Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
2
Replies

Cisco DMZ

megamixmwangi
Level 1
Level 1

‎10-01-2012 01:09 AM - edited ‎03-11-2019 05:01 PM

Case closed

Labels:
0 Helpful
2 Replies 2

Harish Balakrishnan
Spotlight
Spotlight

‎10-01-2012 01:18 AM

Hello Joe,

please apply  the following commands

static (inside,dmz) 10.2.0.0 10.2.0.0 netmask 255.255.0.0

and if you want ping from lan to DMZ, you can apply

access-list dmz_access_in extended permit icmp any any

access-group dmz_access_in in interface DMZ

please let me know if you need further help

regards

Harish.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni

‎10-01-2012 01:43 AM

Hi,

DMZ has lower security level than inside so you must have an ACL inbound on DMZ permitting the traffic from dmz to lan and the returning icmp messagesin reply to lan to dmz icmp messages ( as you've got no icmp inspection).

Nat is only necessary if you've NAT control enabled and in this case you'll need a static(inside,DMZ) statement in addition to the aforementioned ACL.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card