Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
2
Replies

Uable to ping any outside IP addresses, but can browse the web.

davidwu2007
Level 1
Level 1

‎09-22-2007 09:26 PM - edited ‎03-11-2019 04:15 AM

I found that PCs behind the ASA 5510 are not able to ping any outside ip addresses including the firewall's outside NIC ip. However, users are able to browse any websites as usual. I am new to cisco's firewall. Could someone advise

me on how to troubleshoot this problem? Thank you!

Labels:
0 Helpful
2 Replies 2

servdesktvwb
Level 1
Level 1

‎09-24-2007 12:09 AM

Check your ACL on the outside interface. You need to allow icmp echo, echo-reply and time-exceeded to be able to ping devices on the outside interface. Probably you just allow HTTP traffic... If you'r not sure, paste the ACL's here.

0 Helpful

kevin.jones1
Level 1
Level 1
In response to servdesktvwb

‎09-25-2007 06:58 AM

Pix, by design, will allow EVERYTHING from

the inside to outside. However, almost

ALL return traffics will be allowed with

the exception of echo-reply, time-exceeded,

icmp protocol. That's why user(s) on the

inside can browse the internet and do

whatever they desire.

Pix, ASA or whatever cisco called it,

it probably the worst security product

ever designed by man, IMHO.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card