We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 557 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


317 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Notable Replies

  1. hi renee ;
    I was trying to work on your toplogy above but for some reason I cant ping to otherside of ASA .interfaces are up and even applied this default command

    ASA1(config)# policy-map global_policy
    ASA1(config-pmap)# class inspection_default
    ASA1(config-pmap-c)# inspect icmp

    still doesnt work on my gns3 .do you have any idea about it ?

  2. Hi Georgi,

    What if you try something else that doesn't require changing the policy-map? For example telnetting from one device in a high security level to something in a low security level?


  3. telnet is working fine and I actually found 2 ways to allow ping in ASA
    first one is ;

    class-map global_policy
    class-map icmp-class
     match default-inspection-traffic
    class-map icmp
     match any
    class-map inspection_default
    policy-map icmp_policy
     class icmp
      inspect icmp 
    service-policy icmp_policy global

    and the second one is creating access list like this ;

    access-list ICMP extended permit icmp any any
    access-group ICMP interface global

    both do the same job .

  4. Rene,


    Working on this Lab using ASA 5505 verison Cisco Adaptive Security Appliance Software Version 8.4(2)

    I tried to replicate the lab above, but I can't add an IP address to the actual interface I need to add them to a VLAN interface. How can I do that and have each zone on a different subnet ?Any advice/example would be greatly appreciated.


    Juan Iniguez

  5. Hey Rene,

    Is there another protocol/command to allow http traffic through an Cisco ASA other than a ACL?

Continue the discussion forum.networklessons.com

23 more replies