https://community.cisco.com/t5/network-security/ping-through-pix515/m-p/718171#M1007524 <P>I'm trying to allow ping from the inside to the dmz zone. For this I have configured an ACL allowing all icmp traffic and applied it to the dmz interface, but it doesn't works. What would be the problem?</P><P></P><P>I have started from the default configuration and added only the following lines</P><P></P><P>interface ethernet0 auto</P><P>interface ethernet1 auto</P><P></P><P>nameif ethernet0 inside security100</P><P>nameif ethernet1 dmz security60</P><P></P><P>access-list dmz_in permit icmp any any</P><P>access-list dmz_in permit ip any any</P><P></P><P>ip address inside 10.29.40.9 255.255.255.0</P><P>ip address dmz 192.168.23.14 255.255.255.0</P><P></P><P>access-group dmz_in in interface dmz</P><P></P> Mon, 11 Mar 2019 09:58:48 GMT pepetreshere 2019-03-11T09:58:48Z https://community.cisco.com/t5/network-security/ping-through-pix515/m-p/718171#M1007524 <P>I'm trying to allow ping from the inside to the dmz zone. For this I have configured an ACL allowing all icmp traffic and applied it to the dmz interface, but it doesn't works. What would be the problem?</P><P></P><P>I have started from the default configuration and added only the following lines</P><P></P><P>interface ethernet0 auto</P><P>interface ethernet1 auto</P><P></P><P>nameif ethernet0 inside security100</P><P>nameif ethernet1 dmz security60</P><P></P><P>access-list dmz_in permit icmp any any</P><P>access-list dmz_in permit ip any any</P><P></P><P>ip address inside 10.29.40.9 255.255.255.0</P><P>ip address dmz 192.168.23.14 255.255.255.0</P><P></P><P>access-group dmz_in in interface dmz</P><P></P> Mon, 11 Mar 2019 09:58:48 GMT https://community.cisco.com/t5/network-security/ping-through-pix515/m-p/718171#M1007524 pepetreshere 2019-03-11T09:58:48Z https://community.cisco.com/t5/network-security/ping-through-pix515/m-p/718172#M1007525 <HTML><HEAD></HEAD><BODY><P>can you pass other traffic to the dmz, besides icmp? if not, this might be a NAT issue. if you don't need nat from inside-&gt; dmz, use something like the following:</P><P>static (inside,dmz) 192.168.1.1 192.168.1.1</P><P>where 192.168.1.1 is whatever host is on the inside that you're ping from.</P></BODY></HTML> Wed, 11 Apr 2007 14:56:10 GMT https://community.cisco.com/t5/network-security/ping-through-pix515/m-p/718172#M1007525 srue 2007-04-11T14:56:10Z https://community.cisco.com/t5/network-security/ping-through-pix515/m-p/718173#M1007526 <HTML><HEAD></HEAD><BODY><P>You probably need to apply a nat ( inside ) 0 statement. You could also use a static map from the inside to the dmz network. </P><P></P><P></P></BODY></HTML> Wed, 11 Apr 2007 16:49:12 GMT https://community.cisco.com/t5/network-security/ping-through-pix515/m-p/718173#M1007526 mark.hodge 2007-04-11T16:49:12Z