Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ping and other config issues perim int tomdmz e3 to inside e1


I wanted to write net a config from a pc on inside to a pc on the tomdmz and vice versa. Sho log reports " No Route to from"

I believe my ACLs and Group are correct. I also believe my Static statement from inside to tomdmz is correct. Why is my inside not able to see and pass traffic to my tomdmz int. I am ne w to pix and appreciate any assistance.

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 tomdmz security90

nameif ethernet3 kawdmz security80

nameif ethernet4 intf4 security20

nameif ethernet5 intf5 security25

enable password xxxxxxxxxxxxxxxx encrypted

passwd xxxxxxxxxxxxxxxx encrypted

hostname xxxxxxxxxxx

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000


access-list acl_tomdmz permit ip any any

access-list acl_tomdmz permit icmp any any

pager lines 24

logging on

logging timestamp

logging buffered debugging

interface ethernet0 10full

interface ethernet1 100full

interface ethernet2 10full

interface ethernet3 100full

interface ethernet4 auto shutdown

interface ethernet5 auto shutdown

mtu outside 1500

mtu inside 1500

mtu tomdmz 1500

mtu kawdmz 1500

mtu intf4 1500

mtu intf5 1500

ip address outside pppoe setroute

ip address inside

ip address tomdmz

ip address kawdmz

ip address intf4

ip address intf5

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside

failover ip address inside

failover ip address tomdmz

failover ip address kawdmz

failover ip address intf4

failover ip address intf5

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0 0

nat (tomdmz) 1 0 0

nat (kawdmz) 1 0 0

static (inside,tomdmz) netmask 0 0

access-group acl_tomdmz in interface tomdmz

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet timeout 5

ssh timeout 5

vpdn group pppoe-sbc request dialout pppoe

vpdn group pppoe-sbc localname xxxxxx

vpdn group pppoe-sbc ppp authentication pap

vpdn username xxxxxx password xxxxxxxxx

dhcpd address inside

dhcpd dns

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd enable inside

terminal width 80

Cryptochecksum: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

New Member

Re: ping and other config issues perim int tomdmz e3 to inside e

Here is what you can do :

Remove Static

static (inside,tomdmz) netmask 0 0

Add the following Statements

access-list XYZ permit ip

access-list XYZ permit ip

nat (inside) 0 access-list XYZ

nat (tomdmz) 0 access-list XYZ

I hope this works. Good Luck!


CreatePlease to create content