Why is my inside not able to see and pass traffic to my tomdmz int. I am ne w to pix and appreciate any assistance.

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 tomdmz security90

nameif ethernet3 kawdmz security80

nameif ethernet4 intf4 security20

nameif ethernet5 intf5 security25

enable password xxxxxxxxxxxxxxxx encrypted

passwd xxxxxxxxxxxxxxxx encrypted

hostname xxxxxxxxxxx

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list acl_tomdmz permit ip any any

access-list acl_tomdmz permit icmp any any

pager lines 24

logging on

logging timestamp

logging buffered debugging

interface ethernet0 10full

interface ethernet1 100full

interface ethernet2 10full

interface ethernet3 100full

interface ethernet4 auto shutdown

interface ethernet5 auto shutdown

mtu outside 1500

mtu inside 1500

mtu tomdmz 1500

mtu kawdmz 1500

mtu intf4 1500

mtu intf5 1500

ip address outside pppoe setroute

ip address inside 192.168.1.1 255.255.255.0

ip address tomdmz 192.168.2.1 255.255.255.0

ip address kawdmz 192.168.3.1 255.255.255.0

ip address intf4 127.0.0.1 255.255.255.255

ip address intf5 127.0.0.1 255.255.255.255

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

failover ip address tomdmz 0.0.0.0

failover ip address kawdmz 0.0.0.0

failover ip address intf4 0.0.0.0

failover ip address intf5 0.0.0.0

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.0 0 0

nat (tomdmz) 1 192.168.2.0 255.255.255.0 0 0

nat (kawdmz) 1 192.168.3.0 255.255.255.0 0 0

static (inside,tomdmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0

access-group acl_tomdmz in interface tomdmz

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet timeout 5

ssh timeout 5

vpdn group pppoe-sbc request dialout pppoe

vpdn group pppoe-sbc localname xxxxxx

vpdn group pppoe-sbc ppp authentication pap

vpdn username xxxxxx password xxxxxxxxx

dhcpd address 192.168.1.20-192.168.1.30 inside

dhcpd dns 151.164.11.201 151.164.20.201

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd enable inside

terminal width 80

Cryptochecksum: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1 REPLY
New Member

Re: ping and other config issues perim int tomdmz e3 to inside e

Here is what you can do :

Remove Static

static (inside,tomdmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0

Add the following Statements

access-list XYZ permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list XYZ permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list XYZ

nat (tomdmz) 0 access-list XYZ

I hope this works. Good Luck!

Desh

94
Views
0
Helpful
1
Replies
CreatePlease to create content