How to allow ping from inside to outside in 2900 router?

Mahmoud Marie — Tue, 12 Mar 2019 01:24:58 GMT

Hi,

I have a Cisco router 2900 with firewall, i need to know how can i allow the ping from self zone to outside zone, i trried to create policy from self to outside but i still didn't allow ping or tracert, i get that message when i try to ping from cisco router:

"Unrecognized host or address, or protocol not running"

any help will be appreciated.

Thank you

How to allow ping from inside to outside in 2900 router?

Julio Carvajal — Mon, 08 Apr 2013 16:55:47 GMT

Hello,

Do you have already a self-out and out-self zone-pair?????

If yes, proceed to share the configuration used, you must have 2 to zone-pairs created

Regards

How to allow ping from inside to outside in 2900 router?

Mahmoud Marie — Tue, 09 Apr 2013 09:20:00 GMT

Hi jcarvaja

here is the used configuration:

Building configuration...

Current configuration : 5584 bytes

! Last configuration change at 09:00:20 UTC Tue Apr 9 2013 by admin

version 15.1

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

no service password-encryption

service udp-small-servers

service tcp-small-servers

service sequence-numbers

hostname Router

boot-start-marker

boot-end-marker

security authentication failure rate 3 log

security passwords min-length 6

no logging buffered

no logging console

enable secret 5

no aaa new-model

no ipv6 cef

ip source-route

ip gratuitous-arps

ip icmp rate-limit unreachable 1

ip cef

ip name-server 163.121.128.134

ip name-server 163.121.128.135

ip port-map user-custom-fleet port tcp 2000 list 1

multilink bundle-name authenticated

crypto pki token default removal timeout 0

crypto pki trustpoint TP-self-signed-324261422

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-324261422

revocation-check none

crypto pki certificate chain TP-self-signed-324261422

certificate self-signed 01

30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33323432 36313432 32301E17 0D313330 34303930 38343034

375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 34323631

34323230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

B8ABD60F 8C879B3B BC1C1643 48059AD2 F940A700 6D58161E 37D53E6E E028B806

61EAA942 CED2A3C6 3FB3A47E 20E05B10 0941A9D8 38FFA6F9 D2B9E52C 225A57BA

14F8842A A26E7E02 38E9F7C8 328504D0 5C3EEE41 CC75B237 BBD07CBA 1A850540

2A5AAFAD 4553FB03 0E366211 9AC09967 4DC03082 0AF546A3 F6AA2739 1D8A8AA9

02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D

23041830 16801428 FEEB3910 B7A1D374 1F86BCD5 96CEDF75 8DF11E30 1D060355

1D0E0416 041428FE EB3910B7 A1D3741F 86BCD596 CEDF758D F11E300D 06092A86

4886F70D 01010405 00038181 006BBF7A 430905F6 D5B27B0D 96315504 87816DAA

B5EA86D9 6E9A1D58 7B328C88 A6A358D0 00D035A9 8CDDEC41 15AF0108 F5CB1072

B0485D7D CFC0D0CB 71E9B153 FB7B8B40 40C157E4 B254D01C 890D615F D8395545

F0B47E0B 57341EB2 C0CE0039 DC18EAD6 078986F0 A5A5D04F D5041DB6 23CAA002

4901248C 95B61A0B 3ED5B26A EF

quit

license udi pid CISCO2901/K9 sn FCZ1526C3JL

object-group service Outside-Reply

icmp echo-reply

username admin privilege 15 secret 5

redundancy

ip finger

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

class-map type inspect match-any Deny_ALL

match access-group name dwdwd

class-map type inspect match-any Inside-Outside

match protocol http

match protocol https

match protocol dns

class-map type inspect match-any ICMP_RQST

match protocol icmp

policy-map type inspect Inside-Outside

class type inspect Inside-Outside

inspect

class class-default

drop

policy-map type inspect Self_to_Outside

class type inspect ICMP_RQST

inspect

class class-default

drop

policy-map type inspect Outside_to_Self

class type inspect Deny_ALL

pass log

class class-default

drop

zone security IN

zone security OUT

zone-pair security Self_to_Outside source self destination OUT

service-policy type inspect Self_to_Outside

zone-pair security Outside_to_Self source OUT destination self

service-policy type inspect Outside_to_Self

zone-pair security Inside-Outside source IN destination OUT

service-policy type inspect Inside-Outside

interface GigabitEthernet0/0

ip address 101.101.100.245 255.255.255.0

ip mask-reply

ip directed-broadcast

ip flow ingress

duplex auto

speed auto

interface GigabitEthernet0/1

description $FW_INSIDE$

ip address 49.31.152.80 255.255.255.248

ip mask-reply

ip directed-broadcast

ip flow ingress

zone-member security IN

duplex auto

speed auto

interface Serial0/0/0

no ip address

ip mask-reply

ip directed-broadcast

ip flow ingress

encapsulation frame-relay IETF

no fair-queue

frame-relay lmi-type q933a

interface Serial0/0/0.16 point-to-point

description $FW_OUTSIDE$

ip address 172.17.18.122 255.255.255.252

ip mask-reply

ip directed-broadcast

ip flow ingress

ip verify unicast reverse-path

zone-member security OUT

frame-relay interface-dlci 16

interface Serial0/0/1

no ip address

ip mask-reply

ip directed-broadcast

ip flow ingress

shutdown

clock rate 2000000

ip forward-protocol nd

ip http server

ip http access-class 2

ip http authentication local

ip http secure-server

ip route 0.0.0.0 0.0.0.0 Serial0/0/0.16

ip identd

ip access-list extended ICMP

remark CCP_ACL Category=128

permit ip any any

ip access-list extended deeef

remark CCP_ACL Category=128

permit ip any any

ip access-list extended dwdwd

remark CCP_ACL Category=1

permit object-group Outside-Reply any any

access-list 1 remark CCP_ACL Category=1

access-list 1 permit 196.219.234.77

access-list 2 remark Auto generated by SDM Management Access feature

access-list 2 remark CCP_ACL Category=1

access-list 2 permit 101.101.100.0 0.0.0.255

access-list 2 permit 10.20.10.0 0.0.1.255

no cdp run

control-plane

line con 0

transport output telnet

line aux 0

transport output telnet

line vty 0 4

transport input all

line vty 5 15

transport input all

scheduler allocate 20000 1000

end

How to allow ping from inside to outside in 2900 router?

Julio Carvajal — Tue, 09 Apr 2013 16:41:11 GMT

Hello.

Configuration is wrong,

policy-map type inspect Outside_to_Self

no class type inspect Deny_ALL

class type inspect ICMP_RQST

inspect

Let me know how it goes,

( If it does not work post the configuration with the changes)

topic How to allow ping from inside to outside in 2900 router? in Network Security

How to allow ping from inside to outside in 2900 router?

How to allow ping from inside to outside in 2900 router?

How to allow ping from inside to outside in 2900 router?

How to allow ping from inside to outside in 2900 router?