ping not working from one firewall to other devices

Unanswered Question
Jul 27th, 2009
User Badges:


I am connected via vpn to a firewall to the network which allots ip pool.Now once connected, i cannot ping any of the other devices in the network.Logs on firewall show deny, so i decided to add an acl for this permit icmp any any to the particular inside interface.But it still shows same results & same log in the firewall.

There is another firewall in the path after this to reach other devices.

What commands would make this work?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
suthomas1 Tue, 07/28/2009 - 01:11
User Badges:

Thanks Reda,

how do we enable return traffic for ping?

I meant that once i login through VPN to my organisations network, then i need to access/ping other network devices which are within this environment.Do we need anything specific to be done...


you can do it in 2 ways:

- Enable ICMP inspection, then the ASA will consider ICMP traffic as a Stateful traffic, and will accept the icmp-echo reply. most secure.

- allow ICMP echo reply in the outside interface:

object-group icmp-type Icmp-Reply

icmp-object echo-reply

icmp-object time-exceeded

icmp-object unreachable

access-list allbxx extended permit icmp any any object-group Icmp-Reply

this is only an example, but it should help you.

let me know if you it solve the issue.


This Discussion