Asa 5510 - additional outside /27 address block. No icmp into it.
Hi all.... hoping an easy answer to this one. I have seen a few views that don't help me. I have just migrated a Watchguard X seres to an Asa 5510. I have a 2811 in front of it to handle the Bgp peering previously handled by the WG. All is well. There are several public facing services behind the Asa hence the additional /27. The ouside interface of the Asa is one half of another /30. I defined all the /27 ddresses as objects and used them ok in access and nat rules. The public services are ok and I can get out to the internet from Dmz and Inside networks.
I have just realised that my externally hosted monitoring service that polls (pings mostly) the public servers (the servers responding to the /27 addresses) isn't working. I cant ping any of the /27 addresses from outside. I can ping the outside interface /30 address. There is an access-l rule any any for icmp - in on the outside interface.
Jon, no Acls on inside interface. But the issue unrelated to the inside. I cant ping these public addreses from the internet. Yet I can ping the xternal interface /30 address from the internet ok. I can also get to the natted services that are using the /27 addresses, just no icmp! There is an any-any in rule on outside for icmp.
I am thinking the way I have used the /27 addresses must be incorrect. Struggling to find any doco though.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :