ASA outside interface problem

adm.mehedi · ‎12-26-2016

Dear All Friends,

I;m facing some problem configuring my ASA 5516-X. I have configured LAN and DMZ Zone. Both network going to internet as usually but when I'm trying to go DMZ to LAN it is working fine but when I am trying to go LAN to DMZ it is not working. I have but Core FW configuration is ok.
One more thing is I have tried to ping server inside DMZ zone by connecting my PC - ASA using direct cable connection but server is not reachable.
Please see the attachment and try to give me solution.

-Mehedi-

mattjones03 · ‎12-26-2016

Hi,

I cannot see an ACL defined for "inside_access_in" Do you have one defined?

If you are connecting to a server within the same subnet / Vlan etc, but still the issue persists, confirm if the server is running a localised firewall.

MANI .P · ‎12-27-2016

Hi can you re-arrange the ACL

#access-list dmz_access_in extended permit icmp any any echo-reply
#access-list dmz_access_in extended permit object-group DM_INLINE_SERVICE_1 object DMZTOINSIDEDBSERVER 192.168.100.0 255.255.255.0

or

#access-list dmz_access_in extended permit ip host LAN_IP host DMZ_IP

later do ping from from LAN to DMZ ...

if not ok . Please share packet-tracer

#packet-tracer input LAN icmp LANIP 0 8 DMZIP detail

Thanks,

Mani