[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

ASA5505 Can ping externally, Computers behind cannot...

Posted on 2008-10-07
5
Medium Priority
?
416 Views
Last Modified: 2013-11-16
We have a new 5505 that I am trying to configure, and I cannot seem to get the external portion working.  Can someone please take a look at the config, and tell me where I went wrong, or what I am missing?  VERY URGENT...

Thanks!!!
Stefan
5505-Config.txt
0
Comment
Question by:fpcit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 22661704
Cisco Firewalls and PING

(Note: Tracert uses Ping technology and protocols and the firewall treats ping and tracert the same*)





PIX Version 7 and above

Version 7 introduced an ICMP inspection engine so that it could track ICMP requests like other protocols. Its NOT turned on by default. And the command is inspect icmp but you need to enter the default map first, use the following commands from config terminal mode.

Policy-map global_policy
class inspection_default
inspect icmp

How to STOP interfaces responding to Ping packets

As already stated you can ping an interface on a Cisco firewall if you are directly connected to it, you can turn this OFF using the ICMP command, a lot of people like to disable pinging on the outside interface, in an effort to lessen the risk of a denial of service attack to this the syntax is as follows,

icmp deny any echo outside

*Note this does not apply to INBOUND tracerts these will NOT work without a (fixup protocol icmp) command. In version 7 tracert will not work unless the inspect icmp command has been issued


To Ping the Firewalls Inside interface from a remote VPN session (IKE or SSL) you need to add the following command

management-access inside
0
 
LVL 3

Author Comment

by:fpcit
ID: 22661958
That took care of the ping issues.  THank you!  One last question though...  I cannot connect to my Microsoft RRAS VPN back at the office through the firewall.  I get the std "No response received".  Can you let me know what I would have to do to enable that also?  Thanks for your SPEEDY help!!
0
 
LVL 3

Author Comment

by:fpcit
ID: 22662071
I just found this, and it seems to have done the trick.  You guys are great!!!  THanks!

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q__22671545.html
0
 
LVL 3

Author Closing Comment

by:fpcit
ID: 31503935
That was the fastest I have ever had a question answered.  I would have been on the phone with Smartnet for hours!  You guys and gals always manage to save me an entire work week by the end of the year...  Although that normally means finding something else to fill the void.  :-)  Thanks again for the tremendously quick response!!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 22662673
LOL you were that quick answering your own question you got it before I responded :)

My Pleasure, use your extra work week and have a short holiday ;)


0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question