icmp through an asa v8

Unanswered Question
Nov 18th, 2008
User Badges:

folks


i'm relatively new to the asa and have encountered what is probably a basic problem


i want to allow a ping from a management station on the inside to a route on the outside but the ping fails and i see a deny in the logs from the ping reply


i assume this is because icmp is not included in the inspect map


it works if we create an acl on the outside interface allowing inbound icmp replies but i think this is a bit of poor practice


can anyone direct me how to allow icmp & the replies through?


thanks to anyone taking the time to reply to this

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 11/18/2008 - 14:02
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Michael


There are 2 ways to allow ping from the inside to the outside, one of which you are already using, see attached link -


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0


looks like you want ICMP inspection.


Jon

Actions

This Discussion