Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1261
Views
0
Helpful
3
Replies

ASA: Not getting Internet Access on the Server.

vikrammurudkar7589
Level 1
Level 1

‎09-20-2021 12:04 AM

Hi All,

 

I'm currently having issue where the System Admin is having difficulty in getting internet access. A rule was created on the Cisco ASA to allow internet access to the Server but the System Admin is not getting internet access but when we do the testing with the packet-tracer command using both the icmp & tcp; it was showing all allowed.

But, when did the packet capture on the ASA, we're able to see the icmp echo-request but not the icmp echo-reply in both capin & capout.

 

What can be the reason for this? Can anyone tell what can be the reason for this?

 

Thanks & Regards,

Vikram Murudkar.

0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎09-20-2021 01:57 AM

Often enough it is a destination that just does not answer on Pings. Have you tested real traffic?

For ICMP, did you enable the inspection on the ASA?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-20-2021 02:46 AM

Is there a static NAT rule for the server in addition to the ACL entry?

Please share the relevant configuration commands you are using.

0 Helpful

John Hinckley
Level 1
Level 1

‎09-20-2021 10:01 AM

I second what Karsten said.  If you don't have ICMP inspection turned on, you typically won't get replies without a permissive ACL.  You should also verify that you are allowing echo replies to the outside interface in the SSH config.  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card