Hi John

John · ‎05-03-2016

We are unable to ping the public ip ( which is translated IP) from from internal network?

Aditya Ganjoo · ‎05-03-2016

Hi John,

By design you cannot ping the ASA interface IP coming from a different interface.

So if you are behind the inside interface you cannot ping the outside IP of the ASA.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

John · ‎05-03-2016

Thank's Aditya

Is there any cisco documents?

Aditya Ganjoo · ‎05-03-2016

Hi John

Please refer to the following doc:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/15246-31.html#pingsown

Check the pinging Another Interface section.

Also you can check these link:

https://learningnetwork.cisco.com/thread/7355

Aditya

Please rate helpful posts.

John · ‎05-03-2016

Hello Aditya,

How about this forum?

https://supportforums.cisco.com/discussion/12403546/cisco-asa-5510-cannot-reach-public-ips-inside-network

how to configure to ping public IP's from Inside Network?

Aditya Ganjoo · ‎05-03-2016

Hi John,

This is a different case.

You can ping any public IP from the inside network if you have the correct rules in place.

If you enable icmp inspection on ASA you would be able to ping the IP's from the inside network.

To enable icmp inspection on ASA use this command--- fixup protocol icmp

Regards,

Aditya

John · ‎05-03-2016

example: for static nat configuration:

internal 192.168.1.1 (translated ip 121.68.1.2)

outside: 121.68.1.1

we have a public ip (which is translated ip), we would like to know from internal (192.168.1.1) can we ping the translated ip 9121.68.1.2?

we already allowed icmp inspection in our firewall.

Aditya Ganjoo · ‎05-03-2016

Hi John,

You should be able to ping the NAT IP from the inside.

Could you please run packet tracer to check the flow of the traffic on the ASA ?

Regards,

Aditya

ASA | Unable to ping public IP