Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA outside interface ip not reachable from internet.

Hi,

 

I have configured asa 5520 (8.2) outside interface ip :125.19.x.x but i am unable to reach from internet. When i troubleshoot with packet-tracer command in firewall below is the output. please let me know what is the issues.

 

ASA# packet-tracer input outside icmp 112.82.X.X 0 0 144.X.X.X

Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   144.X.X.X   255.255.255.255 identity

Phase: 3
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:

Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 388358900, packet dispatched to next module

Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (inspect-icmp-seq-num-not-matched) ICMP Inspect seq num not matched

Everyone's tags (1)
1 REPLY

Hi Rajesh, Do you have

Hi Rajesh,

 

Do you have inspect icmp enabled in your service policy? if not enable that and try it.

do you have any policies or acl's binded to control-plane? if so remove the control-plane in access-group and enable without control-plane

do you have any icmp configuration in your firewall for outside interface? if so you need to tweak it to allow....

do you have anyother devices next to firewall is blocking icmp echo-reply ?

 

Regards

Karthik

74
Views
0
Helpful
1
Replies