Solved: ASA 5506 dropping simple static route traffic

Christian.Cook · ‎08-31-2017

I'm trying to get my ASA 5506 to route traffic for 192.168.24.0 to 192.168.25.20 however it keeps blocking the traffic with the global deny rule

Deny inbound icmp src inside:192.168.25.6 dst inside:192.168.24.1 (type 8, code 0)

i have attached the running config

please can you help?

thanks

christian

Marvin Rhoads · ‎08-31-2017

You need to explicitly allow traffic to exit the same interface it arrives on. Otherwise the ASA will always block it.

The following example shows how to enable traffic to enter and exit the same interface:

ciscoasa(config)# same-security-traffic permit intra-interface

Aso, I don't see the class map with "icmp inspect" on it.

Marvin Rhoads · ‎08-31-2017

You need to explicitly allow traffic to exit the same interface it arrives on. Otherwise the ASA will always block it.

The following example shows how to enable traffic to enter and exit the same interface:

ciscoasa(config)# same-security-traffic permit intra-interface

Aso, I don't see the class map with "icmp inspect" on it.

Christian.Cook · ‎08-31-2017

Awesome that worked!!!

Thankyou very much :)