cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1602
Views
0
Helpful
10
Replies

ASA 5525 ICMP Bypass not working

Hello everyone. I have a problem that has to be solved immediately. I took photo from cisco webpage that is identical to my design on particular interface. just the ip addresses are different but i will ask using ip addresses in the photo.

So requirement is this way:

192.168.1.10 <---> 192.168.2.10 ICMP

192.168.1.10 <---> 192.168.2.10 80

192.168.1.10 <---> 192.168.2.10 443

But as you already understood initial traffic goes from router into server directly and answer comes through ASA and it creates problem. I permitted all possible reply traffic for all 3 protocol. And bypassed each of them through service policy. HTTP and HTTPS worked properly but 192.168.1.10 cannot ping 192.168.2.10. I tried different access-lists but no result. Finally i even permitted traffic from 192.168.2.10 into 192.168.1.10 with IP services and bypassed all IP services but ping still not working.

In my case 192.168.2.10 is 10.124.49.5 and 192.168.1.10 is 10.124.41.104. As you see from ss that even acl hits are recorded. But ping is not working.

What can be a problem?

 

1 Accepted Solution

Accepted Solutions

Soo, I can solve the problem by disabling inspection from global policy. Creating new class unders global policy map which no matching interesting traffic and matching any any and inspect. This way i eleminated by reply traffic from inspection and all other stuff still inspected

View solution in original post

10 Replies 10

Kasun Bandara
VIP Advocate VIP Advocate
VIP Advocate