Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Not able to ping the external interface from outside world

Hi

i replaced the cisco asa with a cisco 2811. Everything is working fine i am able to access the internet from inside and the IPSEC/VPN site to site tunnel is working well but, i am not able to ping the external (public addr) of the cisco router the circuit is up and i am able to ping the externa gateway.

regards

Logesh

7 REPLIES
Cisco Employee

Re: Not able to ping the external interface from outside world

Hello,

Do you have any access-list on the outside interface? If you do, can you

enable ICMP packets in the access-list?

Regards,

NT

Community Member

Re: Not able to ping the external interface from outside world

Hi

the following line are been already configured to the router

interface FastEthernet0/0
ip access-group Incoming in

!

ip access-list extended Incoming
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit tcp any any eq 22

Regards

Logesh

Cisco Employee

Re: Not able to ping the external interface from outside world

Hello,

Can you please post the crypto access-lists here?

Regards,

NT

Community Member

Re: Not able to ping the external interface from outside world

Hi

Why do you want the crypto access list

I dont see this issue is related with that access list

regards

Logesh

Cisco Employee

Re: Not able to ping the external interface from outside world

Hello,

One of the possibilities is that you have included all ICMP traffic in the

crypto ACL. If that is true, the return traffic gets encrypted.

Regards,

NT

Community Member

Re: Not able to ping the external interface from outside world

Hi

No thats not incleded in the crypto traffic and moreover the same set of configuration is used else where and its working fine

Is there any other thing which need to to be checked for the ping to work

Regards

Logesh

Cisco Employee

Re: Not able to ping the external interface from outside world

Hello,

There is nothing specific that need to be checked. Do you see the hit counts

increasing on the interface access-list? Do you have any other firewall

setup on that router (ZBF, CBAC)?

Regards,

NT

202
Views
0
Helpful
7
Replies
CreatePlease to create content