05-07-2012 06:42 PM - edited 03-11-2019 04:03 PM
I have ASA5505 configured with internal network as 192.168.15.0 and default gateway 192.168.15.1
From the inside network, i'm able to access internet and able to ping all website (enabled ping). and all internel network devices can ping each other. Except i cannot ping my gateway (ASA5505) 192.168.15.1. I'm continously seeing this message on the log, when i tried to ping.. How to fix this?
Denied ICMP type=8, code=0 from 192.168.15.xxx on interface inside
replace xxx with my network devices that try to ping the gateway..
I dont want outsiders ping my gateway, i need ping for inside internal network only.
Solved! Go to Solution.
05-07-2012 08:24 PM
That means that only the host which name is ASA-Inside will be able to ping it. You can just remove that line (no
icmp permit host ASA-Inside inside) and that will do it.
Mike
05-07-2012 08:00 PM
Hello,
Please do sh run icmp, that will tell you what rules are for icmp traffic to the ASA itself. In order to clear the rules you can do clear config icmp and then add the icmp rules you need.
Mike
05-07-2012 08:07 PM
Thank you. Here is the output of icmp
(config)# sh run icmp
icmp unreachable rate-limit 1 burst-size 1
icmp permit host ASA-Inside inside
05-07-2012 08:24 PM
That means that only the host which name is ASA-Inside will be able to ping it. You can just remove that line (no
icmp permit host ASA-Inside inside) and that will do it.
Mike
05-07-2012 08:26 PM
Thanks. I will test that tomorrow evening
Sent from Cisco Technical Support iPhone App
05-08-2012 05:03 AM
Perfect. It worked. Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide