07-22-2008 02:20 AM - edited 03-11-2019 06:18 AM
Hi all,
Friends, i have two ASA one (5510, Main in my office) and second one (5505). They are connected with eachouter site-to-site VPN. Inside users (192.168.0.0/24) from ASA 5510 can ping inside users (192.168.2.0/24) of 5505. But from my Main ASA it can not ping remote ASA inside interface IP and its users.
My task is next: User from outside network (internet) can connect to (via VPN) ASA 5505 inside user. I creat static nat and ACL but still not working.
plz, give me advice. Hope you will help me.
Solved! Go to Solution.
07-22-2008 02:41 AM
Hi Giorgi,
Pinging through ASA is not enabled by default. To allow pinging through the firewall, issue the following commands:
config t
policy-map global_policy
class inspection_default
inspect icmp
If you want to be able to ping the Inside interface ip address of the ASA, you need to enter this command on the ASA
config t
management-access inside
Please rate this post if it helps.
Regards.
07-22-2008 05:33 AM
ping from ASA and ping through ASA are the different things.
solution for "ping through ASA" was provided.
If you want to be able ping from ASA the use "icmp ?" command
ASA5510(config)# icmp ?
configure mode commands/options:
deny Specify packets to reject
permit Specify packets to forward
unreachable Configure unreachable behavior
ASA5510(config)# icmp per
ASA5510(config)# icmp permit ?
configure mode commands/options:
Hostname or A.B.C.D Hostname or IP address of the host sending ICMP messages to the interface
any Any ip address and mask
host Host implies that the address mask is 255.255.255.255
ASA5510(config)# icmp permit an
ASA5510(config)# icmp permit any in
ASA5510(config)# icmp permit any ins
ASA5510(config)# icmp permit any inside
07-22-2008 02:41 AM
Hi Giorgi,
Pinging through ASA is not enabled by default. To allow pinging through the firewall, issue the following commands:
config t
policy-map global_policy
class inspection_default
inspect icmp
If you want to be able to ping the Inside interface ip address of the ASA, you need to enter this command on the ASA
config t
management-access inside
Please rate this post if it helps.
Regards.
07-22-2008 03:10 AM
ajiboye,
but with this solutions i still can not access my inside host from outside and my task is not resolved.
Regards.
07-22-2008 05:33 AM
ping from ASA and ping through ASA are the different things.
solution for "ping through ASA" was provided.
If you want to be able ping from ASA the use "icmp ?" command
ASA5510(config)# icmp ?
configure mode commands/options:
deny Specify packets to reject
permit Specify packets to forward
unreachable Configure unreachable behavior
ASA5510(config)# icmp per
ASA5510(config)# icmp permit ?
configure mode commands/options:
Hostname or A.B.C.D Hostname or IP address of the host sending ICMP messages to the interface
any Any ip address and mask
host Host implies that the address mask is 255.255.255.255
ASA5510(config)# icmp permit an
ASA5510(config)# icmp permit any in
ASA5510(config)# icmp permit any ins
ASA5510(config)# icmp permit any inside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: