09-22-2007 09:26 PM - edited 03-11-2019 04:15 AM
I found that PCs behind the ASA 5510 are not able to ping any outside ip addresses including the firewall's outside NIC ip. However, users are able to browse any websites as usual. I am new to cisco's firewall. Could someone advise
me on how to troubleshoot this problem? Thank you!
09-24-2007 12:09 AM
Check your ACL on the outside interface. You need to allow icmp echo, echo-reply and time-exceeded to be able to ping devices on the outside interface. Probably you just allow HTTP traffic... If you'r not sure, paste the ACL's here.
09-25-2007 06:58 AM
Pix, by design, will allow EVERYTHING from
the inside to outside. However, almost
ALL return traffics will be allowed with
the exception of echo-reply, time-exceeded,
icmp protocol. That's why user(s) on the
inside can browse the internet and do
whatever they desire.
Pix, ASA or whatever cisco called it,
it probably the worst security product
ever designed by man, IMHO.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide