Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can't ping Outside in ASA5510

Guys please help me. I can't ping outside network like yahoo.com when I'm connected to the ASA5510 firewall. Do you have any idea how to set the ACL to allow pinging the outside network?

Thanks.

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: Can't ping Outside in ASA5510

How are you connected to the ASA? Is it via VPN using a VPN client? If you are connecting via VPN client and split tunneling is not enabled on the ASA for the profile your are connecting to the ASA with, you would not be able to ping any address on the Internet. You need to enable split tunneling for this profile.

If you are on a network behind the ASA (i.e. Inside interface of the ASA), then you can enable pinging through the ASA by entering the commands below on the ASA:

config t

policy-map global_policy

class inspection_default

inspect icmp

Regards.

Re: Can't ping Outside in ASA5510

Hi,

1. Allow ICMP in both directions (by the application of access lists to the source and destination interfaces).

access-list 100 extended permit icmp any any echo-reply

access-list 100 extended permit icmp any any source-quench

access-list 100 extended permit icmp any any unreachable

access-list 100 extended permit icmp any any time-exceeded

2. Enable the ICMP inspection engine to allow ICMP sessions to be treated as bidirectional connections

inspect icmp

HTH - pls rate if it does

Regards

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
4 REPLIES
New Member

Re: Can't ping Outside in ASA5510

How are you connected to the ASA? Is it via VPN using a VPN client? If you are connecting via VPN client and split tunneling is not enabled on the ASA for the profile your are connecting to the ASA with, you would not be able to ping any address on the Internet. You need to enable split tunneling for this profile.

If you are on a network behind the ASA (i.e. Inside interface of the ASA), then you can enable pinging through the ASA by entering the commands below on the ASA:

config t

policy-map global_policy

class inspection_default

inspect icmp

Regards.

New Member

Re: Can't ping Outside in ASA5510

Thanks for the reply. I'm connected to the ASA behind a network using the DMZ interface. The "inspect icmp" statement is the only missing thing in my config. I will add this and give you an update.

Thanks.

New Member

Re: Can't ping Outside in ASA5510

Hi, if I will use the "inspect icmp" statement is there a catch with this command?

Is my network still safe?

Re: Can't ping Outside in ASA5510

Hi,

1. Allow ICMP in both directions (by the application of access lists to the source and destination interfaces).

access-list 100 extended permit icmp any any echo-reply

access-list 100 extended permit icmp any any source-quench

access-list 100 extended permit icmp any any unreachable

access-list 100 extended permit icmp any any time-exceeded

2. Enable the ICMP inspection engine to allow ICMP sessions to be treated as bidirectional connections

inspect icmp

HTH - pls rate if it does

Regards

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
1015
Views
0
Helpful
4
Replies
CreatePlease to create content