Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Not able to ping natted I.P from inside

we are using ASA5505 having two interfaces inside(Security level 100) outside (security level 50)

We had statically natted I.P X.X.X.X (inside ) to Y.Y.Y.Y (Public I.P).We are able to ping this public I.P from Internet ,also nat is working successfully.

we are able to ping natted I.P from ouside i.e Y.Y.Y.Y but we are not able to ping it from inside .

below is the configuration done

static (inside,outside) Y.Y.Y.Y X.X.X.X netmask 255.255.255.255

Regards

Ajay

7 REPLIES
Bronze

Re: Not able to ping natted I.P from inside

hello,

i maybe wrong but how could you even ping this natted ip from outside to inside, whereas my understanding says that pix doesn't allow any icmp traffic espacially if coming from higher security interface to lower security interface.

New Member

Re: Not able to ping natted I.P from inside

Thanks for your reply

My problem has been resolved .

Regards

Ajay

Bronze

Re: Not able to ping natted I.P from inside

hello,

you are always welcome, but if you don't mind i would really like to know how you solved it.

New Member

Re: Not able to ping natted I.P from inside

We are having the exact same problem.

Could you elaborate on how you solved this issue.

Thank you

Green

Re: Not able to ping natted I.P from inside

Steve, could you elaborate on your problem? How many interfaces are we talking about here? Give us a little more info.

For example if you have 3 interfaces and have

static (dmz,outside) 1.1.1.1 172.16.1.1 netmask 255.255.255.255

You can ping 1.1.1.1 from outside but not from the inside. You would need to add something like this if you wanted to do so....

static (dmz,inside) 1.1.1.1 172.16.1.1 netmask 255.255.255.255

Here are a few options for 2 interfaces

1. dns doctoring

2. hairpinning

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Please rate helpful posts

New Member

Re: Not able to ping natted I.P from inside

Well, I guess I got a little trigger happy and sent off this post before reading trough all posts.

I got my answer here

ns&loc=.1dde631e/4&forum=Security&topic=Firewalling

Green

Re: Not able to ping natted I.P from inside

Could you post that link again. Was it the same solution as I posted above?

142
Views
0
Helpful
7
Replies