neoponder
asked on
ASA ICMP traversing interfaces on 8.04
Config:
ASA 5510 8.0.4 using:
1 physical outside interface
1 physical interface with 9 DMZ/Inside interfaces.
Useing no nat control, no statics
Issue:
I can ping the outside interface of the ASA.
From outside host, I want to ping VDMZ ASA interface. I can ping outside interface.
(We want a vendor that has access only to their Subnet via L2L VPN to be able to monitor the ASA interface with ICMP.)
***
Vendor can ping all the equipment in their network accept ASA interface.
They use our ASA as their DF.
The virtual intefaces is trunked to a 2950 or 2960 depending on site, and all have the proper 802.1q tags defined. except the unused native vlan1.
All interfaces have icmp any any acl
****
Is this a state table issue? Would static nat resolved this? or should it just work?
ASA 5510 8.0.4 using:
1 physical outside interface
1 physical interface with 9 DMZ/Inside interfaces.
Useing no nat control, no statics
Issue:
I can ping the outside interface of the ASA.
From outside host, I want to ping VDMZ ASA interface. I can ping outside interface.
(We want a vendor that has access only to their Subnet via L2L VPN to be able to monitor the ASA interface with ICMP.)
***
Vendor can ping all the equipment in their network accept ASA interface.
They use our ASA as their DF.
The virtual intefaces is trunked to a 2950 or 2960 depending on site, and all have the proper 802.1q tags defined. except the unused native vlan1.
All interfaces have icmp any any acl
****
Is this a state table issue? Would static nat resolved this? or should it just work?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.