Re: Not able to ping DMZ from outside

• From: "Prabhu Nagarathnam" <Prabhu.Nagarathnam@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 18 Oct 2002 15:51:27 +0530

Hello Jim,
 
Here are the details:
 
External NIC IP address: 202.56.203.14   Subnet: 255.255.255.240
DMZ NIC IP address:      202.56.203.58   Subnet: 255.255.255.248
 
The two packet filters to allow ping are listed below:
 
(1) Name: Allow_ICMP_to_DMZ 
     Mode: Allow
     Filter Type: Custom Filter
     Protocol: ICMP
     Direction: Both
     ICMP Types: All types
     ICMP Codes: All codes
     Local Computer: Internal subnet address - 202.56.203.56 Mask -
255.255.255.248
     Remote Computer: Any
 
(2) Name: Allow_ALL_to_DMZ
     Mode: Allow
     Filter Type: Custom Filter
     Protocol: Any
     Direction: Both
     Local Computer: Internal subnet address - 202.56.203.56 Mask -
255.255.255.248
     Remote Computer: Any     
 
After configuring the above packet filters,  I am able to ping the DMZ
clients (202.56.203.59, 202.56.203.60 etc)
from outside world/internet. But I am NOT able to ping the DMZ NIC IP
address (202.56.203.58) from outside 
world/internet.
 
Please let me know if I am doing something wrong or missing anything.
 
Thank you,
-Prabhu.
 

        -----Original Message-----
        From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
        Sent: Friday, October 18, 2002 3:26 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Re: Not able to ping DMZ from outside
        
        
        http://www.ISAserver.org
        
        
        Exactly what does the packet filter look like that allows ping
into the DMZ?
        You didn't list the subnet that's associated with the External
and DMZ NICs
         
         Jim Harrison
         MCP(NT4, W2K), A+, Network+, PCG
         http://isaserver.org/pages/author_index.asp?aut=3
         http://isatools.org
         Read the help / books / articles!
        

                ----- Original Message ----- 
                From: Prabhu Nagarathnam
<mailto:Prabhu.Nagarathnam@xxxxxxxxx>  
                To: [ISAserver.org Discussion List]
<mailto:isalist@xxxxxxxxxxxxx>  
                Sent: Wednesday, October 16, 2002 4:47 AM
                Subject: [isalist] Not able to ping DMZ from outside
                
                
                http://www.ISAserver.org
                
                

                Hello all, 

                I have setup a tri-homed DMZ ISA server. Here are the
details: 

                External NIC (202.56.203.14) - connected to Internet 

                DMZ NIC (202.56.203.58) - web server hosted 

                Internal (192.168.0.1/24) - connected to internal
network 

                I have done these: 

                (1) IP address set for DMZ are not included in LAT 
                (2) Enabled packet filtering and IP routing. 
                (2) Created packet filter rules to allow all protocols
to DMZ both directions. 

                The problem is, from internet/outside world I am not
able to ping DMZ IP address (202.56.203.58) 
                but I am able to ping DMZ clients. (202.56.203.58,
202.56.203.59 etc) 

                How do I enable ping and ICMP from Internet/outside
world to ping DMZ IP address? 


                Thanks, 
                - Prabhu. 

Other related posts:

• » Not able to ping DMZ from outside
• » Re: Not able to ping DMZ from outside
• » Re: Not able to ping DMZ from outside
• » Re: Not able to ping DMZ from outside

1. Home
2. isalist
3. Archive
4. 10-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---