Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

ASA 5520: Not able to ping outside n/w from inside interface

ameyahanamsagar
Level 1
Level 1

‎07-20-2014 03:19 AM - edited ‎03-11-2019 09:30 PM

Hello,

I am new to ASA. I have set up a lab in GNS3.

I cannot ping the outside interface from inside or vice versa. I have tried adding ACL's, inspect icmp and everything that I found while searching for the solution.

My Current running config is:

ciscoasa(config)# show running-config
: Saved
:
ASA Version 8.4(2)
!
hostname ciscoasa
names
!
interface GigabitEthernet0
 nameif inside
 security-level 100
 ip address 172.16.0.1 255.255.255.0
!
interface GigabitEthernet1
 nameif outside
 security-level 0
 ip address 10.0.0.1 255.0.0.0
!
interface GigabitEthernet2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Port-channel1
 no nameif
 no security-level
 no ip address
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network nonat
access-list outside_access_out extended permit tcp any eq echo any eq echo
access-list outside_access_out extended permit ip any any
access-list outside_access_out extended permit ip 10.0.0.0 255.0.0.0 172.16.0.0 255.255.255.0
access-list inside_access_out extended permit tcp any eq echo any eq echo
access-list inside_access_out extended permit ip any any
access-list inside_access_out extended permit ip 172.16.0.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any eq echo
access-list inside_access_in extended permit ip 10.0.0.0 255.0.0.0 172.16.0.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any any eq echo
access-list outside_access_in extended permit ip 172.16.0.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list nonat extended permit ip 172.16.0.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list nonat extended permit ip 10.0.0.0 255.0.0.0 172.16.0.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo inside
icmp permit any echo outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source static any any
!
nat (inside,outside) after-auto source dynamic any interface
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
!
router ospf 1
 network 10.0.0.0 255.0.0.0 area 0
 network 172.16.0.0 255.255.255.0 area 0
 log-adj-changes
!
route inside 192.168.1.0 255.255.255.0 172.16.0.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.1.2 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet 192.168.1.1 255.255.255.255 outside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username ameya password xxxxxxxxxxxxxxx encrypted
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:69a533dbabc0f5a84aaeee0c2054746a
: end
ciscoasa(config)#

 

Pings even dont work when I ping from outside interface to inside interface and vice versa.

ciscoasa# ping inside 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
ciscoasa# ping outside 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
ciscoasa#

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic