Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

respond to ping on outside

Hello There,

i just configured our new asa 5515 with IPS software. Configuration is working fine.The only missing thing is that outside IPs (not outsides ip itself) are not pingable any more. Our provider has the following ips reserved for us:

217.7.X.X 255.255.255.248

80.149.X.X 255.255.255.240

ASA Version 8.6(1)2

interface GigabitEthernet0/1

nameif outside

security-level 0

ip address 217.7.X.X 255.255.255.248

!

interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 10.1.X.X 255.255.X.X

!

nat (DMZ1,outside) source static DMZ1_16 EXT_80.149.X.X service tcp_http tcp_http

access-list outside_access_in extended permit tcp any object DMZ1_16 eq www

As said above everything is running, but how do i set (maybe physically) the remaining public IPs, and how do i make them pingable?

thanks for guidance

regards

Jens Holtappels

2 REPLIES

respond to ping on outside

You are only permitting tcp/80 to pass through the ASA. You just need to set up the ASA to permit ICMP to the host you want to respond.

You should probably restrict to the specific ICMP types you want to allow, like echo request only.

New Member

Re: respond to ping on outside

Hi robert,

Thanks for your reply. One more question about it. The nat rule is only translating the www traffic. Is it enough to allow icmp according to that nat rule. Or do i have to do some more Configuration? As i understand the books, i need a "any nat" rule, due to icmp traffic can not be translated.

Regards

147
Views
0
Helpful
2
Replies