Solved

ASA5505 Can ping externally, Computers behind cannot...

Posted on 2008-10-07
5
405 Views
Last Modified: 2013-11-16
We have a new 5505 that I am trying to configure, and I cannot seem to get the external portion working.  Can someone please take a look at the config, and tell me where I went wrong, or what I am missing?  VERY URGENT...

Thanks!!!
Stefan
5505-Config.txt
0
Comment
Question by:fpcit
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 22661704
Cisco Firewalls and PING

(Note: Tracert uses Ping technology and protocols and the firewall treats ping and tracert the same*)





PIX Version 7 and above

Version 7 introduced an ICMP inspection engine so that it could track ICMP requests like other protocols. Its NOT turned on by default. And the command is inspect icmp but you need to enter the default map first, use the following commands from config terminal mode.

Policy-map global_policy
class inspection_default
inspect icmp

How to STOP interfaces responding to Ping packets

As already stated you can ping an interface on a Cisco firewall if you are directly connected to it, you can turn this OFF using the ICMP command, a lot of people like to disable pinging on the outside interface, in an effort to lessen the risk of a denial of service attack to this the syntax is as follows,

icmp deny any echo outside

*Note this does not apply to INBOUND tracerts these will NOT work without a (fixup protocol icmp) command. In version 7 tracert will not work unless the inspect icmp command has been issued


To Ping the Firewalls Inside interface from a remote VPN session (IKE or SSL) you need to add the following command

management-access inside
0
 
LVL 3

Author Comment

by:fpcit
ID: 22661958
That took care of the ping issues.  THank you!  One last question though...  I cannot connect to my Microsoft RRAS VPN back at the office through the firewall.  I get the std "No response received".  Can you let me know what I would have to do to enable that also?  Thanks for your SPEEDY help!!
0
 
LVL 3

Author Comment

by:fpcit
ID: 22662071
I just found this, and it seems to have done the trick.  You guys are great!!!  THanks!

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q__22671545.html
0
 
LVL 3

Author Closing Comment

by:fpcit
ID: 31503935
That was the fastest I have ever had a question answered.  I would have been on the phone with Smartnet for hours!  You guys and gals always manage to save me an entire work week by the end of the year...  Although that normally means finding something else to fill the void.  :-)  Thanks again for the tremendously quick response!!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 22662673
LOL you were that quick answering your own question you got it before I responded :)

My Pleasure, use your extra work week and have a short holiday ;)


0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question