Some Users May Have Problem to ping from inside to outside
or dmz router. They cannot ping. There are many problems but initially we can’t
check why the ping rate is not 100 percent success.
So in this solution I am solving this problem.
For Convergence of all networks I am using Static Routes.
Define as they need on all the Routers.
INSIDE Router Static
Routes:
INSIDE(config)#ip route 12.0.0.0 255.0.0.0 192.168.1.1
INSIDE(config)#ip route 10.0.0.0 255.0.0.0 192.168.1.1
OUTSIDE Router Static
Routes:
OUTSIDE(config)#ip route 12.0.0.0 255.0.0.0 10.1.1.1
OUTSIDE(config)#ip route 192.168.1.0 255.255.255.0 10.1.1.1
DMZ Router Static
Routes:
DMZ(config)#ip route 10.0.0.0 255.0.0.0 12.1.1.1
DMZ(config)#ip route 192.168.1.0 255.255.255.0 12.1.1.1
Before Configuration.
I tell the Default Behavior For ASA Firewall.
In ASA Firewall by Default ICMP inspection command is not configure
and nat-control is disabled. This behavior is also for DMZ. This Policy is only
for Ping Traffic not for others traffic. When we ping from inside to outside
network ping rate is 0/5 percent.
By Default Policy is:
When you from Inside Network To Outside Network. Ping Result is.
Now, After Configuration, when you inspect ICMP traffic. Ping rate is 5/5 success.
Now, After Configuration, when you inspect ICMP traffic. Ping rate is 5/5 success.
You have to just add inspect icmp command. If you want to
creat a class-map as you wish. I am editing the default policy-map
And adding the command
policy-map
global_policy
class inspection_default
inspect icmp
Ping Result is
Ping Result is
You have DONE it.
Now ping from inside to outside network ping rate is 5/5..
No comments:
Post a Comment