Dear Team,

I need more help. Thank you for the assistance. After following the guidance provided, we can now ping outside from ASA. However, we require additional help to enable ping from inside hosts to outside.

https://community.cisco.com/t5/network-security/cisco-asa-traffic-through-outside-wan-subinterface/m-p/5140762#M1114039

After setting up the sub interface for PPPoE I can ping outside from the ASA

ciscoasa# ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 10/16/20 ms

ciscoasa#

but we are unable to ping outside from our inside host .

here is configuration . 

ciscoasa# sh int ip brief

Interface                  IP-Address      OK? Method Status                Protocol

Virtual0                   127.1.0.1       YES unset  up                    up

GigabitEthernet1/1         unassigned      YES manual up                    up

GigabitEthernet1/1.10      84.xx.xx.xx   YES manual up                    up

GigabitEthernet1/2         192.168.1.1     YES CONFIG up                    up

GigabitEthernet1/3         192.168.100.1   YES CONFIG down                  down

GigabitEthernet1/4         unassigned      YES unset  administratively down down

GigabitEthernet1/5         unassigned      YES unset  administratively down down

GigabitEthernet1/6         unassigned      YES unset  administratively down down

GigabitEthernet1/7         unassigned      YES unset  administratively down down

GigabitEthernet1/8         unassigned      YES unset  administratively down down

Internal-Control1/1        127.0.1.1       YES unset  up                    up

Internal-Data1/1           unassigned      YES unset  up                    down

Internal-Data1/2           unassigned      YES unset  up                    up

Internal-Data1/3           unassigned      YES unset  up                    up

Management1/1              unassigned      YES unset  down                  down

ciscoasa# sh nat detail

Manual NAT Policies (Section 1)

1 (inside) to (outside) source static Main-RDP-Server7 interface  service any RDP

    translate_hits = 0, untranslate_hits = 0

    Source - Origin: 192.168.1.7/32, Translated: 0.0.0.0/32

    Service - Origin: any, Translated: tcp destination eq 3389

2 (inside) to (outside) source static PollerRDP8088-246 interface  service any Frezzle-Food-8088-NAT

    translate_hits = 0, untranslate_hits = 0

    Source - Origin: 192.168.1.246/32, Translated: 0.0.0.0/32

    Service - Origin: any, Translated: tcp source eq 8088

3 (inside) to (outside) source static SolarWinds-HCO-80 interface  service any http

    translate_hits = 0, untranslate_hits = 0

    Source - Origin: 192.168.1.80/32, Translated: 0.0.0.0/32

    Service - Origin: any, Translated: tcp source eq www

4 (inside) to (outside) source static any any  destination static NETWORK_OBJ_192.168.1.192_26 NETWORK_OBJ_192.168.1.192_26 no-proxy-arp route-lookup

    translate_hits = 0, untranslate_hits = 0

    Source - Origin: 0.0.0.0/0, Translated: 0.0.0.0/0

    Destination - Origin: 192.168.1.192/26, Translated: 192.168.1.192/26

5 (inside) to (SubInterface_OutSide) source dynamic any interface

    translate_hits = 0, untranslate_hits = 0

    Source - Origin: 0.0.0.0/0, Translated: 84.203.81.189/32

6 (SubInterface_OutSide) to (inside) source dynamic any interface

    translate_hits = 0, untranslate_hits = 0

    Source - Origin: 0.0.0.0/0, Translated: 192.168.1.1/24

Auto NAT Policies (Section 2)

1 (any) to (inside) source dynamic Inside-Network interface

    translate_hits = 0, untranslate_hits = 0

    Source - Origin: 0.0.0.0/0, Translated: 192.168.1.1/24

ciscoasa# sh route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 83.147.159.104 to network 0.0.0.0

S*       0.0.0.0 0.0.0.0 [1/0] via 83.147.159.104, SubInterface_OutSide

C        192.168.1.0 255.255.255.0 is directly connected, inside

L        192.168.1.1 255.255.255.255 is directly connected, inside

ciscoasa# sh access-list

access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)

            alert-interval 300

access-list outside_access_in; 7 elements; name hash: 0x6892a938

access-list outside_access_in line 1 extended permit object FrezFood-8088-AC any any (hitcnt=0) 0x63fe257b

  access-list outside_access_in line 1 extended permit tcp any any eq 8088 (hitcnt=0) 0x63fe257b

access-list outside_access_in line 2 extended permit tcp any any eq https inactive (hitcnt=0) (inactive) 0x558debb6

access-list outside_access_in line 3 extended permit object RDP any any log alerts interval 300 (hitcnt=0) 0x2020106e

  access-list outside_access_in line 3 extended permit tcp any any eq 3389 log alerts interval 300 (hitcnt=0) 0x2020106e

access-list outside_access_in line 4 extended permit object https4443 any any log alerts interval 300 inactive (hitcnt=0) (inactive) 0x44085ebc

  access-list outside_access_in line 4 extended permit tcp any eq 4443 any log alerts interval 300 inactive (hitcnt=0) (inactive) 0x44085ebc

access-list outside_access_in line 5 extended permit tcp any any eq www (hitcnt=0) 0x053f8336

access-list outside_access_in line 6 extended permit icmp any any (hitcnt=0) 0x71af81e1

access-list outside_access_in line 7 extended deny ip any any (hitcnt=0) 0x2c1c6a65

access-list inside_access_in_1; 5 elements; name hash: 0x84cbcc19

access-list inside_access_in_1 line 1 extended deny ip object LEM-60 any inactive (hitcnt=0) (inactive) 0x36e57daf

  access-list inside_access_in_1 line 1 extended deny ip host 192.168.1.60 any inactive (hitcnt=0) (inactive) 0x36e57daf

access-list inside_access_in_1 line 2 extended deny icmp object Main-RDP-Server7 object Google8.8.8.8 inactive (hitcnt=0) (inactive) 0x2fa4c0bb

  access-list inside_access_in_1 line 2 extended deny icmp host 192.168.1.7 host 8.8.8.8 inactive (hitcnt=0) (inactive) 0x2fa4c0bb

access-list inside_access_in_1 line 3 extended deny icmp object Main-RDP-Server7 object CNN.COM inactive (hitcnt=0) (inactive) 0x86210ada

  access-list inside_access_in_1 line 3 extended deny icmp host 192.168.1.7 host 151.101.64.73 inactive (hitcnt=0) (inactive) 0x86210ada

access-list inside_access_in_1 line 4 extended permit ip any any inactive (hitcnt=3583) (inactive) 0xd0abdf1b

access-list inside_access_in_1 line 5 extended deny ip any any inactive (hitcnt=0) (inactive) 0x87d926c5

access-list SubInterface1.100_access_in; 2 elements; name hash: 0x5d334d94

access-list SubInterface1.100_access_in line 1 extended permit ip any any (hitcnt=0) 0x958603d8

access-list SubInterface1.100_access_in line 2 extended deny ip any any (hitcnt=0) 0xd0c41f5d

access-list SubInterface_OutSide_access_in; 2 elements; name hash: 0x54eaaa31

access-list SubInterface_OutSide_access_in line 1 extended permit ip any any (hitcnt=0) 0x80214463

access-list SubInterface_OutSide_access_in line 2 extended deny ip any any (hitcnt=0) 0x3467d246

Please assist and let me know if anything you need from ourside . 

Best Regards,

Gold