ping not working from one firewall to other devices

suthomas1 · ‎07-27-2009

Hi,

I am connected via vpn to a firewall to the network which allots ip pool.Now once connected, i cannot ping any of the other devices in the network.Logs on firewall show deny, so i decided to add an acl for this permit icmp any any to the particular inside interface.But it still shows same results & same log in the firewall.

There is another firewall in the path after this to reach other devices.

What commands would make this work?

Thanks.

netsec · ‎07-28-2009

did you allow the return traffic for the ping command?

do you mean local network or remote network?

to access your local network's ressources, you should enable split-tunneling.

I hope it's useful,

Reda

suthomas1 · ‎07-28-2009

Thanks Reda,

how do we enable return traffic for ping?

I meant that once i login through VPN to my organisations network, then i need to access/ping other network devices which are within this environment.Do we need anything specific to be done...

Thanks

netsec · ‎08-04-2009

you can do it in 2 ways:

- Enable ICMP inspection, then the ASA will consider ICMP traffic as a Stateful traffic, and will accept the icmp-echo reply. most secure.

- allow ICMP echo reply in the outside interface:

object-group icmp-type Icmp-Reply

icmp-object echo-reply

icmp-object time-exceeded

icmp-object unreachable

access-list allbxx extended permit icmp any any object-group Icmp-Reply

this is only an example, but it should help you.

let me know if you it solve the issue.