Solved

ASA5505 Can ping externally, Computers behind cannot...

Posted on 2008-10-07
5
408 Views
Last Modified: 2013-11-16
We have a new 5505 that I am trying to configure, and I cannot seem to get the external portion working.  Can someone please take a look at the config, and tell me where I went wrong, or what I am missing?  VERY URGENT...

Thanks!!!
Stefan
5505-Config.txt
0
Comment
Question by:fpcit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 22661704
Cisco Firewalls and PING

(Note: Tracert uses Ping technology and protocols and the firewall treats ping and tracert the same*)





PIX Version 7 and above

Version 7 introduced an ICMP inspection engine so that it could track ICMP requests like other protocols. Its NOT turned on by default. And the command is inspect icmp but you need to enter the default map first, use the following commands from config terminal mode.

Policy-map global_policy
class inspection_default
inspect icmp

How to STOP interfaces responding to Ping packets

As already stated you can ping an interface on a Cisco firewall if you are directly connected to it, you can turn this OFF using the ICMP command, a lot of people like to disable pinging on the outside interface, in an effort to lessen the risk of a denial of service attack to this the syntax is as follows,

icmp deny any echo outside

*Note this does not apply to INBOUND tracerts these will NOT work without a (fixup protocol icmp) command. In version 7 tracert will not work unless the inspect icmp command has been issued


To Ping the Firewalls Inside interface from a remote VPN session (IKE or SSL) you need to add the following command

management-access inside
0
 
LVL 3

Author Comment

by:fpcit
ID: 22661958
That took care of the ping issues.  THank you!  One last question though...  I cannot connect to my Microsoft RRAS VPN back at the office through the firewall.  I get the std "No response received".  Can you let me know what I would have to do to enable that also?  Thanks for your SPEEDY help!!
0
 
LVL 3

Author Comment

by:fpcit
ID: 22662071
I just found this, and it seems to have done the trick.  You guys are great!!!  THanks!

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q__22671545.html
0
 
LVL 3

Author Closing Comment

by:fpcit
ID: 31503935
That was the fastest I have ever had a question answered.  I would have been on the phone with Smartnet for hours!  You guys and gals always manage to save me an entire work week by the end of the year...  Although that normally means finding something else to fill the void.  :-)  Thanks again for the tremendously quick response!!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 22662673
LOL you were that quick answering your own question you got it before I responded :)

My Pleasure, use your extra work week and have a short holiday ;)


0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question