inside to outside ping in ASA

Unanswered Question

Hi, I have configured an ASA recently. After finishig of basic configurations, I tried ping from inside to outside interface and vice versa. But ping is not successful. I was getting ?????. I have tried "icmp permit any OUTSIDE" and "icmp permit any INSIDE" in vain. Please help me with a solution.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Thu, 03/05/2009 - 09:14

Are you pinging from a host behind the ASA to a host outside the ASA?

If yes you need to enable ICMP inspection under the policy map:

policy-map global_policy

class inspection_default

inspect icmp

Or are you using the inside interface to ping the outside interface?

If yes this is not supported.

JamesLuther Thu, 03/05/2009 - 11:17

Hi,

The commands "icmp permit any OUTSIDE" and "icmp permit any INSIDE" control ICMP to the ASA itself.

To allow icmp through the ASA then use access-lists

Regards

JamesLuther Fri, 03/06/2009 - 02:37

Hi,

Here are some configuration examples on how to get ICMP thorugh the ASA working.

access-list in_on_inside permit icmp any any echo

access-group in_on_inside in interface inside

access-list in_on_outside permit icmp any any echo-reply

access-group in_on_outside in interface outside

or

access-list in_on_inside permit icmp any any echo

access-group in_on_inside in interface inside

policy-map global_policy

class inspection_default

inspect icmp

Also, is nat-control disabled on your firewall? Yo ucan make sure by typing

no nat-control

Regards

Ivan Martinon Fri, 03/06/2009 - 07:54

How are you trying to ping? Is it from a host behind asa to a host outside asa? or from the actual interfaces?

I am pinging from a switch and my Laptop behind ASA.

Just simply pissed off. Today it started pinging and I started testing failover, powered off my secondary ASA and since then it again stopped Pinging. I restarted my failover ASA but :(

PFA configuration of all the devices and let me know if you find any configuration issue in any of the device.

Attachment: 

Actions

This Discussion