ICMP traffic through ASA 5505

Unanswered Question
May 29th, 2008
User Badges:

Hi,


I've got a default setup (with DMZ) from the ASA 5505. How can i allow ICMP traffic from inside to outside without messing up the default settings (allow all from high to low security)


Thanks


Remco (newbie :)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Thu, 05/29/2008 - 14:18
User Badges:
  • Blue, 1500 points or more

by ICMP, i assume you mean ping responses, from outside to inside?


policy-map global_policy

class inspection_default

inspect icmp


if you actually meant all icmp traffic being allowed out - they are allowed out by default, it's the return that messes with you.

to allow ALL icmp code types back in:

access-list OUTSIDE_IN permit icmp any any

access-group OUTSIDE_IN in interface outside


this explains it more thoroughly


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

Actions

This Discussion