cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1046
Views
0
Helpful
3
Replies

PING not avilable

Hi,

I have a 5520 with a basic configuraction. I cannot ping to a Server directly connected to DMZ interface from a PC in inside interface. DMZ interface is UP and from the ASA I can ping this server. The message I see in the ASA is


The adaptive security appliance denied any inbound ICMP packet access. By default, all ICMP packets are denied access unless specifically permitted

But I have configured Allow any IP traffict from the outside interface. There is not NAT configured. Any idea why can it be?

Thank you,

Best Regards

3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

Well, if you are trying to ping from inside host towards dmz host, you would need to configure ACL on the inside interface to allow the access, not on the outside interface because outside interface does not come in the traffic path.

You would also need to configure static translation to itself between inside and dmz, unless you have "nat-control" disable and you have no NAT statement configured at all.

Lastly, you would need to configure "inspect icmp" under the global policy on the default class inspection.

Hope that helps.

Thank you.

Sorry. I didn´t explain well. I have configure ACL to allow access to DMZ server. I haven´t got any NAT configured in DMZ and inspect icmp is applied. The log say there is no policy to allow this traffic, but I have a "permit any any".

Just, I solved it. I have the same security level in DMZ and Inside from I was testing (In this firewall there are 4 different inside each one with a different security level). I needed mark "Enable traffic between two or more interfaces which are configured with same security levels". I thought if you configure explicit rules it was not necessary. I was wrong :-)

Thank you for your fast answer.

Great, you are right, for same security, you would need to configure "same-security-traffic permit inter-interface"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: