Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PC can't ping downstream networks

I have an ASA5505 and have setup rip v2 on it. I have some downstream routers set up connected off one of the ASA switchports

ASA(INSIDE)10.17.34.1 --- 10.17.34.10Gateway_rtr172.31.1.1 --- 172.31.1.2Router1 etc

From the ASA i can ping any where but from the PC i cannot ping the 172.31.1.1 network even though the Gateway router is directly connected and has that route.i can ping the 10.17.34.10 ip only

Debugging shows:

Nov 14 2007 21:49:34: %ASA-3-106014: Deny inbound icmp src inside:10.17.34.2 dst inside:172.31.1.1 (type 8, code 0)

Nov 14 2007 22:25:56: %ASA-3-106014: Deny inbound icmp src inside:10.17.34.2 dst inside:172.31.1.1 (type 0, code 0)

There is no acl's on the router from the LAN and all seems correct from the client.

ICMP inspection is enabled.

Am I missing something. Software release is ver 8.0(2)

thanks,

John

1 REPLY
New Member

Re: PC can't ping downstream networks

By default PIX or ASA does NOT allow ICMP....here is a really good document that explains it and how to configure the firewall to allow ICMP.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

Please rate if this help!

195
Views
0
Helpful
1
Replies
CreatePlease to create content