https://community.cisco.com/t5/network-security/can-not-ping-through-asa/m-p/3183920#M1066148 <P>Hello,</P><P>&nbsp;Ping from higher security level to lower security level should work. The other way around may need acl.</P><P>&nbsp;You are probably missing packet inspection.&nbsp;</P><P>&nbsp;</P><PRE>policy-map global_policy class inspection_default inspect icmp</PRE> Thu, 14 Sep 2017 10:28:08 GMT Flavio Miranda 2017-09-14T10:28:08Z https://community.cisco.com/t5/network-security/can-not-ping-through-asa/m-p/3183892#M1066147 <P>Hello, Here is diagram: R1 ---- ASA(Outside) ---- R2</P><P>ASA can ping R1 and R2 respectively, and both routers can ping ASA. But R1 cannot ping R2. Vlan1 connect to R1 and Vlan2 connect to R2. Anyone can help find something missing: Below is relevant configuration:</P><P>&nbsp;</P><P>5505:</P><P>interface Ethernet0/0<BR />switchport access vlan 2<BR />interface Ethernet0/1<BR />interface Ethernet0/2</P><P>interface Vlan1<BR />nameif inside<BR />security-level 100<BR />ip address 10.1.1.254 255.255.255.0<BR />interface Vlan2<BR />nameif outside<BR />security-level 0<BR />ip address 10.0.0.254 255.255.255.0</P><P><STRONG>access-list Outside-in extended permit icmp any any</STRONG></P><P><STRONG>access-group Outside-in in interface outside</STRONG></P><P>Both routers have static route pointing at ASA</P> Fri, 21 Feb 2020 14:18:13 GMT https://community.cisco.com/t5/network-security/can-not-ping-through-asa/m-p/3183892#M1066147 eigrpy 2020-02-21T14:18:13Z https://community.cisco.com/t5/network-security/can-not-ping-through-asa/m-p/3183920#M1066148 <P>Hello,</P><P>&nbsp;Ping from higher security level to lower security level should work. The other way around may need acl.</P><P>&nbsp;You are probably missing packet inspection.&nbsp;</P><P>&nbsp;</P><PRE>policy-map global_policy class inspection_default inspect icmp</PRE> Thu, 14 Sep 2017 10:28:08 GMT https://community.cisco.com/t5/network-security/can-not-ping-through-asa/m-p/3183920#M1066148 Flavio Miranda 2017-09-14T10:28:08Z