https://community.cisco.com/t5/network-security/asa-5540-dropping-packets/m-p/2767915#M177705 <P>I have an ASA 5540 that is behaving strangely.&nbsp; I have two interfaces, both at the same security level - 0.&nbsp; In the Access Rules there are only two - the implicit deny all and before that I created a simple one to allow all (source:any, destination:any, service:ip &amp; icmp, permit).</P><P>&nbsp;</P><P>When I try to ping across it it doesn't work.&nbsp; Using the Packet Tracer in ADSM it tells me that an implicit rule is dropping an icmp packet from my source to my destination.</P><P>&nbsp;</P><P>Any thoughts?&nbsp; I'm stumped by this!</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>Brian</P> Tue, 12 Mar 2019 06:45:12 GMT Brian Green 2019-03-12T06:45:12Z https://community.cisco.com/t5/network-security/asa-5540-dropping-packets/m-p/2767915#M177705 <P>I have an ASA 5540 that is behaving strangely.&nbsp; I have two interfaces, both at the same security level - 0.&nbsp; In the Access Rules there are only two - the implicit deny all and before that I created a simple one to allow all (source:any, destination:any, service:ip &amp; icmp, permit).</P><P>&nbsp;</P><P>When I try to ping across it it doesn't work.&nbsp; Using the Packet Tracer in ADSM it tells me that an implicit rule is dropping an icmp packet from my source to my destination.</P><P>&nbsp;</P><P>Any thoughts?&nbsp; I'm stumped by this!</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>Brian</P> Tue, 12 Mar 2019 06:45:12 GMT https://community.cisco.com/t5/network-security/asa-5540-dropping-packets/m-p/2767915#M177705 Brian Green 2019-03-12T06:45:12Z https://community.cisco.com/t5/network-security/asa-5540-dropping-packets/m-p/2767916#M177706 <P>Hi,</P><P>By default traffic between interfaces with same security level is not allowed.</P><P>Try the command :&nbsp;</P><P>same-security-traffic permit inter-interface</P><P>&nbsp;</P><P>Hope it helps!!!</P><P>Thanks,</P><P>R.Seth</P><P>Mark the answer as correct if it helps in resolving your query!!!</P> Thu, 15 Oct 2015 14:24:26 GMT https://community.cisco.com/t5/network-security/asa-5540-dropping-packets/m-p/2767916#M177706 Rishabh Seth 2015-10-15T14:24:26Z https://community.cisco.com/t5/network-security/asa-5540-dropping-packets/m-p/2767917#M177707 <P>I tried adding that - it didn't seem to work.</P><P>&nbsp;</P><P>One other thing I notice - on the device, when I ping an address in the range of the external interface (i.e. not on the other side of a router) I get a ? telling me that it doesn't know how to get there, even though it is inside the same subnet.&nbsp; Is it possible that this firewall is dead?&nbsp; Or should I try another interface?</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>Brian</P> Thu, 15 Oct 2015 15:42:32 GMT https://community.cisco.com/t5/network-security/asa-5540-dropping-packets/m-p/2767917#M177707 Brian Green 2015-10-15T15:42:32Z