cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
715
Views
0
Helpful
3
Replies

Ping dont pass through ASA

marwa.jeljli1
Level 1
Level 1

Hello all,

 

Recently, i have installed ASA-5512x. Internal users (LAN) are able to browse different web sites. However, when executing ping to any of these websites they get  the "Request Timed out" response.

I guess there is something wrong on the ASA configuration. But since i'm a beginer i want to share with you the problem to get a little bit of helpful informations.

PS: access lists are configured to allow all type of traffic from the local network's vlans to the external network (internet). Also, it's important to know that the ASA isn't configured in bridged mode so the public IP address is located on the modem.

 

Thank you for help

3 Replies 3

Andres Vega
Cisco Employee
Cisco Employee

Hi,  I don't know how is configured the interfaces name of your ASA, however i suppose you have inside for local network interface and outside for  external networks default name, for local and external ISP connection. If so, it means that you don't need ACLs to permit traffic from the inside to the outside, due to the stateful mode.

 

The Traffic from the owest security level, to the highest security level will be always allowed. (When you have inside and outside as default names for interfaces, the ASA will add default security levels)

 

Inside: 100

Outside: 0

 

Regarding the original problem to fix the ping try this command from the configuration mode:

fixup protocol icmp

If it doesn't work please post the output for:

Show run icmp

Hello,

Ok i will try that as soon as possible. Thanks for your response

 

Best Regards

Personally, I think you'd be better off adding to your global policy "inspect icmp". Do a "show run policy-map".

 

Under:

policy-map global_policy

 class inspection_default

 

Put in:

inspect icmp

Here's mine for reference:

 

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect rsh 

  inspect rtsp 

  inspect sqlnet 

  inspect skinny  

  inspect sunrpc 

  inspect xdmcp 

  inspect sip  

  inspect netbios 

  inspect tftp 

  inspect icmp 

  inspect ip-options 

  inspect icmp error 

 

HTH,

John

HTH, John *** Please rate all useful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: