i have a Mon-Server inside my LAN that collect SNMP data from my network .
also it use ping to test the device avilabilty . my senario : i Mon-Server is able to collect SNMP from router behinde PIX ( outside-sahci ) interface but it cannot ping it . given that when i enable icmp debug i am seeing the echo requestes come from Mon-Server through ( inside ) interface then get Natted , then echo-reply back from ( outside-sahci ) but it does not reach the Mon-server .
From your syslog you appear to be pinging the outside interface of the pix from the inside network. "Deny icmp src outside-sahci"
Sorry but according to cisco it can't be done.
It's strange because I have 2 515e's one with 6.3(4) which this is true and pings don't work. But the other pix has 6.3(1) and it works. Both have the same config. Must be a bug in the earlier version.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...