04-04-2007 10:38 AM - edited 03-11-2019 02:56 AM
I have a ASA 5540 and currently two route statements one for the inside traffic and the other a DF route to the outside. The ACl I have is an extended ACL allowing IP to any any applied to the in interface inside, out interface inside. Yet I can not ping from an internal host thru the ASA nor can I ping from a external host to the internal network. Anyone have any ideas?
04-04-2007 10:45 AM
either add this :-
ASA(config)# policy-map global_policy
ASA(config-pmap)# class inspection_default
ASA(config-pmap-c)# inspect icmp
or add an access list on the outside permitting the icmp
04-04-2007 11:07 AM
I have an access-list that allows echo and echo reply but I can not ping thru the device. When logged into the console I can ping everywhere. I have an access-list on the Inside interface for in and out bound traffic that permits IP any any to inculde echo and echo reply.
04-04-2007 11:13 AM
As abinjola said, you would need to allow echo-reply into outside interface. The ping is going out, but is being stopped on the way back.
04-04-2007 11:20 AM
Here is a good link for ICMP on the ASA.
Thanks,
Chad
Please rate if this helps!
04-04-2007 11:22 AM
as i've already explained eiher add inspect icmp or add an access-list on the "outside" Interface to allow the ping reply through
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide