This can happen when the Internet Control Message Protocol (ICMP) is not enabled on the outer interface.
Complete these steps in order to resolve this issue in PIX version 6.x:
Enable the ICMP on outer interface.
Issue these commands in sequence:
access-list < allowicmp > line 1 permit icmp any any echo access-list < allowicmp > line 2 permit icmp any any unreachable access-list < allowicmp > line 3 permit icmp any any time-exceeded access-list < allowicmp > line 4 permit icmp any any source-quench access-list < allowicmp > line 5 permit icmp any any
Note: The access-list < allowicmp > command is bound on the outer interface.
In order to resolve this issue in PIX/ASA version 7.x, there are two options:
You can use access-list as in version 6.x.
Configure ICMP inspection.
This allows a trusted IP address to traverse the firewall and allows replies back to the trusted address only. This way, hosts on all inside interfaces can ping hosts on the outside and the firewall allows the replies to return. This also gives you the advantage to monitor the ICMP traffic that traverses the firewall. In this example, icmp inspection is added to the default global inspection policy.
Dear Support CiscoHi build LAN to LAN VPN from draytek 2925 to Cisco ASA 5525-x using ipsec IKEV1The WAN IP address of CISCO ASA is 188.8.131.52, while LAN IP address is 172.16.17.0 /255.255.255.0The WAN1 IP address of Draytek 2925 is 184.108.40.206; while LAN I...
Hi Team, I kindly ask for your assistance, we had and i say had Ironport WSA S170 and it died, so i grabbed one off ebay to replace it but the one we have off ebay to my surprise actually still have the configurations on it and obviously we dont know...
I'm testing ISE BYOD with iphone/android phone and everything works fine but see some difference below.
For testing purpose, I have 2 AuthZ policy only. (Single SSID, No Certificate provisioning)
Policy1: If BYOD registered device => Internet On...
hi,i need to lock down SIP ports on an ASA FW towards our internal SIP/voice GW:external SIP 208.x.x <> ASA FW <> 66.x.x.x internal voice GW per my google, SIP is TCP/UDP port 5060 but i can see some had 5061.there...