Permit ICMP from inside interface to Outside Interface

Answered Question
Aug 3rd, 2008
User Badges:

Friends, i have ASA 5520. I opened pop3 and smtp port for mail. But, from outside network (internet) when i type my ASA's public IP address in the pop3 and smtp mail works fine. But inside in my network in this case mail is not working. ISP staff told me that inside host should ping ASA's outside IP but i can not PING...


My task is next: Inside host should access mail using ASA Public IP address in POP3 and SMTP field

Correct Answer by Marwan ALshawi about 8 years 7 months ago

first about ping

in ASA u cant ping ASA interface from another interface even if u enable icmp inspection u will be able to pass icmp but not ping interface from another interface!!

so if u have access to ur network dont worry about this ping issue

secondly r u using static nat for ur mail server?

and if the users in the network reside in the same interface to the mail server why udont us its private IP for those users


for example if the server ip is 10.10.10.1

put this ip for inside users


also some time esmtp insspection make problems try to disable it

good luck


if helpful rate please


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dhananjoy chowdhury Sun, 08/03/2008 - 23:00
User Badges:
  • Silver, 250 points or more

Try this...


policy-map global_policy

class inspection_default

inspect icmp

Correct Answer
Marwan ALshawi Sun, 08/03/2008 - 23:03
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

first about ping

in ASA u cant ping ASA interface from another interface even if u enable icmp inspection u will be able to pass icmp but not ping interface from another interface!!

so if u have access to ur network dont worry about this ping issue

secondly r u using static nat for ur mail server?

and if the users in the network reside in the same interface to the mail server why udont us its private IP for those users


for example if the server ip is 10.10.10.1

put this ip for inside users


also some time esmtp insspection make problems try to disable it

good luck


if helpful rate please


batumibatumi Sun, 08/03/2008 - 23:16
User Badges:

I'm using ASDM and in the servic policy i mark ICMP in the default inspection. To tell you true to disabl ESMTP did not try yet.


P.S. Yes, as you said to write down mail's server inside IP mail works fine, but my users every day go out and POP3 is important for me.

Actions

This Discussion