Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
5
Replies

Unable to ping from inside network to outside network

Go to solution
Dragan Milojevic
Level 1
Level 1

‎05-16-2008 08:39 AM - edited ‎03-11-2019 05:46 AM

Hi, the ping initiated from inside network to outside hosts is dropping on outside interface. If i add acl entry to allow icmp on outside interface, ping is fin but this is asa 5540 (statefull firewall) that should remember connection initiated from inside network. This is production firewall used to allow internet surfing which works ok. Any idea where to start troublehoting would be greatly appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
srue
Level 7
Level 7
In response to acomiskey

‎05-16-2008 11:30 AM

read this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

it covers both icmp and traceroute issues through your firewall.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
acomiskey
Level 10
Level 10

‎05-16-2008 08:42 AM

It is not stateful for icmp traffic. You must explicitly allow it in an acl or enable icmp inspection. The ASA is acting as it should.

0 Helpful

Go to solution
srue
Level 7
Level 7
In response to acomiskey

‎05-16-2008 11:30 AM

read this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

it covers both icmp and traceroute issues through your firewall.

0 Helpful

Go to solution
Dragan Milojevic
Level 1
Level 1
In response to srue

‎05-16-2008 12:26 PM

Thank you gents.

I like ASA more and more..

Regards,

0 Helpful

Go to solution
vabruno
Level 1
Level 1
In response to Dragan Milojevic

‎05-19-2008 05:39 PM

If you want to enable stateful ICMP inspection you can do this from global config

Type

policy-map global_policy

class inspection_default

inspect icmp

0 Helpful

Go to solution
Dragan Milojevic
Level 1
Level 1
In response to vabruno

‎05-20-2008 01:55 PM

Thank you all for prompt response; i setup asa as per cisco's doc (15246) and it is OK now.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card