03-06-2008 05:08 AM - edited 03-11-2019 05:13 AM
I am having trouble getting ping to work for my inside networks through my outside interface. Is there a recommended approach for allowing this to traverse from an inside interface to an outside host beyond our network?
Solved! Go to Solution.
03-06-2008 12:23 PM
I assume inside-out is applied by "access-group inside-out in interface inside"?
access-list inside-out extended permit icmp any any echo
access-list outside-in extended permit icmp any any echo-reply
access-group outside-in in interface outside
03-06-2008 05:28 AM
Steve, go over this link.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml
Rgds
Jorge
03-06-2008 11:54 AM
Jorge, great material, however, my inside users still cannot ping any hosts on the outside. Any other suggestions, here's a copy of my inside-out entries:
access-list inside-out extended permit ip any any
access-list inside-out extended permit icmp any any echo-reply
access-list inside-out extended permit icmp any any source-quench
access-list inside-out extended permit icmp any any time-exceeded
access-list inside-out extended permit icmp any any unreachable
03-06-2008 12:23 PM
I assume inside-out is applied by "access-group inside-out in interface inside"?
access-list inside-out extended permit icmp any any echo
access-list outside-in extended permit icmp any any echo-reply
access-group outside-in in interface outside
03-06-2008 12:49 PM
Yes "access-group inside-out in interface inside"
I did not have the echo-reply on the outside-in ACL...
That solves my issue, thanks for you help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: