Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 507
  • Last Modified:

Create Test DMZ and vlan

We have a 6509 at our core and an ASA 5520 as our edge firewall.  I am trying to test something and created a new zone in the firewall, with an IP address of 172.19.1.1/24 .  I put a box conneted to a 4500 switch with an IP of 172.19.1.2/24.  I also created a new Vlan(65) and assigned it to the port that the .2 box is connected to, so it looks like this

Prod1--172.19.1.2
 |
Core1
 |
ASA5520--172.19.1.1

the new zone has a security level of 90.  the vlan propogated to both switches okay, but I can not ping the .1 address from the .2 box.  Do I need a route somewhere, we already us eigrp on the network.
0
jiggin23
Asked:
jiggin23
  • 2
  • 2
1 Solution
 
H_HarryCommented:
Have you allowed ICMP through the ASA via an ACL?
 
You could try debuging ICMP from the firewall and see if it is reaching the ASA or not.
 
#debug icmp trace
 
 
0
 
jiggin23Author Commented:
yes i have allowed icmp through the firewall from the new zone, i have an ip any to any and icmp any to any rule on that interface
0
 
H_HarryCommented:
If you debug it can you see the traffic - this will tell you if the problem is with the ASA or before / after it.
0
 
kdearingCommented:
Is that new VLAN connected by a separate link?
If not, you'll need to trunk the connection between the 6509 and the ASA.
0
 
jiggin23Author Commented:
Forgot to trunk the new vlan to the core, thanks.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now