Cisco ASA - Allow Pinging from Inside Hosts to Outside
By default the Cisco ASA devices do not allow anything through them, and that includes ICMP echo requests and replies (pings). You must statically allow them through your appliance. The time-exceeded statement is to allow traceroute to function.
—————————————————————————————-
ASA5505(config)# access-list OUTSIDE_IN_ACL permit icmp any any echo-reply
ASA5505(config)# access-list OUTSIDE_IN_ACL permit icmp any any echo
ASA5505(config)# access-list OUTSIDE_IN_ACL permit icmp any any time-exceeded
ASA5505(config)# access-group OUTSIDE_IN_ACL in interface outside
ASA5505(config)# end
ASA5505# wr mem
-
iprefertolaugh posted this
