Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
1
Replies

Ping INSIDE host from DMZ

admin_2
Level 3
Level 3

‎06-26-2002 02:16 PM - edited ‎03-08-2019 11:11 PM

q1: How can I ping an inside host from a dmz host ?

q2: Do I need STATIC NAT for the INSIDE host to have a DMZ IP address ?

PIX CONFIGURATION:

inside host 10.1.1.1 255.0.0.0

dmz host 192.168.170.1 255.255.255.0

NAT 1 (DMZ) 192.168.170.1 255.255.255.255

static (inside,outside) 172.16.22.22 10.1.1.1

_ all TCP and UDP permitted on INSIDE interface

_ No access-list applied to DMZ interface

_ I can ping from DMZ to OUTSIDE host

Labels:
0 Helpful
1 Reply 1

Not applicable

‎06-26-2002 02:16 PM

The Pix does not allow ping to any interface from an opposite interface. So you will never be able to ping dmz or outside from inside, or to ping inside or outside from dmz. Is this what you are trying to do? If so it will not work. To enable ping inside host -> outside or dmz host, or dmz host -> outside host you need nat and global or static. To ping outside -> inside or dmz or dmz -> inside you need static and access list or conduit.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents