Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Hi all,My customer needs to enable icmp destined for a global IP address which are PAT translatedto two different internal servers... My current configuration on the ASA 5510 is:static (dmz,outside) tcp glocal_IP ssh 172.16.XX.31 ssh netmask 255.255.255.255static (dmz,outside) tcp glocal_IP 5900 172.16.XX.50 5900 netmask 255.255.255.255static (dmz,outside) tcp glocal_IP https 172.16.XX.50 https netmask 255.255.255.255Is there any idea to enable ping from outside to the glocal IP address ?Any suggestions are welcome...Thanks in advance Masa
it does not matter if you have "icmp permit any outside". How can you ping a global IP address for tcp port-redirect of a global IP address if you do not have icmp translation?It is NOT possible, AFAIK. You can ping if you have a static entry with NO "tcp" or "udp" in the static entry.I think Collin mis-read your original question.
I don't think that is correct either. By default, the ASA will ALLOW you to ping the interface without entering any "icmp permit any" commands. Unless the original poster has already dis-allowed icmp or whatever restrictions to the outside interface, he/she should be able to ping the interface without any issues.Now this is a different story if you use FWSM. FWSM, the new code, will deny by default, whereas ASA/Pix by default, will allow unless explicitly dennied.