Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
451
Views
0
Helpful
3
Replies

Permit ICMP from inside interface to Outside Interface

Go to solution
batumibatumi
Level 1
Level 1

‎08-03-2008 10:25 PM - edited ‎03-11-2019 06:25 AM

Friends, i have ASA 5520. I opened pop3 and smtp port for mail. But, from outside network (internet) when i type my ASA's public IP address in the pop3 and smtp mail works fine. But inside in my network in this case mail is not working. ISP staff told me that inside host should ping ASA's outside IP but i can not PING...

My task is next: Inside host should access mail using ASA Public IP address in POP3 and SMTP field

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-03-2008 11:03 PM

first about ping

in ASA u cant ping ASA interface from another interface even if u enable icmp inspection u will be able to pass icmp but not ping interface from another interface!!

so if u have access to ur network dont worry about this ping issue

secondly r u using static nat for ur mail server?

and if the users in the network reside in the same interface to the mail server why udont us its private IP for those users

for example if the server ip is 10.10.10.1

put this ip for inside users

also some time esmtp insspection make problems try to disable it

good luck

if helpful rate please

View solution in original post

0 Helpful
3 Replies 3

Go to solution
dhananjoy chowdhury
Level 5
Level 5

‎08-03-2008 11:00 PM

Try this...

policy-map global_policy

class inspection_default

inspect icmp

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-03-2008 11:03 PM

first about ping

in ASA u cant ping ASA interface from another interface even if u enable icmp inspection u will be able to pass icmp but not ping interface from another interface!!

so if u have access to ur network dont worry about this ping issue

secondly r u using static nat for ur mail server?

and if the users in the network reside in the same interface to the mail server why udont us its private IP for those users

for example if the server ip is 10.10.10.1

put this ip for inside users

also some time esmtp insspection make problems try to disable it

good luck

if helpful rate please

0 Helpful

Go to solution
batumibatumi
Level 1
Level 1
In response to Marwan ALshawi

‎08-03-2008 11:16 PM

I'm using ASDM and in the servic policy i mark ICMP in the default inspection. To tell you true to disabl ESMTP did not try yet.

P.S. Yes, as you said to write down mail's server inside IP mail works fine, but my users every day go out and POP3 is important for me.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card