IP block from ISP: x.y.z.32/28
ISP gateway: x.y.z.33
ASA outside: x.y.z.34
permit icmp any outside
access-list in.outside permit icmp any any
global policy: inspect icmp
I can do the following:
packet-tracer input outside icmp 22.214.171.124 8 0 x.y.z.34 detail
This, however, "DROP" by implicit rule - which goes to the implicit "deny any any""
packet-tracer input outside icmp 126.96.36.199 8 0 x.y.z.40 detail
This fails on every IP in the block except the actual IP on the interface.
What am I missing?