09-20-2011 05:27 PM - edited 03-11-2019 02:27 PM
So I have my shiny new (used, but new to me) 5510 finally working and installed in my dev network. I need to have icmp (ping and trace route) available from the inside network. I googled and found a few articles on how to do it. I tried modifying the class maps, but it looks like there are changes in the commands in 8.4 and the articles I found evidently were for 8.2 and lower. I tried doing it with access lists, again from examples and traffic stopped in all directions (not good) so I am back to being functional and was hoping someone can shed some light on how to do it in 8.4. Documentation seems sparse on the net with 8.4
Thanks!
Solved! Go to Solution.
09-20-2011 05:53 PM
Can you post the configuration.
In order to allow ICMP messages traversing the ASA you will need the inspect ICMP.
policy-map global_policy
class inspection_default
inspect icmp
With this you should be able to ping from your inside network to any resource on the outside. Let us know if this works
Regards,
Julio
09-20-2011 05:53 PM
Can you post the configuration.
In order to allow ICMP messages traversing the ASA you will need the inspect ICMP.
policy-map global_policy
class inspection_default
inspect icmp
With this you should be able to ping from your inside network to any resource on the outside. Let us know if this works
Regards,
Julio
09-20-2011 07:34 PM
Thanks Julio, that works for ICMP and I see where the mistake was, now to find that other site and let them know there is a typo (dash instead of underscore).
Trace route gets to the destination and displays the destination host name but all of the hops in between are displaying asterisks and request timeout, does that mean I need to allow ICMP from the outside in? I depend on ping and trace route almost on a daily basis
I really apreciate your answer. There is just so much to learn and it changes everyday
09-20-2011 07:39 PM
Hi Jack,
Maybe this document can help you out sorting what ICMP messages you should permit to make Traceroute work and so on,
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml
Hope it helps.
Mike
09-20-2011 09:25 PM
Hello Jack,
It is a pleasure, I am happy that now your problem is solved. I will be more than glad to help you regarding any other issue.
Best Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide