Remote Client ICMP issue

Unanswered Question
Feb 1st, 2007

Hello, I have a 5510 running 7.2(2) and have successfully configured it to recieve connections from remote users running the cisco software client. The connection is successful, and all traffic functions with the exception of ICMP. While I can access a file share, I cannot ping the file server.

A network capture on the internal interface of the ASA shows the ping leave the interface, and the reply enters the interface (destined for the remote client), but the ASA apparently drops it before sending it over the tunnel.

Any suggestions?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
drolemc Thu, 02/08/2007 - 07:19

configure "icmp inspection". This allows a trusted IP address to traverse the firewall and allows replies back to the trusted address only. This way, all inside interfaces can ping outside and the firewall allows the replies to return. This also gives you the advantage of monitoring the ICMP traffic that traverses the firewall.

For example:

policy-map global_policy

class inspection_default

inspect icmp

Try this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#q6

Actions

This Discussion