11-24-2009 09:38 AM - edited 03-11-2019 09:42 AM
Hi
I can not make work ping & traceroute in multiple context mode
I have configured two context context1 & context2. the second one have several vlan and servers behind. Then I added the lines below to test if servers behind the security appliance(context2) are on line
access-list outside_access_in extended permit icmp any any time-exceeded log disable
access-list outside_access_in extended permit icmp any any echo-reply log disable
access-group outside_access_in in interface outside
This works fine in single mode but it seems to have no effect in multiple context mode
is there something missing?
Any ideas?
Thanks
11-24-2009 12:05 PM
Osavldo
It's a little unclear but echo-reply would presume you are pinging from the servers. If you are trying to ping the servers from the outside then it should be echo-request not echo-reply.
Jon
11-24-2009 12:29 PM
enable icmp and icmp error inspection on both contexts.
what the logs on both contexts.
11-25-2009 08:39 AM
Ok, thanks very much
I changed my rules to:
access-list outside_access_in extended permit icmp any any traceroute
access-list outside_access_in extended permit icmp any any echo
the ping command now work but not the traceroute
Thanks
11-25-2009 09:35 AM
Are you sure you have all of this inplace?
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#trace
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide