ASA 5510 Unable to Ping from out side interface or cloud

Sreejesh S · ‎11-28-2012

hi

one of my client has BSNL leased line with LAN IP POOL we configured those on ASA 5510 nad Internet working fine but from cloud we are not getting any response for ping requiest please find running configuration below and advice me if need any change on that

ciscoasa(config)# sh run

: Saved

:

ASA Version 8.2(1)

!

hostname ciscoasa

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 172.24.73.101 255.255.255.252

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 117.240.124.97 255.255.255.248

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

!

ftp mode passive

access-list outside_acl extended permit icmp any any

access-list outside_acl extended permit ip any any

pager lines 24

mtu outside 1500

mtu inside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

access-group outside_acl in interface outside

route outside 0.0.0.0 0.0.0.0 172.24.73.102 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet 0.0.0.0 0.0.0.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username cisco password 3USUcOPFUiMCO4Jk encrypted

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:d9141f80d47a213e832235591f5d8a1f

: end

ju_mobile · ‎11-28-2012

Good morning,

You need a permit icmp any any outside.

Icmp requires both the ACL and allowing as a management protocol. I would recommend further locking it down to a smaller range after testing

Regards

Julian

Sent from Cisco Technical Support iPhone App

Sreejesh S · ‎11-28-2012

access-list outside_acl extended permit icmp any any

is this is the command right I have already configured that

ju_mobile · ‎11-28-2012

Hi,

Please add:

icmp permit amy outside

to your configuration. This is not an ACL but the way in which ASA/PIX deals with ICMP.

regards

Julian

ju_mobile · ‎11-28-2012

Sorry, icmp permit not permit icmp

Cheers

Julian

Sent from Cisco Technical Support iPhone App