Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trouble VPN

Hi all,

Friends, i have two ASA one (5510, Main in my office) and second one (5505). They are connected with eachouter site-to-site VPN. Inside users (192.168.0.0/24) from ASA 5510 can ping inside users (192.168.2.0/24) of 5505. But from my Main ASA it can not ping remote ASA inside interface IP and its users.

My task is next: User from outside network (internet) can connect to (via VPN) ASA 5505 inside user. I creat static nat and ACL but still not working.

plz, give me advice. Hope you will help me.

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: Trouble VPN

Hi Giorgi,

Pinging through ASA is not enabled by default. To allow pinging through the firewall, issue the following commands:

config t

policy-map global_policy

class inspection_default

inspect icmp

If you want to be able to ping the Inside interface ip address of the ASA, you need to enter this command on the ASA

config t

management-access inside

Please rate this post if it helps.

Regards.

Re: Trouble VPN

ping from ASA and ping through ASA are the different things.

solution for "ping through ASA" was provided.

If you want to be able ping from ASA the use "icmp ?" command

ASA5510(config)# icmp ?

configure mode commands/options:

deny Specify packets to reject

permit Specify packets to forward

unreachable Configure unreachable behavior

ASA5510(config)# icmp per

ASA5510(config)# icmp permit ?

configure mode commands/options:

Hostname or A.B.C.D Hostname or IP address of the host sending ICMP messages to the interface

any Any ip address and mask

host Host implies that the address mask is 255.255.255.255

ASA5510(config)# icmp permit an

ASA5510(config)# icmp permit any in

ASA5510(config)# icmp permit any ins

ASA5510(config)# icmp permit any inside

3 REPLIES
New Member

Re: Trouble VPN

Hi Giorgi,

Pinging through ASA is not enabled by default. To allow pinging through the firewall, issue the following commands:

config t

policy-map global_policy

class inspection_default

inspect icmp

If you want to be able to ping the Inside interface ip address of the ASA, you need to enter this command on the ASA

config t

management-access inside

Please rate this post if it helps.

Regards.

New Member

Re: Trouble VPN

ajiboye,

but with this solutions i still can not access my inside host from outside and my task is not resolved.

Regards.

Re: Trouble VPN

ping from ASA and ping through ASA are the different things.

solution for "ping through ASA" was provided.

If you want to be able ping from ASA the use "icmp ?" command

ASA5510(config)# icmp ?

configure mode commands/options:

deny Specify packets to reject

permit Specify packets to forward

unreachable Configure unreachable behavior

ASA5510(config)# icmp per

ASA5510(config)# icmp permit ?

configure mode commands/options:

Hostname or A.B.C.D Hostname or IP address of the host sending ICMP messages to the interface

any Any ip address and mask

host Host implies that the address mask is 255.255.255.255

ASA5510(config)# icmp permit an

ASA5510(config)# icmp permit any in

ASA5510(config)# icmp permit any ins

ASA5510(config)# icmp permit any inside

112
Views
0
Helpful
3
Replies
CreatePlease login to create content