Can not ping thru ASA

laverne-sanders · ‎04-04-2007

I have a ASA 5540 and currently two route statements one for the inside traffic and the other a DF route to the outside. The ACl I have is an extended ACL allowing IP to any any applied to the in interface inside, out interface inside. Yet I can not ping from an internal host thru the ASA nor can I ping from a external host to the internal network. Anyone have any ideas?

abinjola · ‎04-04-2007

either add this :-

ASA(config)# policy-map global_policy

ASA(config-pmap)# class inspection_default

ASA(config-pmap-c)# inspect icmp

or add an access list on the outside permitting the icmp

laverne-sanders · ‎04-04-2007

I have an access-list that allows echo and echo reply but I can not ping thru the device. When logged into the console I can ping everywhere. I have an access-list on the Inside interface for in and out bound traffic that permits IP any any to inculde echo and echo reply.

acomiskey · ‎04-04-2007

As abinjola said, you would need to allow echo-reply into outside interface. The ping is going out, but is being stopped on the way back.

cpembleton · ‎04-04-2007

Here is a good link for ICMP on the ASA.

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0

Thanks,

Chad

Please rate if this helps!

abinjola · ‎04-04-2007

as i've already explained eiher add inspect icmp or add an access-list on the "outside" Interface to allow the ping reply through