Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ICMP traffic through ASA 5505

Hi,

I've got a default setup (with DMZ) from the ASA 5505. How can i allow ICMP traffic from inside to outside without messing up the default settings (allow all from high to low security)

Thanks

Remco (newbie :)

1 REPLY
Gold

Re: ICMP traffic through ASA 5505

by ICMP, i assume you mean ping responses, from outside to inside?

policy-map global_policy

class inspection_default

inspect icmp

if you actually meant all icmp traffic being allowed out - they are allowed out by default, it's the return that messes with you.

to allow ALL icmp code types back in:

access-list OUTSIDE_IN permit icmp any any

access-group OUTSIDE_IN in interface outside

this explains it more thoroughly

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

678
Views
0
Helpful
1
Replies
CreatePlease login to create content