https://community.cisco.com/t5/network-security/cannot-ping-from-the-inside-network/m-p/746384#M1006986 <P>Hi guys,</P><P>I have setup a pix 515e with 7.0.(6) I am unable to ping to the internet from the internal hosts. I am able to browse the internet and do DNS lookups. Also the hitcnt does not increment. It always shows up as 0 </P><P>I have added the following lines to allow icmp through but this does not allow me to ping to the internet. I can ping the external interface of the pix from the internet. Is there something i am not doing right?</P><P></P><P>access-list in-to-out extended permit icmp object-group internal-lan any log</P><P>access-list out-to-in extended permit icmp any any</P><P>icmp permit any echo-reply outside</P><P>icmp permit any echo outside</P><P>icmp permit any outside</P><P>icmp permit any inside</P> Mon, 11 Mar 2019 10:00:48 GMT adilmasani 2019-03-11T10:00:48Z https://community.cisco.com/t5/network-security/cannot-ping-from-the-inside-network/m-p/746384#M1006986 <P>Hi guys,</P><P>I have setup a pix 515e with 7.0.(6) I am unable to ping to the internet from the internal hosts. I am able to browse the internet and do DNS lookups. Also the hitcnt does not increment. It always shows up as 0 </P><P>I have added the following lines to allow icmp through but this does not allow me to ping to the internet. I can ping the external interface of the pix from the internet. Is there something i am not doing right?</P><P></P><P>access-list in-to-out extended permit icmp object-group internal-lan any log</P><P>access-list out-to-in extended permit icmp any any</P><P>icmp permit any echo-reply outside</P><P>icmp permit any echo outside</P><P>icmp permit any outside</P><P>icmp permit any inside</P> Mon, 11 Mar 2019 10:00:48 GMT https://community.cisco.com/t5/network-security/cannot-ping-from-the-inside-network/m-p/746384#M1006986 adilmasani 2019-03-11T10:00:48Z https://community.cisco.com/t5/network-security/cannot-ping-from-the-inside-network/m-p/746385#M1006987 <HTML><HEAD></HEAD><BODY><P>hello,</P><P></P><P>by default pix does not allow icmp traffic or any other traffic from lower to higher security level, you would have to explicitly allow icmp traffic to pass through the firewall</P><P></P><P>as per the nature of work for icmp you would have to allow all the below mentioned in order to be able to ping outside ip address. </P><P></P><P>try this</P><P></P><P>access-list out_to_in permit icmp any any unreachable</P><P>access-list out_to_in permit icmp any any time-exceeded</P><P>access-list out_to_in permit icmp any any echo-reply</P><P></P><P>access-list in_to_out permit icmp any any unreachable</P><P>access-list in_to_out permit icmp any any time-exceeded</P><P>access-list in_to_out permit icmp any any echo-reply</P><P></P><P>also make sure you have acl "out_to_in" and "in_to_out" applied to interfaces </P><P></P><P>access-group out_to_in in interface outside</P><P>access-group in_to_out in interface inside</P><P></P><P>HTH, please rate it</P></BODY></HTML> Tue, 17 Apr 2007 04:45:14 GMT https://community.cisco.com/t5/network-security/cannot-ping-from-the-inside-network/m-p/746385#M1006987 zulqurnain 2007-04-17T04:45:14Z https://community.cisco.com/t5/network-security/cannot-ping-from-the-inside-network/m-p/746386#M1006989 <HTML><HEAD></HEAD><BODY><P>Thanks a lot this fixed it. I had forgotten to apply the access-lists to the interface.</P></BODY></HTML> Tue, 17 Apr 2007 22:49:35 GMT https://community.cisco.com/t5/network-security/cannot-ping-from-the-inside-network/m-p/746386#M1006989 adilmasani 2007-04-17T22:49:35Z