IP block from ISP: x.y.z.32/28
ISP gateway: x.y.z.33
ASA outside: x.y.z.34
permit icmp any outside
access-list in.outside permit icmp any any
global policy: inspect icmp
I can do the following:
packet-tracer input outside icmp 184.108.40.206 8 0 x.y.z.34 detail
This, however, "DROP" by implicit rule - which goes to the implicit "deny any any""
packet-tracer input outside icmp 220.127.116.11 8 0 x.y.z.40 detail
This fails on every IP in the block except the actual IP on the interface.
What am I missing?