ping not working from one firewall to other devices

Unanswered Question
Jul 27th, 2009

Hi,

I am connected via vpn to a firewall to the network which allots ip pool.Now once connected, i cannot ping any of the other devices in the network.Logs on firewall show deny, so i decided to add an acl for this permit icmp any any to the particular inside interface.But it still shows same results & same log in the firewall.

There is another firewall in the path after this to reach other devices.

What commands would make this work?

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
suthomas1 Tue, 07/28/2009 - 01:11

Thanks Reda,

how do we enable return traffic for ping?

I meant that once i login through VPN to my organisations network, then i need to access/ping other network devices which are within this environment.Do we need anything specific to be done...

Thanks

you can do it in 2 ways:

- Enable ICMP inspection, then the ASA will consider ICMP traffic as a Stateful traffic, and will accept the icmp-echo reply. most secure.

- allow ICMP echo reply in the outside interface:

object-group icmp-type Icmp-Reply

icmp-object echo-reply

icmp-object time-exceeded

icmp-object unreachable

access-list allbxx extended permit icmp any any object-group Icmp-Reply

this is only an example, but it should help you.

let me know if you it solve the issue.

Actions

This Discussion