https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4117415#M1071977 <P>Hi Guys</P><P>&nbsp;</P><P>I have Cisco ASA 5510 at one of our sites</P><P>i have an issue with this asa, the servers at inside zone with 100 level security can`t reach to the outside zone level zero</P><P>when i try to ping from the server, it can reach to the inside interface ( his GW ), but i can`t ping the outside interface at same ASA</P><P>what i understand that by default this ping should be work because it came from zone with high security level to zone with low security level</P><P>Or, there are some routing configuration required between ASA interfaces i should do it&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Mon, 13 Jul 2020 04:55:06 GMT haytham elsamadony 2020-07-13T04:55:06Z https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4117415#M1071977 <P>Hi Guys</P><P>&nbsp;</P><P>I have Cisco ASA 5510 at one of our sites</P><P>i have an issue with this asa, the servers at inside zone with 100 level security can`t reach to the outside zone level zero</P><P>when i try to ping from the server, it can reach to the inside interface ( his GW ), but i can`t ping the outside interface at same ASA</P><P>what i understand that by default this ping should be work because it came from zone with high security level to zone with low security level</P><P>Or, there are some routing configuration required between ASA interfaces i should do it&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Mon, 13 Jul 2020 04:55:06 GMT https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4117415#M1071977 haytham elsamadony 2020-07-13T04:55:06Z https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4117438#M1071978 <P>Hi,</P> <P>Are you attempting to ping the ASAs outside interface from a device connected to the inside of the ASA? If so that won’t work (by design).</P> <P>&nbsp;</P> <P>If you are pinging through the ASA to another device you need to ensure you inspect icmp, use the command “fixup protocol icmp”.</P> <P>&nbsp;</P> <P>HTH&nbsp;</P> Mon, 13 Jul 2020 05:44:48 GMT https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4117438#M1071978 Rob Ingram 2020-07-13T05:44:48Z https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4118220#M1072024 <P>yes, i want to ping from device connected to inside interface to outside interface</P><P>OK i can`t by design, but if i want to check the connectivity between this device and other behind this firewall</P><P>how i can know that the traffic from inside device walk through the firewall to the destination ??</P> Tue, 14 Jul 2020 07:09:44 GMT https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4118220#M1072024 haytham elsamadony 2020-07-14T07:09:44Z https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4118231#M1072028 You may not be able to ping the ASAs outside interface when connected to the inside, but you can certainly ping through the ASA - so ping the other device behind the firewall, that will work. For that to work you will need the icmp inspect configured using the command I previously provided "fixup protocol icmp".<BR /><BR />HTH Tue, 14 Jul 2020 07:27:34 GMT https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4118231#M1072028 Rob Ingram 2020-07-14T07:27:34Z https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4118261#M1072030 <P>Ok so what i understand that, to ping the other device behind the firewall i must apply this icmp inspect&nbsp;</P><P>and without this command i will not be able to ping through the firewall&nbsp;</P><P>&nbsp;is this right ?</P> Tue, 14 Jul 2020 08:00:24 GMT https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4118261#M1072030 haytham elsamadony 2020-07-14T08:00:24Z https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4118269#M1072031 <P>Correct.</P> <P>Alternatively you could explictly permit icmp inbound on the outside interface, however most people enable icmp inspection using the command I provided.</P> Tue, 14 Jul 2020 08:08:28 GMT https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4118269#M1072031 Rob Ingram 2020-07-14T08:08:28Z https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4118277#M1072033 <P>Ok thanks Rob your replies were very helpful for me</P><P>thanks again&nbsp;</P> Tue, 14 Jul 2020 08:18:20 GMT https://community.cisco.com/t5/network-security/routing-between-asa-5510-interfaces/m-p/4118277#M1072033 haytham elsamadony 2020-07-14T08:18:20Z