https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333962#M857984 <HTML><HEAD></HEAD><BODY><P>Not sure what you are trying to ping.</P><P>Remember, you could not ping from a host in inside network to the ip address of ASA's outside interface. This is an expected behavior.</P></BODY></HTML> Sat, 26 Sep 2009 05:56:36 GMT Yudong Wu 2009-09-26T05:56:36Z https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333957#M857965 <P>Greeting All,</P><P></P><P>I`ve tried to ping from the inside network to the outside and in normal case it has to be possible since :</P><P></P><P>Internal network has a security profile of 100 </P><P></P><P>External network has a security profile of 0 </P><P></P><P>And since the rule: Permit from a secure network to a not secure is enabled BUT still i can`t ping from my inside interface (172.16.1.0/24) to the ouside interface (10.10.10.0/24)</P><P></P><P>I even tried to modify the ACL to allow everything from Inside to the outside and vise versa but still doesn`t work</P><P></P><P>Is it a bug or what i`m really stuckk here!!!</P><P></P><P>Thanks for your help guys.</P><P></P><P>PS: i have attached 2 print screen for more information</P><P></P><P></P><P></P><P> </P><P></P> Mon, 11 Mar 2019 16:19:44 GMT https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333957#M857965 Seifeddine-Tlili 2019-03-11T16:19:44Z https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333958#M857968 <HTML><HEAD></HEAD><BODY><P>Do you have syslog enabled? If yes, what log says about icmp.</P><P></P><P>Remember by default, ICMP won't be inspected. Therefore, you have to either permit echo-reply on outside interface or enable icmp inspection. Since you have already configured "permit any" on outside interface, you should be able to ping. </P><P></P><P>If packet was dropped by ASA, you should see something in log or by enable "debug icmp trace 255".</P></BODY></HTML> Fri, 25 Sep 2009 18:59:30 GMT https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333958#M857968 Yudong Wu 2009-09-25T18:59:30Z https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333959#M857972 <HTML><HEAD></HEAD><BODY><P>thanks for your reply i appreciate it,</P><P></P><P>Well in normal case since i have permitted the icmp trafic from the outside to the inside and vise vers ca icmp trafic has to go through but it`s not.</P><P></P><P>I have check the packet tracer and it says that the ACL is dropping the packet and it seems that it`s bypassing the rule that i have.</P><P></P><P>I have attached a copy of my run config</P><P></P><P>Thanks for your help.</P><P></P><P>Kindly</P><P>Seifeddine Tlili</P><P></P><P> </P><P></P></BODY></HTML> Fri, 25 Sep 2009 19:41:22 GMT https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333959#M857972 Seifeddine-Tlili 2009-09-25T19:41:22Z https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333960#M857976 <HTML><HEAD></HEAD><BODY><P>Your config looks good. </P><P>Can you post the output of packet trace?</P></BODY></HTML> Fri, 25 Sep 2009 20:01:15 GMT https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333960#M857976 Yudong Wu 2009-09-25T20:01:15Z https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333961#M857980 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply, well it seems that i can`t use a ping with a source address the inside interface to the outside interface however i can ping from an inside host to an outiside host isn`t wierd? </P><P></P><P>Thanks for all</P></BODY></HTML> Fri, 25 Sep 2009 22:25:28 GMT https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333961#M857980 Seifeddine-Tlili 2009-09-25T22:25:28Z https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333962#M857984 <HTML><HEAD></HEAD><BODY><P>Not sure what you are trying to ping.</P><P>Remember, you could not ping from a host in inside network to the ip address of ASA's outside interface. This is an expected behavior.</P></BODY></HTML> Sat, 26 Sep 2009 05:56:36 GMT https://community.cisco.com/t5/network-security/asa-acl-issue/m-p/1333962#M857984 Yudong Wu 2009-09-26T05:56:36Z