[c-nsp] ASA 5505 doesn't like itself
Ryan West
rwest at zyedge.com
Thu Feb 17 19:10:33 EST 2011
Can you post the show runs for the NAT, ACL, access-groups, and interfaces?
Sent from handheld
On Feb 17, 2011, at 6:54 PM, "Michael Loether" <mike at azloether.com> wrote:
> On Feb 17, 2011, at 4:04 PM, Michael Balasko wrote:
>> Not sure what version of code you are on, but two things. Pre 8.3 code with nat control enabled, you need Fixup protocol icmp and you probably need a global statement to match the nat statement. Your nat looks more like a static statement so I'm not sure if that is an 8.3 thing...
>
> Running 8.3.2, Probably part of the problem, I still am not used to the NAT changes.
>>
>> Note icmp is NOT IP and thus is unaffected by ip any any
>
>
> Good point not sure why I missed it. I have added any any icmp to both the ingress and egress acls and not change. Also pings from the inside interface will not cross the outside interface either. Which leads to to think its a nat issue, but I am all out of ideas.
>
> Mike
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list