cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
906
Views
0
Helpful
8
Replies

My Public IP cannot ping another Public IP but same IP block

KyleHB
Level 1
Level 1

Hi,

 

I would like to ask as I am unable to ping public IP's which is under my Public IP block.

 

E.g.

Public IP Block 1.1.1.0/26

 

My public IP 1.1.1.66

Destination public IP 1.1.1.74

 

unable to ping 1.1.1.74 with source public IP 1.1.1.66

 

Is there any difference or rule for Public IP's? Because for private IP, logically, I am able to ping an IP w/in my IP block.

 

 

Thanks in advance!

1 Accepted Solution

Accepted Solutions

Hi

Usually the ASA does not allow ICMP, so you could allow icmp-echo or inspect icmp into the global service-policy. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

8 Replies 8

rasmus.elmholt
Level 7
Level 7

There is nothing in the RFC that should block this as far as I know.
Is this in a hosted environment or is there any firewalls inbetween?

Hi

I think your network segment is 1.1.1.64/26, so probably the IP 1.1.1.74 is behind a firewall or restricted from any ACL. 

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hi, my 1.1.1.66 IP is an interface of in ASA firewall. Could this be the cause?

Hi

Usually the ASA does not allow ICMP, so you could allow icmp-echo or inspect icmp into the global service-policy. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

I think this is the cause, as I've tried these settings on a router and it does work. I shall leave the icmp-echo command as denied on my firewall. Thanks for all your help!

rasmus.elmholt
Level 7
Level 7
The two IPs you are using are not within the Public Block you are assigned?
"Public IP Block 1.1.1.0/26" = 1.1.1.0-1.1.1.63
"My public IP 1.1.1.66"
"Destination public IP 1.1.1.74"
^outside the scope

Sorry for misinformation. This segment is for 1.1.1.64/26 network. Nonetheless I am still unable to ping within same subnet. The 1.1.1.66 IP is an interface IP of my Firewall by the way.

try, including ICMP to be inspected by the service-policy on the ASA and allow the echo-reply




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: