Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Firewall Problem

Firewall Problem 8 years 8 months ago #25388

  • wasiim
  • wasiim's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
I am again having strange problem. I have two servers in dmz. I want one server to go to internet and also communicate with one of the server located on outside with local ip address 172.28.92.72

My ASDM is showing me packet tracer successfuly without any problem. But when i try to ping from server on dmz to server located on outside i got the following error

Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.

I configured the same setting as for the server 2 with ip addresss 172.28.92.68.

But i want 172.28.92.72 to have static for internet but to communicate with outside server use same ip 172.28.92.72


access-list outside_acl extended permit ip host x.74.112.153 host 172.28.92.72
access-list nonat extended permit ip host 172.28.92.72 host x.74.112.153
static (edn,outside) x.223.188.39 172.28.92.72 netmask 255.255.255.255
telnet 172.28.92.72 255.255.255.255 edn



TDC-INT-525-01# sh run | in 172.28.92.68
access-list outside_acl extended permit ip x.223.188.0 255.255.255.0 host 172.28.92.68
access-list outside_acl extended permit ip host x.74.112.153 host 172.28.92.68
access-list nonat extended permit ip host 172.28.92.68 x.223.188.0 255.255.255.0
access-list nonat extended permit ip host 172.28.92.68 host x.74.112.153



nat (inside) 0 access-list nonat
nat (edn) 0 access-list nonat

i am getting hitcount on outside firwall access-list. Outside server has the proper route towards firewall. dont know where i m doing wrong.


Server has route towards dmz and vice versa. Pakcet tracer of ASDM is showing me full successul. Dont know what is wrong
The administrator has disabled public write access.

Re: Firewall Problem 8 years 8 months ago #25390

  • Chojin
  • Chojin's Avatar
  • Offline
  • Senior Member
  • Posts: 251
  • Karma: 0
Try to perform a traceroute from your server towards the external server.

There you can see which device gives you the Destination unreachable.
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
The administrator has disabled public write access.
Time to create page: 0.074 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup