cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
726
Views
0
Helpful
5
Replies

not able to ping from router to outside interface of the Firewall

padmanabha.n
Level 1
Level 1

We are facing one issue here, the issue is

from router to firewall interface IP i.e. inside interface ip I can ping , but not the outside IP address i.e. 122.160.225.190

from out side i.e. from external network I can ping the outside interface ip of the firewall i.e. 122.160.225.190

I need to ping the & users need to browse the internet. Please provide me the solution

please can you let me know what could be the problem.attached the ASA config , router config & Network Diagram for your reference. if not please provde the config for this setup.

thanks in advance

padmanabha

regards

5 Replies 5

Hi,

try this commands -

policy-map global_policy

class inspection_default

inspect icmp

Hope this helps.

this command is enabled default in the Firewall.

i need router pakcets reach the outside interface of the firewall . i.e internet

Hi Pad,

***There are some configurations on the router you may need to remove, they are the nat configuration below is the how to do so:

interface FastEthernet0/0

no ip nat outside

exit

no interface FastEthernet0/0.63

interface FastEthernet0/1

no ip nat inside

exit

no ip nat pool internet 122.160.227.185 122.160.227.186 netmask 255.255.255.248

***also on the firewall make the following configurations:

icmp permit any inside

icmp permit any outside

no interface Ethernet0/0.63

interface ether 0/0

nameif outside

ip address 122.160.225.190 255.255.255.252 "put the ASA outside ip here"

no shut

no route outside 0.0.0.0 0.0.0.0 122.160.225.190

route outside 0.0.0.0 0.0.0.0 122.160.225.189

no route inside 0.0.0.0 0.0.0.0 10.0.2.1 2

no global (outside) 1 122.160.225.189

global (outside) 1 interface

this will work fine. and please update me.

Best regards,

Mohammed Moustafa.

Hi mohammed,

thanks for the reply, i will re config the both device & let u know the result

icmp inspection might be enabled, but it's not enabled by default.

also, you cannot ping the far side interfaces of a pix/asa - this is by design and cannot be changed. you can only ping the interface closest to the pinging host.

Review Cisco Networking for a $25 gift card