11-12-2013 06:29 PM - edited 03-11-2019 08:04 PM
what ASA 5525-X and ASA5500 Different ?
asa5500 use ios 9.1
Inside and outside the network port configuration , pc1----(inside) ASA5500 (outside)----pc2
use router mode , no nat ,acl permit ip icmp any any
pc1 can ping pc2 , pc2 can ping pc1
but The same configuration in ASA 5525-X ios9.1 My users says, pc1 can ping pc2, pc2 can not ping pc1 why?????
Who used 5525-X Firewall Say something
thank u very much.....
11-13-2013 01:28 AM
Would you be able to post a sanitized configuration of your ASA?
the permit ip icmp any any command is used to allow ping to the ASA itself. Chances are you need to create an ACL on the outside interface to allow ICMP packets.
You could run a packet tracer to see what is dropping the packet.
11-13-2013 01:58 PM
I've got both 5520's and 5525x's, and the biggest differences between 5525x and 5520 are under the hood: multiple CPU's, more memory, more ethernet interfaces, higher backplane throughput, software IPS capability, etc. From the point of view of 9.1 firmware they should look pretty similar, except for the SMP image and increased interface count. I have successfully cloned configurations from 5520's to 5525x's and back between my test lab and my production networks.
Without seeing the two configurations it's going to be hard to identify what's different, and I completely endorse everything Marius said.
Note that without ACL's, the ICMP behavior would be controlled by the security-levels on the one hand and whether or not the global policy was inspecting icmp. Out of the box, pc1 can egress an echo-request because the security level 100 -> 0 transition permits it, ICMP inspection allows a matching echo-reply to come back in. pc2 is out of luck. Once you start applying ACL's, the security levels are irrelevant, though the inspection still matters.
-- Jim Leinweber, WI State Lab of Hygiene
11-13-2013 02:12 PM
Logs!!!!!! and config as everybody is indicating
11-15-2013 10:46 AM
Do you need more assistance with this?
Please rate any helpful posts.
11-16-2013 09:31 PM
If you do not need any further assistance please rate the assistance so we can close out followup.
11-19-2013 09:51 AM
If you no longer require assistance with this issue, please rate all helpful posts.
11-19-2013 10:02 AM
If you start an assistance you need to either notify that you don't need help or rate the assistance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide