ASA static Routing issue

arell1234 — Tue, 12 Mar 2019 05:32:14 GMT

We have a Cisco ASA as our Front firewall Connected to internet and DMZ. DMZ is 10.10.0.0 network. I have a router on the DMZ network and want to ping its loop back Interface IP address from a client computer in DMZ. A Client computer in the DMZ uses the ASA as the default gateway.

Static route seems to work when I ping from the ASA to the loopback but when I ping from the Client computer to the loopback address it does not work. The firewall logs say

"The ASA denied any inbound ICMP packet access. By default, all ICMP packets are denied access unless specifically allowed."

Configuration

ASA - DMZ (Inside) IP address 10.10.0.254

Client - 10.10.0.251/24 Default Gateway 10.10.0.254

Router - FA0/0 10.60.0.15 - Loop Back - 172.16.8.21

You probably have an access

Kamal Malhotra — Sat, 21 Feb 2015 17:46:45 GMT

You probably have an access-group on the DMZ interface that does not allow ICMP packets. Also, in order to allow the routing on a stick on an ASA, you need the following :

same-security-traffic permit intra-interface

Hope this helps.

topic You probably have an access in Network Security

ASA static Routing issue

You probably have an access