08-14-2019 12:38 AM
Hello,
I have a Cisco ASA Firewall 5516-x Firepower with ASA-Image 9-12-2.
The Device is complet new and i want to allowing ping from outside to Inside and from Inside to Outside.
can you help me?
thanks
Solved! Go to Solution.
08-14-2019 12:45 AM
You can have accessl-list like below in to out and out in for ICMP to allow.
access-list acl-in-out extended permit icmp any any echo-reply
access-list acl-in-out extended permit icmp any any time-exceeded
08-14-2019 12:45 AM
08-14-2019 02:36 AM
08-14-2019 12:45 AM
You can have accessl-list like below in to out and out in for ICMP to allow.
access-list acl-in-out extended permit icmp any any echo-reply
access-list acl-in-out extended permit icmp any any time-exceeded
08-14-2019 12:45 AM
08-14-2019 01:19 AM
perfect,
and can you write please the commands for NAT and ACL.
i want to all ip from outside can ping all ip to inside .
thanks
08-14-2019 01:54 AM
Hi,
Here is an example of static NAT, you'll need 1 static NAT entry for each device if you want to ping inbound from the outside. You wouldn't normally do that, unless it was for DMZ hosted services.
object network SWI-1
host 10.10.0.1
nat (INSIDE,OUTSIDE) static 1.1.1.111
object network SWI-2
host 10.10.1.1
nat (INSIDE,OUTSIDE) static 1.1.1.112
access-list OUTSIDE_IN extended permit icmp any object SWI-1 echo
access-list OUTSIDE_IN extended permit icmp any object SWI-2 echo
If you were just pinging from in inside to outside you would only need 1 dynamic nat rule.
HTH
08-14-2019 02:34 AM
08-14-2019 02:36 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide