you are using eigrp between ASA and Internet edge ? both interfaces are on same subnet where you are running protocol between two ?

PROBLEM

!

interface GigabitEthernet1/1

description Connection to inside

nameif inside

security-level 100

ip address 172.16.1.1 255.255.255.0

!

Change the nameif

!

interface GigabitEthernet1/2
description Connection to ISP
nameif inside -- change to outside
security-level 0
ip address 192.168.1.231 255.255.255.0
!
access-list INSIDE-OUT extended permit icmp any 172.16.0.0 255.255.0.0 echo-reply
access-group INSIDE-OUT out interface outside
!
packet-tracer input outside icmp 8.8.8.8 8 0 172.16.1.x

if you see your configuration you define nameif inside twice and than you match the access-group with interface outside

(or)

give a command fixup protocol icmp  AND fixup protocol icmp-error

I fixed that problem. Still cannot ping. Here are my new configs:

interface GigabitEthernet1/1

description Connection to inside

nameif inside

security-level 100

ip address 172.16.1.1 255.255.255.0

interface GigabitEthernet1/2

description Connection to ISP

nameif outside

security-level 0

ip address 192.168.1.231 255.255.255.0

object network IN-OUT

subnet 172.16.1.0 255.255.255.0

route ISP 0.0.0.0 0.0.0.0 192.168.1.254

access-list INSIDE-OUT extended permit icmp any 172.16.0.0 255.255.0.0 echo-reply

access-group INSIDE-OUT out interface outside

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect icmp

service-policy global_policy global

telnet timeout 5

ssh timeout 5

router eigrp 1

network 8.8.8.8 0.0.0.0

network 8.8.8.1 0.0.0.0

network 180.100.99.0 0.0.0.255

network 192.168.13.0

Potential OS issue between devices?

Is this a test lab or a production network? I noted you do not have nat rules. in order to ping or any other services you running from outside to inside need a static nat. even though you have an access-list define and also access-group define. it will always fail. as you coming from outside to inside and outside have a security level 0 and inside have security level 100. from 100 to 0 you can go no problem but from 0 to 100 you need access-list/access-group and to define nat rule (this could be identity nat or dynamic nat).

Simulation of a production network. I have nat configured as such 

nat (inside,outside) dynamic interface

I assume you are pinging from inside to outside, you need to modify the direction from out to in.

no access-group INSIDE-OUT out interface outside

access-group INSIDE-OUT in interface outside

HTH

good spot @Rob Ingram .

you doing a dynamic nat it will fail on rpf-check. you need a whole range of ip address to be ping able from outside?

if you have spare ip address as you already using RFC1918 for outside. do this for test.

object network TEST

 host 172.x.x.x (inside-single-host-ip-adresss)

 nat (inside,outside) static 192.168.x.x

!

access-list outside_in ex permit icmp any object TEST eq echo-reply

access-group outside_in in interface outside

Making progress. Test did not work. I deleted the eigrp route to the 192.168.1.0 network on the ASA. I am now getting a reply :destination host unreachable, whereas before, nothing. I have icmp enabled on ASA going out the outside interface. New configs:

interface GigabitEthernet1/1

description Connection to inside

nameif inside

security-level 100

ip address 172.16.1.1 255.255.255.0

!

interface GigabitEthernet1/2

description Connection to ISP

nameif outside

security-level 0

ip address 192.168.1.231 255.255.255.0

!

object network IN-OUT

subnet 172.16.1.0 255.255.255.0

!

route outside 0.0.0.0 0.0.0.0 192.168.1.254 1

!

access-list INSIDE-OUT extended permit icmp 172.16.1.0 255.255.255.0 any echo-reply

!

access-group INSIDE-OUT in interface outside

object network IN-OUT

nat (inside,outside) static 192.168.1.231

!

class-map inspection_default

match default-inspection-traffic

!

policy-map global_policy

class inspection_default

inspect icmp

!

service-policy global_policy global

router eigrp 1

network 172.16.1.0 255.255.255.0

Hi,

now all configuration looks good but still ACL have issue, you have to modify  your ACL to allow the ICMP traffic destined to 172.16.1.0 network, so this network should be mention in the destination part of ACL, not on the source part

no access-list INSIDE-OUT extended permit icmp 172.16.1.0 255.255.255.0 any echo-reply

access-list INSIDE-OUT extended permit icmp any 172.16.1.0 255.255.255.0 echo-reply

no success here. Can ping from client on inside to inside port on ASA but not through.

i just notice your NAT, since your are translating whole subnet to single IP address ( outside ), it should be dybamic not static.

access-group INSIDE-OUT in interface outside

object network IN-OUT

 no nat (inside,outside) static 192.168.1.231

 nat (inside,outside) dynamic 192.168.1.231

can you test above ?

dynamic nat is not going to work as you break the asa fundamentals. in order to reach from outside to inside network you need a nat rule with static nat.

i have just test this in lab. here is my output. change your network ip addressing accordingly.

!

object network ALL-WIRELESS   (THIS IS MY WIRELESS NETOWRK WITH SECURITY-LEVEL100)
subnet 192.168.185.0 255.255.255.0
nat (wireless-house,outside) static 192.168.1.55  (I borrowed one ip address from outside subnet range)

!

access-list ALL-WIRELESS line 1 extended permit icmp any object ALL-WIRELESS echo-reply

access-group ALL-WIRELESS in interface outside

packet-tracer input outside icmp 8.8.8.8 0 8 192.168.1.55

Additional Information:

Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:

Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 5
Type: SFR
Subtype:
Result: ALLOW
Config:
class-map SFR-CLASS
match access-list SFR
policy-map global_policy
class SFR-CLASS
sfr fail-open
service-policy global_policy global
Additional Information:

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
Additional Information:

Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 8
Type: FLOW-EXPORT
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 9
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:

Phase: 10
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
object network ALL-WIRELESS
nat (wireless-house,outside) static 192.168.1.55
Additional Information:

Phase: 11
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 273112, packet dispatched to next module

Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: wireless-house
output-status: up
output-line-status: up
Action: allow