ICMP on Public IP with PAT Translation

Unanswered Question
Dec 17th, 2007
User Badges:

hi all,


A customer needs to enable ICMP for a public IP with different internal servers...


I have following configuration on a ASA 5520


static (inside,outside) tcp public_IP https 192.168.100.76 https netmask 255.255.255.255

static (inside,outside) tcp public_IP 5405 192.168.100.77 5405 netmask 255.255.255.255

static (inside,outside) tcp public_IP 3389 192.168.100.78 3389 netmask 255.255.255.255


Any ideas to enable ping from outside to the public IP address ??


thanks for informations...


rene




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jsivulka Tue, 12/25/2007 - 06:37
User Badges:
  • Bronze, 100 points or more

There are some rate limits in ASA which depends upon the type of packets , So if we flood the ASA with icmp packets then due to the rate limits we will surely see drops.


Ping packets translated when performing PAT on the ASA by Using the icmp id.Any PAT traslation will last for 30 seconds and in case of PAT it is not configurable. Instead if you use NAT then the xlate timeout is configurable using


Actions

This Discussion