Cannot ping server in DMZ from inside

Discussion in 'Cisco' started by Ivana, Apr 12, 2005.

  1. Ivana

    Ivana Guest

    I have PIX 515E, 6.3(4) with three interfaces dmz, inside and outside.

    I cannot ping server in dmz from inside, but I can do www, for example. I
    cannot find the cause for this problem, I would appreciate if anyone can
    help me.

    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 dmz security4
    ---
    access-list inside_access_in permit tcp any host 173.17.2.2 eq www
    access-list inside_access_in permit icmp host 10.10.10.10 host 173.17.2.2
    access-list dmz_access_in permit icmp host 173.17.2.2 host 10.10.10.10
    access-list nonatdmz permit ip any 173.17.2.0 255.255.255.0
    access-list nonatoutside permit ip 173.17.2.0 255.255.255.0 any
    ---
    ip address outside 192.168.0.1 255.255.255.0
    ip address inside 10.10.10.4 255.255.0.0
    ip address dmz 173.17.2.1 255.255.255.0
    ---
    global (outside) 1 192.168.0.100
    global (outside) 2 192.168.1.100
    nat (inside) 0 access-list nonatdmz
    nat (dmz) 0 access-list nonatoutside
    nat (inside) 2 10.10.10.10 255.255.255.255 0 0
    ---
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    access-group dmz_access_in in interface dmz

    What am I missing?

    Thanks in advance,
    Ivana
     
    Ivana, Apr 12, 2005
    #1
    1. Advertising

  2. Ivana

    Brian Guest

    Try adding the following lines:
    static (inside,dmz) 10.10.10.10 10.10.10.10 netmask 255.255.255.255 0 0
    static (dmz,inside) 173.17.2.2 173.17.2.2 netmask 255.255.255.255 0 0

    Obviously, if you want other devices to be able to communicate accross
    these security contexts, you will need to make these lines a bit less
    restrictive.
     
    Brian, Apr 12, 2005
    #2
    1. Advertising

  3. Ivana

    Ivana Guest

    Not helping. I try to add line for ping from outside interface to dmz and
    it's working. Only from inside to dmz cannot ping, but logic for
    configuration is the same. I don't understand, could it be a bug in
    asoftware?



    "Brian" <> wrote in message
    news:...
    > Try adding the following lines:
    > static (inside,dmz) 10.10.10.10 10.10.10.10 netmask 255.255.255.255 0 0
    > static (dmz,inside) 173.17.2.2 173.17.2.2 netmask 255.255.255.255 0 0
    >
    > Obviously, if you want other devices to be able to communicate accross
    > these security contexts, you will need to make these lines a bit less
    > restrictive.
     
    Ivana, Apr 13, 2005
    #3
  4. Ivana

    Ivana Guest

    Not helping. I try to add line for ping from outside interface to dmz and
    it's working. Only from inside to dmz cannot ping, but logic for
    configuration is the same. I don't understand, could it be a bug in
    a software?



    "Brian" <> wrote in message
    news:...
    > Try adding the following lines:
    > static (inside,dmz) 10.10.10.10 10.10.10.10 netmask 255.255.255.255 0 0
    > static (dmz,inside) 173.17.2.2 173.17.2.2 netmask 255.255.255.255 0 0
    >
    > Obviously, if you want other devices to be able to communicate accross
    > these security contexts, you will need to make these lines a bit less
    > restrictive.
     
    Ivana, Apr 13, 2005
    #4
  5. Ivana

    AM Guest

    Ivana wrote:

    > Not helping. I try to add line for ping from outside interface to dmz and
    > it's working. Only from inside to dmz cannot ping, but logic for
    > configuration is the same. I don't understand, could it be a bug in
    > asoftware?
    >

    Hi Ivana,

    avoid top quoting if possible,
    Anyway, can you access to syslog messages? What do they tell you trying to ping the server?

    Alex.
     
    AM, Apr 13, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    665
    Walter Roberson
    Jun 16, 2005
  2. zillah
    Replies:
    0
    Views:
    592
    zillah
    Dec 14, 2006
  3. morten
    Replies:
    4
    Views:
    1,327
    Tilman Schmidt
    Sep 4, 2007
  4. Jack
    Replies:
    0
    Views:
    740
  5. BethInAK
    Replies:
    0
    Views:
    489
    BethInAK
    Jan 18, 2008
Loading...

Share This Page