Options
ASA Configuration
ismail-alami
Member Posts: 5 ■□□□□□□□□□
Hey ,I Simple small Maquette to do Actuallys the LAN it's pinging to ASA but I can't ping to the Outside Interface ASA
I have tride a lot of methods and ACLs and nothing works
(Switch)>>>>(ASA)>>>>>>>>>>(Router)
= =
= =
= =
(LAN) (Web Server)
I have tride a lot of methods and ACLs and nothing works
(Switch)>>>>(ASA)>>>>>>>>>>(Router)
= =
= =
= =
(LAN) (Web Server)
Comments
-
OptionsOctalDump
Member Posts: 1,722
Can router ping outside of ASA?2017 Goals - Something Cisco, Something Linux, Agile PM
-
Optionsismail-alami
Member Posts: 5 ■□□□□□□□□□
Hi
If you mean if the router can ping in the LAN ,some how passing thought the ASA no
-
Options
Simrid
Member Posts: 327
ICMP is blocked by default for ASA's. There's two ways round this, you can create an access list allowing for icmp and icmp echo through the firewall, applying it to the correct access group. The other way round this is adding icmp to the inspection list on ASA.
I believe it is best practice to do this via an ACL.
Although this link is for PIX firewalls, the theory seems to be the same:
ASA/PIX/FWSM: Handling ICMP Pings and Traceroute - CiscoNetwork Engineer | London, UK | Currently working on: CCIE Routing & Switching
sriddle.co.uk
uk.linkedin.com/in/simonriddle -
Optionsismail-alami
Member Posts: 5 ■□□□□□□□□□
Hi,
I tried the cmd in this document ASA/PIX/FWSM: Handling ICMP Pings and Traceroute - Cisco
And No Result
i tried a small Lab
PC---SWITCH---ASA----SWITCH---PC
the configuration in the ASA
interface GigabitEthernet0 nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet1
nameif outside
security-level 0
ip address 192.168.102.1 255.255.255.0
!
That's all ,some friend told me i dont need ACL or NAT
all i want normal Ping form the inside to the outside
