Solved: unable to PING from inside to outside.

rmaxson2 · ‎12-20-2007

I can ping internally no problem, I cannot get a ping (echo-reply?) from anywhere outside. If I ping a URL I get a DNS notice with the IP but no replys. I suspect it's a nating issue but can't figure it out.

Here's the config.. don't laugh it's a mess I'm supposed to clean up but... well.

Realevevent rules (I think, full config enclosed)

interface GigabitEthernet0/0

nameif Outside

security-level 0

ip address 172.32.1.2 255.255.255.0

!

interface GigabitEthernet0/1

nameif Inside

security-level 70

ip address 10.1.7.101 255.255.240.0

access-list Outside_access_in extended permit icmp any any

access-list Inside_access_in extended permit icmp any any

access-list Inside_access_in extended permit ip any any

nat-control

global (Outside) 1 63.85.131.8 netmask 255.255.255.255

global (DMZ) 1 interface

nat (Inside) 0 access-list nat0

nat (Inside) 1 0.0.0.0 0.0.0.0

nat (DMZ) 0 access-list nonat_dmz

nat (DMZ) 1 0.0.0.0 0.0.0.0

access-group Outside_access_in in interface Outside

access-group Inside_access_in in interface Inside

attached is the full confing.

husycisco · ‎12-20-2007

Hi Richard

Try this

policy-map global_policy

class inspection_default

inspect icmp

Regards

View solution in original post

JORGE RODRIGUEZ · ‎12-20-2007

Go over this link, how pix handles ICMP this link also inlcludes code version 7.x and it should apply to your ASA as well.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

Rgds

Jorge

Jorge Rodriguez

husycisco · ‎12-20-2007