07-27-2009 11:34 PM - edited 03-11-2019 08:59 AM
Hi,
I am connected via vpn to a firewall to the network which allots ip pool.Now once connected, i cannot ping any of the other devices in the network.Logs on firewall show deny, so i decided to add an acl for this permit icmp any any to the particular inside interface.But it still shows same results & same log in the firewall.
There is another firewall in the path after this to reach other devices.
What commands would make this work?
Thanks.
07-28-2009 12:19 AM
did you allow the return traffic for the ping command?
do you mean local network or remote network?
to access your local network's ressources, you should enable split-tunneling.
I hope it's useful,
Reda
07-28-2009 01:11 AM
Thanks Reda,
how do we enable return traffic for ping?
I meant that once i login through VPN to my organisations network, then i need to access/ping other network devices which are within this environment.Do we need anything specific to be done...
Thanks
08-04-2009 06:20 AM
you can do it in 2 ways:
- Enable ICMP inspection, then the ASA will consider ICMP traffic as a Stateful traffic, and will accept the icmp-echo reply. most secure.
- allow ICMP echo reply in the outside interface:
object-group icmp-type Icmp-Reply
icmp-object echo-reply
icmp-object time-exceeded
icmp-object unreachable
access-list allbxx extended permit icmp any any object-group Icmp-Reply
this is only an example, but it should help you.
let me know if you it solve the issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: