Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1384
Views
0
Helpful
9
Replies

inside to outside ping in ASA

ashish.sehgal
Level 1
Level 1

‎03-05-2009 08:30 AM - edited ‎03-11-2019 08:00 AM

Hi, I have configured an ASA recently. After finishig of basic configurations, I tried ping from inside to outside interface and vice versa. But ping is not successful. I was getting ?????. I have tried "icmp permit any OUTSIDE" and "icmp permit any INSIDE" in vain. Please help me with a solution.

1 person had this problem
Labels:
Preview file
4 KB
0 Helpful
9 Replies 9

Ivan Martinon
Level 7
Level 7

‎03-05-2009 09:14 AM

Are you pinging from a host behind the ASA to a host outside the ASA?

If yes you need to enable ICMP inspection under the policy map:

policy-map global_policy

class inspection_default

inspect icmp

Or are you using the inside interface to ping the outside interface?

If yes this is not supported.

0 Helpful

JamesLuther
Level 3
Level 3

‎03-05-2009 11:17 AM

Hi,

The commands "icmp permit any OUTSIDE" and "icmp permit any INSIDE" control ICMP to the ASA itself.

To allow icmp through the ASA then use access-lists

Regards

0 Helpful

sushil
Level 1
Level 1
In response to JamesLuther

‎03-05-2009 11:56 PM

Try enabling icmp inspect as per Ivan.

0 Helpful

ashish.sehgal
Level 1
Level 1
In response to JamesLuther

‎03-06-2009 02:29 AM

Read but still not working, need more clarity about ASA permit and deny and also about ICMP

0 Helpful

JamesLuther
Level 3
Level 3
In response to ashish.sehgal

‎03-06-2009 02:37 AM

Hi,

Here are some configuration examples on how to get ICMP thorugh the ASA working.

access-list in_on_inside permit icmp any any echo

access-group in_on_inside in interface inside

access-list in_on_outside permit icmp any any echo-reply

access-group in_on_outside in interface outside

or

access-list in_on_inside permit icmp any any echo

access-group in_on_inside in interface inside

policy-map global_policy

class inspection_default

inspect icmp

Also, is nat-control disabled on your firewall? Yo ucan make sure by typing

no nat-control

Regards

0 Helpful

Ivan Martinon
Level 7
Level 7
In response to ashish.sehgal

‎03-06-2009 07:54 AM

How are you trying to ping? Is it from a host behind asa to a host outside asa? or from the actual interfaces?

0 Helpful

ashish.sehgal
Level 1
Level 1
In response to Ivan Martinon

‎03-07-2009 08:16 AM

I am pinging from a switch and my Laptop behind ASA.

Just simply pissed off. Today it started pinging and I started testing failover, powered off my secondary ASA and since then it again stopped Pinging. I restarted my failover ASA but :(

PFA configuration of all the devices and let me know if you find any configuration issue in any of the device.

22861-SSTL.zip
0 Helpful

ashish.sehgal
Level 1
Level 1
In response to ashish.sehgal

‎03-09-2009 08:24 PM

Frnds, Thanks a lot for all your suggestions and help. The problem is solved. Apparently it was a routing loop problem causing the issue.

Ashish

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card