Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
149
Views
0
Helpful
1
Replies

Cisco ASA cannot ping to external dmz hiosted address

manuscript1
Level 1
Level 1

‎08-30-2016 09:28 AM - edited ‎03-12-2019 01:12 AM

Hi

Having a problem where I cannot get icmp working from internal to external addresses that are hosted in my DMZ ( see atatched diagram )

 

Essentially my nat rules look right as the system actually works to a point . However if I allow a rule on the inside interface  to allow internal to ping the external IP address ( 8.x.x.4 in my diagram ) I see the outgoing packet in monitor logging being accepted . However even if i add an inside rule  to  allow 8.x.x.4 to  the internal  systems (10.7.x.x) in my diagram on the inside interface it fails.

 

Accept I am making this ping go around the houses but the telephone system has to use its real address between teh inside and DMZ

 

Help :))))

 

 

Labels:
Preview file
48 KB
0 Helpful
1 Reply 1

Terence Payet
Level 1
Level 1

‎08-30-2016 10:41 AM

Hi,

Traffic is allowed from higher security to lower security. So if your interfaces are setup correctly then double check if icmp inspection enable on your ASA.

If yes, kindly share your config and remove all real ip address and password from the config.

HTH.

Please rate helpful post.

Regards,

Terence

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card