Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

how to access servers in dmz

Avatar of LifeLine_sa
LifeLine_sa asked on
VPN
1 Comment1 Solution320 ViewsLast Modified:
3389 is for remote desktop.......but hte problem is dat i m unable to ping the servers ahead of vpn i,e
ASA .
how i can ping them ???
the servers are in dmz  to whome i m going to ping and want to access remotely

EM-T# sh run
: Saved
:
ASA Version 7.0(7)
!
hostname EM-T
domain-name default.domain.invalid
enable password 5CcPQutBPtlFKuWv encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 78.93.20.184 255.255.255.240
!
interface Ethernet0/1
 nameif DMZ
 security-level 0
 ip address 192.168.20.1 255.255.255.0
!
interface Ethernet0/2
 nameif inside
 security-level 100
 ip address 192.168.10.1 255.255.255.0
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd bNIdI.2KYOU encrypted
ftp mode passive
access-list DMZ extended permit tcp any any
access-list DMZ extended permit udp any any
access-list DMZ extended permit icmp any any
access-list INSIDE extended permit tcp any any
access-list INSIDE extended permit udp any any
access-list INSIDE extended permit icmp any any
access-list OUTSIDE extended permit tcp host 78.93.20.185 any
access-list OUTSIDE extended permit udp host 78.93.20.185 any
access-list OUTSIDE extended permit tcp host 78.93.20.186 any
access-list OUTSIDE extended permit udp host 78.93.20.186 any
access-list OUTSIDE extended permit icmp any any
access-list inside_nat0_outbound extended permit ip any 192.168.20.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu DMZ 1500  
mtu inside 1500
mtu management 1500
ip local pool vpn-pool 192.168.20.100-192.168.20.150 mask 255.255.255.0
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
global (outside) 1 78.93.20.187 netmask 255.255.255.240
nat (DMZ) 1 192.168.20.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.10.0 255.255.255.0
static (DMZ,outside) 78.93.20.185 192.168.20.2 netmask 255.255.255.255
static (DMZ,outside) 78.93.20.186 192.168.20.3 netmask 255.255.255.255
static (DMZ,inside) 192.168.20.0 192.168.20.0 netmask 255.255.255.0
static (inside,DMZ) 192.168.10.0 192.168.10.0 netmask 255.255.255.255
access-group OUTSIDE in interface outside
access-group DMZ in interface DMZ
access-group INSIDE in interface inside
route outside 0.0.0.0 0.0.0.0 78.93.20.183 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy em-t internal
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
username vpn-access password Ni1jkCv9UeFKSRJl encrypted privilege 0
username vpn-access attributes
 vpn-group-policy em-t
 webvpn
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group em-t type ipsec-ra
tunnel-group em-t general-attributes
 address-pool vpn-pool
 default-group-policy em-t
tunnel-group em-t ipsec-attributes
 pre-shared-key *
telnet timeout 5
ssh 212.93.186.34 255.255.255.255 outside
ssh 212.93.186.63 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
Cryptochecksum:16d363f57f7f078f6f4aa
: end
EM-T#      
server.bmp
ASKER CERTIFIED SOLUTION
Avatar of SysExpert
Commented:
This problem has been solved!
Unlock 1 Answer and 1 Comment.
See Answers