cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

469
Views
0
Helpful
9
Replies

ICMP from outside

I have an ASA5510 running version 8.4. ICMP is blocked from the internet to the outside interface of our firewall but now our ISP is requesting us to allow ICMP from their network to the outside of our ASA. I need to allow ICMP from three blocks of IP Addresses?

Any help will be greatly appreciated

Thanks,

Lake

1 ACCEPTED SOLUTION

Accepted Solutions

Hi lake,

Use this:

icmp permit 192.168.0.0 255.255.255.0 outside

try it in the config mode.

This should definitely work

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

9 REPLIES 9
varrao
Advocate

Hi Lakeram,

You need to enable the following config:

icmp permit outside

to enable icmp on outside interface.

Thanks,

Varun

Thanks,
Varun Rao

When i type:

icmp permit ?

I only get an option for ANY Or HOST

I need to allow ICMP from network address 1.1.1.1/24

Can you please tell me how to do that?

Thanks,

Lake

Hi lake,

Use this:

icmp permit 192.168.0.0 255.255.255.0 outside

try it in the config mode.

This should definitely work

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

That worked like a charm.

I really appreciate that.

Thank you very much

Regards,

Lake

Hi varun,

why we are using 192.168.0.0 network in that access-list. Lake mentioned that he wants to allow icmp access from 1.1.1.1/24. Kindly explain.

Thanks,

Bala

I am sorry for the confusion guys but i made a typo. I meant to say 1.1.1.0/24. Varun's answer is what i am looking for.

Thanks,

Lake

Hi Bala,

I guess I get your point, what Lake's requirement was to be able to ping the outside interface of the ASA, and the access-list that you might be having is for the ping traffic through the box. Lake's requirement was ping to the box.

Let me know if that makes it clear.

Thanks,

Varun

Thanks,
Varun Rao

Hi Guys,

My requirement is to ping TO the outside interface from the internet not THROUGH it. I guess Varun solution is the correct one?

Thanks,

Lake

thanks varun. sorry for the delayed reply.. thank u very much..

Content for Community-Ad