Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
7
Replies

Not able to ping natted I.P from inside

ajaykumar2k1
Level 1
Level 1

‎05-05-2007 11:43 PM - edited ‎03-11-2019 03:09 AM

we are using ASA5505 having two interfaces inside(Security level 100) outside (security level 50)

We had statically natted I.P X.X.X.X (inside ) to Y.Y.Y.Y (Public I.P).We are able to ping this public I.P from Internet ,also nat is working successfully.

we are able to ping natted I.P from ouside i.e Y.Y.Y.Y but we are not able to ping it from inside .

below is the configuration done

static (inside,outside) Y.Y.Y.Y X.X.X.X netmask 255.255.255.255

Regards

Ajay

Labels:
0 Helpful
7 Replies 7

zulqurnain
Level 3
Level 3

‎05-06-2007 11:20 PM

hello,

i maybe wrong but how could you even ping this natted ip from outside to inside, whereas my understanding says that pix doesn't allow any icmp traffic espacially if coming from higher security interface to lower security interface.

0 Helpful

ajaykumar2k1
Level 1
Level 1
In response to zulqurnain

‎05-07-2007 01:12 AM

Thanks for your reply

My problem has been resolved .

Regards

Ajay

0 Helpful

zulqurnain
Level 3
Level 3
In response to ajaykumar2k1

‎05-07-2007 04:29 AM

hello,

you are always welcome, but if you don't mind i would really like to know how you solved it.

0 Helpful

steve_perrone
Level 1
Level 1

‎06-27-2007 11:13 AM

We are having the exact same problem.

Could you elaborate on how you solved this issue.

Thank you

0 Helpful

acomiskey
Level 10
Level 10
In response to steve_perrone

‎06-27-2007 11:16 AM

Steve, could you elaborate on your problem? How many interfaces are we talking about here? Give us a little more info.

For example if you have 3 interfaces and have

static (dmz,outside) 1.1.1.1 172.16.1.1 netmask 255.255.255.255

You can ping 1.1.1.1 from outside but not from the inside. You would need to add something like this if you wanted to do so....

static (dmz,inside) 1.1.1.1 172.16.1.1 netmask 255.255.255.255

Here are a few options for 2 interfaces

1. dns doctoring

2. hairpinning

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Please rate helpful posts

0 Helpful

steve_perrone
Level 1
Level 1
In response to acomiskey

‎06-27-2007 11:24 AM

Well, I guess I got a little trigger happy and sent off this post before reading trough all posts.

I got my answer here

ns&loc=.1dde631e/4&forum=Security&topic=Firewalling

0 Helpful

acomiskey
Level 10
Level 10
In response to steve_perrone

‎06-27-2007 11:27 AM

Could you post that link again. Was it the same solution as I posted above?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card