Cisco ASA cannot ping any hosts on outside


Out of the box Cisco ASA firewall doesn’t permit ICMP traffic, that means the firewall permits ping traffic out but it won’t let the reply traffic to come inside.

The solution is to add “inspection icmp” to global policy map

ASA(config)# policy-map global_policy
ASA(config-pmap)# class inspection_default
ASA(config)# inspect icmp
ASA(config)# exit
ASA# write memory

After adding the above command, you will notice the change in ASA running-config and also ping any hosts on outside.

policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp

Related Articles & Comments

Menu Title
%d bloggers like this: