ICMP traffic through ASA 5505

Unanswered Question
May 29th, 2008
User Badges:


I've got a default setup (with DMZ) from the ASA 5505. How can i allow ICMP traffic from inside to outside without messing up the default settings (allow all from high to low security)


Remco (newbie :)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 05/29/2008 - 14:18
User Badges:
  • Blue, 1500 points or more

by ICMP, i assume you mean ping responses, from outside to inside?

policy-map global_policy

class inspection_default

inspect icmp

if you actually meant all icmp traffic being allowed out - they are allowed out by default, it's the return that messes with you.

to allow ALL icmp code types back in:

access-list OUTSIDE_IN permit icmp any any

access-group OUTSIDE_IN in interface outside

this explains it more thoroughly



This Discussion