Solved: Re: Ping from inside to outside

Steve Graham · ‎03-06-2008

I am having trouble getting ping to work for my inside networks through my outside interface. Is there a recommended approach for allowing this to traverse from an inside interface to an outside host beyond our network?

acomiskey · ‎03-06-2008

I assume inside-out is applied by "access-group inside-out in interface inside"?

access-list inside-out extended permit icmp any any echo

access-list outside-in extended permit icmp any any echo-reply

access-group outside-in in interface outside

View solution in original post

JORGE RODRIGUEZ · ‎03-06-2008

Steve, go over this link.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

Rgds

Jorge

Jorge Rodriguez

Steve Graham · ‎03-06-2008

Jorge, great material, however, my inside users still cannot ping any hosts on the outside. Any other suggestions, here's a copy of my inside-out entries:

access-list inside-out extended permit ip any any

access-list inside-out extended permit icmp any any echo-reply

access-list inside-out extended permit icmp any any source-quench

access-list inside-out extended permit icmp any any time-exceeded

access-list inside-out extended permit icmp any any unreachable

acomiskey · ‎03-06-2008

I assume inside-out is applied by "access-group inside-out in interface inside"?

access-list inside-out extended permit icmp any any echo

access-list outside-in extended permit icmp any any echo-reply

access-group outside-in in interface outside

Steve Graham · ‎03-06-2008

Yes "access-group inside-out in interface inside"

I did not have the echo-reply on the outside-in ACL...

That solves my issue, thanks for you help.

Ping from inside to outside

NAT 使用時に Outside から Inside に Traceroute を実施する場合の注意点

Ping thru a Cisco Firepower 2130 FTD inside to outside devices

SD-WAN: cEdge の SVI に ip nat inside/outside を設定できない

ICMP thru Cisco Firepower - Inside to Outside devices

Can't ping from outside to inside NAT