Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ping out problems.

I would be grateful if anyone can enlighten me with regards to what I am doing wrong in setting up my asas5510. I?m unable to ping out to the Internet from my DMZ or from the inside out to the internet. I can ping devices on the inside and I can ping from inside to devices in the DMZ. I?m also like to place my DNS server in the DMZ and unclear on DNS rewrites works or what needs to done to lace a dns server in the dmz .

Thanks

2 REPLIES
Silver

Re: Ping out problems.

Add another access-list

access-list outside_access_in extended permit icmp any x.x.x.x y.y.y.y

For ICMP alone you need to specify an acceslist on the outside interface to allow replies to come back...

HTH

Hoogen

Do rate if this helped :)

Silver

Re: Ping out problems.

You can restrict ICMP even further if you only allow inbound echo replies instead of all inbound ICMP. This will prevent attackers from gleaning information using pings to your public range.

94
Views
0
Helpful
2
Replies