ICMP thru ASA-5510 1

[Sorebrek]

I've got a basic setup on the 5510 and doing testing prior to deployment. I can HTTP, FTP, etc to the outside world.
I can't ping, trace to the outside. I've tried setting up ICMP rules in the device management, and a dynamic policy for ICMP in the NAT configuration but no go.

Looking for what I need to to in ASDM. You can also give command line if you prefer. I'll post config later if I don't get the right idea from this post.
Thanks!

 

[Dustinn3]

you need to setup an inspection rule for all the services you want to allow.

 

[Supergrrover]

The trace doesn't work because the firewall does not translate the incoming time outs because they originate from the outside.
You want to icmp error to the inscpection
policy-map global_policy
class inspection_default
inspect icmp error





Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[Sorebrek]

I forgot to mention that I did create an ACL entry to allow any ICMP through the interior interface.
Anything else I could be missing?

 

[Sorebrek]

Thanks Super, that sounds like that is it. Unfortunately I'm now on a business trip and won't be able to try this until ~4/19, but I'll post the results. Thanks.

 

[Sorebrek]

Finally got around to posting.

Supergrrover's suggestion above solved the problem.

Thanks!