Cisco Support Community
Community Member

Can browse internet but no ping replies

Hi guys,

I recently made changes to my network and I can get out to the internet but when I try I can't browse to it, and I noticed that I also can not ping the sites I do browse to, I'm figuring its a return traffic problem wondering if anyone can point me in the right direction.

Note we have multiple networks on our L3 switch, because of circumstances I created route maps on the SVI of the switch so that it routes traffic properly.

Layer 3 3750 config looks like this:

so vlan 100 for example has

ip acces-list extended ACL-100-WEB

permit any eq www ftp

ip acces-list extended ACL-100-PEERS


route-map RM-VLAN-100 sequence 10

match ip address ACL-100-WEB

set ip next-hop  (inside interface of the ASA)

route-map RM-VLAN-100 sequence 20

match ip addres ACL-100-PEERS

set ip next-hop (inside interface of router that links to other remote sites that use network


Note the L3 has a default gateway that I'm attempting to bypass as its the DG for all the live traffic on this network- sadly I dont have another switch to completely separate everything.

the DG for the switch is  which services the production network

I need traffic on to be able to move to for example among others on that range

I also need this traffic to reach the internet (which it does but the return traffic is odd)


Is it return traffic on the ASA or on the switch that I should be looking at?

Any thoughts or suggestions appreciated.


Re: Can browse internet but no ping replies

I think I'd start with acl-100-web. It clearly says only www and FTP art allowed.

Sent from Cisco Technical Support iPad App

Community Member

Can browse internet but no ping replies

you need to allow icmp any on acl-100-web.  i assume it is permit ip for acl-100-peers so that is ok.  re-do your route-map such that your sequence 20 now will become sequence 10.  so that for ping/tracert between 192.168.x.x will match first and  routed to and for the "any" (ie. ping to web) will route to your ASA  i dont think it is return traffic issue since you can browse the internet.  i assume you are using traceroute to check return traffic but see it odd because icmp is not in route-map and routed to your default gateway.

hope this helps. cheers!

CreatePlease to create content