Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can ping from inside, but not from outside

I have a couple of routers that have public ips and I can ping them from inside my network, but I cannot ping them from outside my network where I get internet connection. I have an IN access-list, but I am not blocking icmp or echo's. Any ideas?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Can ping from inside, but not from outside

Are you trying to ping your routers through the cloud? If so, there might be a node somewhere in the cloud that is blocking ICMP or echo requests. We ran into the same thing here. Our service provider recently started blocking ICMP requests. Try doing a trace route and see where it stops.

8 REPLIES
New Member

Re: Can ping from inside, but not from outside

If icmp is not specifically permitted the default action will drop the packets. Can you post your acl, just put in bogus IPs when you post.

New Member

Re: Can ping from inside, but not from outside

Its fairly long and alot of editing but here is the bulk of it.

This is applied IN on the Internet side:

deny ip (our public space) any

deny ip (private addresses) any

deny ip (multicast and reserved space) any

deny ip host 255.255.255.255 any

deny tcp/udp any any eq (trojan ports)

deny udp any any eq snmp

deny udp any any eq 19

permit ip any any

New Member

Re: Can ping from inside, but not from outside

add

permit icmp any any

Re: Can ping from inside, but not from outside

Icmp is included in last entry of access-list because ip allows icmp too.

Did you try to unapply the acl from interfaces to test the reachability?

Let me know

Carlo

Please rate all helpful posts "The more you help the more you learn"
New Member

Re: Can ping from inside, but not from outside

Are you trying to ping your routers through the cloud? If so, there might be a node somewhere in the cloud that is blocking ICMP or echo requests. We ran into the same thing here. Our service provider recently started blocking ICMP requests. Try doing a trace route and see where it stops.

New Member

Re: Can ping from inside, but not from outside

I can ping my routers that are connected through our own lines, however if I go out to ATT route server I cannot ping my edge or internal routers or any device off of them. I can trace out and in though.

New Member

Re: Can ping from inside, but not from outside

Try to write "log" in the end of each line in the acl, ping the device and the do show access-list... and see which line that triggers. Might give you a clue..

New Member

Re: Can ping from inside, but not from outside

Thanks for all of the help. It was our provider that was blocking ICMP since the recent worm attacks and they forgot to remove it off of our interface.

151
Views
0
Helpful
8
Replies
CreatePlease to create content