cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
534
Views
0
Helpful
3
Replies

Trouble VPN

batumibatumi
Level 1
Level 1

Hi all,

Friends, i have two ASA one (5510, Main in my office) and second one (5505). They are connected with eachouter site-to-site VPN. Inside users (192.168.0.0/24) from ASA 5510 can ping inside users (192.168.2.0/24) of 5505. But from my Main ASA it can not ping remote ASA inside interface IP and its users.

My task is next: User from outside network (internet) can connect to (via VPN) ASA 5505 inside user. I creat static nat and ACL but still not working.

plz, give me advice. Hope you will help me.

2 Accepted Solutions

Accepted Solutions

a.ajiboye
Level 1
Level 1

Hi Giorgi,

Pinging through ASA is not enabled by default. To allow pinging through the firewall, issue the following commands:

config t

policy-map global_policy

class inspection_default

inspect icmp

If you want to be able to ping the Inside interface ip address of the ASA, you need to enter this command on the ASA

config t

management-access inside

Please rate this post if it helps.

Regards.

View solution in original post

ping from ASA and ping through ASA are the different things.

solution for "ping through ASA" was provided.

If you want to be able ping from ASA the use "icmp ?" command

ASA5510(config)# icmp ?

configure mode commands/options:

deny Specify packets to reject

permit Specify packets to forward

unreachable Configure unreachable behavior

ASA5510(config)# icmp per

ASA5510(config)# icmp permit ?

configure mode commands/options:

Hostname or A.B.C.D Hostname or IP address of the host sending ICMP messages to the interface

any Any ip address and mask

host Host implies that the address mask is 255.255.255.255

ASA5510(config)# icmp permit an

ASA5510(config)# icmp permit any in

ASA5510(config)# icmp permit any ins

ASA5510(config)# icmp permit any inside

View solution in original post

3 Replies 3

a.ajiboye
Level 1
Level 1

Hi Giorgi,

Pinging through ASA is not enabled by default. To allow pinging through the firewall, issue the following commands:

config t

policy-map global_policy

class inspection_default

inspect icmp

If you want to be able to ping the Inside interface ip address of the ASA, you need to enter this command on the ASA

config t

management-access inside

Please rate this post if it helps.

Regards.

ajiboye,

but with this solutions i still can not access my inside host from outside and my task is not resolved.

Regards.

ping from ASA and ping through ASA are the different things.

solution for "ping through ASA" was provided.

If you want to be able ping from ASA the use "icmp ?" command

ASA5510(config)# icmp ?

configure mode commands/options:

deny Specify packets to reject

permit Specify packets to forward

unreachable Configure unreachable behavior

ASA5510(config)# icmp per

ASA5510(config)# icmp permit ?

configure mode commands/options:

Hostname or A.B.C.D Hostname or IP address of the host sending ICMP messages to the interface

any Any ip address and mask

host Host implies that the address mask is 255.255.255.255

ASA5510(config)# icmp permit an

ASA5510(config)# icmp permit any in

ASA5510(config)# icmp permit any ins

ASA5510(config)# icmp permit any inside

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: