Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ASA 5510 issue

Hi,

I have Cisco ASA 5510 ,which 4 interface and one management interface

Please go through the following interface configuration and nat and access-list,then i have a PC connected a PC in the dmz switch whose IP add is 172.16.1.100 /24

And I have another PC connected to inside zone whose Ip add is 192.168.100.100 which is natted to 172.16.2.1 for DMZ to Inside communication.

Now the issue is I am not able to ping(172.16.2.20) the PC (private IP is 192.168.100.100 natted IP 172.16.2.20)from the dmz zone PC (from 172.16.1.100)

Please help me to resolve the issue.

configuration details:

interface Ethernet0/0

nameif outside

speed 100

duplex full

security−level 0

ip address 10.20.158.32 255.255.0.0

no shut

interface Ethernet0/1

nameif inside

security−level 100

speed 100

duplex full

ip address 192.168.100.1 255.255.255.0

no shut

interface Ethernet0/2

nameif dmz

security−level 50

speed 100

duplex full

ip address 172.16.1.2 255.255.255.0

no shut

route Outside 0.0.0.0 0.0.0.0 10.20.0.1

nat (inside) 1 192.168.100.0 255.255.255.0 0 0

global (outside) 1 interface

static (inside,DMZ) 172.16.2.20 192.168.100.100

netmask 255.255.255.255

access−list DMZtoInside extended permit ip host 172.16.1.100 host 172.16.2.20

access−group DMZtoInside in interface DMZ

Then trouble shooting by issuing clear xlate,then try pinging... but not pinging,from the ASA propmt I able to ping both inside interface IP and dmz interface IP,and both zone PCs,but not able to ping between PCS.

Please help me to resolve the issue.

Thanks and Regards,

S.Venkataraman

1 REPLY
Green

Re: Cisco ASA 5510 issue

You must allow icmp in your acl.

access−list DMZtoInside extended permit icmp host 172.16.1.100 host 172.16.2.20

Please rate helpful posts.

106
Views
0
Helpful
1
Replies
CreatePlease to create content