I am new to using ASA firewalls so what might be considered a basic question which is how can I configure the firewall to permit/allow pinging the differnet public IP addresses. I have it already set so I can ping the WAN interface on the ASA and it replies, but not the other public IP address.
The firewall is a 5505 running 9.1(2) with a base license. I've read that there have been changes to how NAT works after 8.3. Here is what I currently have.
* WAN IP addresses are not the real ones being used
WAN IP for firewall: 100.125.150.218
LAN IP for firewall: 192.168.1.1
WAN IP for server: 100.125.150.161
LAN IP for server: 192.168.1.21
asa# sh config
: Written by enable_15 at 15:35:55.329 CDT Wed Jul 24 2013
ASA Version 9.1(2)
enable password ******** encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ******** encrypted
switchport access vlan 2
description LAN interface
ip address 192.168.1.1 255.255.255.0
description WAN interface
ip address 100.125.150.218 255.255.255.252
boot system disk0:/asa912-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
object network server
object network server-SPAT
object-group network obj_any
access-list INTERNET_TO_INSIDE extended permit tcp any4 object server eq 3389
access-list INTERNET_TO_INSIDE extended permit icmp any4 object server echo
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...