<div>
Oh, 
assuming here that the interfaces are named: dmz and outside. And there is no outside access list (yet). Otherwise rename access-list and access-group to the name that you use.
</div>

<div>
dear 
still doesn't work , this is config 
 
 
access-list 101 extended permit icmp 40.40.40.128 255.255.255.128 any echo 
access-list 101 extended permit icmp any 40.40.40.128 255.255.255.128 time-exceeded 
access-list 101 extended permit icmp any 40.40.40.128 255.255.255.128 echo 
access-list 101 extended permit icmp any 40.40.40.128 255.255.255.128 echo-reply 
access-list 101 extended permit icmp 40.40.40.128 255.255.255.128 any echo-reply 
access-list 101 extended permit ip any host 40.40.40.11 
 
access-group 101 in interface outside 
 
 
static (dmz,outside) 40.40.40.11 10.10.10.11 netmask 255.255.255.255 &nbsp; 
 
 
interface GigabitEthernet3/0 
&nbsp;nameif outside 
&nbsp;security-level 0 
&nbsp;ip address 40.40.40.1 255.255.255.248 standby 40.40.40.2 
! 
interface GigabitEthernet3/1 
&nbsp;no nameif 
&nbsp;no security-level 
&nbsp;no ip address 
! 
interface GigabitEthernet3/1.10 
&nbsp;vlan 10 
&nbsp;nameif dmz 
&nbsp;security-level 50 
&nbsp;ip address 10.10.10.2 255.255.255.0 standby 10.200.200.3 
! 

</div>

<div>
Hi, 
 
What about your DMZ ? Do you have some NAT (global, nat (dmz), etc.), and some access-list ? 
 
Can your DMZ go to Internet ? 
 
If your DMZ hasn't access-list/access-group, it will not work. 
 
 

</div>

<div>
No need for access list/group, you going from a higher to a lower security interface.
</div>

<div>
Dear erniebeek 
 
I change to 
interface GigabitEthernet3/0 
&nbsp;nameif outside 
&nbsp;security-level 0 
&nbsp;ip address 40.40.40.1 255.255.255.192 standby 40.40.40.2 
 
but still i cannot connect ping from out side to this IP 40.40.40.11 &nbsp;but from my router (40.40.40.3 )that connect to interface outside ASA I can make ping to 40.40.40.11!!!!
</div>

<div>
Ok, that looks like we have to have a look at the router as wel. Could you post a (sanitized) config?
</div>

<div>
@erniebeek : you're right :) 
 
@memo : you talk about your router, does it redirect the trafic to the ASA (bridging ?) ? 
 
For your ASA, &nbsp;think you must follow the config of erniebeek who redirect just one port, ex. 80 &nbsp;: 
 
static (dmz,outside) tcp 40.40.40.11 80 10.10.10.11 80 netmask 255.255.255.255
</div>

<div>
 
Dear erniebeek 
 
router config 
 
interface GigabitEthernet0/1 
description lin to internet 
&nbsp;ip address 40.40.40.230 255.255.255.192 
&nbsp;duplex auto 
&nbsp;speed auto 
&nbsp;standby 11 ip 40.40.40.231 
&nbsp;standby 11 timers 3 9 
&nbsp;standby 11 priority 120 
&nbsp;standby 11 preempt 
&nbsp;standby 11 track 1 decrement 25 
! 
interface GigabitEthernet0/2 
&nbsp;description Link ASA firewall 
&nbsp;ip address 40.40.40.4 255.255.255.192 
&nbsp;duplex auto 
&nbsp;speed auto 
&nbsp;standby 10 ip 40.40.40.6 
&nbsp;standby 10 timers 3 9 
&nbsp;standby 10 priority 120 
&nbsp;standby 10 preempt 
&nbsp;standby 10 track 1 decrement 25 
 
 
! 
ip route 0.0.0.0 0.0.0.0 40.40.40.200 
ip route 40.40.40.0 255.255.255.192 40.40.40.1 
 
 
there no problem in router why I still from outside why cannot make ping to 40.40.40.11 but they can ping to 40.40.40.1 (interface ASA outside ) !!!! 
please check if need some thing to add 
static (dmz,outside) 40.40.40.11 10.10.10.11 netmask 255.255.255.255 &nbsp; (mean all port open )!! 
help me
</div>

<div>
this is traceroute from outside to IP 40.40.40.11 
 
C:\Users\tracert -d 40.40.40.11 
 
 
&nbsp; 1 &nbsp; &nbsp; * &nbsp; &nbsp; &nbsp; &nbsp;* &nbsp; &nbsp; &nbsp; &nbsp;* &nbsp; &nbsp; Request timed out. 
&nbsp; 2 &nbsp; 109 ms &nbsp; 128 ms &nbsp; 128 ms &nbsp;10.64.0.17 
&nbsp; 3 &nbsp; 101 ms &nbsp; &nbsp;88 ms &nbsp; 123 ms &nbsp;10.20.20.1 
&nbsp; 4 &nbsp; 112 ms &nbsp; 208 ms &nbsp; 118 ms &nbsp;X.X.X.97 
&nbsp; 5 &nbsp; 101 ms &nbsp; 123 ms &nbsp; 138 ms &nbsp;Y.Y.Y.146 
&nbsp; 6 &nbsp; 106 ms &nbsp; &nbsp; * &nbsp; &nbsp; &nbsp;190 ms &nbsp;10.10.0.1 
&nbsp; 7 &nbsp; &nbsp;94 ms &nbsp; 187 ms &nbsp; 129 ms &nbsp;172.29.0.2 
&nbsp; 8 &nbsp; &nbsp;82 ms &nbsp; 133 ms &nbsp; 133 ms &nbsp;10.193.193.6 
&nbsp; 9 &nbsp; 110 ms &nbsp; 168 ms &nbsp; 158 ms &nbsp;172.17.1.1 
&nbsp;10 &nbsp; 111 ms &nbsp; 152 ms &nbsp; 203 ms &nbsp;10.254.3.29 
&nbsp;11 &nbsp; 106 ms &nbsp; 128 ms &nbsp; 123 ms &nbsp;40.40.40.230 
&nbsp;12 &nbsp; &nbsp; * &nbsp; &nbsp; &nbsp; &nbsp;* &nbsp; &nbsp; &nbsp; &nbsp;* &nbsp; &nbsp; Request timed out. 
 
 
!!! why it cannot ping to ASA 
&nbsp;but when tracert &nbsp;to 40.40.40.1 &nbsp; 
C:\Users\tracert -d 40.40.40.11 
 
 
&nbsp; 1 &nbsp; &nbsp; * &nbsp; &nbsp; &nbsp; &nbsp;* &nbsp; &nbsp; &nbsp; &nbsp;* &nbsp; &nbsp; Request timed out. 
&nbsp; 2 &nbsp; 109 ms &nbsp; 128 ms &nbsp; 128 ms &nbsp;10.64.0.17 
&nbsp; 3 &nbsp; 101 ms &nbsp; &nbsp;88 ms &nbsp; 123 ms &nbsp;10.20.20.1 
&nbsp; 4 &nbsp; 112 ms &nbsp; 208 ms &nbsp; 118 ms &nbsp;X.X.X.97 
&nbsp; 5 &nbsp; 101 ms &nbsp; 123 ms &nbsp; 138 ms &nbsp;Y.Y.Y.146 
&nbsp; 6 &nbsp; 106 ms &nbsp; &nbsp; * &nbsp; &nbsp; &nbsp;190 ms &nbsp;10.10.0.1 
&nbsp; 7 &nbsp; &nbsp;94 ms &nbsp; 187 ms &nbsp; 129 ms &nbsp;172.29.0.2 
&nbsp; 8 &nbsp; &nbsp;82 ms &nbsp; 133 ms &nbsp; 133 ms &nbsp;10.193.193.6 
&nbsp; 9 &nbsp; 110 ms &nbsp; 168 ms &nbsp; 158 ms &nbsp;172.17.1.1 
&nbsp;10 &nbsp; 111 ms &nbsp; 152 ms &nbsp; 203 ms &nbsp;10.254.3.29 
&nbsp;11 &nbsp; 106 ms &nbsp; 128 ms &nbsp; 123 ms &nbsp;40.40.40.230 
&nbsp;12 &nbsp; 101 ms &nbsp; 133 ms &nbsp; 128 ms &nbsp; 40.40.40.1
</div>

<div>
sorry 
 
C:\Users\tracert -d 40.40.40.1 
 
 
&nbsp; 1 &nbsp; &nbsp; * &nbsp; &nbsp; &nbsp; &nbsp;* &nbsp; &nbsp; &nbsp; &nbsp;* &nbsp; &nbsp; Request timed out. 
&nbsp; 2 &nbsp; 109 ms &nbsp; 128 ms &nbsp; 128 ms &nbsp;10.64.0.17 
&nbsp; 3 &nbsp; 101 ms &nbsp; &nbsp;88 ms &nbsp; 123 ms &nbsp;10.20.20.1 
&nbsp; 4 &nbsp; 112 ms &nbsp; 208 ms &nbsp; 118 ms &nbsp;X.X.X.97 
&nbsp; 5 &nbsp; 101 ms &nbsp; 123 ms &nbsp; 138 ms &nbsp;Y.Y.Y.146 
&nbsp; 6 &nbsp; 106 ms &nbsp; &nbsp; * &nbsp; &nbsp; &nbsp;190 ms &nbsp;10.10.0.1 
&nbsp; 7 &nbsp; &nbsp;94 ms &nbsp; 187 ms &nbsp; 129 ms &nbsp;172.29.0.2 
&nbsp; 8 &nbsp; &nbsp;82 ms &nbsp; 133 ms &nbsp; 133 ms &nbsp;10.193.193.6 
&nbsp; 9 &nbsp; 110 ms &nbsp; 168 ms &nbsp; 158 ms &nbsp;172.17.1.1 
&nbsp;10 &nbsp; 111 ms &nbsp; 152 ms &nbsp; 203 ms &nbsp;10.254.3.29 
&nbsp;11 &nbsp; 106 ms &nbsp; 128 ms &nbsp; 123 ms &nbsp;40.40.40.230 
&nbsp;12 &nbsp; 101 ms &nbsp; 133 ms &nbsp; 128 ms &nbsp; 40.40.40.1
</div>

<div>
I think you need some NAT on your router to redirect trafic from the router to your ASA. 
 
For example : 
 

<pre><code class="code-1 nolinks" id="code-20-36950907-1">ip nat inside source static &lt;local ip&gt; &lt;global ip&gt;
ip nat inside source static 10.10.10.11 40.40.40.11
</code></pre>
 
You'll need an ACL on your router like 
<pre><code class="code-1 nolinks" id="code-20-36950907-2">access-list 10 permit ip any 40.40.40.11
</code></pre>
 
And finally configure your interfaces with NAT : 
 

<pre><code class="code-1 nolinks" id="code-20-36950907-3">interface GigabitEthernet0/1
ip nat outside

interface GigabitEthernet0/2
ip nat inside
</code></pre>
 
Hope I make no error, i think erniebeek will see :)
</div>

ASA.jpg

<div>
sorry solve there is mistake ip Getaway of server 
</div>

<div>
Ok, glad you solved it :) 
Thx for the points.
</div>

<div>
I have another problem &nbsp; 
Dear I have this network diagram 
 
from pc (10.10.10.2) can ping to 10.10.10.1 (dmz firewall) and pc 192.168.1.2 can ping to 10.10.10.1 
 
But pc 10.10.10.2 cannot ping to ip 192.168.1.1 or 192.168.1.2 
 
I think need add access or nat to permit plz send to me this config 
 
 
Note :- 
 
from firewall can ping to both ips 10.10.10.2 and 192.168.1.2 
<a href="https://filedb.experts-exchange.com/incoming/2011/10_w42/511337/test.jpg" target="_blank" class="file-inline" title="as (22 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>test.jpg</a>
</div>

test.jpg

<div>
if u want answer me by new question 
 
 
please see this link answer me 
 
<a href="https://www.experts-exchange.com/questions/27392404/ip-route-doesn't-work-in-ASA.html" rel="ugc">https://www.experts-exchange.com/questions/27392404/ip-route-doesn't-work-in-ASA.html</a> 
 
 
Regard 
</div>

<div>
<div class="content wysiwyg-content">
dear 
 
I have server in DMZ zone his IP 10.10.10.11 
 
i want each one from outside see this ip by this Public IP 40.40.40.11 and also can access to it 
 
please write to me what need with access if want in interface outside 

</div>
</div>

dear 

I have server in DMZ zone his IP 10.10.10.11

i want each one from outside see this ip by this Public IP 40.40.40.11 and also can access to it 

please write to me what need with access if want in interface outside 


outside to DMZ

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).