Showing results for 
Search instead for 
Did you mean: 
Level 10
Level 10

Core issue

In order to ping inside interface from an inside host or outside interface from an outside host, an access-list that is applied allows for the pass through of all the Internet Control Message Protocol (ICMP) traffic.


The access-lists that are applied on a specific interface allow or deny the traffic that passes through that interface.

On the other hand, the device must be configured in order to be able to respond to the ICMP requests that terminate on the Firewall Services Module (FWSM) interface and do not pass through the device.

In other words, in order to be able to ping a device that is located behind the FWSM, configure the appropriate access-lists on the appropriate interface. But, in order to be able to ping a specific interface on the firewall, configure the icmp command for that interface.

This is the format of the command:

icmp {permit | deny} ip_address net_mask [icmp_type] if_name

Use the no form of the icmp command in order to remove it from the configuration.

Problem Type

Connectivity to the device

Product Family

Firewall - modules (FWSM)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: