Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Permit ICMP from inside interface to Outside Interface

Friends, i have ASA 5520. I opened pop3 and smtp port for mail. But, from outside network (internet) when i type my ASA's public IP address in the pop3 and smtp mail works fine. But inside in my network in this case mail is not working. ISP staff told me that inside host should ping ASA's outside IP but i can not PING...

My task is next: Inside host should access mail using ASA Public IP address in POP3 and SMTP field

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Permit ICMP from inside interface to Outside Interface

first about ping

in ASA u cant ping ASA interface from another interface even if u enable icmp inspection u will be able to pass icmp but not ping interface from another interface!!

so if u have access to ur network dont worry about this ping issue

secondly r u using static nat for ur mail server?

and if the users in the network reside in the same interface to the mail server why udont us its private IP for those users

for example if the server ip is 10.10.10.1

put this ip for inside users

also some time esmtp insspection make problems try to disable it

good luck

if helpful rate please

3 REPLIES

Re: Permit ICMP from inside interface to Outside Interface

Try this...

policy-map global_policy

class inspection_default

inspect icmp

Re: Permit ICMP from inside interface to Outside Interface

first about ping

in ASA u cant ping ASA interface from another interface even if u enable icmp inspection u will be able to pass icmp but not ping interface from another interface!!

so if u have access to ur network dont worry about this ping issue

secondly r u using static nat for ur mail server?

and if the users in the network reside in the same interface to the mail server why udont us its private IP for those users

for example if the server ip is 10.10.10.1

put this ip for inside users

also some time esmtp insspection make problems try to disable it

good luck

if helpful rate please

New Member

Re: Permit ICMP from inside interface to Outside Interface

I'm using ASDM and in the servic policy i mark ICMP in the default inspection. To tell you true to disabl ESMTP did not try yet.

P.S. Yes, as you said to write down mail's server inside IP mail works fine, but my users every day go out and POP3 is important for me.

290
Views
0
Helpful
3
Replies
CreatePlease to create content