Not able to ping the external interface from outside world

lmanavalan · ‎09-08-2010

Hi

i replaced the cisco asa with a cisco 2811. Everything is working fine i am able to access the internet from inside and the IPSEC/VPN site to site tunnel is working well but, i am not able to ping the external (public addr) of the cisco router the circuit is up and i am able to ping the externa gateway.

regards

Logesh

Nagaraja Thanthry · ‎09-08-2010

Hello,

Do you have any access-list on the outside interface? If you do, can you

enable ICMP packets in the access-list?

Regards,

NT

lmanavalan · ‎09-08-2010

Hi

the following line are been already configured to the router

interface FastEthernet0/0
ip access-group Incoming in

!

ip access-list extended Incoming
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit tcp any any eq 22

Regards

Logesh

Nagaraja Thanthry · ‎09-08-2010

Hello,

Can you please post the crypto access-lists here?

Regards,

NT

lmanavalan · ‎09-08-2010

Hi

Why do you want the crypto access list

I dont see this issue is related with that access list

regards

Logesh

Nagaraja Thanthry · ‎09-08-2010

Hello,

One of the possibilities is that you have included all ICMP traffic in the

crypto ACL. If that is true, the return traffic gets encrypted.

Regards,

NT

lmanavalan · ‎09-08-2010

Hi

No thats not incleded in the crypto traffic and moreover the same set of configuration is used else where and its working fine

Is there any other thing which need to to be checked for the ping to work

Regards

Logesh

Nagaraja Thanthry · ‎09-08-2010

Hello,

There is nothing specific that need to be checked. Do you see the hit counts

increasing on the interface access-list? Do you have any other firewall

setup on that router (ZBF, CBAC)?

Regards,

NT