Solved: Ping from inside to outside

Steve Graham · ‎03-06-2008

I am having trouble getting ping to work for my inside networks through my outside interface. Is there a recommended approach for allowing this to traverse from an inside interface to an outside host beyond our network?

acomiskey · ‎03-06-2008

I assume inside-out is applied by "access-group inside-out in interface inside"?

access-list inside-out extended permit icmp any any echo

access-list outside-in extended permit icmp any any echo-reply

access-group outside-in in interface outside

View solution in original post

JORGE RODRIGUEZ · ‎03-06-2008

Steve, go over this link.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

Rgds

Jorge

Jorge Rodriguez

Steve Graham · ‎03-06-2008

Jorge, great material, however, my inside users still cannot ping any hosts on the outside. Any other suggestions, here's a copy of my inside-out entries:

access-list inside-out extended permit ip any any

access-list inside-out extended permit icmp any any echo-reply

access-list inside-out extended permit icmp any any source-quench

access-list inside-out extended permit icmp any any time-exceeded

access-list inside-out extended permit icmp any any unreachable

acomiskey · ‎03-06-2008

I assume inside-out is applied by "access-group inside-out in interface inside"?

access-list inside-out extended permit icmp any any echo

access-list outside-in extended permit icmp any any echo-reply

access-group outside-in in interface outside

Steve Graham · ‎03-06-2008

Yes "access-group inside-out in interface inside"

I did not have the echo-reply on the outside-in ACL...

That solves my issue, thanks for you help.