10-12-2018 10:38 PM - edited 03-08-2019 04:22 PM
Dear Team,
I am new to cisco ASA i need to allow port 80 from LAN IP 10.0.0.0/8 towards source 11.0.0.0/8 how can allow the port source & destination IP.
Also i am able to ping multiple IP from firewall inside interface to outside towards other end destination IP also services is also working fine in LAN network but i am not able to ping IP from end user machine so i need to allow ICMP any any from firewall so i can ping also all the IP from end user machines.
So please help me to get the commands for the above two query.
10-13-2018 12:51 AM
Hello,
here is a generic sample:
ASA(config)#access-list IN_PORT80 permit tcp 10.0.0.0 255.0.0.0 11.0.0.0 255.0.0.0 eq 80
ASA(config)# access-group IN_PORT80 in interface INSIDE
Regarding pinging from your LAN, make sure you have:
icmp permit any inside
configured. If that doesn't work, post the output of:
ASA#show run icmp
10-13-2018 01:02 AM
Dear Georg,
Thanks for updtae i juts want to confirm you there is multiple IPSEC tunnel is configure on this firewall.
So can i try.
fixup protocol icmp.
Is this also works.??
10-13-2018 01:04 AM
Which software version are you running on your ASA ?
Best to post the full configuration...
10-13-2018 01:12 AM - edited 10-13-2018 01:14 AM
Hello
You dont say what software you are running however below is basic configuration to allow icmp and I am assuming portfowarding on port 80.
Note:
Some assumptions have been made like the interface names, web server inside ip and translated outside ip address and default nexthop
conf t
object network web
host 10.0.0.11
nat ( Inside, Outside) static 11.0.0.11 service tcp http
object network LAN
subnet 10.0.0.0 255.0.0.0
nat (Inside,Outside) dynamic interface
access-list 110 extended permit icmp any object LAN echo-reply
access-group 110 in interface Outside
route Outside 0.0.0.0 0.0.0.0 11.0.0.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide