Hi Guys,

Am I supposed to be able to ping an internet address sourced from the inside interface?

ping inside 1.1.1.1

I can ping this address from outside interface.

Here is my config:

interface Ethernet0/0

nameif outside

security-level 0

ip address 2.2.2.1 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.2.1.1 255.255.255.0

!

access-list ACL-outside extended permit icmp any any

access-list ACL-outside extended permit ip any any

access-list ACL-inside extended permit icmp any any

access-list ACL-inside extended permit ip any any

!

nat (inside) 1 192.168.2.0 255.255.255.0

nat (inside) 1 10.2.1.0 255.255.255.0

global (outside) 1 interface

!

access-group ACL-outside in interface outside

access-group ACL-inside in interface inside

route outside 0.0.0.0 0.0.0.0 2.2.2.254 1

Thanks!

Difan