not able to ping from router to outside interface of the Firewall

Unanswered Question
Jun 23rd, 2008

We are facing one issue here, the issue is

from router to firewall interface IP i.e. inside interface ip I can ping , but not the outside IP address i.e. 122.160.225.190

from out side i.e. from external network I can ping the outside interface ip of the firewall i.e. 122.160.225.190

I need to ping the & users need to browse the internet. Please provide me the solution

please can you let me know what could be the problem.attached the ASA config , router config & Network Diagram for your reference. if not please provde the config for this setup.

thanks in advance

padmanabha

regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Tue, 06/24/2008 - 00:25

Hi,

try this commands -

policy-map global_policy

class inspection_default

inspect icmp

Hope this helps.

padmanabha.n Tue, 06/24/2008 - 00:39

this command is enabled default in the Firewall.

i need router pakcets reach the outside interface of the firewall . i.e internet

mohammed_moustafa Tue, 06/24/2008 - 01:36

Hi Pad,

***There are some configurations on the router you may need to remove, they are the nat configuration below is the how to do so:

interface FastEthernet0/0

no ip nat outside

exit

no interface FastEthernet0/0.63

interface FastEthernet0/1

no ip nat inside

exit

no ip nat pool internet 122.160.227.185 122.160.227.186 netmask 255.255.255.248

***also on the firewall make the following configurations:

icmp permit any inside

icmp permit any outside

no interface Ethernet0/0.63

interface ether 0/0

nameif outside

ip address 122.160.225.190 255.255.255.252 "put the ASA outside ip here"

no shut

no route outside 0.0.0.0 0.0.0.0 122.160.225.190

route outside 0.0.0.0 0.0.0.0 122.160.225.189

no route inside 0.0.0.0 0.0.0.0 10.0.2.1 2

no global (outside) 1 122.160.225.189

global (outside) 1 interface

this will work fine. and please update me.

Best regards,

Mohammed Moustafa.

padmanabha.n Tue, 06/24/2008 - 01:40

Hi mohammed,

thanks for the reply, i will re config the both device & let u know the result

srue Tue, 06/24/2008 - 01:42

icmp inspection might be enabled, but it's not enabled by default.

also, you cannot ping the far side interfaces of a pix/asa - this is by design and cannot be changed. you can only ping the interface closest to the pinging host.

Actions

This Discussion