Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
7
Replies

what ASA 5525-X and ASA5500 Different ●●●●●●

fangwen meng
Level 1
Level 1

‎11-12-2013 06:29 PM - edited ‎03-11-2019 08:04 PM

what  ASA 5525-X  and  ASA5500  Different ?

asa5500 use ios 9.1   

Inside and outside the network port configuration , pc1----(inside) ASA5500 (outside)----pc2

use router mode , no nat ,acl permit ip  icmp any any

pc1 can ping  pc2 , pc2 can ping pc1

but   The same configuration  in ASA 5525-X  ios9.1  My users says, pc1 can ping pc2,  pc2 can not ping pc1     why?????

Who used 5525-X Firewall    Say something  

thank u  very much.....

Labels:
0 Helpful
7 Replies 7

Marius Gunnerud
VIP
VIP

‎11-13-2013 01:28 AM

Would you be able to post a sanitized configuration of your ASA?

the permit ip icmp any any command is used to allow ping to the ASA itself.  Chances are you need to create an ACL on the outside interface to allow ICMP packets.

You could run a packet tracer to see what is dropping the packet.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

James Leinweber
Level 4
Level 4

‎11-13-2013 01:58 PM

I've got both 5520's and 5525x's, and the biggest differences between 5525x and 5520 are under the hood: multiple CPU's, more memory, more ethernet interfaces, higher backplane throughput, software IPS capability, etc.  From the point of view of 9.1 firmware they should look pretty similar, except for the SMP image and increased interface count.  I have successfully cloned configurations from 5520's to 5525x's and back between my test lab and my production networks.

Without seeing the two configurations it's going to be hard to identify what's different, and I completely endorse everything Marius said.

Note that without ACL's, the ICMP behavior would be controlled by the security-levels on the one hand and whether or not the global policy was inspecting icmp.  Out of the box, pc1 can egress an echo-request because the security level 100 -> 0 transition permits it, ICMP inspection allows a matching echo-reply to come back in.  pc2 is out of luck.  Once you start applying ACL's, the security levels are irrelevant, though the inspection still matters.

-- Jim Leinweber, WI State Lab of Hygiene

0 Helpful

jumora
Level 7
Level 7
In response to James Leinweber

‎11-13-2013 02:12 PM

Logs!!!!!! and config as everybody is indicating

Value our effort and rate the assistance!
0 Helpful

Marius Gunnerud
VIP
VIP

‎11-15-2013 10:46 AM

Do you need more assistance with this?

Please rate any helpful posts.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

jumora
Level 7
Level 7
In response to Marius Gunnerud

‎11-16-2013 09:31 PM

If you do not need any further assistance please rate the assistance so we can close out followup.

Value our effort and rate the assistance!
0 Helpful

Marius Gunnerud
VIP
VIP

‎11-19-2013 09:51 AM

If you no longer require assistance with this issue, please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

jumora
Level 7
Level 7
In response to Marius Gunnerud

‎11-19-2013 10:02 AM

If you start an assistance you need to either notify that you don't need help or rate the assistance.

Value our effort and rate the assistance!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card