|
- ASA host to host pings unsuccessful WHY - Cisco Learning Network
Just went a bit more into details on the configs By default, the ASA's does not perform inspection on ICMP packets, so either you need to explicitly allow them both ways (as far as I remember), or alternatively enable ICMP inspection in the global policy You don't seem to have changed much else, so the following should be enough:
- What can an Application Inspection Firewall do that a proxy ALG cant?
To me it is not that obvious what the differences are between an Application Inspection Firewall and a proxy ALG I know that the proxy ALG act as a proxy and that clients may require client software which the Application Inspection Firewall doesn't, but otherwise, what are the differences?
- Police rate and burst value - Cisco Learning Network
I am wondering is there a calculation for burst value based on the average rate police rate 512000 burst <?> The burst value should be more than the average rate? or lesser? if a rate of 512000bps then it is at 64KB s so what is a reasonable burst value?
- How to configure site to site vpn with zone based firewall?
Although I passed my ccna-security certification exam, I felt there are still lots of things that are being used in the real world which I do not know Hence I did further study, I could not find site to site vpn configuration with zone based firewall examples from the net I would hope if you can help me look at this class maps for the inside zone and outside zone
- Ping different subnet in the same VLAN - Cisco Learning Network
If the PC's are able to ping eachother? I checked this in packet tracer, but why isn't it working IF both PC are in a different subnet, but in the same VLAN, wouldn't the switch broadcast the ping to the other PC Shouldn't it workm adn why does it not work? CCNA Certification Community LikedLike Answer Share
- unable to ping outside interface of ASA - Cisco Learning Network
The ASA needs to inspect ICMP for the return traffic to work (the quick way to do this is "fixup protocol icmp") And also be aware that the R1 would not be able to reach the IP address on the ASA's outside interface This is a caveat of the ASA However, R1 should be able to reach R5 if everything is correctly configured LikeLikedUnlike Reply
- ASA NAT problem - Cisco Learning Network
The logic in the ASA prevents this from happening Internally, you should be using the internal address (at least that is the Cisco point of view) I do understand the challenges it creates though If you can use dns to access the the internal server it is possible to use that as a work around By adding the "dns" keyword on the end of the static statement, the ASA will translate any DNS
- ASA 5505 simple config - Cisco Learning Network
I add "inspect icmp" and "inspect icmp error" in most cases to the configured global policy, because that will make network diagnostic much easier in many cases
|
|
|