<div>
Have you allowed ICMP through the ASA via an ACL?<br />
&nbsp;<br />
You could try debuging ICMP from the firewall and see if it is reaching the ASA or not.<br />
&nbsp;<br />
#debug icmp trace<br />
&nbsp;<br />
&nbsp;<br />

</div>


Have you allowed ICMP through the ASA via an ACL?
 
You could try debuging ICMP from the firewall and see if it is reaching the ASA or not.
 
#debug icmp trace
 
 


<div>
yes i have allowed icmp through the firewall from the new zone, i have an ip any to any and icmp any to any rule on that interface
</div>


yes i have allowed icmp through the firewall from the new zone, i have an ip any to any and icmp any to any rule on that interface

<div>
If you debug it can you see the traffic - this will tell you if the problem is with the ASA or before / after it.
</div>


If you debug it can you see the traffic - this will tell you if the problem is with the ASA or before / after it.

<div>
Forgot to trunk the new vlan to the core, thanks.
</div>


Forgot to trunk the new vlan to the core, thanks.

<div>
<div class="content wysiwyg-content">
We have a 6509 at our core and an ASA 5520 as our edge firewall. &nbsp;I am trying to test something and created a new zone in the firewall, with an IP address of 172.19.1.1/24 . &nbsp;I put a box conneted to a 4500 switch with an IP of 172.19.1.2/24. &nbsp;I also created a new Vlan(65) and assigned it to the port that the .2 box is connected to, so it looks like this<br />
<br />
Prod1--172.19.1.2<br />
&nbsp;|<br />
Core1<br />
&nbsp;|<br />
ASA5520--172.19.1.1<br />
<br />
the new zone has a security level of 90. &nbsp;the vlan propogated to both switches okay, but I can not ping the .1 address from the .2 box. &nbsp;Do I need a route somewhere, we already us eigrp on the network.
</div>
</div>


We have a 6509 at our core and an ASA 5520 as our edge firewall.  I am trying to test something and created a new zone in the firewall, with an IP address of 172.19.1.1/24 .  I put a box conneted to a 4500 switch with an IP of 172.19.1.2/24.  I also created a new Vlan(65) and assigned it to the port that the .2 box is connected to, so it looks like this

Prod1--172.19.1.2
 |
Core1
 |
ASA5520--172.19.1.1

the new zone has a security level of 90.  the vlan propogated to both switches okay, but I can not ping the .1 address from the .2 box.  Do I need a route somewhere, we already us eigrp on the network.

Create Test DMZ and vlan

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

Routers

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.