Solved: ASA static Routing issue

arell1234 · ‎02-20-2015

We have a Cisco ASA as our Front firewall Connected to internet and DMZ. DMZ is 10.10.0.0 network. I have a router on the DMZ network and want to ping its loop back Interface IP address from a client computer in DMZ. A Client computer in the DMZ uses the ASA as the default gateway.

Static route seems to work when I ping from the ASA to the loopback but when I ping from the Client computer to the loopback address it does not work. The firewall logs say

"The ASA denied any inbound ICMP packet access. By default, all ICMP packets are denied access unless specifically allowed."

Configuration

ASA - DMZ (Inside) IP address 10.10.0.254

Client - 10.10.0.251/24 Default Gateway 10.10.0.254

Router - FA0/0 10.60.0.15 - Loop Back - 172.16.8.21

Kamal Malhotra · ‎02-21-2015

You probably have an access-group on the DMZ interface that does not allow ICMP packets. Also, in order to allow the routing on a stick on an ASA, you need the following :

same-security-traffic permit intra-interface

Hope this helps.

View solution in original post

Kamal Malhotra · ‎02-21-2015

You probably have an access-group on the DMZ interface that does not allow ICMP packets. Also, in order to allow the routing on a stick on an ASA, you need the following :

same-security-traffic permit intra-interface

Hope this helps.