+ Reply to Thread
Results 1 to 7 of 7
  1. Junior Member Registered Member
    Join Date
    May 2016
    Location
    Casablanca
    Posts
    5

    Certifications
    CCNA1,2,3,4 Amateur
    #1

    Unhappy ASA Configuration

    Hey ,I Simple small Maquette to do Actuallys the LAN it's pinging to ASA but I can't ping to the Outside Interface ASA
    I have tride a lot of methods and ACLs and nothing works



    (Switch)>>>>(ASA)>>>>>>>>>>(Router)
    = =
    = =
    = =
    (LAN) (Web Server)
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member Registered Member
    Join Date
    May 2016
    Location
    Casablanca
    Posts
    5

    Certifications
    CCNA1,2,3,4 Amateur
    #2
    The Web Server it's connected to the Router
    Reply With Quote Quote  

  4. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,680

    Certifications
    RHCSA, Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practioner, VCP-DCV, Storage+, CCNA R+S, CCNA Sec, Security+, CEH, CASP
    #3
    Can router ping outside of ASA?
    2017 Goals - MCSA 2008, CISSP, CCNP:R+S, Agile PM
    Reply With Quote Quote  

  5. Junior Member Registered Member
    Join Date
    May 2016
    Location
    Casablanca
    Posts
    5

    Certifications
    CCNA1,2,3,4 Amateur
    #4
    Hi
    If you mean if the router can ping in the LAN ,some how passing thought the ASA no :/
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jan 2015
    Location
    England
    Posts
    322

    Certifications
    CCNP: R&S, CCNA: Sec
    #5
    ICMP is blocked by default for ASA's. There's two ways round this, you can create an access list allowing for icmp and icmp echo through the firewall, applying it to the correct access group. The other way round this is adding icmp to the inspection list on ASA.

    I believe it is best practice to do this via an ACL.

    Although this link is for PIX firewalls, the theory seems to be the same:

    ASA/PIX/FWSM: Handling ICMP Pings and Traceroute - Cisco
    Reply With Quote Quote  

  7. Junior Member Registered Member
    Join Date
    May 2016
    Location
    Casablanca
    Posts
    5

    Certifications
    CCNA1,2,3,4 Amateur
    #6
    Hi,
    I tried the cmd in this document ASA/PIX/FWSM: Handling ICMP Pings and Traceroute - Cisco
    And No Result
    i tried a small Lab
    PC---SWITCH---ASA----SWITCH---PC
    the configuration in the ASA

    interface GigabitEthernet0 nameif inside
    security-level 100
    ip address 192.168.10.1 255.255.255.0
    !
    interface GigabitEthernet1
    nameif outside
    security-level 0
    ip address 192.168.102.1 255.255.255.0
    !


    That's all ,some friend told me i dont need ACL or NAT
    all i want normal Ping form the inside to the outside
    Reply With Quote Quote  

  8. Junior Member Registered Member
    Join Date
    May 2016
    Location
    Casablanca
    Posts
    5

    Certifications
    CCNA1,2,3,4 Amateur
    #7
    Probleme Resolved
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks