I have an ASA 5510. Its firmware version is 8.0(3). I have very simple setup on it but my laptop (on inside interface) can't ping outside devices...
Here are the commands I typed in. The rest in the show run are all default...
ip address 220.127.116.11 255.255.255.0
ip address 10.2.1.1 255.255.255.0
access-list ACL-outside extended permit icmp any any
access-list ACL-inside extended permit icmp any any
access-list ACL-inside extended permit ip any any
global (outside) 1 interface
nat (inside) 1 10.2.1.0 255.255.255.0 outside
static (inside,outside) 18.104.22.168 10.2.1.2 netmask 255.255.255.255
access-group ACL-outside in interface outside
access-group ACL-inside in interface inside
route outside 0.0.0.0 0.0.0.0 22.214.171.124 1
I have an outside host 126.96.36.199. I can ping it from the ASA. However my inside laptop 10.2.1.2 can't ping it...
In the "show nat" output translate_hits = 0.
In the "show logging" I do see bunch of "%ASA-3-106014: Deny inbound icmp src inside:10.2.1.2 dst outside:188.8.131.52 (type 8, code 0)" errors.
That's why I made an access-list ACL-inside to permit anything but still no go. The hitcount of the ACL is 0...
I am very frustrated... Please help! Should be easy for you guys! Thanks a lot!
The problem is with your security levels
By default ASA won't route traffic between two interfaces of the same security level.
Either change outside interface to be 0 (should be anyway) or enter following command
same-security-traffic permit inter-interface
Also not sure you need the "outside" parameter on your nat (inside) statement???
The security level on your outside interface should be 0, not 100.