cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1675
Views
5
Helpful
4
Replies

Unable to ping outside interface from inside

jomoca1990
Level 1
Level 1

Hello Guys

 

I hope you can help me out with this, I getting familiar with the ASA firewall. So I bought an ASA 5506, I've been wathing the INE course for the CCNA security and my lab was working ok. However, after a while I was unable to ping from the inside to the outside network. I was trying to figure out what happened because the only change that I made at that moment was installing ASDM and go throw it a little bit so I could get familiar with the tool. I was unable to see the problem and I reset it the ASA. I did a simpler config bu I;m still unable to ping from inside to outside. 

 

Please find the output I'm seeing.

 

ciscoasa(config)# %ASA-3-106014: Deny inbound icmp src inside:10.0.0.1 dst inside:20.0.0.1 (type 8, code 0)

 

Not sure why is saying the destination is inside when it is configure as the outside interface. 

 

Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f73b83543d0, priority=111, domain=permit, deny=true
hits=21, user_data=0x0, cs_id=0x0, flags=0x4000, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=inside, output_ifc=inside

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

!

Everything was working properly at the begging, so not sure what it changed. Hope you can help m out with this

 

4 Replies 4

Edwin Portillo
Spotlight
Spotlight
My Friend,

You should verify what you have added in your Nat, so that the problem may be there.

Abhijeet Kumar
Level 1
Level 1

Can you post running configuration?

herm
Level 1
Level 1

try enabling class inspection/inspect icmp?

policy-map global_policy
class inspection_default
inspect icmp

Hello 

 

I already did that, but that was not the issue. However, I already got it working. Thanks for the quick response.

Review Cisco Networking for a $25 gift card