Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Unable to ping from inside network to outside network

Hi, the ping initiated from inside network to outside hosts is dropping on outside interface. If i add acl entry to allow icmp on outside interface, ping is fin but this is asa 5540 (statefull firewall) that should remember connection initiated from inside network. This is production firewall used to allow internet surfing which works ok. Any idea where to start troublehoting would be greatly appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Unable to ping from inside network to outside network

read this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

it covers both icmp and traceroute issues through your firewall.

5 REPLIES
Green

Re: Unable to ping from inside network to outside network

It is not stateful for icmp traffic. You must explicitly allow it in an acl or enable icmp inspection. The ASA is acting as it should.

Gold

Re: Unable to ping from inside network to outside network

read this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

it covers both icmp and traceroute issues through your firewall.

Community Member

Re: Unable to ping from inside network to outside network

Thank you gents.

I like ASA more and more..

Regards,

Community Member

Re: Unable to ping from inside network to outside network

If you want to enable stateful ICMP inspection you can do this from global config

Type

policy-map global_policy

class inspection_default

inspect icmp

Community Member

Re: Unable to ping from inside network to outside network

Thank you all for prompt response; i setup asa as per cisco's doc (15246) and it is OK now.

325
Views
0
Helpful
5
Replies
CreatePlease to create content