Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA/PIX not responding to Pings from Outside interface

                       I need a ASA/PIX firewall to respond to my ping eneting the outside interface from a specific subnet. Is this ACL correctly written to do that?

                       access-list 101 permit icmp 76.X.X.X 255.255.255.192 any echo-reply
                       access-group 101 in interface outside

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: ASA/PIX not responding to Pings from Outside interface

iketurner931 wrote:

                       I need a ASA/PIX firewall to respond to my ping eneting the outside interface from a specific subnet. Is this ACL correctly written to do that?

                       access-list 101 permit icmp 76.X.X.X 255.255.255.192 any echo-reply
                       access-group 101 in interface outside

An acl allows ping through the firewall not to the firewall.

You need this instead -

icmp permit 76.x.x.x 255.255.255.192 echo-reply outside

however by default an ASA should respond to ping on it's interfaces anyway so you need to check your config.

Note also that you cannot ping across the ASA to an interface so if you are outside you can ping the outside interface but not any of the others.

Jon

Hall of Fame Super Blue

Re: ASA/PIX not responding to Pings from Outside interface

iketurner931 wrote:

               Thanks Jon,

                                 Are you saying that the Pix by default will not respond to pings but the ASA will?

No, the pix should respond by default to pings as well.

Jon

4 REPLIES
Hall of Fame Super Blue

Re: ASA/PIX not responding to Pings from Outside interface

iketurner931 wrote:

                       I need a ASA/PIX firewall to respond to my ping eneting the outside interface from a specific subnet. Is this ACL correctly written to do that?

                       access-list 101 permit icmp 76.X.X.X 255.255.255.192 any echo-reply
                       access-group 101 in interface outside

An acl allows ping through the firewall not to the firewall.

You need this instead -

icmp permit 76.x.x.x 255.255.255.192 echo-reply outside

however by default an ASA should respond to ping on it's interfaces anyway so you need to check your config.

Note also that you cannot ping across the ASA to an interface so if you are outside you can ping the outside interface but not any of the others.

Jon

New Member

Re: ASA/PIX not responding to Pings from Outside interface

               Thanks Jon,

                                 Are you saying that the Pix by default will not respond to pings but the ASA will?

Hall of Fame Super Blue

Re: ASA/PIX not responding to Pings from Outside interface

iketurner931 wrote:

               Thanks Jon,

                                 Are you saying that the Pix by default will not respond to pings but the ASA will?

No, the pix should respond by default to pings as well.

Jon

New Member

Re: ASA/PIX not responding to Pings from Outside interface

                          Ok Thanks.

3346
Views
0
Helpful
4
Replies
CreatePlease to create content