I am having the exact same problem. I have tried both the ICMP permit command and the access-list/access-group commands and neither have worked for me.
I can ping the outside interface from a machine in the outside network. I can ping a machine in the outside network from the inside network but I cannot ping the outside interface from the inside network.
Let me throw another wrench into this machine. I have a pix, NATing to the outside, but not to the DMZ. I am unable to ping any of the servers in the DMZ from the PIX, and unable to ping the PIX from the servers. The servers can all ping each other and the PIX (of course) can ping the DMZ interface. My first line of my dmz access list permits ALL ICMP traffic. The last line (though temporary to troubleshoot the access list itself) is ip permit any any. HELP !
Try adding the access-group to your inside interface. This will allow the reply to enter the inside network. You will not be able to ping the PIX DMZ interface from inside but you should be able to ping devices on thar network.
access-list 100 permit icmp any host A.B.C.D echo-reply
I am assuming you do not have a access-list that denies icmp messages on the inside interface. If this is the case, the PIX by default will allow inside host(based upon the nat command) to ping through the PIX. However, by default the outside interface will not allow the reply back inside unless you implictly allow this. If you are using access-list then enter the following commands on your outside interface : access-list outside permit icmp any any echo-reply
access-list outside permit icmp any any source-quench
access-list outside permit icmp any any unreachable
access-list outside permit icmp any any time-exceeded
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :