https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4039834#M1067273 <P>I am having an issue pinging through my ASA. I am able to ping from my outside interface on the ASA to the internet and from my client pc (on the inside network) to the (inside) port on the ASA, but can not go through.</P><P>&nbsp;</P><P>ISP gateway - 192.168.1.254 /24</P><P>ASA (Outside) - 192.168.1.231 /24</P><P>ASA (Inside) - 172.16.1.1 /24</P><P>Router (Inside) - 172.16.1.2 /24</P><P>Router (Inside LAN) - 172.16.10.1 /24</P><P>Client PC (Inside LAN) - 172.16.10.10 /24</P><P>&nbsp;</P><P>I used eigrp routing to get between the networks but the 192.168.1.0 network will not populate in the routing table. i do have a static route configured.</P><P>&nbsp;</P><P>I simulated my network in packet tracer using loopbacks as my "ISP"</P><P>&nbsp;</P><P>hostname ciscoasa</P><P>names</P><P>!</P><P>interface GigabitEthernet1/1</P><P>description Connection to inside</P><P>nameif inside</P><P>security-level 100</P><P>ip address 172.16.1.1 255.255.255.0</P><P>!</P><P>interface GigabitEthernet1/2</P><P>description Connection to ISP</P><P>nameif outside</P><P>security-level 0</P><P>ip address 192.168.1.231 255.255.255.0</P><P>!</P><P>interface GigabitEthernet1/3</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface GigabitEthernet1/4</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface GigabitEthernet1/5</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface GigabitEthernet1/6</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface GigabitEthernet1/7</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface GigabitEthernet1/8</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface Management1/1</P><P>management-only</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>!</P><P>object network IN-OUT</P><P>subnet 172.16.1.0 255.255.255.0</P><P>!</P><P>route outside 0.0.0.0 0.0.0.0 192.168.1.0 1</P><P>!</P><P>access-list INSIDE-OUT extended permit icmp 172.16.0.0 255.255.0.0 any echo-reply</P><P>!</P><P>!</P><P>access-group INSIDE-OUT in interface inside</P><P>access-group INSIDE-OUT out interface outside</P><P>!</P><P>!</P><P>!</P><P>!</P><P>class-map inspection_default</P><P>match default-inspection-traffic</P><P>!</P><P>policy-map global_policy</P><P>class inspection_default</P><P>inspect icmp</P><P>!</P><P>service-policy global_policy global</P><P>!</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>!</P><P>!</P><P>!</P><P>!</P><P>!</P><P>router eigrp 1</P><P>network 8.8.8.8 0.0.0.0</P><P>network 8.8.8.1 0.0.0.0</P><P>network 172.16.1 0.0.0.255</P><P>network 192.168.1.0</P> Wed, 04 Mar 2020 18:28:36 GMT jacobhampton729737713 2020-03-04T18:28:36Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4039834#M1067273 <P>I am having an issue pinging through my ASA. I am able to ping from my outside interface on the ASA to the internet and from my client pc (on the inside network) to the (inside) port on the ASA, but can not go through.</P><P>&nbsp;</P><P>ISP gateway - 192.168.1.254 /24</P><P>ASA (Outside) - 192.168.1.231 /24</P><P>ASA (Inside) - 172.16.1.1 /24</P><P>Router (Inside) - 172.16.1.2 /24</P><P>Router (Inside LAN) - 172.16.10.1 /24</P><P>Client PC (Inside LAN) - 172.16.10.10 /24</P><P>&nbsp;</P><P>I used eigrp routing to get between the networks but the 192.168.1.0 network will not populate in the routing table. i do have a static route configured.</P><P>&nbsp;</P><P>I simulated my network in packet tracer using loopbacks as my "ISP"</P><P>&nbsp;</P><P>hostname ciscoasa</P><P>names</P><P>!</P><P>interface GigabitEthernet1/1</P><P>description Connection to inside</P><P>nameif inside</P><P>security-level 100</P><P>ip address 172.16.1.1 255.255.255.0</P><P>!</P><P>interface GigabitEthernet1/2</P><P>description Connection to ISP</P><P>nameif outside</P><P>security-level 0</P><P>ip address 192.168.1.231 255.255.255.0</P><P>!</P><P>interface GigabitEthernet1/3</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface GigabitEthernet1/4</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface GigabitEthernet1/5</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface GigabitEthernet1/6</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface GigabitEthernet1/7</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface GigabitEthernet1/8</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>shutdown</P><P>!</P><P>interface Management1/1</P><P>management-only</P><P>no nameif</P><P>no security-level</P><P>no ip address</P><P>!</P><P>object network IN-OUT</P><P>subnet 172.16.1.0 255.255.255.0</P><P>!</P><P>route outside 0.0.0.0 0.0.0.0 192.168.1.0 1</P><P>!</P><P>access-list INSIDE-OUT extended permit icmp 172.16.0.0 255.255.0.0 any echo-reply</P><P>!</P><P>!</P><P>access-group INSIDE-OUT in interface inside</P><P>access-group INSIDE-OUT out interface outside</P><P>!</P><P>!</P><P>!</P><P>!</P><P>class-map inspection_default</P><P>match default-inspection-traffic</P><P>!</P><P>policy-map global_policy</P><P>class inspection_default</P><P>inspect icmp</P><P>!</P><P>service-policy global_policy global</P><P>!</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>!</P><P>!</P><P>!</P><P>!</P><P>!</P><P>router eigrp 1</P><P>network 8.8.8.8 0.0.0.0</P><P>network 8.8.8.1 0.0.0.0</P><P>network 172.16.1 0.0.0.255</P><P>network 192.168.1.0</P> Wed, 04 Mar 2020 18:28:36 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4039834#M1067273 jacobhampton729737713 2020-03-04T18:28:36Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4039848#M1067274 <P>Hi,</P><P>&nbsp;</P><P>why you apply this on inside interface ? you done need to apply it on inside.</P><P>&nbsp;</P><P>no access-group INSIDE-OUT in interface inside</P><P>&nbsp;</P><P>and modify your ACL to below:</P><P>&nbsp;</P><P>access-list INSIDE-OUT extended permit icmp any 172.16.0.0 255.255.0.0 echo-reply</P><P>&nbsp;</P><P>after doing above, ICMP should start working fine</P> Wed, 04 Mar 2020 03:21:48 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4039848#M1067274 Muhammad Awais Khan 2020-03-04T03:21:48Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4039888#M1067277 This still did not resolve. Would it be an issue with eigrp? Ospf a better option? Wed, 04 Mar 2020 04:14:53 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4039888#M1067277 jacobhampton729737713 2020-03-04T04:14:53Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040082#M1067301 <P>you are using eigrp between ASA and Internet edge ? both interfaces are on same subnet where you are running protocol between two ?</P> Wed, 04 Mar 2020 11:41:14 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040082#M1067301 Muhammad Awais Khan 2020-03-04T11:41:14Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040090#M1067303 <P>PROBLEM</P> <P>!</P> <P>interface GigabitEthernet1/1</P> <P>description Connection to inside</P> <P><STRONG>nameif inside</STRONG></P> <P>security-level 100</P> <P>ip address 172.16.1.1 255.255.255.0</P> <P>!</P> <P><STRONG>Change the nameif</STRONG></P> <P>!</P> <P>interface GigabitEthernet1/2<BR />description Connection to ISP<BR /><STRONG>nameif inside -- change to outside</STRONG><BR />security-level 0<BR />ip address 192.168.1.231 255.255.255.0<BR />!<BR />access-list INSIDE-OUT extended permit icmp any 172.16.0.0 255.255.0.0 echo-reply<BR />access-group INSIDE-OUT out interface outside<BR />!<BR />packet-tracer input outside icmp 8.8.8.8 8 0 172.16.1.x</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>if you see your configuration you define nameif inside twice and than you match the access-group with interface outside</P> <P>(or)</P> <P>give a command fixup protocol icmp&nbsp; AND fixup protocol icmp-error</P> Wed, 04 Mar 2020 12:20:31 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040090#M1067303 Sheraz.Salim 2020-03-04T12:20:31Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040378#M1067340 <P>I fixed that problem. Still cannot ping. Here are my new configs:</P><P>&nbsp;</P><P>interface GigabitEthernet1/1</P><P>description Connection to inside</P><P>nameif inside</P><P>security-level 100</P><P>ip address 172.16.1.1 255.255.255.0</P><P>&nbsp;</P><P>interface GigabitEthernet1/2</P><P>description Connection to ISP</P><P>nameif outside</P><P>security-level 0</P><P>ip address 192.168.1.231 255.255.255.0</P><P>&nbsp;</P><P>object network IN-OUT</P><P>subnet 172.16.1.0 255.255.255.0</P><P>route ISP 0.0.0.0 0.0.0.0 192.168.1.254</P><P>&nbsp;</P><P>access-list INSIDE-OUT extended permit icmp any 172.16.0.0 255.255.0.0 echo-reply</P><P>&nbsp;</P><P>access-group INSIDE-OUT out interface outside</P><P>&nbsp;</P><P>class-map inspection_default</P><P>match default-inspection-traffic</P><P>&nbsp;</P><P>policy-map global_policy</P><P>class inspection_default</P><P>inspect icmp</P><P>&nbsp;</P><P>service-policy global_policy global</P><P>&nbsp;</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>&nbsp;</P><P>router eigrp 1</P><P>network 8.8.8.8 0.0.0.0</P><P>network 8.8.8.1 0.0.0.0</P><P>network 180.100.99.0 0.0.0.255</P><P>network 192.168.13.0</P><P>&nbsp;</P><P>Potential OS issue between devices?</P> Wed, 04 Mar 2020 18:45:15 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040378#M1067340 jacobhampton729737713 2020-03-04T18:45:15Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040414#M1067347 <P>Is this a test lab or a production network? I noted you do not have nat rules. in order to ping or any other services you running from outside to inside need a static nat. even though you have an access-list define and also access-group define. it will always fail. as you coming from outside to inside and outside have a security level 0 and inside have security level 100. from 100 to 0 you can go no problem but from 0 to 100 you need access-list/access-group and to define nat rule (this could be identity nat or dynamic nat).</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 04 Mar 2020 19:43:10 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040414#M1067347 Sheraz.Salim 2020-03-04T19:43:10Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040419#M1067348 <P>Simulation of a production network. I have nat configured as such&nbsp;</P><P>nat (inside,outside) dynamic interface</P> Wed, 04 Mar 2020 19:43:47 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040419#M1067348 jacobhampton729737713 2020-03-04T19:43:47Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040420#M1067349 <P>I assume you are pinging from inside to outside, you need to modify the direction from out to in.</P><P>&nbsp;</P><PRE>no access-group INSIDE-OUT out interface outside</PRE><PRE>access-group INSIDE-OUT <STRONG>in</STRONG> interface outside</PRE><P>HTH</P> Wed, 04 Mar 2020 19:47:12 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040420#M1067349 Rob Ingram 2020-03-04T19:47:12Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040426#M1067351 <P>good spot <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a> .</P> <P>&nbsp;</P> <P>you doing a dynamic nat it will fail on rpf-check. you need a whole range of ip address to be ping able from outside?</P> <P>&nbsp;</P> <P>if you have spare ip address as you already using RFC1918 for outside. do this for test.</P> <P>object network TEST</P> <P>&nbsp;host 172.x.x.x (inside-single-host-ip-adresss)</P> <P>&nbsp;nat (inside,outside) static 192.168.x.x</P> <P>!</P> <P>access-list outside_in ex permit icmp any object TEST eq echo-reply</P> <P>access-group outside_in in interface outside</P> Wed, 04 Mar 2020 20:00:23 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040426#M1067351 Sheraz.Salim 2020-03-04T20:00:23Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040545#M1067358 <P>Making progress. Test did not work. I deleted the eigrp route to the 192.168.1.0 network on the ASA. I am now getting a reply :destination host unreachable, whereas before, nothing. I have icmp enabled on ASA going out the outside interface. New configs:</P><P>&nbsp;</P><P>interface GigabitEthernet1/1</P><P>description Connection to inside</P><P>nameif inside</P><P>security-level 100</P><P>ip address 172.16.1.1 255.255.255.0</P><P>!</P><P>interface GigabitEthernet1/2</P><P>description Connection to ISP</P><P>nameif outside</P><P>security-level 0</P><P>ip address 192.168.1.231 255.255.255.0</P><P>!</P><P>object network IN-OUT</P><P>subnet 172.16.1.0 255.255.255.0</P><P>!</P><P>route outside 0.0.0.0 0.0.0.0 192.168.1.254 1</P><P>!</P><P>access-list INSIDE-OUT extended permit icmp 172.16.1.0 255.255.255.0 any echo-reply</P><P>!</P><P>access-group INSIDE-OUT in interface outside</P><P>object network IN-OUT</P><P>nat (inside,outside) static 192.168.1.231</P><P>!</P><P>class-map inspection_default</P><P>match default-inspection-traffic</P><P>!</P><P>policy-map global_policy</P><P>class inspection_default</P><P>inspect icmp</P><P>!</P><P>service-policy global_policy global</P><P>&nbsp;</P><P>router eigrp 1</P><P>network 172.16.1.0 255.255.255.0</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 05 Mar 2020 02:07:11 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040545#M1067358 jacobhampton729737713 2020-03-05T02:07:11Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040565#M1067360 <P>Hi,</P><P>&nbsp;</P><P>now all configuration looks good but still ACL have issue, you have to modify&nbsp; your ACL to allow the ICMP traffic destined to 172.16.1.0 network, so this network should be mention in the destination part of ACL, not on the source part</P><P>&nbsp;</P><P><SPAN>no access-list INSIDE-OUT extended permit icmp 172.16.1.0 255.255.255.0 any echo-reply</SPAN></P><P>&nbsp;</P><P><SPAN>access-list INSIDE-OUT extended permit icmp any 172.16.1.0 255.255.255.0 echo-reply</SPAN></P> Thu, 05 Mar 2020 02:40:10 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040565#M1067360 Muhammad Awais Khan 2020-03-05T02:40:10Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040577#M1067362 <P>no success here. Can ping from client on inside to inside port on ASA but not through.</P> Thu, 05 Mar 2020 03:13:44 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040577#M1067362 jacobhampton729737713 2020-03-05T03:13:44Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040595#M1067364 <P>i just notice your NAT, since your are translating whole subnet to single IP address ( outside ), it should be dybamic not static.</P><P>&nbsp;</P><P>access-group INSIDE-OUT in interface outside</P><P>object network IN-OUT</P><P>&nbsp;no nat (inside,outside) static 192.168.1.231</P><P>&nbsp;nat (inside,outside) dynamic 192.168.1.231</P><P>&nbsp;</P><P>can you test above ?</P> Thu, 05 Mar 2020 04:03:01 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040595#M1067364 Muhammad Awais Khan 2020-03-05T04:03:01Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040654#M1067371 <P>dynamic nat is not going to work as you break the asa fundamentals. in order to reach from outside to inside network you need a nat rule with static nat.</P> <P>&nbsp;</P> <P>i have just test this in lab. here is my output. change your network ip addressing accordingly.</P> <P>!</P> <P>object network ALL-WIRELESS&nbsp;&nbsp; (THIS IS MY WIRELESS NETOWRK WITH SECURITY-LEVEL100)<BR />subnet 192.168.185.0 255.255.255.0<BR />nat (wireless-house,outside) static 192.168.1.55&nbsp; (I borrowed one ip address from outside subnet range)</P> <P>!</P> <P>access-list ALL-WIRELESS line 1 extended permit icmp any object ALL-WIRELESS echo-reply</P> <P>access-group ALL-WIRELESS in interface outside</P> <P>packet-tracer input outside icmp 8.8.8.8 0 8 192.168.1.55</P> <P>Additional Information:</P> <P>Phase: 3<BR />Type: NAT<BR />Subtype: per-session<BR />Result: ALLOW<BR />Config:<BR />Additional Information:</P> <P>Phase: 4<BR />Type: IP-OPTIONS<BR />Subtype:<BR />Result: ALLOW<BR />Config:<BR />Additional Information:</P> <P>Phase: 5<BR />Type: SFR<BR />Subtype:<BR />Result: ALLOW<BR />Config:<BR />class-map SFR-CLASS<BR />match access-list SFR<BR />policy-map global_policy<BR />class SFR-CLASS<BR />sfr fail-open<BR />service-policy global_policy global<BR />Additional Information:</P> <P>Phase: 6<BR />Type: INSPECT<BR />Subtype: np-inspect<BR />Result: ALLOW<BR />Config:<BR />class-map inspection_default<BR />match default-inspection-traffic<BR />policy-map global_policy<BR />class inspection_default<BR />inspect icmp<BR />service-policy global_policy global<BR />Additional Information:</P> <P>Phase: 7<BR />Type: INSPECT<BR />Subtype: np-inspect<BR />Result: ALLOW<BR />Config:<BR />Additional Information:</P> <P>Phase: 8<BR />Type: FLOW-EXPORT<BR />Subtype:<BR />Result: ALLOW<BR />Config:<BR />Additional Information:</P> <P>Phase: 9<BR />Type: VPN<BR />Subtype: ipsec-tunnel-flow<BR />Result: ALLOW<BR />Config:<BR />Additional Information:</P> <P>Phase: 10<BR />Type: NAT<BR />Subtype: rpf-check<BR />Result: ALLOW<BR />Config:<BR />object network ALL-WIRELESS<BR />nat (wireless-house,outside) static 192.168.1.55<BR />Additional Information:</P> <P>Phase: 11<BR />Type: FLOW-CREATION<BR />Subtype:<BR />Result: ALLOW<BR />Config:<BR />Additional Information:<BR />New flow created with id 273112, packet dispatched to next module</P> <P>Result:<BR />input-interface: outside<BR />input-status: up<BR />input-line-status: up<BR />output-interface: wireless-house<BR />output-status: up<BR />output-line-status: up<BR />Action: allow</P> <P>&nbsp;</P> Thu, 05 Mar 2020 07:25:21 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040654#M1067371 Sheraz.Salim 2020-03-05T07:25:21Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040972#M1067399 <P>But I am not trying to go from the outside to inside, unless that is referring to icmp packets returning? Would dynamic be necessary as static would be for a single address coming from inside where I would have multiple?</P> Thu, 05 Mar 2020 15:12:02 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4040972#M1067399 jacobhampton729737713 2020-03-05T15:12:02Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4041036#M1067404 <P>I am sorry i completely lost it what is the issue and what is you trying to achieve?&nbsp;</P> Thu, 05 Mar 2020 16:06:03 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4041036#M1067404 Sheraz.Salim 2020-03-05T16:06:03Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4041298#M1067427 <P>I am unable to ping from my inside (the 172.16) network to the outside (192.168.13). Once I am able to ping through, with the first location I will be adding another location to go through the ASA. But for now I need to be able to access the internet on the inside network.&nbsp;</P><P>&nbsp;</P><P>I am able to ping from a client pc to the inside interface on the ASA but not through.</P><P>&nbsp;</P><P>From the outside interface on the ASA I can ping the internet put not my inside network.</P><P>&nbsp;</P><P>Thank you</P> Thu, 05 Mar 2020 21:48:10 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4041298#M1067427 jacobhampton729737713 2020-03-05T21:48:10Z https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4042117#M1067493 <P>let get this sorted once for all.</P> <P>&nbsp;</P> <P>could you past your result of packet-tracer from inside to outside for example.</P> <P>&nbsp;</P> <P>packet-tracer interface inside 192.168.1.1 8 0 8.8.8.8 detail</P> Sat, 07 Mar 2020 09:12:53 GMT https://community.cisco.com/t5/network-security/cisco-asa-5506-x-ping-issues/m-p/4042117#M1067493 Sheraz.Salim 2020-03-07T09:12:53Z