cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
299
Views
0
Helpful
2
Replies

Uable to ping any outside IP addresses, but can browse the web.

davidwu2007
Level 1
Level 1

I found that PCs behind the ASA 5510 are not able to ping any outside ip addresses including the firewall's outside NIC ip. However, users are able to browse any websites as usual. I am new to cisco's firewall. Could someone advise

me on how to troubleshoot this problem? Thank you!

2 Replies 2

servdesktvwb
Level 1
Level 1

Check your ACL on the outside interface. You need to allow icmp echo, echo-reply and time-exceeded to be able to ping devices on the outside interface. Probably you just allow HTTP traffic... If you'r not sure, paste the ACL's here.

Pix, by design, will allow EVERYTHING from

the inside to outside. However, almost

ALL return traffics will be allowed with

the exception of echo-reply, time-exceeded,

icmp protocol. That's why user(s) on the

inside can browse the internet and do

whatever they desire.

Pix, ASA or whatever cisco called it,

it probably the worst security product

ever designed by man, IMHO.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: