Uable to ping any outside IP addresses, but can browse the web.

Unanswered Question
Sep 22nd, 2007

I found that PCs behind the ASA 5510 are not able to ping any outside ip addresses including the firewall's outside NIC ip. However, users are able to browse any websites as usual. I am new to cisco's firewall. Could someone advise

me on how to troubleshoot this problem? Thank you!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
servdesktvwb Mon, 09/24/2007 - 00:09

Check your ACL on the outside interface. You need to allow icmp echo, echo-reply and time-exceeded to be able to ping devices on the outside interface. Probably you just allow HTTP traffic... If you'r not sure, paste the ACL's here.

kevin.jones1 Tue, 09/25/2007 - 06:58

Pix, by design, will allow EVERYTHING from

the inside to outside. However, almost

ALL return traffics will be allowed with

the exception of echo-reply, time-exceeded,

icmp protocol. That's why user(s) on the

inside can browse the internet and do

whatever they desire.

Pix, ASA or whatever cisco called it,

it probably the worst security product

ever designed by man, IMHO.


This Discussion