Ping from inside to outside

Answered Question
Mar 6th, 2008

I am having trouble getting ping to work for my inside networks through my outside interface. Is there a recommended approach for allowing this to traverse from an inside interface to an outside host beyond our network?

I have this problem too.
0 votes
Correct Answer by acomiskey about 8 years 10 months ago

I assume inside-out is applied by "access-group inside-out in interface inside"?

access-list inside-out extended permit icmp any any echo

access-list outside-in extended permit icmp any any echo-reply

access-group outside-in in interface outside

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Steve Graham Thu, 03/06/2008 - 11:54

Jorge, great material, however, my inside users still cannot ping any hosts on the outside. Any other suggestions, here's a copy of my inside-out entries:

access-list inside-out extended permit ip any any

access-list inside-out extended permit icmp any any echo-reply

access-list inside-out extended permit icmp any any source-quench

access-list inside-out extended permit icmp any any time-exceeded

access-list inside-out extended permit icmp any any unreachable

Correct Answer
acomiskey Thu, 03/06/2008 - 12:23

I assume inside-out is applied by "access-group inside-out in interface inside"?

access-list inside-out extended permit icmp any any echo

access-list outside-in extended permit icmp any any echo-reply

access-group outside-in in interface outside

Steve Graham Thu, 03/06/2008 - 12:49

Yes "access-group inside-out in interface inside"

I did not have the echo-reply on the outside-in ACL...

That solves my issue, thanks for you help.

Actions

This Discussion