I am hoping someone can help me with an issue I am seeing on a Cisco ASA device, I am having an issue getting an outside interface to pass traffic to a public interface.
Outside = 65.125.x.x
Public = 65.121.x.x
When I ping the public IP the packet is received on the outside interface (that is where the subnet is routed) but is never forwarded to the public interface (confirmed by a packet capture).
Both interfaces have the same security level of zero and I have the following command configured.
same-security-traffic permit inter-interface
I also have the following rules on each interface..
access-list outside_public extended permit icmp any any
access-list outside_public extended permit ip any any
I also set up a NAT rule for the traffic.
nat (public,outside) source static 65.121.x.x_27 65.121.x.x_27 destination static 65.125.x.x_29 65.125.x.x_29
nat (outside,public) source static 65.125.x.x_29 65.125.x.x_29 destination static 65.121.x.x_27 65.121.x.x_27
When i ping 65.121.x.x I see the packets on the outside interface but nothing on the public interface, I am quite stumped on this.
Any help would be hugely appreciated as I am going around the bend with this one. I know this would work with a router but I cant seem to make the ASA reachable on the second interface with the additional public subnet attached.
Best Answer
Couple quick items to check with Cisco ASA firewalls and ping. You may need to set a "Management access interface". I have had this cause problems with ping before.
You may also need to put some other policies in place to allow ping. Firewall rules will not always allow it. There are other policies that can pull out the traffic at the inspection layer. The simple way for new spin-ups is: