Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Uable to ping any outside IP addresses, but can browse the web.

I found that PCs behind the ASA 5510 are not able to ping any outside ip addresses including the firewall's outside NIC ip. However, users are able to browse any websites as usual. I am new to cisco's firewall. Could someone advise

me on how to troubleshoot this problem? Thank you!

2 REPLIES
Community Member

Re: Uable to ping any outside IP addresses, but can browse the w

Check your ACL on the outside interface. You need to allow icmp echo, echo-reply and time-exceeded to be able to ping devices on the outside interface. Probably you just allow HTTP traffic... If you'r not sure, paste the ACL's here.

Community Member

Re: Uable to ping any outside IP addresses, but can browse the w

Pix, by design, will allow EVERYTHING from

the inside to outside. However, almost

ALL return traffics will be allowed with

the exception of echo-reply, time-exceeded,

icmp protocol. That's why user(s) on the

inside can browse the internet and do

whatever they desire.

Pix, ASA or whatever cisco called it,

it probably the worst security product

ever designed by man, IMHO.

110
Views
0
Helpful
2
Replies
CreatePlease to create content