Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA5505 icmp denied for inside interface

I have ASA5505 configured with internal network as 192.168.15.0  and default gateway 192.168.15.1

From the inside network, i'm able to access internet and able to ping all website (enabled ping).   and all internel  network devices can ping each other.  Except  i cannot ping my gateway (ASA5505) 192.168.15.1.  I'm continously seeing this message on the log, when i tried to ping.. How to fix this?

Denied ICMP type=8, code=0 from 192.168.15.xxx on interface inside

replace xxx with my network devices that try to ping the gateway..

I dont want outsiders ping my gateway, i need ping for inside internal network only.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

ASA5505 icmp denied for inside interface

That means that only the host which name is ASA-Inside will be able to ping it. You can just remove that line (no

icmp permit host ASA-Inside inside) and that will do it.

Mike

Mike
5 REPLIES
Cisco Employee

ASA5505 icmp denied for inside interface

Hello,

Please do sh run icmp, that will tell you what rules are for icmp traffic to the ASA itself. In order to clear the rules you can do clear config icmp and then add the icmp rules you need.

Mike

Mike
New Member

ASA5505 icmp denied for inside interface

Thank you.   Here is the output of icmp

(config)# sh run icmp

icmp unreachable rate-limit 1 burst-size 1

icmp permit host ASA-Inside inside

Cisco Employee

ASA5505 icmp denied for inside interface

That means that only the host which name is ASA-Inside will be able to ping it. You can just remove that line (no

icmp permit host ASA-Inside inside) and that will do it.

Mike

Mike
New Member

Re: ASA5505 icmp denied for inside interface

Thanks. I will test that tomorrow evening

Sent from Cisco Technical Support iPhone App

New Member

ASA5505 icmp denied for inside interface

Perfect. It worked.   Thanks

7955
Views
0
Helpful
5
Replies
CreatePlease to create content