cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

12096
Views
0
Helpful
5
Replies
mmuthiah72
Beginner

ASA5505 icmp denied for inside interface

I have ASA5505 configured with internal network as 192.168.15.0  and default gateway 192.168.15.1

From the inside network, i'm able to access internet and able to ping all website (enabled ping).   and all internel  network devices can ping each other.  Except  i cannot ping my gateway (ASA5505) 192.168.15.1.  I'm continously seeing this message on the log, when i tried to ping.. How to fix this?

Denied ICMP type=8, code=0 from 192.168.15.xxx on interface inside

replace xxx with my network devices that try to ping the gateway..

I dont want outsiders ping my gateway, i need ping for inside internal network only.

1 ACCEPTED SOLUTION

Accepted Solutions

That means that only the host which name is ASA-Inside will be able to ping it. You can just remove that line (no

icmp permit host ASA-Inside inside) and that will do it.

Mike

Mike

View solution in original post

5 REPLIES 5
Maykol Rojas
Cisco Employee

Hello,

Please do sh run icmp, that will tell you what rules are for icmp traffic to the ASA itself. In order to clear the rules you can do clear config icmp and then add the icmp rules you need.

Mike

Mike

Thank you.   Here is the output of icmp

(config)# sh run icmp

icmp unreachable rate-limit 1 burst-size 1

icmp permit host ASA-Inside inside

That means that only the host which name is ASA-Inside will be able to ping it. You can just remove that line (no

icmp permit host ASA-Inside inside) and that will do it.

Mike

Mike

Thanks. I will test that tomorrow evening

Sent from Cisco Technical Support iPhone App

Perfect. It worked.   Thanks

Create
Recognize Your Peers
Content for Community-Ad