cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
722
Views
0
Helpful
8
Replies

My Public IP cannot ping another Public IP but same IP block

KyleHB
Beginner
Beginner

Hi,

 

I would like to ask as I am unable to ping public IP's which is under my Public IP block.

 

E.g.

Public IP Block 1.1.1.0/26

 

My public IP 1.1.1.66

Destination public IP 1.1.1.74

 

unable to ping 1.1.1.74 with source public IP 1.1.1.66

 

Is there any difference or rule for Public IP's? Because for private IP, logically, I am able to ping an IP w/in my IP block.

 

 

Thanks in advance!

1 Accepted Solution

Accepted Solutions

Hi

Usually the ASA does not allow ICMP, so you could allow icmp-echo or inspect icmp into the global service-policy. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

8 Replies 8

rasmus.elmholt
Rising star
Rising star

There is nothing in the RFC that should block this as far as I know.
Is this in a hosted environment or is there any firewalls inbetween?

Julio E. Moisa
VIP Mentor VIP Mentor
VIP Mentor

Hi

I think your network segment is 1.1.1.64/26, so probably the IP 1.1.1.74 is behind a firewall or restricted from any ACL. 

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hi, my 1.1.1.66 IP is an interface of in ASA firewall. Could this be the cause?

Hi

Usually the ASA does not allow ICMP, so you could allow icmp-echo or inspect icmp into the global service-policy. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

I think this is the cause, as I've tried these settings on a router and it does work. I shall leave the icmp-echo command as denied on my firewall. Thanks for all your help!

rasmus.elmholt
Rising star
Rising star
The two IPs you are using are not within the Public Block you are assigned?
"Public IP Block 1.1.1.0/26" = 1.1.1.0-1.1.1.63
"My public IP 1.1.1.66"
"Destination public IP 1.1.1.74"
^outside the scope

Sorry for misinformation. This segment is for 1.1.1.64/26 network. Nonetheless I am still unable to ping within same subnet. The 1.1.1.66 IP is an interface IP of my Firewall by the way.

try, including ICMP to be inspected by the service-policy on the ASA and allow the echo-reply




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers