Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA config - cannot ping through to the internet

I have been looking online and talking with TAC for a solution to this issue for the past couple of days.

I recently have been testing a new ASA 5510 as a replacement for my old PIX 506. The issue that I have is the following:

I have a 3560 switch which is connected to the ASA which is in turn connected to a pair of failover routers managed by my ISP. I am unfortunately unable to ping any public IP addresses from the 3560 on the inside interface of the ASA. I can ping the ASA from the 3560 however. I can also ping public IP addresses from the ASA and I can ping the 3560 from the ASA.

Does anyone know what could be causing this issue, or what part of my config I should be checking to try and troubleshoot this.

Thanks for your help.

6 REPLIES

Re: ASA config - cannot ping through to the internet

Hi,

Would it be possible for you to post the config of the firewall ( after removing the sensitive details like public ip..etc..) and the 3560 switch for us to have a look?

-VJ

New Member

Re: ASA config - cannot ping through to the internet

Sure, attached is the ASA config and the 3550 config. All secure information has been masked.

Thank you for your help.

Green

Re: ASA config - cannot ping through to the internet

Isn't your acl "Inside_access_in" blocking it? You've only allowed tcp outbound. You can ping inside of asa from 3560 because of icmp permit any inside.

New Member

Re: ASA config - cannot ping through to the internet

Thank you for pointing that out. I've now fixed that. Certainly this could have been causing the issue, but I won't be able to test it until Saturday.

Anyway, wouldn't this still have allowed http traffic through the firewall since http is a tcp protocol? I was not able to get to any websites either while I was testing.

Maybe there's still something I'm missing and from the looks of it I'm sure it's something really simple.

Green

Re: ASA config - cannot ping through to the internet

Are you using external DNS servers?

That would require udp outbound as well.

New Member

Re: ASA config - cannot ping through to the internet

No, I'm using internal. But this is making sense now as the internal servers are pointing outbound for referals and I couldn't do any dns lookups either.

Thank you for your help. I will test this on Saturday and let you know how it goes.

170
Views
0
Helpful
6
Replies
CreatePlease to create content