Cannot Ping www.google.com but the Internet works

Unanswered Question
Jan 12th, 2012

I have recently made some chages to my ASA 5510 (not sure what) I was previously able to ping www.google.com, and I am now not able to ping anything on the Internet, but The Internet connectivity work perfectly. What can I do on my ASA to resolve this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
varrao Thu, 01/12/2012 - 14:37

Yes that is correct:

ciscoasa(config)# policy-map global_policy

ciscoasa(config-pmap)#  class inspection_default

ciscoasa(config-pmap-c)# inspect icmp

It should work after this

Thanks,

Varun

cjsunderland Thu, 01/12/2012 - 14:42

hou-fw(config)# policy-map global_policy

hou-fw(config)# class inspection_default

hou-fw(config-cmap)# inspect icmp

                                  ^

ERROR: % Invalid input detected at '^' marker. hou-fw(config)# class inspection_default

This is what I get

varrao Thu, 01/12/2012 - 14:58

Hi Chris,

Not sure if you have a policy-map global_policy configured, you can chcek that by the command:

show run policy-map

Chcek what policy-map do you have, under that policy map you would have a class map as well, go into that and then do inspect icmp.

Like mine has:

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp

So I do:

ciscoasa(config)# policy-map global_policy

ciscoasa(config-pmap)#  class inspection_default

ciscoasa(config-pmap-c)# inspect icmp

Another way to do it would be to allow the ping replies on the ACL that you have applied on teh outside interface, for that you need to first chcek the name of the access-list that is applied on the outside interface, first do:

show run access-group

it shoudl do:

access-group outside_in in interface outside

then add the acl:

access-list outside_in permit icmp any any

and it shoudl start pinging after that.

Thanks,

Varun

cjsunderland Thu, 01/12/2012 - 15:08

I have

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  inspect pptp

varrao Thu, 01/12/2012 - 15:36

Then you just need to get into the policy-map and then class and apply the inspection.

ASA(config)#policy-map global_policy

ASA(config-pmap)# class inpsection_default

ASA(config-pmap-c)# inspect icmp

If this does not go right then may be somewhere something is not done correct or you can also try my ACL suggestion.

PS - Have a look at the things that I have in bold, you shoudl get the same while using the commands.

Thanks,

Varun

varrao Thu, 01/12/2012 - 14:22

Hi Chris,

can you add "inspect icmp" in the policy-map and try again??/

policy-map global_policy

class inspection_default

   inspect icmp

let me know if it works after this.

Thanks,

Varun

Actions

Login or Register to take actions

This Discussion

Posted January 12, 2012 at 2:19 PM
Stats:
Replies:7 Avg. Rating:
Views:3566 Votes:0
Shares:0
Tags: ping, asa_5510
+

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446