We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 606 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


363 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. hi renee ;
    I was trying to work on your toplogy above but for some reason I cant ping to otherside of ASA .interfaces are up and even applied this default command

    ASA1(config)# policy-map global_policy
    ASA1(config-pmap)# class inspection_default
    ASA1(config-pmap-c)# inspect icmp

    still doesnt work on my gns3 .do you have any idea about it ?

  2. Hi Georgi,

    What if you try something else that doesn’t require changing the policy-map? For example telnetting from one device in a high security level to something in a low security level?


  3. Hi Rene,

    To allow the DMZ traffic would you need to put an ACL on the inside interface allowing DMZ traffic or on the Inside interface allowing DMZ source to come in? Or do you need to put ACLs on both interfaces?

    If DMZ is say range and Inside is range. Would you put ACL in DMZ interface allowing access to and then put the same ACL on inside as well?

  4. Hello Zahan!

    In order to allow a subnet on the DMZ to access a subnet on the INSIDE, you will require an access list on the DMZ interface. Depending on your NAT configuration, you may also be required to configure a static NAT translation.

    You can find additional information at the following Cisco support community link: https://supportforums.cisco.com/discussion/11011491/asa-5520-config-dmz-inside-access.

    I hope this has been helpful!


  5. Hey Rene,

    Is there another protocol/command to allow http traffic through an Cisco ASA other than a ACL?

24 more replies! Ask a question or join the discussion by visiting our Community Forum