Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Cisco Employee

ping from inside interface not working

Hi,

I am using pix7.0 device

ping x.x.x.x is working fine, but if I am trying to ping from inside interface ping fails

vpn-f1# ping outside x.x.x.x

Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

"outside" is my inside interface.

Would be great if I get any help.

TIA,

Radhika

19 REPLIES
New Member

Re: ping from inside interface not working

What is the security value you have given to your interfaces and what are the interfaces configured on your pix.

Re: ping from inside interface not working

Radhika,

Send me your Pix config.

-amit singh

Re: ping from inside interface not working

Hi

As u have mentioned that outside is u r inside interface i think there is problem with the security level on the interface.

Thanks

Mahmood

Cisco Employee

Re: ping from inside interface not working

Hi,

attaching my config

Thanks,

Radhika

New Member

Re: ping from inside interface not working

After seeing the confiuration, I think the problem is with routing. If you are trying to ping some server in Internet, the it wont, because the default route is towards inside interface not outside interface.

Try to add route outside 0 0 x.x.x.x 1 and then ping.

HTH

Regards,

Suresh Jain

Cisco Employee

Re: ping from inside interface not working

Hi Suresh,

Pix's Inside interface is actually the outside interface. So I think the default route is correct.

To add some information , ping from the devices on inside network is also working.

Seems problem is only when I try to ping from the device.

Thanks,

Radhika

New Member

Re: ping from inside interface not working

just to clarify - when you try to ping x.x.x.x from the inside network it works but when you try to ping x.x.x.x from the firewall it doesn't work?

Cisco Employee

Re: ping from inside interface not working

yes

New Member

Re: ping from inside interface not working

can you enable debug icmp on the firewall then do a ping from the firewall then paste it here. that will show us what's happening of the firewall when you do a ping. also can you install a analogx packetmon on the workstation you are trying to ping so it could capture if the workstation is seeing any packets coming in. paste the result here also. if what you're trying to ping is a network equipment just enable icmp debug then paste the result here.

Cisco Employee

Re: ping from inside interface not working

Hi,

I don't see any debug message even though I enabled it.

xxxx(config)# ping outside x.x.x.x

Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

Thanks,

Radhika

New Member

Re: ping from inside interface not working

Radhika,

There is no natting being done in your configuration. If you connected your inside interface which you are using as outside to internet then you wont be able to ping.

HTH

Regards,

Suresh Jain

New Member

Re: ping from inside interface not working

Hi,

Add a Access list with ICMP Permit any any and implement it in both Insid and Outside interface.

Hope this will help.

Regards

Danny

New Member

Re: ping from inside interface not working

Hey,

Please i didnt checked the configuration you have attached. Without NAT Acl wont work in PIX. Please ignore the previous update.

Regards

Danny

Cisco Employee

Re: ping from inside interface not working

Hi Danny/Suresh,

I did no nat as below.

access-list nonat extended permit ip any any

nat (outside) 0 access-list nonat

seems no use.

Thanks,

Radhika

New Member

Re: ping from inside interface not working

Radhika,

Can you please try by doing NAT.

Regards,

Suresh Jain

New Member

Re: ping from inside interface not working

Hi Radhika,

you have permited IP any any, try ICMP any any

Reg,

Dany

New Member

Re: ping from inside interface not working

Hi Radhika,

Remove the the no nat Access list and nat (Outside) and try the following config#

access-list acl_outside extended permit icmp any any

access-group acl_outside in interface outside

access-group acl_outside in interface inside

nat-cont

nat(inside) 1 0 0

global(out) 1 int

Hope it will solve your problem

Reg

Dany

Cisco Employee

Re: ping from inside interface not working

no use :(

Thanks,

Radhika

New Member

Re: ping from inside interface not working

what are you trying to achieve?

ping x.x.x.x from y.y.y.y

or

ping x.x.x.x from firewall cli

177
Views
0
Helpful
19
Replies