not able to ping from router to outside interface of the Firewall

Unanswered Question
Jun 23rd, 2008
User Badges:

We are facing one issue here, the issue is

from router to firewall interface IP i.e. inside interface ip I can ping , but not the outside IP address i.e.

from out side i.e. from external network I can ping the outside interface ip of the firewall i.e.

I need to ping the & users need to browse the internet. Please provide me the solution

please can you let me know what could be the problem.attached the ASA config , router config & Network Diagram for your reference. if not please provde the config for this setup.

thanks in advance



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dhananjoy chowdhury Tue, 06/24/2008 - 00:25
User Badges:
  • Silver, 250 points or more


try this commands -

policy-map global_policy

class inspection_default

inspect icmp

Hope this helps.

padmanabha.n Tue, 06/24/2008 - 00:39
User Badges:

this command is enabled default in the Firewall.

i need router pakcets reach the outside interface of the firewall . i.e internet

mohammed_moustafa Tue, 06/24/2008 - 01:36
User Badges:

Hi Pad,

***There are some configurations on the router you may need to remove, they are the nat configuration below is the how to do so:

interface FastEthernet0/0

no ip nat outside


no interface FastEthernet0/0.63

interface FastEthernet0/1

no ip nat inside


no ip nat pool internet netmask

***also on the firewall make the following configurations:

icmp permit any inside

icmp permit any outside

no interface Ethernet0/0.63

interface ether 0/0

nameif outside

ip address "put the ASA outside ip here"

no shut

no route outside

route outside

no route inside 2

no global (outside) 1

global (outside) 1 interface

this will work fine. and please update me.

Best regards,

Mohammed Moustafa.

padmanabha.n Tue, 06/24/2008 - 01:40
User Badges:

Hi mohammed,

thanks for the reply, i will re config the both device & let u know the result

srue Tue, 06/24/2008 - 01:42
User Badges:
  • Blue, 1500 points or more

icmp inspection might be enabled, but it's not enabled by default.

also, you cannot ping the far side interfaces of a pix/asa - this is by design and cannot be changed. you can only ping the interface closest to the pinging host.


This Discussion