[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 18669
  • Last Modified:

Enable icmp ping on ASA 5505 WAN interface

Is it possible to enable ICMP ping on my WAN interface for my ASA 5505 as I want to do some diagnosis and performance analysis.

Many thanks.
0
AXISHK
Asked:
AXISHK
2 Solutions
 
TNL_EngrCommented:
Yes.  If you are working from the ASDM GUI the setting is found under:

Configuration: Device Management: ICMP
Click Add, and select the outside Interface, permit 0.0.0.0 0.0.0.0

From the CLI, it looks like this:
icmp permit any Outside
0
 
PugglewuggleCommented:
The thing is that by default, ASAs block all ICMP replies.
To allow this, you need to add this to your access-list:
access-list outside_access_in permit icmp any any echo-reply
access-group outside_access_in in interface outside

I never use the separate icmp permit command because it allows ALL ICMP messages to pass, which can be a potential security threat - not just the ping replies.
Cheers! Let me know if you have any questions
0
 
jongrewCommented:
I have used the commands in the accepted solution but I still cannot ping the ASA from outside.  Does this command work in version 8.4(4)
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now