cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1546
Views
5
Helpful
1
Replies
Namal Suranga
Beginner

asa 5510 access rules

when i create a rule and enable icmp in ASA inside to outside direction to testing purpose, but I can't ping outside address ,

access-list ICMP extended permit icmp any any

access-group ICMP in interface inside

LOGG:::

ping 8.8.8.8

%ASA-3-106014: Deny inbound icmp src outside:122.255.3.1 dst inside:202.124.160.1 (type 0, code 0)

%ASA-3-106014: Deny inbound icmp src outside:122.255.3.1 dst inside:202.124.160.1 (type 0, code 0)

then I have permited icmp for return path then it works, cofigs and logs are followed,

access-list ICMP extended permit icmp any any

access-group ICMP in interface outside

LOGG:::

ping 8.8.8.8

%ASA-6-302020: Built inbound ICMP connection for faddr 122.255.3.1/0 gaddr 202.124.160.1/14 laddr 192.168.1.1/14

%ASA-6-302021: Teardown ICMP connection for faddr 122.255.3.1/0 gaddr 202.124.160.1/14 laddr 192.168.1.1/14


1 REPLY 1
Jouni Forss
Mentor

Hi,

Add the following "inspect" rule for the firewall to automatically allow echo-reply messages without OUTSIDE access-list

policy-map global_policy

class inspection_default

  inspect icmp

- Jouni

Create
Recognize Your Peers
Content for Community-Ad