ASA ping and trace configuration The
external network cannot ping and tracer the internal network. The internal network can ping and trace the external network:
1. Write acl to allow trace traffic returned from the external port:
access-list ping extended permit icmp any any time-exceeded
access -list ping extended permit icmp any any unreachable
access-group ping in interface outside
2. Release ping globally:
policy-map global_policy
class inspection_default
inspect icmp
3: Set decrement-ttl so that ping does not display "*"
policy-map global_policy
class class-default
set connection decrement-ttl
####################### #######################################
icmp deny any outside outside interface prohibits ping