ping and traceroute on multiple context mode not working (security appliance)

roussillon · ‎11-24-2009

Hi

I can not make work ping & traceroute in multiple context mode

I have configured two context context1 & context2. the second one have several vlan and servers behind. Then I added the lines below to test if servers behind the security appliance(context2) are on line

access-list outside_access_in extended permit icmp any any time-exceeded log disable 
access-list outside_access_in extended permit icmp any any echo-reply log disable
access-group outside_access_in in interface outside

This  works fine in single mode but it seems to have no effect in multiple context mode

is there something missing?

Any ideas? 
Thanks

Jon Marshall · ‎11-24-2009

Osavldo

It's a little unclear but echo-reply would presume you are pinging from the servers. If you are trying to ping the servers from the outside then it should be echo-request not echo-reply.

Jon

Kureli Sankar · ‎11-24-2009

enable icmp and icmp error inspection on both contexts.

what the logs on both contexts.

roussillon · ‎11-25-2009

Ok, thanks very much

I changed my rules to:

access-list outside_access_in extended permit icmp any any traceroute 
access-list outside_access_in extended permit icmp any any echo 

the ping command now work but not the traceroute

Thanks

Kureli Sankar · ‎11-25-2009

Are you sure you have all of this inplace?

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#trace