07-13-2010 02:42 PM - edited 03-11-2019 11:11 AM
Dear All,
After searching through the forum i could not find a solution and is obliged to ask for help.
I have a cisco ASA 5510 connected to a cisco 3560 switch which has vlans (see configs).
I want to access the servers in the dmz from each of the vlans.Actually a ping to 172.100.0.200 from the switch succeeds.But when trying the ping from the pc in vlans it does not succeed.A ping sourcing from an SVI also do not succeed.Int Gi0/22 is connected to the inside interface of asa, i have tried static nat (with ip address and access-list) without success
Please help.
07-13-2010 03:35 PM
Hello,
You do not have NAT rules for rest of the VLAN segments. Please try the following:
access-list nat0_outbound permit ip any 172.100.0.0 255.255.255.0
Hope this helps.
Regards,
NT
07-14-2010 10:20 AM
Thanks a lot.I can now access the servers
in dmz by address only
.When accessing by name, it does not work.The server url name is mtp:8081/helpdesk.Is there any way to configure this on ASA ?Thanks.
07-14-2010 10:36 AM
Hello,
What is the location of your WINS server? If it is on the inside of the firewall, then you need to configure a static NAT rule so that the hosts can communicate with the WINS server.
static (inside,dmz)
Hope this helps.
Regards,
NT
07-14-2010 12:11 PM
The WINS/DNS server is on the inside interface (in the server vlan behind the 192.168.104.0 network)
For AD replication to work with other partners, the servers in the server vlan are having the ip address of the ISA server
as their default gateway, not the server vlan svion the switch.
A ping from the ASA to the wins server does not succeed even though a route was created on the ISA server for network 192.168.104.0/24
and 172.100.0.0 that point to the server svi on the 3560 switch.
What should i do to be able to ping from the asa to the wins server ?
Thanks
Here is the setup
server vlan 172.31.0.0/24----------- switch int gi0/22------ ASA eth0/2---------- ASA DMZ interface
def gateway = ISA server IP address 172.31.0.16 switch ip 192.168.104.2 ip 192.168.104.1 172.100.0.1/24
07-14-2010 02:52 PM
Hello,
I think the first step would be to make sure that your ISA server has a
route to rest of the network. Once it has the route, I think adding that
static statement I had mentioned earlier would do the trick. Please check
the ISA device (or you can do a tracert from the WINS server as well) and
see where the packets are getting dropped.
Regards,
NT
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide