Can ping one way but reverse is timed out

olly ahmed · ‎03-16-2016

I can ping a destination IP from a specific source but reverse is not. Trace report is given below and in the reverse trace after the last hop there is a firewall. Can anyone explain how it is possible to ping in one direction but other is not. If it can be configured from firewall then can anyone share the sample firewall configuration for this case.

Forward trace
=============

1 172.28.127.86 0 msec 0 msec 0 msec
2 172.28.127.169 0 msec 0 msec 0 msec
3 172.29.42.3 0 msec 0 msec 0 msec
4 172.18.167.125 4 msec 0 msec 4 msec
5 103.1.135.129 4 msec 8 msec 8 msec
6 103.1.135.146 12 msec 8 msec 8 msec
7 172.18.5.186 8 msec 8 msec 4 msec
8 172.30.31.26 8 msec * 4 msec

Reverse trace
=============

Tracing the route to 172.28.127.81

1 172.30.31.25 4 msec 0 msec 0 msec
2 172.18.5.185 0 msec 0 msec 0 msec
3 103.1.135.145 [MPLS: Labels 16725/18441 Exp 2] 8 msec 12 msec 8 msec
4 103.1.135.130 [MPLS: Label 18441 Exp 2] 8 msec 8 msec 8 msec
5 172.18.167.126 8 msec 8 msec 8 msec

**********************************************

***********************************************

Here is a firewall after 172.18.167.126

Marius Gunnerud · ‎03-16-2016

Most likely there is an ACL on the ingress interface in the Reverse that is blocking the traffic. I suggest checking this first.

What version ASA are you running? Could you post a full running configuration (remember to remove public IPs as well as usernames and passwords)?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts