04-04-2016 08:16 AM - edited 03-12-2019 12:34 AM
Hi
I am trying to create a simple access-list rule that restrict an external subnet to ping to any host behind the firewall.
The rule is access-list outside-access_in permit icmp host 172.2.1.2 any
The rule loads without no issues. But, the external host cannot ping to any host in the firewall.
However, if one change the rule to say access-list outside-access_in permit icmp any any, then, it works.
What am I missing?
04-04-2016 09:25 AM
> access-list outside-access_in permit icmp host 172.2.1.2 any
Which IP are you using here? Up to ASA v8.2 it has to be the translated IP, from 8.3 onwards, it has to be the real IP of the host.
And do you have a valid translation or have you exempted the traffic from NAT (based on your needs)?
04-04-2016 10:17 AM
HI
This is an old PIX 515 still running 6.3(5)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: