Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1528
Views
15
Helpful
6
Replies

Routing between ASA 5510 interfaces

Go to solution
haytham elsamadony
Level 1
Level 1

‎07-12-2020 09:55 PM

Hi Guys

 

I have Cisco ASA 5510 at one of our sites

i have an issue with this asa, the servers at inside zone with 100 level security can`t reach to the outside zone level zero

when i try to ping from the server, it can reach to the inside interface ( his GW ), but i can`t ping the outside interface at same ASA

what i understand that by default this ping should be work because it came from zone with high security level to zone with low security level

Or, there are some routing configuration required between ASA interfaces i should do it 

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎07-12-2020 10:44 PM

Hi,

Are you attempting to ping the ASAs outside interface from a device connected to the inside of the ASA? If so that won’t work (by design).

 

If you are pinging through the ASA to another device you need to ensure you inspect icmp, use the command “fixup protocol icmp”.

 

HTH 

View solution in original post

6 Replies 6

Go to solution
Rob Ingram
VIP
VIP

‎07-12-2020 10:44 PM

Hi,

Are you attempting to ping the ASAs outside interface from a device connected to the inside of the ASA? If so that won’t work (by design).

 

If you are pinging through the ASA to another device you need to ensure you inspect icmp, use the command “fixup protocol icmp”.

 

HTH 

Go to solution
haytham elsamadony
Level 1
Level 1
In response to Rob Ingram

‎07-14-2020 12:09 AM

yes, i want to ping from device connected to inside interface to outside interface

OK i can`t by design, but if i want to check the connectivity between this device and other behind this firewall

how i can know that the traffic from inside device walk through the firewall to the destination ??

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to haytham elsamadony

‎07-14-2020 12:27 AM

You may not be able to ping the ASAs outside interface when connected to the inside, but you can certainly ping through the ASA - so ping the other device behind the firewall, that will work. For that to work you will need the icmp inspect configured using the command I previously provided "fixup protocol icmp".

HTH

Go to solution
haytham elsamadony
Level 1
Level 1
In response to Rob Ingram

‎07-14-2020 01:00 AM

Ok so what i understand that, to ping the other device behind the firewall i must apply this icmp inspect 

and without this command i will not be able to ping through the firewall 

 is this right ?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to haytham elsamadony

‎07-14-2020 01:08 AM

Correct.

Alternatively you could explictly permit icmp inbound on the outside interface, however most people enable icmp inspection using the command I provided.

0 Helpful

Go to solution
haytham elsamadony
Level 1
Level 1
In response to Rob Ingram

‎07-14-2020 01:18 AM

Ok thanks Rob your replies were very helpful for me

thanks again 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card