<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Hi,  I don't know how is in Network Security</title>
    <link>https://community.cisco.com/t5/network-security/ping-dont-pass-through-asa/m-p/2724922#M178751</link>
    <description>&lt;P&gt;Hi, &amp;nbsp;I don't know how is configured the interfaces name of your ASA, however i suppose you have inside for local network interface and outside for &amp;nbsp;external networks default name, for local and external ISP connection. If so, it means that you don't need ACLs to permit traffic from the inside to the outside, due to the stateful mode.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The Traffic from the&amp;nbsp;owest security level, to the highest security level will be always allowed. (When you have inside and outside as default names for interfaces, the ASA will add default security levels)&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Inside: 100&lt;/P&gt;&lt;P&gt;Outside: 0&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Regarding the original problem to&amp;nbsp;fix the ping try this command from the configuration mode:&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;EM&gt;fixup protocol icmp &lt;/EM&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;If it doesn't work please post the output for:&lt;/P&gt;&lt;P&gt;Show run icmp&lt;/P&gt;</description>
    <pubDate>Thu, 17 Sep 2015 03:52:46 GMT</pubDate>
    <dc:creator>Andres Vega</dc:creator>
    <dc:date>2015-09-17T03:52:46Z</dc:date>
    <item>
      <title>Ping dont pass through ASA</title>
      <link>https://community.cisco.com/t5/network-security/ping-dont-pass-through-asa/m-p/2724921#M178747</link>
      <description>&lt;P&gt;Hello all,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Recently, i have installed ASA-5512x. Internal users (LAN) are able to browse different web sites. However, when executing ping to any of these websites they get &amp;nbsp;the "Request Timed out" response.&lt;/P&gt;&lt;P&gt;I guess there is something wrong on the ASA configuration. But since i'm a beginer i want to share with you the problem to get a little bit of helpful informations.&lt;/P&gt;&lt;P&gt;PS: access lists are configured to allow all type of traffic from the local network's vlans to the external network (internet). Also, it's important to know that the ASA isn't configured in bridged mode so the public IP address is located on the modem.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thank you for help&lt;/P&gt;</description>
      <pubDate>Tue, 12 Mar 2019 06:36:46 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/ping-dont-pass-through-asa/m-p/2724921#M178747</guid>
      <dc:creator>marwa.jeljli1</dc:creator>
      <dc:date>2019-03-12T06:36:46Z</dc:date>
    </item>
    <item>
      <title>Hi,  I don't know how is</title>
      <link>https://community.cisco.com/t5/network-security/ping-dont-pass-through-asa/m-p/2724922#M178751</link>
      <description>&lt;P&gt;Hi, &amp;nbsp;I don't know how is configured the interfaces name of your ASA, however i suppose you have inside for local network interface and outside for &amp;nbsp;external networks default name, for local and external ISP connection. If so, it means that you don't need ACLs to permit traffic from the inside to the outside, due to the stateful mode.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The Traffic from the&amp;nbsp;owest security level, to the highest security level will be always allowed. (When you have inside and outside as default names for interfaces, the ASA will add default security levels)&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Inside: 100&lt;/P&gt;&lt;P&gt;Outside: 0&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Regarding the original problem to&amp;nbsp;fix the ping try this command from the configuration mode:&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;EM&gt;fixup protocol icmp &lt;/EM&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;If it doesn't work please post the output for:&lt;/P&gt;&lt;P&gt;Show run icmp&lt;/P&gt;</description>
      <pubDate>Thu, 17 Sep 2015 03:52:46 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/ping-dont-pass-through-asa/m-p/2724922#M178751</guid>
      <dc:creator>Andres Vega</dc:creator>
      <dc:date>2015-09-17T03:52:46Z</dc:date>
    </item>
    <item>
      <title>Hello,Ok i will try that as</title>
      <link>https://community.cisco.com/t5/network-security/ping-dont-pass-through-asa/m-p/2724923#M178752</link>
      <description>&lt;P&gt;Hello,&lt;/P&gt;&lt;P&gt;Ok i will try that as soon as possible. Thanks for your response&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Best Regards&lt;/P&gt;</description>
      <pubDate>Thu, 17 Sep 2015 07:51:32 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/ping-dont-pass-through-asa/m-p/2724923#M178752</guid>
      <dc:creator>marwa.jeljli1</dc:creator>
      <dc:date>2015-09-17T07:51:32Z</dc:date>
    </item>
    <item>
      <title>Personally, I think you'd be</title>
      <link>https://community.cisco.com/t5/network-security/ping-dont-pass-through-asa/m-p/2724924#M178754</link>
      <description>&lt;P&gt;Personally, I think you'd be better off adding to your global policy "inspect icmp". Do a "show run policy-map".&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Under:&lt;/P&gt;&lt;P class="p1"&gt;policy-map global_policy&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp;class inspection_default&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;Put in:&lt;/P&gt;&lt;P class="p1"&gt;inspect icmp&lt;/P&gt;&lt;P class="p1"&gt;Here's mine for reference:&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;policy-map global_policy&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp;class inspection_default&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect dns preset_dns_map&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect ftp&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect h323 h225&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect h323 ras&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect rsh&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect rtsp&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect sqlnet&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect skinny &amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect sunrpc&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect xdmcp&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect sip &amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect netbios&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect tftp&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&lt;STRONG&gt;&amp;nbsp; inspect icmp&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; inspect ip-options&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp; &lt;STRONG&gt;inspect icmp error&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;&lt;P class="p1"&gt;&amp;nbsp;&lt;/P&gt;&lt;P class="p1"&gt;HTH,&lt;/P&gt;&lt;P class="p1"&gt;John&lt;/P&gt;</description>
      <pubDate>Thu, 17 Sep 2015 10:57:07 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/ping-dont-pass-through-asa/m-p/2724924#M178754</guid>
      <dc:creator>John Blakley</dc:creator>
      <dc:date>2015-09-17T10:57:07Z</dc:date>
    </item>
  </channel>
</rss>

