topic Re: asa 5510 access rules in Network Security https://community.cisco.com/t5/network-security/asa-5510-access-rules/m-p/1984420#M400841 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Add the following "inspect" rule for the firewall to automatically allow echo-reply messages without OUTSIDE access-list</P><P></P><P>policy-map global_policy</P><P> class inspection_default</P><P></P><P>&nbsp; inspect icmp</P><P></P><P>- Jouni</P></BODY></HTML> Tue, 14 Aug 2012 10:23:41 GMT Jouni Forss 2012-08-14T10:23:41Z asa 5510 access rules https://community.cisco.com/t5/network-security/asa-5510-access-rules/m-p/1984419#M400840 <P>when i create a rule and enable icmp in ASA inside to outside direction to testing purpose, but I can't ping outside address , <SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN> </P><P></P><P><STRONG>access-list ICMP extended permit icmp any any</STRONG></P><P></P><P><STRONG>access-group ICMP in interface inside</STRONG></P><P></P><P>LOGG:::</P><P><STRONG>ping 8.8.8.8</STRONG> </P><P>%ASA-3-106014: Deny inbound icmp src outside:122.255.3.1 dst inside:202.124.160.1 (type 0, code 0)</P><P>%ASA-3-106014: Deny inbound icmp src outside:122.255.3.1 dst inside:202.124.160.1 (type 0, code 0)</P><P></P><P></P><P>then I have permited icmp for return path then it works, cofigs and logs are followed,</P><P></P><P></P><P><STRONG>access-list ICMP extended permit icmp any any</STRONG></P><P></P><P><STRONG>access-group ICMP in interface outside</STRONG></P><P></P><P>LOGG:::</P><P><STRONG>ping 8.8.8.8</STRONG> </P><P></P><P>%ASA-6-302020: Built inbound ICMP connection for faddr 122.255.3.1/0 gaddr 202.124.160.1/14 laddr 192.168.1.1/14</P><P>%ASA-6-302021: Teardown ICMP connection for faddr 122.255.3.1/0 gaddr 202.124.160.1/14 laddr 192.168.1.1/14</P><P><STRONG><BR /></STRONG></P> Mon, 11 Mar 2019 23:41:56 GMT https://community.cisco.com/t5/network-security/asa-5510-access-rules/m-p/1984419#M400840 Namal Suranga 2019-03-11T23:41:56Z Re: asa 5510 access rules https://community.cisco.com/t5/network-security/asa-5510-access-rules/m-p/1984420#M400841 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Add the following "inspect" rule for the firewall to automatically allow echo-reply messages without OUTSIDE access-list</P><P></P><P>policy-map global_policy</P><P> class inspection_default</P><P></P><P>&nbsp; inspect icmp</P><P></P><P>- Jouni</P></BODY></HTML> Tue, 14 Aug 2012 10:23:41 GMT https://community.cisco.com/t5/network-security/asa-5510-access-rules/m-p/1984420#M400841 Jouni Forss 2012-08-14T10:23:41Z