Hi. I must be mising something simple. This access-list/access-group combination worked with PIX 6.X code and the PIX 7.X code, but it won't work with the ASA 7.X code. It's a pretty simple access-list:
access-list outside-acl extended permit icmp any any echo-reply
access-list outside-acl extended permit icmp any any time-exceeded
access-list outside-acl extended permit icmp any any unreachable
After you successfully ping the security appliance interfaces, you should make sure traffic can pass successfully through the security appliance. For routed mode, this test shows that NAT is working correctly, if configured. For transparent mode, which does not use NAT, this test confirms that the security appliance is operating correctly; if the ping fails in transparent mode, contact Cisco TAC.
To ping between hosts on different interfaces, perform the following steps:
Step 1 To add an access list allowing ICMP from any source host, enter the following command:
hostname(config)# access-list ICMPACL extended permit icmp any any
By default, when hosts access a lower security interface, all traffic is allowed through. However, to access a higher security interface, you need the preceding access list.
Step 2 To assign the access list to each source interface, enter the following command:
hostname(config)# access-group ICMPACL in interface interface_name
Repeat this command for each source interface.
Step 3 To enable the ICMP inspection engine, so ICMP responses are allowed back to the source host, enter the following commands:
hostname(config)# class-map ICMP-CLASS
hostname(config-cmap)# match access-list ICMPACL
hostname(config-cmap)# policy-map ICMP-POLICY
hostname(config-pmap)# class ICMP-CLASS
hostname(config-pmap-c)# inspect icmp
hostname(config-pmap-c)# service-map ICMP-POLICY global
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...