Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
0
Helpful
2
Replies

Scenario is that i cant ping a server on the dmz between two firewalls

Go to solution
ohareka70
Level 3
Level 3

‎04-26-2013 08:07 AM - edited ‎03-11-2019 06:35 PM

Hello,

Scenario is that i cant ping a server on the dmz between two firewalls

I have a server on the dmz on cisco asa and it needs to ping a server on the dmz on the checkpoint network

dmz on cisco asa then goes to corporate network on the asa before it goes to the checkpoint firewall

I have routing between the checkpoint and asa dmz's

I can ping from corporate network to the server on checkpoint dmz

but i cant ping from the dmz on the cisco asa to the checkpoint dmz

i have routing in place and also allowed all services and all interfaces for now on my ACL

any ideas.

I think the issue is on the cisco asa dmz

thanks

Kevin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎04-26-2013 09:52 AM

Hello Kevin,

I would say corporate security level interface is higher than the DMZ one, so you will need to add an ACL to permit the traffic

Do the following

packet-tracer input dmz icmp x.x.x.x ( DMZ_ASA_HOST ) 8 0 Y.Y.Y.Y ( Corporate SERVER ON checkpoint)

Post the results and pleasee remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎04-26-2013 09:52 AM

Hello Kevin,

I would say corporate security level interface is higher than the DMZ one, so you will need to add an ACL to permit the traffic

Do the following

packet-tracer input dmz icmp x.x.x.x ( DMZ_ASA_HOST ) 8 0 Y.Y.Y.Y ( Corporate SERVER ON checkpoint)

Post the results and pleasee remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
ohareka70
Level 3
Level 3
In response to Julio Carvajal

‎04-30-2013 02:57 AM

You are correct on this.  The ACL i had was applied to the wrong interface and hence the traffic was going no where.  The ACL on one firewall (Checkpoint) was ok but not on the Cisco ASA. Thats it sorted now though and i can ping the servers from both locations.

thanks

Kevin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card