Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL Issue

Hi,

We have a ASA box with the following interface configuration.

interface GigabitEthernet0/1

nameif EXT_CR1_41

security-level 50

ip address 10.52.237.246 255.255.255.248

!

interface GigabitEthernet0/3

nameif ASA_OC_40

security-level 100

ip address 10.52.237.250 255.255.255.248

i have a router in EXT_CR1_41 interface range.

i can able to ping this device from the ASA, but not from the inside range (ASA_OC_40).

i think i have not applied right acl.

Can some one please help in this issue.

i need the ICMP/telnet access to the router which is in EXT_CR1_41 interface range.

and i am setting in ASA_OC_40 range.

2 REPLIES
New Member

Re: ACL Issue

Hi,

From where are you originating your pings?

How does you access-list look like?

Silver

Re: ACL Issue

You need to allow the icmp echo replies back into your DMZ interface

access-list icmp_test extended permit icmp any any echo-reply

access-group icmp_test in interface EXT_CR1_41

90
Views
0
Helpful
2
Replies