Recent content by cepacs

Ok, called Cisco and the engineer says my current config is fine and it should be working. I'm beginning to wonder if the problem might be on our core switch? I'm wondering if packets are reaching the server, but instead of coming back to the DMZ, it is being sent to the inside interface?

I think the NAT rules should be applied on the DMZ interface, but I still can't seem to get it to work. I do see hits on the access rule now, but can't get to the webpage page of the server. It works internally so I'm assuming it's the ASA.

Oh, okay... that makes sense! So wouldn't the NAT rules also need to be applied to the outside interface?

Here's the interface config... interface Ethernet0/2 speed 100 duplex full nameif DMZ security-level 50 ip address 10.10.90.2 255.255.254.0 Here's the access list config... access-list DMZ_access_in extended permit tcp any host xx.xx.xxx.129 eq www Here's the NAT config... static...

Can't figure it out! I've tried setting up my access rules and NAT rules to allow http traffic in to a server in the DMZ, but I can't get it to work. I found out I can ping from within the DMZ vlan to the DMZ interface on the ASA. I can also ping from the DMZ interface to any device within the...

Ok, realized that hairlessupportmonkey was right... I needed a rule to allow ICMP on the DMZ interface. After adding the rule, still couldn't ping the interface. I could, however, ping from the DMZ interface to the attached core switch. I then tried the Packet Tracer that stubnski suggested...

I cannot ping from the inside interface to the dmz. I can ping from the dmz to itself (obviously), but not from any other interface.

I have the interface setup and enabled, but can't ping the interface. I have an access rule for icmp... any/any. What am I missing?

We have an ASA 5510 running ASA version 8.2(1). I would like to add a DMZ to the device. I'm assuming I would go to Configuration/Device Setup/Interface and add Ethernet0/2 as the DMZ interface. Is this correct? Should the Security Level be 50?

Tagging has nothing to do with priority? Well that seems to go against what I have been told and what I have read. "There is no 802.1P without 802.1Q VLAN tagging. The VLAN tag carries VLAN information—the VLAN ID (12 bits) and prioritization (3 bits)."...

I believe layer 2... the 802.1p priority.

The only thing is, if I setup tagging on the 3300, then I can have it set the priority. Our 3Com switch automatically queues it correctly according to the priority passed to the phone by the 3300. I could set it up priority on the switch, but I'd have to create an ACL, link it to a Classifier...

I have a Mitel 3300 and it's tagged and I'm using priority 6. My switch recognizes the priority that the 3300 has given the voice traffic and this is how QoS is handled. My question is, do I need tagging setup on the switch port connected to the Mitel? Only the Mitel will be connected to this...

Ok, once I set the LLDP to global, then it worked! Thanks LoopyLou! The thing I find strange is, I had our Mitel person set the 3300 for tagging, but it still works even if I have the Mitel 3300 connected to a port on the switch that is untagged. Do I need to having tagging on the 3300 or...

Thanks for the response! Actually, the default vlan (data vlan) is vlan 101. The 3Com does support LLDP, but I'm not familiar with it so I'll have to look into how that needs to be setup. The switch also has the ability to set a port as a voice VLAN and you put in the OUI of the IP phones. The...