Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3011
Views
5
Helpful
3
Replies

Cannot ping external DNS servers?

Go to solution
JJevans_2112
Level 1
Level 1

‎11-26-2021 08:33 AM - edited ‎11-26-2021 08:34 AM

Hello All,

 

I cannot ping any external DNS servers like google (8.8.8.8)  or comcast (75.75.75.75) or cloudflare (9.9.9.9 or 1.1.1.1) from a PC (192.168.1.5) on the inside interface of Cisco ASA 5506?

I have tried packet tracer and it states its allowed.

Software firewall is turned off on the PC. I am able to browse web sites so DNS seems to be working ok but cannot ping google.com or ip address.

 

This is really confusing?

 

Any insight on how I can make them respond to ICMP?

 

Thank you,

 

J

Preview file
17 KB
Preview file
36 KB
Preview file
11 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎11-26-2021 08:38 AM - edited ‎11-26-2021 08:47 AM

@JJevans_2112 your packet tracer icmp code syntax is incorrect, it should be 8 0, the output also cannot determine the ingress and egress interfaces.

 

Run the command "fixup protocol icmp" from the CLI.

 

If that doesn't work run packet-tracer from the CLI "packet-tracer input inside icmp 192.168.1.5 8 0 8.8.8.8" and provide the full output for review. And also provide your configuration.

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎11-26-2021 08:38 AM - edited ‎11-26-2021 08:47 AM

@JJevans_2112 your packet tracer icmp code syntax is incorrect, it should be 8 0, the output also cannot determine the ingress and egress interfaces.

 

Run the command "fixup protocol icmp" from the CLI.

 

If that doesn't work run packet-tracer from the CLI "packet-tracer input inside icmp 192.168.1.5 8 0 8.8.8.8" and provide the full output for review. And also provide your configuration.

Go to solution
JJevans_2112
Level 1
Level 1
In response to Rob Ingram

‎11-26-2021 08:59 AM

Hello Rob,

 

Thank you that helped. But when running packet tracer via CLI I get error: 

 

ciscoasa(config)# packet-tracer input inside icmp 192.168.1.5 8 0 8.8.8.8
ERROR: % Ambiguous command: "packet-tracer input inside icmp 192.168.1.5 8 0 8.8.8.8"

 

I also do not understand why it cannot determine which ingress / egress interfaces?

I have attached the cleaned config.

 

Preview file
10 KB
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to JJevans_2112

‎11-26-2021 09:05 AM - edited ‎11-26-2021 09:07 AM

@JJevans_2112 so you can now ping the DNS servers and the initial issue is resolved? - I don't see the configuration in the output

 

Seems like you've configured a bridge group, so you will need to use the correct name of the interface the device is connected to, example:-

 

"packet-tracer input inside_1 icmp 192.168.1.5 8 0 8.8.8.8"

 

or

 

"packet-tracer input inside_2 icmp 192.168.1.5 8 0 8.8.8.8"

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card