02-20-2015 03:45 PM - edited 03-11-2019 10:32 PM
We have a Cisco ASA as our Front firewall Connected to internet and DMZ. DMZ is 10.10.0.0 network. I have a router on the DMZ network and want to ping its loop back Interface IP address from a client computer in DMZ. A Client computer in the DMZ uses the ASA as the default gateway.
Static route seems to work when I ping from the ASA to the loopback but when I ping from the Client computer to the loopback address it does not work. The firewall logs say
"The ASA denied any inbound ICMP packet access. By default, all ICMP packets are denied access unless specifically allowed."
Configuration
ASA - DMZ (Inside) IP address 10.10.0.254
Client - 10.10.0.251/24 Default Gateway 10.10.0.254
Router - FA0/0 10.60.0.15 - Loop Back - 172.16.8.21
Solved! Go to Solution.
02-21-2015 09:46 AM
You probably have an access-group on the DMZ interface that does not allow ICMP packets. Also, in order to allow the routing on a stick on an ASA, you need the following :
same-security-traffic permit intra-interface
Hope this helps.
02-21-2015 09:46 AM
You probably have an access-group on the DMZ interface that does not allow ICMP packets. Also, in order to allow the routing on a stick on an ASA, you need the following :
same-security-traffic permit intra-interface
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide