cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
871
Views
0
Helpful
9
Replies

inside to outside ping in ASA

ashish.sehgal
Level 1
Level 1

Hi, I have configured an ASA recently. After finishig of basic configurations, I tried ping from inside to outside interface and vice versa. But ping is not successful. I was getting ?????. I have tried "icmp permit any OUTSIDE" and "icmp permit any INSIDE" in vain. Please help me with a solution.

9 Replies 9

Ivan Martinon
Level 7
Level 7

Are you pinging from a host behind the ASA to a host outside the ASA?

If yes you need to enable ICMP inspection under the policy map:

policy-map global_policy

class inspection_default

inspect icmp

Or are you using the inside interface to ping the outside interface?

If yes this is not supported.

JamesLuther
Level 3
Level 3

Hi,

The commands "icmp permit any OUTSIDE" and "icmp permit any INSIDE" control ICMP to the ASA itself.

To allow icmp through the ASA then use access-lists

Regards

Try enabling icmp inspect as per Ivan.

Read but still not working, need more clarity about ASA permit and deny and also about ICMP

Hi,

Here are some configuration examples on how to get ICMP thorugh the ASA working.

access-list in_on_inside permit icmp any any echo

access-group in_on_inside in interface inside

access-list in_on_outside permit icmp any any echo-reply

access-group in_on_outside in interface outside

or

access-list in_on_inside permit icmp any any echo

access-group in_on_inside in interface inside

policy-map global_policy

class inspection_default

inspect icmp

Also, is nat-control disabled on your firewall? Yo ucan make sure by typing

no nat-control

Regards

How are you trying to ping? Is it from a host behind asa to a host outside asa? or from the actual interfaces?

I am pinging from a switch and my Laptop behind ASA.

Just simply pissed off. Today it started pinging and I started testing failover, powered off my secondary ASA and since then it again stopped Pinging. I restarted my failover ASA but :(

PFA configuration of all the devices and let me know if you find any configuration issue in any of the device.

Frnds, Thanks a lot for all your suggestions and help. The problem is solved. Apparently it was a routing loop problem causing the issue.

Ashish

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: