Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
5
Replies

not able to ping from router to outside interface of the Firewall

padmanabha.n
Level 1
Level 1

‎06-23-2008 09:22 PM - edited ‎03-11-2019 06:03 AM

We are facing one issue here, the issue is

from router to firewall interface IP i.e. inside interface ip I can ping , but not the outside IP address i.e. 122.160.225.190

from out side i.e. from external network I can ping the outside interface ip of the firewall i.e. 122.160.225.190

I need to ping the & users need to browse the internet. Please provide me the solution

please can you let me know what could be the problem.attached the ASA config , router config & Network Diagram for your reference. if not please provde the config for this setup.

thanks in advance

padmanabha

regards

Labels:
Preview file
56 KB
Preview file
15 KB
Preview file
3 KB
0 Helpful
5 Replies 5

dhananjoy chowdhury
Level 5
Level 5

‎06-24-2008 12:25 AM

Hi,

try this commands -

policy-map global_policy

class inspection_default

inspect icmp

Hope this helps.

0 Helpful

padmanabha.n
Level 1
Level 1
In response to dhananjoy chowdhury

‎06-24-2008 12:39 AM

this command is enabled default in the Firewall.

i need router pakcets reach the outside interface of the firewall . i.e internet

0 Helpful

mohammed_moustafa
Level 1
Level 1
In response to padmanabha.n

‎06-24-2008 01:36 AM

Hi Pad,

***There are some configurations on the router you may need to remove, they are the nat configuration below is the how to do so:

interface FastEthernet0/0

no ip nat outside

exit

no interface FastEthernet0/0.63

interface FastEthernet0/1

no ip nat inside

exit

no ip nat pool internet 122.160.227.185 122.160.227.186 netmask 255.255.255.248

***also on the firewall make the following configurations:

icmp permit any inside

icmp permit any outside

no interface Ethernet0/0.63

interface ether 0/0

nameif outside

ip address 122.160.225.190 255.255.255.252 "put the ASA outside ip here"

no shut

no route outside 0.0.0.0 0.0.0.0 122.160.225.190

route outside 0.0.0.0 0.0.0.0 122.160.225.189

no route inside 0.0.0.0 0.0.0.0 10.0.2.1 2

no global (outside) 1 122.160.225.189

global (outside) 1 interface

this will work fine. and please update me.

Best regards,

Mohammed Moustafa.

0 Helpful

padmanabha.n
Level 1
Level 1
In response to mohammed_moustafa

‎06-24-2008 01:40 AM

Hi mohammed,

thanks for the reply, i will re config the both device & let u know the result

0 Helpful

srue
Level 7
Level 7
In response to padmanabha.n

‎06-24-2008 01:42 AM

icmp inspection might be enabled, but it's not enabled by default.

also, you cannot ping the far side interfaces of a pix/asa - this is by design and cannot be changed. you can only ping the interface closest to the pinging host.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card