Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pinging through ASA 5510

Hi,

i'm configuring a ASA 5510, i've the following partial configuration

interface ethernet 0/1

nameif Outside_net2
security-level 0
ip address 10.0.2.2  255.255.255.0

!

interface Ethernet0/3
nameif Inside_vlans
security-level 100
ip  address 192.168.10.254 255.255.255.0
!

access-list nat_ADSL permit ip 192.168.10.0 255.255.255.0 any

!

access-list 100 permit icmp any any

!

access-list 110 permit icmp any any

!

global (Outside_net2) 1 10.0.2.3

nat (Inside_vlans) 1 access-list nat_ADSL

!

access-group 100 in interface Outside_net2

access-group  110 in interface Insidev_lans

At thie moment i don't have any other interfaces configured.


Behind interface Inside_vlans i've a switch with the IP 192.168.10.251 witha a default-gatewy 192.168.10.254

Next to the interface Outside_net2 i've an ADSL router with the IP 10.0.2.1 in the LAN interface.

When i ping from ASA to the ADSL Router or to the Switch everything it's ok, i can ping successfully from swith to ASA too, but when i try to ping from switch to the ADSL Router (10.0.2.1) it fails, for troubleshouting i've made a capture in both interfaces of ASA and i saw that the icm request pass in both interfaces, the icmp reply pass in the Outside_net2 interface but the packet doesn't appear in the interface Inside_vlans.

In the xlate table i've seen a PAT line to the switch IP.

Anyone can help me finding the solution for this problem?

Thank's in advance

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Pinging through ASA 5510

Hi,

In order to be able to PING through the ASA from the inside to the outside you need either one of two things:

1. An ACL allowing the echo-reply

2. Include inspection for ICMP

Federico.

3 REPLIES

Re: Pinging through ASA 5510

Hi,

In order to be able to PING through the ASA from the inside to the outside you need either one of two things:

1. An ACL allowing the echo-reply

2. Include inspection for ICMP

Federico.

Cisco Employee

Re: Pinging through ASA 5510

You global is "global (Outside_net2) 1 10.0.2.3"

10.0.2.3 is a private ip. It will not be routable for the Internet.

Did you mean to translate to the outside interface ip "global (Outside_net2) 1 interface"?

Also as Federico mentioned make sure you have icmp inspection under the policy map "sh run policy-map".

PK

New Member

Re: Pinging through ASA 5510

Thank's for the response, i added de inspect icmp without any nchanges and the solution works.

619
Views
0
Helpful
3
Replies