Strange behaviour of PIX - cannot access all protocols from high to low security

I have a 515 with four active interfaces (material of three and a VIRTUAL local area network). I have a DMZ interface with security level equal to 6. Inside network (Security 100) I can only access hosts on the DMZ using the HTTP protocol. Ping and telnet do not work while they do not work when I am connected directly to the network DMZ. The DMZ network is flat and all the guests have the PIX as their DGW. Here is a copy of the current configuration. Am I missing something? This shouldn't be so hard!

Thank you

6.3 (4) version PIX

interface ethernet0 car

interface ethernet1 100full

logical interface ethernet1 vlan11

interface ethernet2 100full

ethernet0 nameif outside security0

nameif ethernet1 inside the security100

nameif ethernet2 grandhome securite6

nameif vlan11 comments security99

hostname DBADAPIX

clock timezone IS - 5

clock to summer time EDT recurring

fixup protocol dns-length maximum 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol 2000 skinny

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names of

Name xx.xx.167.101 QualityAirPC_OUTSIDE

name 192.168.100.90 QualityAirPC

rdvvpn ip 172.18.34.0 access list allow 255.255.255.0 192.168.1.0 255.255.255.0

172.18.34.0 IP Access-list sheep 255.255.255.0 allow 192.168.1.0 255.255.255.0

outside_access_in list access permit tcp any host QualityAirPC_OUTSIDE eq https

pager lines 24

opening of session

timestamp of the record

debug logging in buffered memory

Logging trap errors

ICMP allow all outside

ICMP allow any inside

Outside 1500 MTU

Within 1500 MTU

grandhome MTU 1500

IP address outside xx.xx.167.97 255.255.255.248

IP address inside 172.18.34.1 255.255.255.0

IP address 192.168.100.1 grandhome 255.255.255.0

Comments from IP 192.168.10.1 255.255.255.0

alarm action IP verification of information

alarm action attack IP audit

ARP timeout 14400

Global 1 interface (outside)

interface of global (grandhome) 1

NAT (inside) 0 access-list sheep

NAT (inside) 1 172.18.34.0 255.255.255.0 0 0

NAT (grandhome) 1 192.168.100.0 255.255.255.0 0 0

NAT (guest) 1 192.168.10.0 255.255.255.0 0 0

static (grandhome, external) QualityAirPC_OUTSIDE QualityAirPC netmask 255.255.255.255 0 0

Access-group outside_access_in in interface outside

Route outside 0.0.0.0 0.0.0.0 xx.xx.167.102 1

enable floodguard

Permitted connection ipsec sysopt

Crypto ipsec transform-set esp - esp-md5-hmac rdvvpnset

Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

rdvvpnmap 10 ipsec-isakmp crypto map

card crypto rdvvpnmap 10 correspondence address rdvvpn

card crypto rdvvpnmap 10 peers set xx.xx.71.66

rdvvpnmap crypto 10 card value transform-set ESP-DES-SHA

life safety association set card crypto rdvvpnmap 10 seconds 43200 4608000 kilobytes

rdvvpnmap interface card crypto outside

ISAKMP allows outside

ISAKMP key * address xx.xx.71.66 netmask 255.255.255.255

ISAKMP identity address

part of pre authentication ISAKMP policy 10

encryption of ISAKMP policy 10

ISAKMP policy 10 md5 hash

10 1 ISAKMP policy group

ISAKMP life duration strategy 10 86400

dhcpd address 172.18.34.100 - 172.18.34.199 inside

dhcpd address 192.168.100.100 - 192.168.100.109 grandhome

Dhcpd address 192.168.10.100 reviews - 192.168.10.199

dhcpd dns 64.x.37.x.39.140.42

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd outside auto_config

dhcpd allow inside

grandhome enable dhcpd

Comments enable dhcpd

to allow pings to return, you must allow traffic. It is not allowed by default.

apply the acl to the dmz interface in.

access-list dmz-> in permit icmp any any echo response

access-list dmz-> in permit icmp any one time exceed

access-list dmz-> in permit all icmp all inaccessible

If you try to ping at the interface of the demilitarized zone from the inside, you can't. Telnet to this interface is not allowed either unless through an ipsec tunnel. You should be able to telnet to a server in the zone demilitarized without problem.

Tags: Cisco Security

Similar Questions

  • Cannot open email in Hotmail via Firefox. I have Vista installed on the pc and Windows 7 on the laptop, but cannot access all the features of Hotmail.

    Cannot open email in Hotmail via Firefox. I have Vista installed on the pc and Windows 7 on the laptop, but cannot access all the features of Hotmail. I tried to clear the cache and restart Firefox, but I still cannot use Hotmail.

    Not this problem when I go to Internet Explorer.

    Hello, it was noted that the foxit pdf plugin is causing this issue. You can disable this plugin in firefox > addons > plugin until what foxit offers a patch/update for the plugin.

  • 10.1.7 drive Windows xp, cannot access all just to get the hotfix package unrecognized message

    Drive 10.1.7 with windows xp, cannot access all or delete, just to get this patch package unrecognized messages. Either Runtime error help please

    Uninstall the damaged drive using http://labs.adobe.com/downloads/acrobatcleaner.html

    Reinstall the latest version of http://get.adobe.com/reader/enterprise/

  • cannot access the internet from the desktop

    I am able to access the internet through the application of start page, but cannot access the internet from the desktop page. The convenience store has not detected a problem. Does not work via Wifi or wired broadband direct.

    Hello

    Are you using the right Internet Explorer?

    There are two more separate... From the start screen and another completely different for the office.

  • Cannot access all of my photos of the iphone from the pc

    When I plug the iPhone to the PC I can't access all of my photos. When I navigate to the DCIM folder the subitle said "long ago" and then I navigate to this directory and I don't see that on 7 pictures? It won't let me not delete more PC? I don't know what has changed. When I go into the cloud I can see everything?

    Try to import photos instead of looking for them under the DCIM folders (there are probably more than one). See if they appear that way.

    Import photos and videos from your iPhone, iPad or iPod touch to your computer - Apple Support

  • Cannot access my laptop from my desktop PC on the network

    I have a desktop running Windows 7 and a laptop running Vista, and they are both on a wireless network. My laptop can access my desktop, but my office is unable to access my laptop. On the desktop, my laptop is visible, but clicking on it causes the following network error "Windows cannot access \\DR-NOTEBOOK.

    Run the Diagnostics on the dialog box results in the following message: 'file and print sharing resources (DR-NOTEBOOK) is online but does not respond to connection attempts. I have gone through several web sites and support sites, but can't seem to find an answer ot fix the problem. I do not use any third-party firewall, only (on both PC) Windows Firewall.

    In network and sharing on the laptop Center, I have all the elements (i.e. the network discovery, file sharing,...), put into service.

    I would appreciate help from anyone. Thnak.s

    I finally managed to fix the problem. The link above was helpful, but I had already taken care of everything mentioned. The link isn't really remedy the situation where you have a laptop that is connected wirelessly to the network, as is my case. My problem is that the desktop PC could not access files/folders on my laptop, but it worked very well the opposite effect (i.e. the laptop could access files/folders on the desktop. After 'playing well' on the laptop, that's what I did to solve my problem:

    In Center of network & share on the laptop, there is a list with my network connection wireless, with a link "view state".

    Click on this link and you get a dialog box with a button 'properties '. By clicking on this, you get one of several elements that may or may not be selected. In my case, the "file and printer sharing for Microsoft networks" was NOT selected. I chose this and hey presto, it worked.

    Hope that this is useful for someone else with the same problem.

  • Cannot access the files from the internal hard drive that has been converted to drive external hard after the motherboard is dead

    I can't access the files from an internal hard drive that has been converted to drive external hard after the motherboard is dead. I think that my files are still there, as shown in the volume of the player volume ~ 500 gb which is almost completely full. But I can't access most files, including documents and settings. When I took 'ownership' of the folder, I could open the TI but then it showed everything that was in my documents and settings on the computer file I used to open it, not the documents of the car.

    I can't access the files from an internal hard drive that has been converted to drive external hard after the motherboard is dead. I think that my files are still there, as shown in the volume of the player volume ~ 500 gb which is almost completely full. But I can't access most files, including documents and settings. When I took 'ownership' of the folder, I could open the TI but then it showed everything that was in my documents and settings on the computer file I used to open it, not the documents of the car.

    Uhm... I think the issue here is a misunderstanding of what you watch.

    If you want to access your files from the old hard drive - you need to look in the right place.  If the old system was "Windows 7", "Documents and Settings" is the * wrong * place to look and "Users" would be the place to go.

    You * will * take ownership and change permissions on ALL (you want to propagate to all subfolders/files when do - to save time) in order to get them properly.

    New-->: Windows Vista/7 would have your files located in the directory 'Users' of the root of the drive - and then under your username.

    • \USERS\\Desktop\
    • \USERS\\Downloads\
    • \USERS\\Favorites\
    • \USERS\\Documents\
    • \USERS\\Music\
    • \USERS\\Pictures\
    • \USERS\\Videos\

    ... etc...

    Documents and settings to WIndows Vista/Windows 7 is a symbolic link and would lead to what you see if you tried to use it.

  • Cannot access the server from vsphere client

    Hi, people.

    After having been very well for a few weeks, now I'm unable to access my server from vSphere client, I get an error of:

    Call 'ServiceInstance.RetrieveContent' to object 'ServiceInstance' on the server '192.168.6.2' failed.

    I've attached screenshots of the error message.

    The pc and the server are on the same subnet, and the error comes from several PCs that try to connect.

    Help, please!

    NM

    So I think you must restart these services as vivari said.

    If you are unable to log in via ssh, you must have access to the consoles. Then, you can restart the services or enable ssh to do via ssh.

  • Cannot access the calendar from Windows Vista Home Premium all of a sudden... get error message indicating it is disabled... Help, please!

    After 1 year with the help of Windows Calendar on Vista Home Premium, I'm suddenly not able to use it (impossible to add new appointments and stored all appointments have mysteriously disappeared). I get a message saying "You cannot add appointments to a calendar that is disabled" the details of State "access denied." ... How is - it happened 'out of nowhere '? How to activate it? It's very frustrating... I searched the forums and Microsoft google the question. I found some results suggesting to either change the registry or download the fix automatically and manually merge in my registry. I tried both with no result. I have event tried to remove the old calendar and create a new one... still nothing. Any suggestions? Help, please!

    Hello NYintelligentinvestor,

    Thank you for using the Microsoft Windows Vista Forums.

    Sorry, you have a problem with that.  What type of entry you are trying to add?

    Look at the calendar and on the left side, to half way down you will see a small block that will have something like "NYintelligentivnestor schedule" - there is a small block to the left of this one. To activate the calendar, click on the box to place a check mark in it.

    If there are calendar shown in this block, then go to "file" on the main toolbar and click on "new calendar" - one should then appears in a block with a check mark in the box on the left.

    I hope this helps. Please let us know status.  Thank you! Engineer James Microsoft Support answers visit our Microsoft answers feedback Forum and let us know what you think.

  • Cannot access all Prgrams and, therefore, microsoft office programs - I can do at home

    My computer has crashed earlier - I got most of the things, but the option all programs have disappeared and I can't access anything that was the who - it adds something that I can do at home?

    Hi pjerry,

    Take a look at the thread below for a possible solution:

    http://answers.Microsoft.com/en-us/Windows/Forum/windows_xp-system/after-Windows-Recovery-virus-all-programs-folders/fe6e2b08-4d66-E011-8dfc-68b599b31bf5

  • Computer starts but cannot access all programs, error "the APPCRASH event name.

    Original title: computer starts but can not access to all programs

    What is an APPCRASH problem event name?       or entry point setupapi-CM Get brother is not found in the CFGMGR32.dll dynamic link library.

    Hi Philippe,.

    Please contact Microsoft Community. I will surely help you with the resolution of this error on startup.

    APPCRASH is a term used by Windows for a crash of the application and is reported as "problem event name: APPCRASH", it will also contain information about the name of the program crashed.

    This problem might have occurred because of these reasons:

    1 conflict between third-party applications.

    2 virus.

    3 corrupt system files.

    Try the steps listed here and see if it helps:

    Method 1:
    I suggest to start the computer using safe mode and check if the problem occurs or not. If this isn't the case, I suggest you to put the computer in a clean boot state and check if it helps.

    Step 1:
    Start the computer in Mode safe. At the start of the computer Mode safe with the minimum set of drivers and files.
     
    Start your computer in safe mode.
    http://Windows.Microsoft.com/en-us/Windows7/start-your-computer-in-safe-mode

    Step 2:
    If the issue happen not in Mode without failure, perform a clean boot and check. Setting the system in a clean boot state will help you determine if third-party applications or startup items are causing the problem.

    How to perform a clean boot in Windows
    http://support.Microsoft.com/kb/929135/en-us

    Note: After the clean boot troubleshooting steps, see the "How to reset the computer to start as usual after a clean boot troubleshooting" section in the link provided to return the computer to a Normal startup mode.

    Method 2:
    If the problem persists, I suggest you analyze your computer by using the Microsoft Safety scanner to make sure that the computer is virus-free. The Microsoft Security Scanner is a downloadable security tool for free which allows analysis at the application and helps remove viruses, spyware and other malware. It works with your current antivirus software.
    http://www.Microsoft.com/security/scanner/en-us/default.aspx

    Note:

    -The Microsoft Safety Scanner ends 10 days after being downloaded. To restart a scan with the latest definitions of anti-malware, download and run the Microsoft Safety Scanner again.

    -If you run the antivirus program that is infected by the virus scan will get deleted. Therefore, reinstall the program. Also, if files and folders are affected by the virus, while they might even get deleted.

    Method 3:
    If the problem persists, I suggest you perform the Scan SFC (System File Checker) and check if it helps. SFC scan will search the system files corrupted on the computer and replace them.

    Use the System File Checker tool to repair missing or corrupted system files
    http://support.Microsoft.com/kb/929833/en-us

    Hope this information helps. Reply to the post with an up-to-date report of the issue so that we can help you further.

  • VPN users cannot access all resources

    User is able to connect, get's assigned an IP, we can see them connected
    
    via ASDM, they can't access anything in our network.

    Hello

    Check the following:

    When you try to send the traffic check the output of "sh cry ips her" to make sure packages encrypted/decrypted by slices.

    If it isn't...

    May be that NAT - T is not configured.

    Check the configuration of:

    ISAKMP crypto nat - t

    SH run all sysopt--> should show sysopt connection permit VPN

    Test:

    Add the command

    management-access inside

    And try to PING IP address of the VPN client ASA inside.

    We will consider here...

    Federico.

  • Compac presario pc - cannot access all programs

    My computer starts up just fine, however most of the icons for the programs have disappeared and have been replaced by the icon of internet explore. Even those who still have the appropriate icon are not available. Clicking on them brings up a window with the program asking for run or save. No matter what I choose, it does not. Stop down and restarting does not help. Any suggestions? Thank you.

    Try to do a system restore for a day or a week before the problem occurred. Start, all programs, accessories, system restoration tools. In the window that opens, choose a date.

  • Cannot access all of the properties in devices and printers

    When right-clicking on any icon in my devices and printers and clicking Properties I get the error "the properties for this device are not available."

    Hello Powell,

    This problem may occur because of corrupted system files. System File Checker is a Windows utility that allows users to find corruptions in Windows system files and restore the damaged files.

    See the link below for more information on how to scan SFC on Windows 7.

    Use the System File Checker tool to repair missing or corrupted system files

    I also recommend to check that the links provided below which have information on changing the settings of devices.

    Change the settings for a specific device Type

    Windows 7: manage devices and drivers

    Do we know the State of the question so that we can help you further.

  • Satellite A60: Cannot open all programs from the CD Rom

    I have a problem when you try to open any program from the CD, the computer is running a Windows Explorer message every time
    who says that it is an error and must close. I ran the computer through every virus program will and I have all of there Web site Microsoft updates. Someone at - it other ideas what could be the problem.

    Hello

    Well, strange question. It is maybe something wrong with the CD rom of s?
    The best idea is to recover this unit with the supplied restore CD, but first of all you can try to remove the CD rom from Device Manager device. After OS start the player will be recognized again. If the problem persists after this procedure, I would recommend to recover the device.

    Good bye

Maybe you are looking for

  • Satellite PSKDGE L850 - 1 5 - download driver Win 7

    I bought a 'refurbished' L850 1 5 for a CEX shop on the eve of the departure of the United Kingdom. Unfortunately it kept crashing and autoreinstalling Windows too often for me to start same loading user data saved from another pc and finally that HA

  • Maximum hard for a HP Pavilion a1710n

    My HP Pavilion a1710n had a hard drive that has been a Western Digital WD3200JS who ws a 320 Gig. The system still works well, but the reader has in many bad sectors at work. Looking at a new drive. What can I use safe and any suggestons what should

  • Several State sites that my browser is not supported, even if I have version 3.6.3

    Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; RV:1.8.1.7; .NET CLR 2.0.50727) Gecko/20070914 Firefox/2.0.0.7 I tried to reset: general.useragent.extra.firefox; Firefox/3.6.3 but "reset" is gray. Help, please. I updated FF once again, in the hope he

  • Hex to bin

    Hi all: I have the number in hexadecimal and I want to convert this number to the binary number, how can I do this in labview? I attach example vi Thank you Brice

  • Desktop computer do not start; black screen; keyboard does not.

    Ok.  I turned on my desktop computer tonight and all I get is a black screen.  Keyboard does not work either.  Has gone through all the troubleshooting suggestions that I could find online (using my laptop), but nothing works.  I think maybe an autom