Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
2
Replies

ACL Issue

chaitu_kranthi
Level 1
Level 1

‎07-23-2009 01:45 PM - edited ‎03-11-2019 08:58 AM

Hi,

We have a ASA box with the following interface configuration.

interface GigabitEthernet0/1

nameif EXT_CR1_41

security-level 50

ip address 10.52.237.246 255.255.255.248

!

interface GigabitEthernet0/3

nameif ASA_OC_40

security-level 100

ip address 10.52.237.250 255.255.255.248

i have a router in EXT_CR1_41 interface range.

i can able to ping this device from the ASA, but not from the inside range (ASA_OC_40).

i think i have not applied right acl.

Can some one please help in this issue.

i need the ICMP/telnet access to the router which is in EXT_CR1_41 interface range.

and i am setting in ASA_OC_40 range.

Labels:
0 Helpful
2 Replies 2

lm20ele
Level 1
Level 1

‎07-23-2009 01:49 PM

Hi,

From where are you originating your pings?

How does you access-list look like?

0 Helpful

jwalker
Level 3
Level 3

‎07-23-2009 02:28 PM

You need to allow the icmp echo replies back into your DMZ interface

access-list icmp_test extended permit icmp any any echo-reply

access-group icmp_test in interface EXT_CR1_41

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card