Solved: Cant Ping to ASA outside interface from WAN/Internet

Shankar Murali · ‎06-21-2011

Hi,

I am unable to Ping towards ASA's Outside interface from Wan or internet. Ping and traceroute from inside to ouside is active and working.Please let me know whether this is the default behaviour of ASA or the problem is with ACE's.

Thanks in Advance

Shankar Murali

manish arora · ‎06-21-2011

I think you will need to enable ICMP echo + echo reply on the outside interface ACL , also please verify that you are able to Ping the ISP router ( The default gateway which is being used by firewall ) just to make sure that the Filtering is not being done before asa.

But I would say just adding permit icmp echo and echo-reply on the outside interface acl would do the trick.

Manish

View solution in original post

manish arora · ‎06-21-2011

I think you will need to enable ICMP echo + echo reply on the outside interface ACL , also please verify that you are able to Ping the ISP router ( The default gateway which is being used by firewall ) just to make sure that the Filtering is not being done before asa.

But I would say just adding permit icmp echo and echo-reply on the outside interface acl would do the trick.

Manish

cadet alain · ‎06-22-2011

Hi,

ICMP packets sent to the ASA interfaces are not controlled by interface ACLs but with the icmp command.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i1_72.html

Regards.

Alain.

Don't forget to rate helpful posts.

ashok_boin · ‎06-22-2011

Hi Shankar,

ICMP packets sent to ASA interface also CAN be controlled through Interface ACLs apart from exclusive ICMP commands.

Have you enabled any Interface ACL on outside interface? Even ICMP default policy allows pinging to Outside interface but it blocks any ping packets from outside to inside interface IPs.

Regards...

-Ashok.

With best regards...
Ashok