09-23-2008 06:17 AM - edited 03-11-2019 06:48 AM
Hi,
From a windows PC I can't tracert or pathping though different interfaces on the ASA 5520 or to the internet, is this something that can be achieved?
09-23-2008 06:40 AM
Yes !!!! it can be achieved.
For ASA/PIX 7.X
Use following access-list
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any time-exceeded
access-group 101 in interface outside
Or
Add following policy statement to global policy.
policy-map global_policy
class inspection_default
inspect icmp
HTH...rate if helpfull....
09-23-2008 07:57 AM
Thanks, I have added:
policy-map global_policy
class inspection_default
inspect icmp
But no change. I'm trying from a subinterface off the ASA (VLAN in a 3750). Do I need to do something else?
Thanks
09-23-2008 10:26 AM
Can you paste your ASA config ??
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: