ASA 5505 ping on outside

Unanswered Question
Jul 5th, 2008
User Badges:

Hi,

I have an ASA 5505 ver 8.2 with inside network 192.168.20.0/24 and 192.168.20.254 configured on inside interface.

Also I have an outside interface 10.10.10.1/24 with default gateway 10.10.10.254 assigned on ethernet of router.

On configuration I have :


access-list outside_access_in extended permit icmp any any


access-group outside_access_in in interface outside


route outside 0.0.0.0 0.0.0.0 10.10.10.254


I try to ping from host on inside network the ethernet of the router but I can't do it .


Does anyone help me about ?


best rgeards


Lorenzo






  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.alekseev Sat, 07/05/2008 - 03:06
User Badges:
  • Gold, 750 points or more

could you show the configuration?

a.alekseev Mon, 07/07/2008 - 10:58
User Badges:
  • Gold, 750 points or more

in any way...

for ping and trace from inside to outside you can do


policy-map global_policy

class inspection_default

inspect icmp

inspect icmp error


ray_stone Sat, 07/05/2008 - 03:24
User Badges:

Hi, Did you use NAT or PAT command? If not then set up these commands and then try. Cheers!!!!!

lformelli Sat, 07/05/2008 - 07:40
User Badges:

I use pat on outside address,


best regards


Lorenzo

srue Sat, 07/05/2008 - 10:51
User Badges:
  • Blue, 1500 points or more

your pat statement should look like this then:

global (outside) 1 interface


(or something similar)...

does it?

if you're using the outside interface IP, use the 'interface' keyword in the global statement and not the actual ip of the outside interface.

try adding the following to your outside2in acl:

...permit icmp any any echo-reply

or turn on icmp inpsection.

nomair_83 Mon, 07/07/2008 - 10:23
User Badges:
  • Bronze, 100 points or more

turn on icmp inspection.

Actions

This Discussion