Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1956
Views
0
Helpful
3
Replies

what includes ip service

TECH-JEFF
Level 1
Level 1

‎03-08-2016 05:50 PM - edited ‎03-12-2019 12:27 AM

Hi, just want to know further regarding service "ip" in Cisco ASA. I was advised from my previous thread that this includes ICMP or ping. In my access rules, I've already set all rules to be ip as the service but for some reason, our internal IP's is unable to ping our WAN IP block.

Are there any other things I need to check on?

Thanks

Jeff

Jefferson Co
Labels:
0 Helpful
3 Replies 3

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎03-08-2016 06:44 PM

Hi Jeff,

IP should include TCP, UDP OR ICMP in this case but not everything is allowed  or will work by just allowing it in ACL. Some traffic is controlled by ASA differently. Somethings may require special handling like inspection. Do you have ICMP inspection enabled?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

TECH-JEFF
Level 1
Level 1
In response to Kanwaljeet Singh

‎03-08-2016 06:46 PM

Thanks for the input, that is something I haven't check. Will get back to you and will try to check that now.

Thanks

Jeff

Jefferson Co
0 Helpful

TECH-JEFF
Level 1
Level 1
In response to Kanwaljeet Singh

‎03-08-2016 06:52 PM

I saw one inspection though, it just checks the DNS box, so I assume it just inspects DNS. But when I try to add ICMP and ticked this box, still not able to ping other IP's in our WAN.

FYI, tried pinging the ip block outside the network like 3G or via mobile, its pingable.

Thanks

Jeff

Jefferson Co
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card