Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA5510 Quirk?


We set up our ASA5510 with a company that does IDS for us on the outside of it with a SonicWall. When our sites that VPN in come to our system, they are unable to ping select devices on our system. For example, they might not be able to ping But if I add a NAT statement that says =, it allows the traffic through. I see no reason for this, as other devices on the same subnet are fine. Everything is addressed class c. Any help would be great!

Thanks in advance,

Adam Filkins

Northstar Financial Group, INC

New Member

Re: ASA5510 Quirk?

I am not sure of the specifics of your configuration. Instead of making assumptions, I would like suggest a couple of troubleshooting ideas. Have you tried: packet-tracer, capture command and enabling debug level logging (with all syslog messages enabled)

Packet-tracer might look like

packet-tracer input outside icmp x.x.x.x 8 0 detailed

repeat packet-tracer for a host that responds to ICMP.

Capture feature

Access-list test permit icmp any host

Access-list test permit icmp host any

Access-list test permit icmp any host 192.168.1.x (working host)

Access-list test permit icmp host 192.168.1.x any

Capture capturename access-list test interface

Test with ICMP

Show capture capturename

As for syslog, are there any messages related to ICMP, source and destination IP addresses.

Are the outputs the same?

Hope this helps.

CreatePlease to create content