To ping outside and dmz devices, I used to configure "conduit permit icmp any any". With pdm, I have my implicit permit rules from high to low security interfaces. In order to allow icmp echo replies back through, I configure a rule to allow icmp echo-replies from outside to inside - ok.
But if I configure a rule to allow a dmz to pass icmp echo-replies back to the inside, it replaces the dmz to outside implicit rule and although I can ping out from dmz to outside, I can't pass any other traffic without additional rules.
What is the recommended pdm rule to replace the old conduit, if for example I have one inside, one outside and one dmz interface and I want to able to ping devices on all interfaces from the inside.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...