asked on

Why PC cannot ping ASA

Hi It is strange that the PC cannot ping the ASA. The topology is like this ASA(inside)---DeviceA----PC. the ASA can ping PC and DeviceA, but PC cannot ping ASA. When PC ping ASA, we can see message of debug icmp(debug icmp track 255 in the ASA) from the PC. The DeviceA can also ping both ASA and PC. I check the ASA config, which does not any limit to icmp. Capture show the ASA can receive message, but did not send any message to the PC. Anyone can give some suggestion ? Thank you

SOLUTION

ADAN LACAYO

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

eemoon

ASKER

Thank you so much for your fast reply. I used to do the same thing without any configuration. Maybe something is wrong.

Do you think which one should be used in the following two groups commands
I am using them, but they are still not working

1
icmp permit any echo inside
icmp permit any echo-reply inside

2
access-list icmp extended permit ip any 172.33.1.0 255.255.255.0 (172.33.1.3 255.255.255.248 is asa inside ip)
access-group icmp in interface inside

SOLUTION

ADAN LACAYO

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

eemoon

ASKER

Thank you for your reply. I added these three lines. But everything is the same as before.
If traffic goes from high security level to low level and then come back, we need the inspect. In the present case, the traffic just reach inside interface, i do not think we need it.

SOLUTION