Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ping through ASA

i have a problem as i permitted PING by the following commands:

icmp permit any echo admin-outside
icmp permit any echo-reply admin-outside
icmp permit any echo admin-inside
icmp permit any echo-reply admin-inside

i can ping from outside (PC) to the inside (PC) but i can't ping from the inside(PC) to the outside(PC)

and another question can the interfaces of the firewall ping each outher if i used Extended ping on the firewall -- because in this status both interfaces are not pingging each other too ??

Thanks In Advance

Ayman Yehia

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: Ping through ASA

207558867 wrote:

i have a problem as i permitted PING by the following commands:

icmp permit any echo admin-outside
icmp permit any echo-reply admin-outside
icmp permit any echo admin-inside
icmp permit any echo-reply admin-inside

i can ping from outside (PC) to the inside (PC) but i can't ping from the inside(PC) to the outside(PC)

and another question can the interfaces of the firewall ping each outher if i used Extended ping on the firewall -- because in this status both interfaces are not pingging each other too ??

Thanks In Advance

Ayman Yehia

Ayman

The "icmp permit ..." command controls who interfaces on the firewall can be pinged not which devices can ping through the firewall.

Have a look at this document which covers how to allow ping through an ASA/Pix firewall -

ASA ping

Can the interfaces ping each other - no they can't.

Jon

New Member

Re: Ping through ASA

Hi Yehia,

I believe you need to add ICMP to your inspection policy-map.After I issued 'inspect icmp' from within my policy-map it worked.

On my ASA 5505 in my home lab I have the following;

class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512

!

!

policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global

Hope that helps.

Conor

3 REPLIES
Hall of Fame Super Blue

Re: Ping through ASA

207558867 wrote:

i have a problem as i permitted PING by the following commands:

icmp permit any echo admin-outside
icmp permit any echo-reply admin-outside
icmp permit any echo admin-inside
icmp permit any echo-reply admin-inside

i can ping from outside (PC) to the inside (PC) but i can't ping from the inside(PC) to the outside(PC)

and another question can the interfaces of the firewall ping each outher if i used Extended ping on the firewall -- because in this status both interfaces are not pingging each other too ??

Thanks In Advance

Ayman Yehia

Ayman

The "icmp permit ..." command controls who interfaces on the firewall can be pinged not which devices can ping through the firewall.

Have a look at this document which covers how to allow ping through an ASA/Pix firewall -

ASA ping

Can the interfaces ping each other - no they can't.

Jon

New Member

Re: Ping through ASA

Hi Yehia,

I believe you need to add ICMP to your inspection policy-map.After I issued 'inspect icmp' from within my policy-map it worked.

On my ASA 5505 in my home lab I have the following;

class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512

!

!

policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global

Hope that helps.

Conor

New Member

Re: Ping through ASA

Thanks alot adding the ICMP to the inspection already did it

1223
Views
0
Helpful
3
Replies