Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
431
Views
0
Helpful
1
Replies

icmp through an asa v8

mulhollandm
Level 1
Level 1

‎11-18-2008 01:49 PM - edited ‎03-11-2019 07:14 AM

folks

i'm relatively new to the asa and have encountered what is probably a basic problem

i want to allow a ping from a management station on the inside to a route on the outside but the ping fails and i see a deny in the logs from the ping reply

i assume this is because icmp is not included in the inspect map

it works if we create an acl on the outside interface allowing inbound icmp replies but i think this is a bit of poor practice

can anyone direct me how to allow icmp & the replies through?

thanks to anyone taking the time to reply to this

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎11-18-2008 02:02 PM

Michael

There are 2 ways to allow ping from the inside to the outside, one of which you are already using, see attached link -

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0

looks like you want ICMP inspection.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card