I join a topology diagram and logs with the message "portmap creation ...."

I try to ping between 192.168.1.111 (monitoring server) for example, and 192.168.2.116 but it doesn't work since I change the Firewall by the ASA.

Hope it will be more clear.

Both the source and destination are in the LAN segment. Make sure that the source and destination point to the

router as their GW and not the ASA as their GW.

Once done, it should work.

-KS

Here is the configuration that works with the old FW :

192.168.1.111 use the FW LAN interface as Gateway.
192.168.2.116 use 192.168.2.1 (one of the router Interface) as Gateway.

And Route on the FW :
192.168.2.0 192.1688.1.230 255.255.255.0 LAN 1

I don't understand why it doesn't work with the ASA because I haven't changed IP's.
Thanks.

ok, I found a part of the solution :

I use actually :

global (WAN) 1 interface
nat (LAN) 1 192.168.1.0 255.255.255.0

So I add an exempt rule :
source: 192.168.1.0/24
destination : 192.168.2.0/24

Now I ping from 192.168.1.111 to 192.168.2.116 but the reverse doesn't work.

Ping from 192.168.2.116 to 192.168.1.111 display this logs :

"denied ICMP type=0 from laddres 192.168.1.116 on interface LAN to 192.168.2.116: no matching session"

Thank you

You will have to create access-list and apply that to your WAN interface to allow ping from the WAN subnet towards the LAN subnet:

access-list outside-acl permit icmp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-group outside-acl in interface WAN