Hi,
You should enable management connections on the interface behind which the users needing management connections are. Instead of Telnet I would also suggest using SSH though Telnet could be left in there perhaps incase there is some SSH related problem which would require you to use some other management connection.
Again without your configurations we are blind as to what might be the problem.
ICMP/PING is not always the ideal way to test connections as a lot of times its either blocked at some part of the network or even on the actual hosts/servers.
If you want to go through the ASA configurations for ICMP traffic with one command then you can use the "packet-tracer" command which will tell you if the traffic is allowed by the ASA or not.
packet-tracer input <source interface> icmp <source ip> 8 0 <destination ip>
In the above command you should insert the following information
- <source interface> = The interface "nameif" behind which the <source ip> address is located
- <source ip> = The IP address of the host that is sending the ICMP
- <destination ip> = The IP address towards which the ICMP is sent.
If you have allowed all traffic with ACLs then the problem is likely to be on the actual hosts.
Notice that if you configure interface with identical (same value) "security-level" values then you will an additional command to permit traffic between the interface. I notice that you have above atleast 2 internal interfaces with the same "security-level 100" if you have traffic between these interface then you need the configuration command
same-security-traffic permit inter-interface
Other option is to change that you dont have identical "security-level" values in which case you need interface ACLs to allow the traffic from lower -> higher "security-level" interface.
- Jouni
