Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
0
Helpful
2
Replies

respond to ping on outside

jensholtappels
Level 1
Level 1

‎09-20-2013 04:07 AM - edited ‎03-04-2019 09:06 PM

Hello There,

i just configured our new asa 5515 with IPS software. Configuration is working fine.The only missing thing is that outside IPs (not outsides ip itself) are not pingable any more. Our provider has the following ips reserved for us:

217.7.X.X 255.255.255.248

80.149.X.X 255.255.255.240

ASA Version 8.6(1)2

interface GigabitEthernet0/1

nameif outside

security-level 0

ip address 217.7.X.X 255.255.255.248

!

interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 10.1.X.X 255.255.X.X

!

nat (DMZ1,outside) source static DMZ1_16 EXT_80.149.X.X service tcp_http tcp_http

access-list outside_access_in extended permit tcp any object DMZ1_16 eq www

As said above everything is running, but how do i set (maybe physically) the remaining public IPs, and how do i make them pingable?

thanks for guidance

regards

Jens Holtappels

Labels:
0 Helpful
2 Replies 2

rfalconer.sffcu
Level 3
Level 3

‎09-20-2013 11:45 AM

You are only permitting tcp/80 to pass through the ASA. You just need to set up the ASA to permit ICMP to the host you want to respond.

You should probably restrict to the specific ICMP types you want to allow, like echo request only.

0 Helpful

jensholtappels
Level 1
Level 1
In response to rfalconer.sffcu

‎09-20-2013 01:39 PM

Hi robert,

Thanks for your reply. One more question about it. The nat rule is only translating the www traffic. Is it enough to allow icmp according to that nat rule. Or do i have to do some more Configuration? As i understand the books, i need a "any nat" rule, due to icmp traffic can not be translated.

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card