[c-nsp] ASA 5505 doesn't like itself
Michael Loether
mike at azloether.com
Thu Feb 17 18:44:42 EST 2011
On Feb 17, 2011, at 4:04 PM, Michael Balasko wrote:
> Not sure what version of code you are on, but two things. Pre 8.3 code with nat control enabled, you need Fixup protocol icmp and you probably need a global statement to match the nat statement. Your nat looks more like a static statement so I'm not sure if that is an 8.3 thing...
Running 8.3.2, Probably part of the problem, I still am not used to the NAT changes.
>
> Note icmp is NOT IP and thus is unaffected by ip any any
Good point not sure why I missed it. I have added any any icmp to both the ingress and egress acls and not change. Also pings from the inside interface will not cross the outside interface either. Which leads to to think its a nat issue, but I am all out of ideas.
Mike
More information about the cisco-nsp
mailing list