Hi All Am setting up DMZ and I want th LAN to access DMZ using RDP. So far I can`t ping dmz from lan and can`t access the Server on DMZ from LAN kindly tell me what am missing below are the configs hostname Ukuta domain-name ic.com enable password lJVPuxPhcYrtQ9qcK encrypted passwd lJVPuxPhcYRQghn9cK encrypted names name 10.2.0.9 evault-srv name 10.2.0.18 voip-gateway name 10.2.0.16 citrix-srv dns-guard ! interface Ethernet0/0 description outside nameif outside security-level 0 ip address 195.202.81.170 255.255.255.248 ! interface Ethernet0/1 description inside nameif inside security-level 100 ip address 10.2.0.11 255.255.0.0 ! interface Ethernet0/2 description DMZ Zone nameif DMZ security-level 50 ip address 192.168.10.254 255.255.255.0 ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 description management interface nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! banner login Warning: unauthorized access is prohibited and punishable to the full extent of the law. boot system disk0:/asa821-k8.bin boot system disk0:/asa803-k8.bin boot system disk0:/asa724-k8_1.bin ftp mode passive dns domain-lookup outside dns server-group DefaultDNS name-server 195.202.64.1 name-server 195.202.64.2 domain-name ic.com object-group service WEB-SERVICES tcp port-object eq https port-object eq www port-object eq 8080 port-object eq 1026 port-object eq domain object-group service MAIL-SERVICES tcp description MAIL-SERVER *10.2.0.87* port-object eq 993 port-object eq 465 port-object eq imap4 port-object eq smtp port-object eq pop2 port-object eq https port-object eq pop3 object-group service EVAULT-SERVICES tcp description EVAULT-PORTS port-object eq 2547 port-object eq 807 port-object eq 808 port-object eq 12547 port-object eq 2546 object-group network DirectIntNAT description IPs that can access Internet directly network-object 192.168.1.0 255.255.255.0 network-object host 10.2.0.149 network-object host 10.2.0.12 network-object host 10.2.0.4 network-object host 10.2.0.55 network-object host 10.2.0.87 network-object host 10.2.0.89 network-object host 10.2.0.97 network-object host 10.2.0.98 network-object host evault-srv network-object host 10.2.0.53 network-object host 10.2.0.88 network-object host 10.2.0.79 network-object host 10.2.0.77 network-object host 10.2.0.106 network-object host 10.2.0.81 network-object host 10.2.0.227 network-object host 10.2.0.10 network-object host 10.2.0.8 network-object host 10.2.0.29 network-object host 10.2.4.95 network-object host 10.2.0.73 network-object host 10.2.0.72 network-object host 10.2.0.51 network-object host 10.2.0.58 network-object host 10.2.4.96 network-object host 10.2.0.99 network-object host 10.2.0.30 network-object host 10.2.0.71 network-object host 10.2.0.46 network-object host 10.2.0.41 object-group service DM_INLINE_SERVICE_1 object-group service ActiveSync990 tcp description Port 990 for Active Sync port-object eq 990 port-object eq 5678 port-object eq 5721 port-object eq 587 port-object eq 993 port-object eq 999 access-list IPS extended permit ip any any access-list outside_access_in extended permit tcp any any object-group WEB-SERVICES access-list outside_access_in extended permit tcp any interface outside object-group MAIL-SERVICES log access-list outside_access_in extended permit tcp any host evault-srv object-group EVAULT-SERVICES log access-list outside_access_in extended permit tcp any interface outside eq citrix-ica access-list outside_access_in extended permit icmp any any access-list outside_access_in extended permit icmp any any time-exceeded access-list outside_access_in extended permit icmp any any unreachable access-list outside_access_in extended permit icmp any any source-quench access-list outside_access_in extended permit tcp any any object-group MAIL-SERVICES log access-list outside_access_in extended permit tcp any any object-group ActiveSync990 access-list outside_access_in remark implicit deny all access-list outside_access_in extended deny ip any any access-list inside_nat0_outbound extended permit ip 10.2.0.0 255.255.0.0 10.2.5.0 255.255.255.224 access-list inside_nat0_outbound extended permit ip any 10.2.5.0 255.255.255.224 access-list inside_nat0_outbound extended permit ip 10.2.5.0 255.255.255.0 10.2.0.0 255.255.0.0 access-list inside_nat0_outbound extended permit ip any 10.2.0.240 255.255.255.240 access-list inside_nat0_outbound extended permit ip any 10.2.5.0 255.255.255.128 access-list inside_nat0_outbound extended permit ip 10.2.0.0 255.255.0.0 10.2.5.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 10.2.4.0 255.255.255.224 access-list inside_nat0_outbound extended permit ip 10.2.0.0 255.255.0.0 10.2.0.216 255.255.255.248 access-list inside_nat0_outbound extended permit ip any 10.2.0.216 255.255.255.248 access-list ICEAVPNRA_splitTunnelAcl standard permit any access-list ICEA_splitTunnelAcl standard permit any access-list LocalLANAccess standard permit 10.2.0.0 255.255.0.0 access-list ICEARA_splitTunnelAcl standard permit any access-list inside_nat_outbound extended permit ip object-group DirectIntNAT any pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 mtu DMZ 1500 mtu management 1500 ip local pool vpn_ips 10.2.0.216-10.2.0.220 mask 255.255.0.0 ip local pool vpn_ips2 10.2.5.1-10.2.5.50 mask 255.255.0.0 icmp unreachable rate-limit 1 burst-size 1 icmp permit any outside icmp permit any inside asdm image disk0:/asdm-631.bin no asdm history enable arp timeout 14400 nat-control global (outside) 101 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 101 access-list inside_nat_outbound nat (inside) 101 10.2.0.12 255.255.255.255 nat (inside) 101 10.2.0.89 255.255.255.255 nat (inside) 101 10.2.0.149 255.255.255.255 static (outside,inside) tcp 10.2.0.10 5679 195.202.81.170 5679 netmask 255.255.255.255 static (outside,outside) tcp 10.2.0.153 7001 10.2.0.153 7001 netmask 255.255.255.255 static (inside,outside) tcp interface citrix-ica 10.2.0.87 citrix-ica netmask 255.255.255.255 static (inside,outside) tcp interface 465 10.2.0.46 465 netmask 255.255.255.255 static (inside,outside) tcp interface smtp 10.2.0.46 smtp netmask 255.255.255.255 static (inside,outside) tcp interface imap4 10.2.0.46 imap4 netmask 255.255.255.255 static (inside,outside) tcp interface pop3 10.2.0.46 pop3 netmask 255.255.255.255 static (inside,outside) tcp interface https 10.2.0.46 https netmask 255.255.255.255 static (inside,outside) tcp interface 990 10.2.0.46 990 netmask 255.255.255.255 static (inside,outside) tcp interface 999 10.2.0.46 999 netmask 255.255.255.255 static (inside,outside) tcp interface 5678 10.2.0.46 5678 netmask 255.255.255.255 static (inside,outside) tcp interface 5721 10.2.0.46 5721 netmask 255.255.255.255 static (inside,outside) tcp interface 26675 10.2.0.46 26675 netmask 255.255.255.255 static (inside,outside) tcp interface 993 10.2.0.46 993 netmask 255.255.255.255 static (inside,outside) tcp interface 587 10.2.0.46 587 netmask 255.255.255.255 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 195.202.81.174 1 route inside 10.21.0.0 255.255.224.0 10.2.0.27 1 route inside 172.22.254.0 255.255.255.224 10.2.0.25 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 10.2.0.0 255.255.255.0 inside http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-128-MD5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto isakmp identity hostname crypto isakmp enable outside crypto isakmp enable inside crypto isakmp policy 10 authentication pre-share encryption aes hash md5 group 2 lifetime 86400 telnet 10.2.0.0 255.255.255.0 inside telnet timeout 5 ssh 10.2.0.82 255.255.255.255 inside ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl encryption des-sha1 rc4-md5 webvpn group-policy ICEARA internal group-policy ICEARA attributes dns-server value 10.2.0.89 10.2.0.98 default-domain value icea.com username vwainaina password B.CA3.rL63N4U.O4 encrypted username vwainaina attributes vpn-group-policy ICEARA username test1 password C7gQOMTxCEoaINky encrypted username test password P4ttSyrm33SV8TYp encrypted username test attributes vpn-group-policy ICEARA vpn-access-hours none vpn-simultaneous-logins 1 vpn-idle-timeout 30 vpn-session-timeout none vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn group-lock value ICEARA username imutua password jnIz5/2R3pqxmnl6 encrypted username imutua attributes vpn-group-policy DfltGrpPolicy username awaburi password GXHxEu03DxJOSMJ1 encrypted username tmasudi password ePlX/AjfmvUU6Fsu encrypted privilege 15 username tmasudi attributes vpn-group-policy ICEARA username iceadmin password TiUC4sIBt7uF.xnb encrypted username iceaadmin password TiUC4sIBt7uF.xnb encrypted privilege 15 username soluoch password WVNRbJ8S3.GQc9fV encrypted username soluoch attributes vpn-group-policy DfltGrpPolicy username smbugua password pRJuRFSbQ/1ek8K8 encrypted privilege 15 username smbugua attributes vpn-group-policy ICEARA service-type remote-access username vicky password STOg/nQM6msaWHdq encrypted username vicky attributes vpn-group-policy DfltGrpPolicy tunnel-group ICEARA type remote-access tunnel-group ICEARA general-attributes address-pool vpn_ips2 default-group-policy ICEARA tunnel-group ICEARA ipsec-attributes pre-shared-key * ! class-map ips-class match access-list IPS class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map ips-policy class ips-class ips inline fail-open policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp class ips-class ips inline fail-open policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 ! service-policy global_policy global smtp-server 10.2.0.87 prompt hostname context Cryptochecksum:a2e591d6708eaa3461b6f66b4b23d4c6 : end