Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
8
Replies

Multiple VLAN Configuration over ASA Firewall into DMZ

Go to solution
jonasvanessen
Level 1
Level 1

‎12-12-2023 05:38 AM

I'm a complete beginner with Cisco Packet Tracer.

I somehow cannot ping inside my dmz for some reason?

Any help is appreciated.

Kind regards

Jonas

Labels:
basic-firewall2-mac.pkt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎12-12-2023 06:04 AM - edited ‎12-12-2023 06:04 AM

Hello @jonasvanessen 

some issues...

M02rt37_0-1702389768820.png

ASA interfaces (red circle) are with IP address (L3) and on their respective Switches facing these 2 interfaces your are in Trunk mode...

Also your Multilayer Switch (L3) has got no route !

Servers on DMZ have got Gateway 10.0.0.1....where is this address ? On ASA you have on DMZ interface 10.0.0.2 configured.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Karsten Iwen
VIP
VIP

‎12-12-2023 05:41 AM

This is by design. You only can ping the interface that is near to you. If your device is on the inside network, you can ping the inside interface but not the dmz interface. If you are on the dmz, you can ping the dmz interface but not the inside interface.

0 Helpful

Go to solution
jonasvanessen
Level 1
Level 1
In response to Karsten Iwen

‎12-12-2023 05:56 AM

I sadly cannot ping from vlan10/20 to vlan30 nor vice versa

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to jonasvanessen

‎12-12-2023 05:57 AM

are they use same security level ?

0 Helpful

Go to solution
jonasvanessen
Level 1
Level 1
In response to MHM Cisco World

‎12-12-2023 05:59 AM

yes, just to make it easier i've put both on security-level 100, see the .zip

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to jonasvanessen

‎12-12-2023 06:04 AM

I can not open zip

If same level 

Then add

same secuirty level permit intra interface 

Same secuirty level permit inter interface 

MHM

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎12-12-2023 05:47 AM

add icmp inspection 
or add ACL to allow ICMP 
MHM

0 Helpful

Go to solution
M02@rt37
VIP
VIP

‎12-12-2023 06:04 AM - edited ‎12-12-2023 06:04 AM

Hello @jonasvanessen 

some issues...

M02rt37_0-1702389768820.png

ASA interfaces (red circle) are with IP address (L3) and on their respective Switches facing these 2 interfaces your are in Trunk mode...

Also your Multilayer Switch (L3) has got no route !

Servers on DMZ have got Gateway 10.0.0.1....where is this address ? On ASA you have on DMZ interface 10.0.0.2 configured.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
jonasvanessen
Level 1
Level 1
In response to M02@rt37

‎12-12-2023 07:00 AM

Hi M02@rt37,

Thanks for your detailled feedback. I tried to implement all the points from your input, but sadly failed in getting it to work. Nevertheless i guess you are right, i think i just lack some basic understanding in certain areas, in order to get it to work.

Thanks & Kind regards

Jonas 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card