Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Inside ping to outside interface ASA

I am using an ASA 5510. I have no issues receiving echo-replies from outside devices, but I can't get one from the outside interface on my ASA.

This is by design right? Is there a work around?


Re: Inside ping to outside interface ASA

If you are on the inside by design you cannot ping the outside interface or other interfaces other than the interface the host is under.. say if you host is on the inside interface and tries to ping DMZ interface by design will not happen.

You can however ping outside interface from the outside if you permit it by rule.


New Member

Re: Inside ping to outside interface ASA

Yes, I was trying to ping the mapped addresses of inside devices.

So I was on a machine trying to ping the mapped outside address of the machine. The mapped outside address is

I can receive a echo-reply from, but not the mapped address of

New Member

Re: Inside ping to outside interface ASA


We can achieve this by configuring hairpining or u-turning on the firewall.

The commands required for the same are:

static (inside,inside) norandomseq nailed

same-security traffic permit inter-interface

sysopt noproxyarp inside

failover timeout -1

global (inside) 1 interface (Assuming you have nat (inside) 1 0 0 configured)

Please follow the following document for more information on the same:

Please note that this will only work in case the default gateway for both and is firewall (in other words both the echo request and reply are handled by the firewall)

CreatePlease to create content