Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
3
Replies

ICMP is not working on firewall

wasiimcisco
Level 1
Level 1

‎08-06-2008 03:25 AM

I have pix firewall 525 with IOS Version 8.0(3)

I have access-list applied both on inside and outside interface. Everything was working fine but today i m not able to ping firewall outside interface. only directly connected switches are able to ping firewall outside interface.

Firewall is configured for AAA server and authentication is working fine but firewall is not able to ping the AAA server.

ASDM and everything is working, only ping to the box is not working.

I have even allowed icmp any any on inside and outside interface.

Firewall is unable to reach the SNMP server. Server giving error unreachable.

Please see the attachement for configuration of firewall, plus logging at the end.

ASDM showing that the inside to outside traffic is denied by deny rule, though there is no deny rule even at the end of the access-list.

No body is able to ping the any interface of the firewall except the one core switch that is directly connected with firewall. Please see the attachement for firewall configuration.

Why it is happening, Please help me out.

Labels:
27805-fw config
0 Helpful
3 Replies 3

andrew.prince
Level 10
Level 10

‎08-06-2008 05:45 AM

The route to the 172.28.31.0 network is via the inside interface?

The SNMP server information is configured on the outside interface?

route outside 0.0.0.0 0.0.0.0 172.28.63.75 1

route inside 172.28.0.0 255.255.0.0 172.28.50.3 1

route inside 172.28.36.0 255.255.255.0 172.28.50.3 1

route inside 172.28.50.0 255.255.255.0 172.28.50.1 1

snmp-server host outside 172.28.31.176 community w@t4mdc

snmp-server host outside 172.28.31.177 community w@t4mdc

snmp-server host outside 172.28.31.178 community w@t4mdc

Where are the SNMP servers actually??

If they are on the outside, then add:-

route outside 172.28.31.0 255.255.255.0 172.28.63.75

Also for the AAA

aaa-server TACACS+ (outside) host 172.28.31.132

key waridtel0321

aaa-server TACACS+ (outside) host 172.28.31.133

key waridtel0321

HTH>

0 Helpful

Tshi M
Level 5
Level 5

‎08-17-2008 04:08 PM

There is an implicit deny rule at the end of the acl. If you have an ACL, you need to specifically permit the traffic that you want otherwise it will be denied.

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-17-2008 08:08 PM

if u want the firewall to ping the server u need icmp echo-reply permited

like permit icmp any any outside echo-reply

so try to permit icmp [source] [distination] echo

icmp [source] [distination] echo-reply

regarding the required source and Dist. and the right interface

and for ur information

u can not ping any firewall interface from other interface this is in ASA !!

good luck

please if helpful rate

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents