ICMP traffic through ASA 5505

Unanswered Question
May 29th, 2008


I've got a default setup (with DMZ) from the ASA 5505. How can i allow ICMP traffic from inside to outside without messing up the default settings (allow all from high to low security)


Remco (newbie :)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 05/29/2008 - 14:18

by ICMP, i assume you mean ping responses, from outside to inside?

policy-map global_policy

class inspection_default

inspect icmp

if you actually meant all icmp traffic being allowed out - they are allowed out by default, it's the return that messes with you.

to allow ALL icmp code types back in:

access-list OUTSIDE_IN permit icmp any any

access-group OUTSIDE_IN in interface outside

this explains it more thoroughly



This Discussion