Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Firewall Problem

Firewall Problem 10 years 9 months ago #25388

  • wasiim
  • wasiim's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0
I am again having strange problem. I have two servers in dmz. I want one server to go to internet and also communicate with one of the server located on outside with local ip address 172.28.92.72

My ASDM is showing me packet tracer successfuly without any problem. But when i try to ping from server on dmz to server located on outside i got the following error

Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.

I configured the same setting as for the server 2 with ip addresss 172.28.92.68.

But i want 172.28.92.72 to have static for internet but to communicate with outside server use same ip 172.28.92.72


access-list outside_acl extended permit ip host x.74.112.153 host 172.28.92.72
access-list nonat extended permit ip host 172.28.92.72 host x.74.112.153
static (edn,outside) x.223.188.39 172.28.92.72 netmask 255.255.255.255
telnet 172.28.92.72 255.255.255.255 edn



TDC-INT-525-01# sh run | in 172.28.92.68
access-list outside_acl extended permit ip x.223.188.0 255.255.255.0 host 172.28.92.68
access-list outside_acl extended permit ip host x.74.112.153 host 172.28.92.68
access-list nonat extended permit ip host 172.28.92.68 x.223.188.0 255.255.255.0
access-list nonat extended permit ip host 172.28.92.68 host x.74.112.153



nat (inside) 0 access-list nonat
nat (edn) 0 access-list nonat

i am getting hitcount on outside firwall access-list. Outside server has the proper route towards firewall. dont know where i m doing wrong.


Server has route towards dmz and vice versa. Pakcet tracer of ASDM is showing me full successul. Dont know what is wrong

Re: Firewall Problem 10 years 9 months ago #25390

Try to perform a traceroute from your server towards the external server.

There you can see which device gives you the Destination unreachable.
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
  • Page:
  • 1
Time to create page: 0.119 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup