Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Unable to Ping

Hi All,

I'm a Cisco Newbie. We recently had a PIX 515e installed.

Since the install I can now no longer Ping from my local workstation to the outside world, nor can I perform a tracert.

I have permitted icmp from any to any and still nothing.

Any advice would be greatly appreciated.

Thanks in advance

Stephen

I can however ping the outside world from my firewall ssh session.

5 REPLIES

Re: Unable to Ping

Hi,

Have you implemented NAT?

For information view: http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html

I hope this helps.

Best regards.

Massimiliano.

lrh
New Member

Re: Unable to Ping

I had the same problem on ASA boxes. I solved this by enabling inspection on the ICMP & ICMP Error.

\Lars

Re: Unable to Ping

Stephen, please refer to this link to understand how ICMP and trace route is handle by PIX and ASA , configure security applience accordingly to be able to conduct icmp and trace from inside out.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

Rgds

Jorge

New Member

Re: Unable to Ping

Thanks all. I managed to fix it by using

• access-list ping_acl permit ip any any

• access-group ping_acl in interface outside

Gold

Re: Unable to Ping

"permit ip any any" negates your firewall entirely. you may have 'fixed' icmp, but you 'broke' your firewall. Please read the aforementioned links immediately to remedy this.

If you told us what version OS you have we might be able to suggest something specific.

You could also delete your current ACL and just allow "icmp any any echo-reply"

In addition to gorge's link, also read this one on traceroute: http://www.cisco.com/warp/public/105/traceroute.shtml

174
Views
0
Helpful
5
Replies
CreatePlease to create content