Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
345
Views
0
Helpful
1
Replies

Unable to PING inside interface (from the inside !)

Gordon Ross
Level 9
Level 9

‎03-11-2012 08:38 AM - edited ‎03-11-2019 03:40 PM

I've got an ASA running 8.4(2)

I've setup a simple IP address on one of it's ports. I've plugged in a PC to that port. The PC has been given the IP address of the ASA as it's default gateway.

From the ASA, I can ping the PC fine.

From the PC, I can't ping the ASA.

Using the "capture" command, I can see the ICMP echo request packests come in to the ASA, but nothing leaves.

Another interesting fact, is that the ASA never populates it's ARP table with the MAC address of the PC (despite the fact that it can PING it). Also, just running a plain capture on this interface shows the ASA repeatedly issuing ARP "who-has" packets. (The capture command shows the replies coming back, but a "sh arp" shows that the entries hasn't been learnt)

Any suggestions on how to fix or troubleshoot this ?

Thanks,

GTG

Please rate all helpful posts.
Labels:
0 Helpful
1 Reply 1

amigomnemonik
Level 1
Level 1

‎03-11-2012 11:04 AM

I think ASA by default block ICMP packets as the outside interface is by default rejecting all the traffic as of the lower security.

Try to enable the ICMP on the outside interface by using this Cisco recommendation:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card