- Posts: 1
- Thank you received: 0
Firewall Problem
16 years 6 months ago #25388
by wasiim
Firewall Problem was created by wasiim
I am again having strange problem. I have two servers in dmz. I want one server to go to internet and also communicate with one of the server located on outside with local ip address 172.28.92.72
My ASDM is showing me packet tracer successfuly without any problem. But when i try to ping from server on dmz to server located on outside i got the following error
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
I configured the same setting as for the server 2 with ip addresss 172.28.92.68.
But i want 172.28.92.72 to have static for internet but to communicate with outside server use same ip 172.28.92.72
access-list outside_acl extended permit ip host x.74.112.153 host 172.28.92.72
access-list nonat extended permit ip host 172.28.92.72 host x.74.112.153
static (edn,outside) x.223.188.39 172.28.92.72 netmask 255.255.255.255
telnet 172.28.92.72 255.255.255.255 edn
TDC-INT-525-01# sh run | in 172.28.92.68
access-list outside_acl extended permit ip x.223.188.0 255.255.255.0 host 172.28.92.68
access-list outside_acl extended permit ip host x.74.112.153 host 172.28.92.68
access-list nonat extended permit ip host 172.28.92.68 x.223.188.0 255.255.255.0
access-list nonat extended permit ip host 172.28.92.68 host x.74.112.153
nat (inside) 0 access-list nonat
nat (edn) 0 access-list nonat
i am getting hitcount on outside firwall access-list. Outside server has the proper route towards firewall. dont know where i m doing wrong.
Server has route towards dmz and vice versa. Pakcet tracer of ASDM is showing me full successul. Dont know what is wrong
My ASDM is showing me packet tracer successfuly without any problem. But when i try to ping from server on dmz to server located on outside i got the following error
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
I configured the same setting as for the server 2 with ip addresss 172.28.92.68.
But i want 172.28.92.72 to have static for internet but to communicate with outside server use same ip 172.28.92.72
access-list outside_acl extended permit ip host x.74.112.153 host 172.28.92.72
access-list nonat extended permit ip host 172.28.92.72 host x.74.112.153
static (edn,outside) x.223.188.39 172.28.92.72 netmask 255.255.255.255
telnet 172.28.92.72 255.255.255.255 edn
TDC-INT-525-01# sh run | in 172.28.92.68
access-list outside_acl extended permit ip x.223.188.0 255.255.255.0 host 172.28.92.68
access-list outside_acl extended permit ip host x.74.112.153 host 172.28.92.68
access-list nonat extended permit ip host 172.28.92.68 x.223.188.0 255.255.255.0
access-list nonat extended permit ip host 172.28.92.68 host x.74.112.153
nat (inside) 0 access-list nonat
nat (edn) 0 access-list nonat
i am getting hitcount on outside firwall access-list. Outside server has the proper route towards firewall. dont know where i m doing wrong.
Server has route towards dmz and vice versa. Pakcet tracer of ASDM is showing me full successul. Dont know what is wrong
16 years 6 months ago #25390
by Chojin
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
Replied by Chojin on topic Re: Firewall Problem
Try to perform a traceroute from your server towards the external server.
There you can see which device gives you the Destination unreachable.
There you can see which device gives you the Destination unreachable.
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
Time to create page: 0.113 seconds