> Am setting up DMZ and I want th LAN to access DMZ using RDP. So far I can`t
> ping dmz from lan
> and can`t access the Server on DMZ from LAN
> kindly tell me what am missing below are the configs
>
>
On phone so didn't check very closely but I couldn't find a NAT between internal and DMZ network

Also, get in a habit of using named object instead of IP. Make your life far better when reading the configuration file

Oh and strip password and public IP when posting public.  Its not a plain password but still ...
"
>
> hostname Ukuta
>
> domain-name ic.com
>
> enable password lJVPuxPhcYrtQ9qcK encrypted
>
> passwd lJVPuxPhcYRQghn9cK encrypted
>
> names
>
> name 10.2.0.9 evault-srv
>
> name 10.2.0.18 voip-gateway
>
> name 10.2.0.16 citrix-srv
>
> dns-guard
>
> !
>
> interface Ethernet0/0
>
>  description outside
>
>  nameif outside
>
>  security-level 0
>
>  ip address 195.202.81.170 255.255.255.248
>
> !
>
> interface Ethernet0/1
>
>  description inside
>
>  nameif inside
>
>  security-level 100
>
>  ip address 10.2.0.11 255.255.0.0
>
> !
>
> interface Ethernet0/2
>
>  description DMZ Zone
>
>  nameif DMZ
>
>  security-level 50
>
>  ip address 192.168.10.254 255.255.255.0
>
> !
>
> interface Ethernet0/3
>
>  shutdown
>
>  no nameif
>
>  no security-level
>
>  no ip address
>
> !
>
> interface Management0/0
>
>  description management interface
>
>  nameif management
>
>  security-level 100
>
>  ip address 192.168.1.1 255.255.255.0
>
>  management-only
>
> !
>
> banner login Warning: unauthorized access is prohibited and punishable to
> the full extent of the law.
>
> boot system disk0:/asa821-k8.bin
>
> boot system disk0:/asa803-k8.bin
>
> boot system disk0:/asa724-k8_1.bin
>
> ftp mode passive
>
> dns domain-lookup outside
>
> dns server-group DefaultDNS
>
>  name-server 195.202.64.1
>
>  name-server 195.202.64.2
>
>  domain-name ic.com
>
> object-group service WEB-SERVICES tcp
>
>  port-object eq https
>
>  port-object eq www
>
>  port-object eq 8080
>
>  port-object eq 1026
>
>  port-object eq domain
>
> object-group service MAIL-SERVICES tcp
>
>  description MAIL-SERVER *10.2.0.87*
>
>  port-object eq 993
>
>  port-object eq 465
>
>  port-object eq imap4
>
>  port-object eq smtp
>
>  port-object eq pop2
>
>  port-object eq https
>
>  port-object eq pop3
>
> object-group service EVAULT-SERVICES tcp
>
>  description EVAULT-PORTS
>
>  port-object eq 2547
>
>  port-object eq 807
>
>  port-object eq 808
>
>  port-object eq 12547
>
>  port-object eq 2546
>
> object-group network DirectIntNAT
>
>  description IPs that can access Internet directly
>
>  network-object 192.168.1.0 255.255.255.0
>
>  network-object host 10.2.0.149
>
>  network-object host 10.2.0.12
>
>  network-object host 10.2.0.4
>
>  network-object host 10.2.0.55
>
>  network-object host 10.2.0.87
>
>  network-object host 10.2.0.89
>
>  network-object host 10.2.0.97
>
>  network-object host 10.2.0.98
>
>  network-object host evault-srv
>
>  network-object host 10.2.0.53
>
>  network-object host 10.2.0.88
>
>  network-object host 10.2.0.79
>
>  network-object host 10.2.0.77
>
>  network-object host 10.2.0.106
>
>  network-object host 10.2.0.81
>
>  network-object host 10.2.0.227
>
>  network-object host 10.2.0.10
>
>  network-object host 10.2.0.8
>
>  network-object host 10.2.0.29
>
>  network-object host 10.2.4.95
>
>  network-object host 10.2.0.73
>
>  network-object host 10.2.0.72
>
>  network-object host 10.2.0.51
>
>  network-object host 10.2.0.58
>
>  network-object host 10.2.4.96
>
>  network-object host 10.2.0.99
>
>  network-object host 10.2.0.30
>
>  network-object host 10.2.0.71
>
>  network-object host 10.2.0.46
>
>  network-object host 10.2.0.41
>
> object-group service DM_INLINE_SERVICE_1
>
> object-group service ActiveSync990 tcp
>
>  description Port 990 for Active Sync
>
>  port-object eq 990
>
>  port-object eq 5678
>
>  port-object eq 5721
>
>  port-object eq 587
>
>  port-object eq 993
>
>  port-object eq 999
>
> access-list IPS extended permit ip any any
>
> access-list outside_access_in extended permit tcp any any object-group
> WEB-SERVICES
>
> access-list outside_access_in extended permit tcp any interface outside
> object-group MAIL-SERVICES log
>
> access-list outside_access_in extended permit tcp any host evault-srv
> object-group EVAULT-SERVICES log
>
> access-list outside_access_in extended permit tcp any interface outside eq
> citrix-ica
>
> access-list outside_access_in extended permit icmp any any
>
> access-list outside_access_in extended permit icmp any any time-exceeded
>
> access-list outside_access_in extended permit icmp any any unreachable
>
> access-list outside_access_in extended permit icmp any any source-quench
>
> access-list outside_access_in extended permit tcp any any object-group
> MAIL-SERVICES log
>
> access-list outside_access_in extended permit tcp any any object-group
> ActiveSync990
>
> access-list outside_access_in remark implicit deny all
>
> access-list outside_access_in extended deny ip any any
>
> access-list inside_nat0_outbound extended permit ip 10.2.0.0 255.255.0.0
> 10.2.5.0 255.255.255.224
>
> access-list inside_nat0_outbound extended permit ip any 10.2.5.0
> 255.255.255.224
>
> access-list inside_nat0_outbound extended permit ip 10.2.5.0 255.255.255.0
> 10.2.0.0 255.255.0.0
>
> access-list inside_nat0_outbound extended permit ip any 10.2.0.240
> 255.255.255.240
>
> access-list inside_nat0_outbound extended permit ip any 10.2.5.0
> 255.255.255.128
>
> access-list inside_nat0_outbound extended permit ip 10.2.0.0 255.255.0.0
> 10.2.5.0 255.255.255.0
>
> access-list inside_nat0_outbound extended permit ip any 10.2.4.0
> 255.255.255.224
>
> access-list inside_nat0_outbound extended permit ip 10.2.0.0 255.255.0.0
> 10.2.0.216 255.255.255.248
>
> access-list inside_nat0_outbound extended permit ip any 10.2.0.216
> 255.255.255.248
>
> access-list ICEAVPNRA_splitTunnelAcl standard permit any
>
> access-list ICEA_splitTunnelAcl standard permit any
>
> access-list LocalLANAccess standard permit 10.2.0.0 255.255.0.0
>
> access-list ICEARA_splitTunnelAcl standard permit any
>
> access-list inside_nat_outbound extended permit ip object-group
> DirectIntNAT any
>
> pager lines 24
>
> logging enable
>
> logging asdm informational
>
> mtu outside 1500
>
> mtu inside 1500
>
> mtu DMZ 1500
>
> mtu management 1500
>
> ip local pool vpn_ips 10.2.0.216-10.2.0.220 mask 255.255.0.0
>
> ip local pool vpn_ips2 10.2.5.1-10.2.5.50 mask 255.255.0.0
>
> icmp unreachable rate-limit 1 burst-size 1
>
> icmp permit any outside
>
> icmp permit any inside
>
> asdm image disk0:/asdm-631.bin
>
> no asdm history enable
>
> arp timeout 14400
>
> nat-control
>
> global (outside) 101 interface
>
> nat (inside) 0 access-list inside_nat0_outbound
>
> nat (inside) 101 access-list inside_nat_outbound
>
> nat (inside) 101 10.2.0.12 255.255.255.255
>
> nat (inside) 101 10.2.0.89 255.255.255.255
>
> nat (inside) 101 10.2.0.149 255.255.255.255
>
> static (outside,inside) tcp 10.2.0.10 5679 195.202.81.170 5679 netmask
> 255.255.255.255
>
> static (outside,outside) tcp 10.2.0.153 7001 10.2.0.153 7001 netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface citrix-ica 10.2.0.87 citrix-ica
> netmask 255.255.255.255
>
> static (inside,outside) tcp interface 465 10.2.0.46 465 netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface smtp 10.2.0.46 smtp netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface imap4 10.2.0.46 imap4 netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface pop3 10.2.0.46 pop3 netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface https 10.2.0.46 https netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface 990 10.2.0.46 990 netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface 999 10.2.0.46 999 netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface 5678 10.2.0.46 5678 netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface 5721 10.2.0.46 5721 netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface 26675 10.2.0.46 26675 netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface 993 10.2.0.46 993 netmask
> 255.255.255.255
>
> static (inside,outside) tcp interface 587 10.2.0.46 587 netmask
> 255.255.255.255
>
> access-group outside_access_in in interface outside
>
> route outside 0.0.0.0 0.0.0.0 195.202.81.174 1
>
> route inside 10.21.0.0 255.255.224.0 10.2.0.27 1
>
> route inside 172.22.254.0 255.255.255.224 10.2.0.25 1
>
> timeout xlate 3:00:00
>
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
>
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
> 0:05:00
>
> timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
> 0:02:00
>
> timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
>
> timeout tcp-proxy-reassembly 0:01:00
>
> dynamic-access-policy-record DfltAccessPolicy
>
> aaa authentication ssh console LOCAL
>
> http server enable
>
> http 10.2.0.0 255.255.255.0 inside
>
> http 192.168.1.0 255.255.255.0 management
>
> no snmp-server location
>
> no snmp-server contact
>
> snmp-server enable traps snmp authentication linkup linkdown coldstart
>
> crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
>
> crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
>
> crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
>
> crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
>
> crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
>
> crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
>
> crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
>
> crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
>
> crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
>
> crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
>
> crypto ipsec security-association lifetime seconds 28800
>
> crypto ipsec security-association lifetime kilobytes 4608000
>
> crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-128-MD5
>
> crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set
> ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5
> ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA
> ESP-DES-MD5
>
> crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
>
> crypto map outside_map interface outside
>
> crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
>
> crypto map inside_map interface inside
>
> crypto isakmp identity hostname
>
> crypto isakmp enable outside
>
> crypto isakmp enable inside
>
> crypto isakmp policy 10
>
>  authentication pre-share
>
>  encryption aes
>
>  hash md5
>
>  group 2
>
>  lifetime 86400
>
> telnet 10.2.0.0 255.255.255.0 inside
>
> telnet timeout 5
>
> ssh 10.2.0.82 255.255.255.255 inside
>
> ssh timeout 5
>
> console timeout 0
>
> dhcpd address 192.168.1.2-192.168.1.254 management
>
> dhcpd enable management
>
> !
>
> threat-detection basic-threat
>
> threat-detection statistics access-list
>
> no threat-detection statistics tcp-intercept
>
> ssl encryption des-sha1 rc4-md5
>
> webvpn
>
> group-policy ICEARA internal
>
> group-policy ICEARA attributes
>
>  dns-server value 10.2.0.89 10.2.0.98
>
>  default-domain value icea.com
>
> username vwainaina password B.CA3.rL63N4U.O4 encrypted
>
> username vwainaina attributes
>
>  vpn-group-policy ICEARA
>
> username test1 password C7gQOMTxCEoaINky encrypted
>
> username test password P4ttSyrm33SV8TYp encrypted
>
> username test attributes
>
>  vpn-group-policy ICEARA
>
>  vpn-access-hours none
>
>  vpn-simultaneous-logins 1
>
>  vpn-idle-timeout 30
>
>  vpn-session-timeout none
>
>  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
>
>  group-lock value ICEARA
>
> username imutua password jnIz5/2R3pqxmnl6 encrypted
>
> username imutua attributes
>
>  vpn-group-policy DfltGrpPolicy
>
> username awaburi password GXHxEu03DxJOSMJ1 encrypted
>
> username tmasudi password ePlX/AjfmvUU6Fsu encrypted privilege 15
>
> username tmasudi attributes
>
>  vpn-group-policy ICEARA
>
> username iceadmin password TiUC4sIBt7uF.xnb encrypted
>
> username iceaadmin password TiUC4sIBt7uF.xnb encrypted privilege 15
>
> username soluoch password WVNRbJ8S3.GQc9fV encrypted
>
> username soluoch attributes
>
>  vpn-group-policy DfltGrpPolicy
>
> username smbugua password pRJuRFSbQ/1ek8K8 encrypted privilege 15
>
> username smbugua attributes
>
>  vpn-group-policy ICEARA
>
>  service-type remote-access
>
> username vicky password STOg/nQM6msaWHdq encrypted
>
> username vicky attributes
>
>  vpn-group-policy DfltGrpPolicy
>
> tunnel-group ICEARA type remote-access
>
> tunnel-group ICEARA general-attributes
>
>  address-pool vpn_ips2
>
>  default-group-policy ICEARA
>
> tunnel-group ICEARA ipsec-attributes
>
>  pre-shared-key *
>
> !
>
> class-map ips-class
>
>  match access-list IPS
>
> class-map inspection_default
>
>  match default-inspection-traffic
>
> !
>
> !
>
> policy-map type inspect dns preset_dns_map
>
>  parameters
>
>   message-length maximum 512
>
> policy-map ips-policy
>
>  class ips-class
>
>   ips inline fail-open
>
> policy-map global_policy
>
>  class inspection_default
>
>   inspect dns preset_dns_map
>
>   inspect ftp
>
>   inspect h323 h225
>
>   inspect h323 ras
>
>   inspect rsh
>
>   inspect rtsp
>
>   inspect esmtp
>
>   inspect sqlnet
>
>   inspect skinny
>
>   inspect sunrpc
>
>   inspect xdmcp
>
>   inspect sip
>
>   inspect netbios
>
>   inspect tftp
>
>  class ips-class
>
>   ips inline fail-open
>
> policy-map type inspect dns migrated_dns_map_1
>
>  parameters
>
>   message-length maximum 512
>
> !
>
> service-policy global_policy global
>
> smtp-server 10.2.0.87
>
> prompt hostname context
>
> Cryptochecksum:a2e591d6708eaa3461b6f66b4b23d4c6
>
> : end
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.my.co.ke/cgi-bin/mailman/private/skunkworks/attachments/20120927/997f1a9c/attachment.htm>
>
> ------------------------------
>
> _______________________________________________
> Skunkworks mailing list
> Skunkworks@lists.my.co.ke
> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> ------------
> Skunkworks Server donations spreadsheet
> http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
> ------------
> Skunkworks Rules
> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
> ------------
> Other services @ http://my.co.ke
>
> End of Skunkworks Digest, Vol 31, Issue 269
> *******************************************