I have a question that has been baffling me all afternoon.
I have an ASA appliance which I have positioned to guard my Customers network from the Internet. On the other side of him is a Border Router which is a 3825 ISR.
I have an ACL extended configured on the ASA. The ACL blocks unwanted traffic and allows specific hosts on specific ports thru.
One of the statements I have configured on the ASA ACL is:
access-list outside_inside extended permit icmp any any echo
This ACL is applied inbound on the Outside Interface.
When I examine the logs of the router, I have alot of the following entries:
%ASA-4-106023: Deny icmp src outside:bhigw2 dst inside:220.127.116.11
the bhigw2 host is the Border Router I was referring to. I am not sure why his traffic is being blocked when the ACL in question should be allowing it?