Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3296
Views
5
Helpful
16
Replies

Firepower Ping

Juraj Papic
Level 3
Level 3

‎05-24-2022 10:54 AM

Hi all,

I my firewall (Firewpower) in the G0/0 I configured the interface 192.168.100.250/24, this is directly connected do my router 192.168.100.245/24 , from the Firewall I can ping my interface but I cant ping the ip from the router, I also tried this from the expert mode and same issue.

 

Thanks in advance for any help.

0 Helpful
16 Replies 16

Flavio Miranda
VIP
VIP

‎05-24-2022 11:02 AM

Hi

  Usually icmp is denied by default on firewall for security reason. You can permit it. Try to add this ACL and apply it to the outside interface.

 

ASA(config)#access-list ACL-OUTSIDE extended permit icmp any any 
ASA(config)#access-group ACL-OUTSIDE in interface outside 

0 Helpful

Juraj Papic
Level 3
Level 3
In response to Flavio Miranda

‎05-24-2022 11:10 AM

Hello,

This is a Firepower not the asa, I configure a Policy to permit any any.

 

thanks. 

0 Helpful

Rob Ingram
VIP
VIP
In response to Juraj Papic

‎05-24-2022 11:17 AM

@Juraj Papic by default you should be able to ping the Firepower device.

 

What hardware appliance are you using?

 

Are you using FMC or FDM to manage the firewall?

 

Do you mean you can ping the Firewalls own IP address from the firewall itself?

...but you cannot ping to the router or do you mean you cannot ping from the router to the firewall?

 

0 Helpful

Juraj Papic
Level 3
Level 3
In response to Rob Ingram

‎05-24-2022 11:21 AM

Im usgin FMC to manage the firewll from the CLI I can ping my interface , but I cant ping the router connected to that interface, 

 

thanks. 

0 Helpful

Rob Ingram
VIP
VIP
In response to Juraj Papic

‎05-24-2022 11:25 AM

@Juraj Papic which interface have you configured, the data interface or the mgmt interface?

If using the data interface using ping <ip address> or if using the mgmt interface using ping system <ip address>

 

0 Helpful

Juraj Papic
Level 3
Level 3
In response to Rob Ingram

‎05-24-2022 11:28 AM

Im testing the ping to the G0/0 this is connected to my router, and I tryed both option ping IP and ping system IP, with both options I have no answer from the Router.

 

 

thanks.

0 Helpful

Rob Ingram
VIP
VIP
In response to Juraj Papic

‎05-24-2022 11:30 AM

@Juraj Papic what have you configured data and/or mgmt interfaces?

Provide the output of "show network" and "show interface ip brief" from the Firewall

And the configuration of the router interface that connects to the firewall.

0 Helpful

Juraj Papic
Level 3
Level 3
In response to Rob Ingram

‎05-24-2022 02:03 PM

I will sent it right now.

 

thanks.

0 Helpful

MHM Cisco World
VIP
VIP

‎05-24-2022 12:24 PM

I one time see same case,

When we do packet tracer from one ip to any interface ip in asa, the asa refuse ping packet simply drop.

So are you use this interface ip for managment? 

0 Helpful

Juraj Papic
Level 3
Level 3
In response to MHM Cisco World

‎05-24-2022 02:04 PM

No sir,, it not the Mgmt.

 

thanks. 

Eric R. Jones
Level 4
Level 4

‎05-24-2022 01:57 PM

Is ICMP disabled by default on outside interfaces?


0 Helpful

Juraj Papic
Level 3
Level 3
In response to Eric R. Jones

‎05-24-2022 02:06 PM

This will be to the Inside Interface and I enabled a policy to accept any / any

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni
In response to Juraj Papic

‎05-24-2022 03:37 PM

curious could be cable issue on the router as they connected directly as you mentioned in your post.

please do not forget to rate.
0 Helpful

MHM Cisco World
VIP
VIP

‎05-24-2022 02:39 PM

Are you config icmp inspection?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card