Solved

Enable icmp ping on ASA 5505 WAN interface

Posted on 2008-10-09
3
17,613 Views
Last Modified: 2014-08-14
Is it possible to enable ICMP ping on my WAN interface for my ASA 5505 as I want to do some diagnosis and performance analysis.

Many thanks.
0
Comment
Question by:AXISHK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Assisted Solution

by:TNL_Engr
TNL_Engr earned 100 total points
ID: 22679321
Yes.  If you are working from the ASDM GUI the setting is found under:

Configuration: Device Management: ICMP
Click Add, and select the outside Interface, permit 0.0.0.0 0.0.0.0

From the CLI, it looks like this:
icmp permit any Outside
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 400 total points
ID: 22682934
The thing is that by default, ASAs block all ICMP replies.
To allow this, you need to add this to your access-list:
access-list outside_access_in permit icmp any any echo-reply
access-group outside_access_in in interface outside

I never use the separate icmp permit command because it allows ALL ICMP messages to pass, which can be a potential security threat - not just the ping replies.
Cheers! Let me know if you have any questions
0
 

Expert Comment

by:jongrew
ID: 40260995
I have used the commands in the accepted solution but I still cannot ping the ASA from outside.  Does this command work in version 8.4(4)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question