Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ping INSIDE host from DMZ

q1: How can I ping an inside host from a dmz host ?

q2: Do I need STATIC NAT for the INSIDE host to have a DMZ IP address ?

PIX CONFIGURATION:

inside host 10.1.1.1 255.0.0.0

dmz host 192.168.170.1 255.255.255.0

NAT 1 (DMZ) 192.168.170.1 255.255.255.255

static (inside,outside) 172.16.22.22 10.1.1.1

_ all TCP and UDP permitted on INSIDE interface

_ No access-list applied to DMZ interface

_ I can ping from DMZ to OUTSIDE host

1 REPLY
Anonymous
N/A

Re: Ping INSIDE host from DMZ

The Pix does not allow ping to any interface from an opposite interface. So you will never be able to ping dmz or outside from inside, or to ping inside or outside from dmz. Is this what you are trying to do? If so it will not work. To enable ping inside host -> outside or dmz host, or dmz host -> outside host you need nat and global or static. To ping outside -> inside or dmz or dmz -> inside you need static and access list or conduit.

156
Views
0
Helpful
1
Replies