09-16-2015 10:59 AM - edited 03-11-2019 11:36 PM
Hello all,
Recently, i have installed ASA-5512x. Internal users (LAN) are able to browse different web sites. However, when executing ping to any of these websites they get the "Request Timed out" response.
I guess there is something wrong on the ASA configuration. But since i'm a beginer i want to share with you the problem to get a little bit of helpful informations.
PS: access lists are configured to allow all type of traffic from the local network's vlans to the external network (internet). Also, it's important to know that the ASA isn't configured in bridged mode so the public IP address is located on the modem.
Thank you for help
09-16-2015 08:52 PM
Hi, I don't know how is configured the interfaces name of your ASA, however i suppose you have inside for local network interface and outside for external networks default name, for local and external ISP connection. If so, it means that you don't need ACLs to permit traffic from the inside to the outside, due to the stateful mode.
The Traffic from the owest security level, to the highest security level will be always allowed. (When you have inside and outside as default names for interfaces, the ASA will add default security levels)
Inside: 100
Outside: 0
Regarding the original problem to fix the ping try this command from the configuration mode:
fixup protocol icmp
If it doesn't work please post the output for:
Show run icmp
09-17-2015 12:51 AM
Hello,
Ok i will try that as soon as possible. Thanks for your response
Best Regards
09-17-2015 03:57 AM
Personally, I think you'd be better off adding to your global policy "inspect icmp". Do a "show run policy-map".
Under:
policy-map global_policy
class inspection_default
Put in:
inspect icmp
Here's mine for reference:
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect ip-options
inspect icmp error
HTH,
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide