Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

icmp through an asa v8

folks

i'm relatively new to the asa and have encountered what is probably a basic problem

i want to allow a ping from a management station on the inside to a route on the outside but the ping fails and i see a deny in the logs from the ping reply

i assume this is because icmp is not included in the inspect map

it works if we create an acl on the outside interface allowing inbound icmp replies but i think this is a bit of poor practice

can anyone direct me how to allow icmp & the replies through?

thanks to anyone taking the time to reply to this

1 REPLY
Hall of Fame Super Blue

Re: icmp through an asa v8

Michael

There are 2 ways to allow ping from the inside to the outside, one of which you are already using, see attached link -

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0

looks like you want ICMP inspection.

Jon

309
Views
0
Helpful
1
Replies