03-05-2009 08:30 AM - edited 03-11-2019 08:00 AM
Hi, I have configured an ASA recently. After finishig of basic configurations, I tried ping from inside to outside interface and vice versa. But ping is not successful. I was getting ?????. I have tried "icmp permit any OUTSIDE" and "icmp permit any INSIDE" in vain. Please help me with a solution.
03-05-2009 09:14 AM
Are you pinging from a host behind the ASA to a host outside the ASA?
If yes you need to enable ICMP inspection under the policy map:
policy-map global_policy
class inspection_default
inspect icmp
Or are you using the inside interface to ping the outside interface?
If yes this is not supported.
03-05-2009 11:17 AM
Hi,
The commands "icmp permit any OUTSIDE" and "icmp permit any INSIDE" control ICMP to the ASA itself.
To allow icmp through the ASA then use access-lists
Regards
03-05-2009 11:19 AM
Here, try reading this for more information
03-05-2009 11:56 PM
Try enabling icmp inspect as per Ivan.
03-06-2009 02:29 AM
Read but still not working, need more clarity about ASA permit and deny and also about ICMP
03-06-2009 02:37 AM
Hi,
Here are some configuration examples on how to get ICMP thorugh the ASA working.
access-list in_on_inside permit icmp any any echo
access-group in_on_inside in interface inside
access-list in_on_outside permit icmp any any echo-reply
access-group in_on_outside in interface outside
or
access-list in_on_inside permit icmp any any echo
access-group in_on_inside in interface inside
policy-map global_policy
class inspection_default
inspect icmp
Also, is nat-control disabled on your firewall? Yo ucan make sure by typing
no nat-control
Regards
03-06-2009 07:54 AM
How are you trying to ping? Is it from a host behind asa to a host outside asa? or from the actual interfaces?
03-07-2009 08:16 AM
I am pinging from a switch and my Laptop behind ASA.
Just simply pissed off. Today it started pinging and I started testing failover, powered off my secondary ASA and since then it again stopped Pinging. I restarted my failover ASA but :(
PFA configuration of all the devices and let me know if you find any configuration issue in any of the device.
03-09-2009 08:24 PM
Frnds, Thanks a lot for all your suggestions and help. The problem is solved. Apparently it was a routing loop problem causing the issue.
Ashish
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: