I did not get chance today to run a debug or packet trace but i will tomorrow. Edited by nuaythebest, 08 January 2009 - 01:52 PM. 0 Back to top #6 meffisto meffisto Member Members 97 posts Posted 09 January 2009 - 04:47 AM The problem has been Show us how you think you should solve those issues, and we will validate or offer enhancement to your initial attempt. update the default global policy map policy-map global_policy class inspection_default inspect icmp ! weblink
permalinkembedsaveparentgive gold[–]tekn0vikingHEYO[S] 0 points1 point2 points 3 years ago(1 child)asa(config)# fixup protocol icmp INFO: converting 'fixup protocol icmp ' to MPF commands Still nothing on the pings to the ext interface. ciscoasa(config)# ping TCP Ping [n]: Interface: outside Target IP address: 220.127.116.11 Repeat count:  Datagram size:  Timeout in seconds:  Extended commands [n]: Sweep range of sizes [n]: Type escape For example from inside LAN you cannot ping outside Interface and from outside machine you cannot ping inside interface, thats how ASA is designed. edit: I ran a packet trace on the outside interface.
To fix the pings for the trusted interfaces ! Petes-ASA(config)# show capture capout 4 packets captured 1: 13:02:33.285309 192.168.1.1 > 18.104.22.168: icmp: echo request 2: 13:02:37.886596 192.168.1.1 > 22.214.171.124: icmp: echo request 3: 13:02:42.886672 192.168.1.1 > 126.96.36.199: icmp: echo request Before we start, lets get the basics out of the way, does the client you are pinging from have a firewall turned on? RiON for your efforts.
This sub-reddit is dedicated to higher-level, more senior networking topics. /r/itcareerquestions /r/ccna and /r/ccent are all available for early-career discussions. permalinkembedsaveparentgive gold[–]Mibzalon 1 point2 points3 points 3 years ago(0 children)My first thought is that 188.8.131.52 doesn't have a route back to 184.108.40.206 Seems unlikely to be the problem, but just one of those The by far most likely scenarios are Comcast blocking something, or a bug in the firmware (and I do not shout "bug" easily - but permitting ping and ssh to an Fixup Protocol Icmp Then repeat for time-exceeded, unreachable and source-quench Stop Interfaces replying to Ping traffic As stated above all firewall interfaces will respond to pings if they are on the network you are
But you can still allow the PING by allowing ICMP in your access-list DMZ for specific host. You won't be able to vote or comment. 161718Can't ping external interface of ASA and other weird issues (self.networking)submitted 3 years ago * by tekn0vikingHEYOrunning config can be found here I call upon the /r/networking gods Networking Career Topics are allowed with following guidelines: Topics asking for information about getting into the networking field will be removed. Solution 1.
Any post that fails to display a minimal level of effort prior to asking for help is at risk of being Locked or Deleted. Cisco Asa Allow Icmp Echo Reply Did what you told me but still cannot ping google's 220.127.116.11. Re: ASA outside interface from inside host doesn't ping; why? PetesASA# conf t PetesASA(config)# access-list inbound permit icmp any any echo-reply PetesASA(config)# access-list inbound permit icmp any any time-exceeded PetesASA(config)# access-list inbound permit icmp any any unreachable PetesASA(config)#access-list inbound permit icmp any
Hosts inside vlan can ping each other. https://www.reddit.com/r/networking/comments/3t5v0l/cant_ping_outside_interface_cisco_asa_5508x/ permalinkembedsavegive gold[–]dr-pepper12[S] 0 points1 point2 points 11 months ago(2 children)Thanks for the comments. Cisco Asa Allow Ping Inside Interface To allow pinging of the outside interface: ASA(config)#access-list ACL-OUTSIDE extended permit icmp any any ASA(config)#access-group ACL-OUTSIDE in interface outside Comments Sign in|Report Abuse|Print Page|Powered By Google Sites jump to contentmy subredditsannouncementsArtAskRedditaskscienceawwblogbookscreepydataisbeautifulDIYDocumentariesEarthPornEestieuropeexplainlikeimfivefoodfunnyFuturologygadgetsgamingGetMotivatedgifshistoryIAmAInternetIsBeautifulJokesLifeProTipslistentothismildlyinterestingmoviesMusicnewsnosleepnottheonionOldSchoolCoolpersonalfinancephilosophyphotoshopbattlespicsscienceShowerthoughtsspacesportstelevisiontifutodayilearnedTwoXChromosomesUpliftingNewsvideosworldnewsWritingPromptsedit Asa Can't Ping Internet And the command is “inspect icmp” but you need to enter the default map first (this assumes you have the standard policy-map).
Re: ASA outside interface from inside host doesn't ping; why? have a peek at these guys enjoy :) Tags: Cisco ASA 5505Review it: (207) 0 This discussion has been inactive for over a year. This subreddit does NOT allow: Home Networking Topics. Low-quality posts. "icmp Permit Any Outside"
This topic has been discussed at length, please use the search feature. Join the community Back I agree Powerful tools you need, all for free. Ri0N Mar 7, 2014 1:08 PM (in response to Aref - CCNPx2 (R&S - Security) / Network+ / Security+) Ugh, the ASA is odd sometimes.. check over here a community for 8 yearsmessage the moderatorsMODERATORSugnaughtNetwork StoogeMikecom32BridgeBumFormer CCSInoreallyimthepopeCCNAngerDavisTasardubcrosterMPLS EvangelistjpeekCertified PotatoHoorayInternetDramaDeletes the most posts in town!the-packet-thrower(╯°□°）╯︵ ǝɯǝɹʇXǝVA_Network_NerdInfrastructure Architect & Cisco Bigotabout moderation team »discussions in /r/networking<>X99 points · 43 comments Windstream to buy Earthlink for
Upgrading/replacing the IOS did the trick then. Asa Ping Pls refer the below cisco document.http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0 See More 1 2 3 4 5 Overall Rating: 0 (0 ratings) Log in or register to post comments ActionsThis Discussion 0 Votes Follow Shortcut We need to specify an ICMP Type and an ICMP code, to make sure the traffic leaves the firewall we trace ICMP type 8 (echo), with ICMP code 0 (none).
I can ping my outside interfaces without the ACLs. There were a couple of issues going on at the same time then however so i will run one tomorrow now that other issues are solved. interface Ethernet0/4 ! Icmp Unreachable Rate-limit 1 Burst-size 1 Rule #5: No Early Career Advice.
Example:ASA outside ip: 18.104.22.168/24ASA inside ip: 22.214.171.124/24If you try to ping the ip address 126.96.36.199 from any of your inside hosts in the network 188.8.131.52/24 it won't work, and that is Now to clean up the million entries I've made over time on the ASA while troubleshooting. 19 commentsshareall 19 commentssorted by: besttopnewcontroversialoldrandomq&alive (beta)[–]bitConnect 3 points4 points5 points 3 years ago(4 children)By default the ASA For some reason I can not ping the outside interface of the device (184.108.40.206) from an external site. this content Thanks!!!!!!!