Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,I have setup a network below:LAN <==> Cisco ASA) <==> Internet ^ | DMZI'm having problem connecting (ping) from Internal to hosts on the DMZ.My plan is to allow all hosts on Internal to connect (ping) to DMZ. IP...
Hi All,Hope you can help me with my little problem. I am new to Cisco and I started to configure my Cisco ASA but I am unable to ping External interface address from Internal hosts.What I wanna do is to nat internal address with the external interfac...
Hi Kusankar,Actually, it's working already.I tried removing 'access-group ping in interface dmz' and added 'inspect icmp' and it's working too.Thanks for your support. I really appreciate it. Thanks,Lonski
Hi,I was able to resolve the issue by adding the following:nat (internal) 1 192.168.0.0 255.255.255.0global (dmz) 1 interfaceclear arpclear xlateclear localThanks
Hi Mike,Hope this ICMP log from ASA will help:FROM INTERNALTO Internal Interface: (successful)----------------------ICMP echo request from 172.31.26.65 to 172.31.24.253 ID=1024 seq=18654 len=32ICMP echo reply from 172.31.24.253 to 172.31.26.65 ID=102...
Hi Mike,Yeah, it's been a long day.Just a thought, do we need to change from static to dynamic nat?I'm not sure, I'm thinking that internal is unable to communicate with dmz because it is from different subnet since we used the static nat. ??? not so...
Hi Mike,I tried removing 'access-group ping in interface external' and the result is it will not let me ping internet (ie. google.com)I tried issuing 'access-group ping in interface dmz' but still same result. I'm unable to ping from internal to dmz....
