Trouble VPN

Answered Question
Jul 22nd, 2008

Hi all,

Friends, i have two ASA one (5510, Main in my office) and second one (5505). They are connected with eachouter site-to-site VPN. Inside users (192.168.0.0/24) from ASA 5510 can ping inside users (192.168.2.0/24) of 5505. But from my Main ASA it can not ping remote ASA inside interface IP and its users.

My task is next: User from outside network (internet) can connect to (via VPN) ASA 5505 inside user. I creat static nat and ACL but still not working.

plz, give me advice. Hope you will help me.

I have this problem too.
0 votes
Correct Answer by a.alekseev about 8 years 4 months ago

ping from ASA and ping through ASA are the different things.

solution for "ping through ASA" was provided.

If you want to be able ping from ASA the use "icmp ?" command

ASA5510(config)# icmp ?

configure mode commands/options:

deny Specify packets to reject

permit Specify packets to forward

unreachable Configure unreachable behavior

ASA5510(config)# icmp per

ASA5510(config)# icmp permit ?

configure mode commands/options:

Hostname or A.B.C.D Hostname or IP address of the host sending ICMP messages to the interface

any Any ip address and mask

host Host implies that the address mask is 255.255.255.255

ASA5510(config)# icmp permit an

ASA5510(config)# icmp permit any in

ASA5510(config)# icmp permit any ins

ASA5510(config)# icmp permit any inside

Correct Answer by a.ajiboye about 8 years 4 months ago

Hi Giorgi,

Pinging through ASA is not enabled by default. To allow pinging through the firewall, issue the following commands:

config t

policy-map global_policy

class inspection_default

inspect icmp

If you want to be able to ping the Inside interface ip address of the ASA, you need to enter this command on the ASA

config t

management-access inside

Please rate this post if it helps.

Regards.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
a.ajiboye Tue, 07/22/2008 - 02:41

Hi Giorgi,

Pinging through ASA is not enabled by default. To allow pinging through the firewall, issue the following commands:

config t

policy-map global_policy

class inspection_default

inspect icmp

If you want to be able to ping the Inside interface ip address of the ASA, you need to enter this command on the ASA

config t

management-access inside

Please rate this post if it helps.

Regards.

batumibatumi Tue, 07/22/2008 - 03:10

ajiboye,

but with this solutions i still can not access my inside host from outside and my task is not resolved.

Regards.

Correct Answer
a.alekseev Tue, 07/22/2008 - 05:33

ping from ASA and ping through ASA are the different things.

solution for "ping through ASA" was provided.

If you want to be able ping from ASA the use "icmp ?" command

ASA5510(config)# icmp ?

configure mode commands/options:

deny Specify packets to reject

permit Specify packets to forward

unreachable Configure unreachable behavior

ASA5510(config)# icmp per

ASA5510(config)# icmp permit ?

configure mode commands/options:

Hostname or A.B.C.D Hostname or IP address of the host sending ICMP messages to the interface

any Any ip address and mask

host Host implies that the address mask is 255.255.255.255

ASA5510(config)# icmp permit an

ASA5510(config)# icmp permit any in

ASA5510(config)# icmp permit any ins

ASA5510(config)# icmp permit any inside

Actions

This Discussion