ICMP ECHO denied by asa

Unanswered Question
Oct 22nd, 2009

Dear ALL,

i am tying to ping a public ip address from a remote site router but the packet is being denied.Split tunneling is configured on the central site asa so the remote sites can have access to internet through the asa.Here is a copy of the asa the logs on the asa and the remote site router.Please Help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Thu, 10/22/2009 - 18:53

Pls. provide us a topology like below and let us know what path these ICMP requests are supposed to take.


Which IP address are you trying to ping and from where?

The syslogs indicate that the replies from are being dropped.

ICMP type 0 is reply.

Here is the link to the syslog


Do you know when the requests are sent and when the replies come back?

Captures on the ASA's LAN interface would show this.

cap caplan int LAN match icmp any any

do the ping test

sh cap caplan

Try the following:

conf t

timeout icmp 0:0:4

kolawole1 Fri, 10/23/2009 - 01:26

Here is te topology

BranchRTR(inside) SERVER(

I am trying to ping isp dns) from the branch router outside interface.Are my access-lists and config OK for the branch to access the internet ?What is wrong ?

Marcus Hunold Fri, 10/23/2009 - 09:43


1. your log there is no information about icmp packets with the addresses you said.

2. there is no routing for way back on the ASA_AA for your Transfernetwork Youd need - route liaison_BLR -

PS: traceroute is your friend


This Discussion