Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ICMP trough ASA

Hi,

I need help in understanding if ICM works with PAT.

1. I have network 192.168.2.0 configured on inside interface which will act as DHCP server to allocate IP's

2.I have network 10.x.x.x on outside interface.

3.FTP/TFTP server(10.x.x.145) is located in the outside network.

4.Inside users should be able to do only ftp/tftp to ftp/tftp server

5.Inside network should be patted using the outside interface

6.ICMP should be allowed so that inside hosts should be able to ping the ftp servers

Let me know whats is the access-list that has to be applied to allow ftp.tftp and icmp and on which interface

1 REPLY
New Member

Re: ICMP trough ASA

access-list prv_outside extended permit icmp host 10.0.0.145 192.168.2.0 255.255.255.0 echo-reply

access-list prv_outside extended permit tcp host 10.0.0.145 192.168.2.0 255.255.255.0 eq ftp

access-list prv_outside extended permit tcp host 10.0.0.145 192.168.2.0 255.255.255.0 eq ftp-data

access-list prv_outside extended permit tcp host 10.0.0.145 192.168.2.0 255.255.255.0 eq 69

access-list prv_inside extended permit icmp 192.168.2.0 255.255.255.0 host 10.0.0.145 echo

access-list prv_inside extended permit tcp 192.168.2.0 255.255.255.0 host 10.0.0.145 eq ftp

access-list prv_inside extended permit tcp 192.168.2.0 255.255.255.0 host 10.0.0.145 eq ftp-data

access-list prv_inside extended permit tcp 192.168.2.0 255.255.255.0 host 10.0.0.145 eq 69

access-list prv_inside extended permit ip 192.168.2.0 255.255.255.0 any

access-group prv_outside in interface outside

access-group prv_inside in interface inside

static (inside,outside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

nat (inside) 1 192.168.2.0 255.255.255.0

global (outside) 1 interface

try it out and let me know

110
Views
0
Helpful
1
Replies