We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 644 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

497 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. telnet is working fine and I actually found 2 ways to allow ping in ASA
    first one is ;

    class-map global_policy
    class-map icmp-class
     match default-inspection-traffic
    class-map icmp
     match any
    class-map inspection_default
    policy-map icmp_policy
     class icmp
      inspect icmp 
    service-policy icmp_policy global

    and the second one is creating access list like this ;

    access-list ICMP extended permit icmp any any
    access-group ICMP interface global

    both do the same job .

  2. Hi Donald,

    In this example, I only used the routers so that I would have some devices to ping with/to. I also could have used computers but routers are easier since you can access them through the CLI and you don’t have to worry about firewalls blocking ICMP traffic.

    Sometimes, it can be useful to have a router in front of the ASA. As a firewall, the ASA does a great job at packet filtering / VPNs but it’s a poor router. If you want to use specific features (like policy based routing) then using a router in front of the ASA works very well. If you don’t need an

    ... Continue reading in our forum

  3. Hi Rene,

    To allow the DMZ traffic would you need to put an ACL on the inside interface allowing DMZ traffic or on the Inside interface allowing DMZ source to come in? Or do you need to put ACLs on both interfaces?

    If DMZ is say range and Inside is range. Would you put ACL in DMZ interface allowing access to and then put the same ACL on inside as well?

  4. Hi,quick question regarding the service policy placement on the ASA, not including global because that’s pretty self explanatory. I created just a simple topology where the ASA was in the middle and has 2 routers on either side, the outside interface had a security level of 0 and inside 100, the outside interface is also blocking all traffic coming in. I implemented NAT on the ASA as well to change the inside network IP’s to the outside interface.

    My policy map inspects ICMP and i applied it to a service policy that was placed on the inside interface, i tested

    ... Continue reading in our forum

  5. Hi, Thanks From Post,
    i have Done Everything and Worked find, unfortunately my firewall Dose not Allow DNS resolution from outside interface to in inside
    should i apply another ACL or inspect DNS Traffic from outside to inside and VS ?

    ASA3/SRV-A(config)# packet-tracer input TO-OUT tcp 53  53
    Phase: 1
    Result: ALLOW
    Implicit Rule
    Additional Information:
    MAC Access list
    Phase: 2
    Type: ROU
    ... Continue reading in our forum

25 more replies! Ask a question or join the discussion by visiting our Community Forum