Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ping not working from one firewall to other devices

Hi,

I am connected via vpn to a firewall to the network which allots ip pool.Now once connected, i cannot ping any of the other devices in the network.Logs on firewall show deny, so i decided to add an acl for this permit icmp any any to the particular inside interface.But it still shows same results & same log in the firewall.

There is another firewall in the path after this to reach other devices.

What commands would make this work?

Thanks.

3 REPLIES
New Member

Re: ping not working from one firewall to other devices

did you allow the return traffic for the ping command?

do you mean local network or remote network?

to access your local network's ressources, you should enable split-tunneling.

I hope it's useful,

Reda

New Member

Re: ping not working from one firewall to other devices

Thanks Reda,

how do we enable return traffic for ping?

I meant that once i login through VPN to my organisations network, then i need to access/ping other network devices which are within this environment.Do we need anything specific to be done...

Thanks

New Member

Re: ping not working from one firewall to other devices

you can do it in 2 ways:

- Enable ICMP inspection, then the ASA will consider ICMP traffic as a Stateful traffic, and will accept the icmp-echo reply. most secure.

- allow ICMP echo reply in the outside interface:

object-group icmp-type Icmp-Reply

icmp-object echo-reply

icmp-object time-exceeded

icmp-object unreachable

access-list allbxx extended permit icmp any any object-group Icmp-Reply

this is only an example, but it should help you.

let me know if you it solve the issue.

107
Views
0
Helpful
3
Replies