ICMP not working

[acollard83]

I am having difficulty getting ICMP to work correctly. I have an access list that allows icmp on the external interface yet no one can ping it. It is a NAT outside interface. Relevent configs are posted below.

interface GigabitEthernet6/14
description 500M Internet to ATT
ip address 12.250.X.X 255.255.255.252
ip access-group 105 in
ip nat outside
speed nonegotiate


ip nat inside source list 105 interface GigabitEthernet6/14 overload

access-list 105 permit ip any any
access-list 105 permit icmp any any echo
access-list 105 permit icmp any any echo-reply

 

[mhdbadi]

Hmmm.. the only issue or reason behind this is the access list creation. The order or ACL lines is totally incorrect. It should work but just to make sure, change the configurations starting by deleting the current ACL and adding the lines as follows:

(config)#no access-list 105
(config)#access-list 105 permit icmp any any echo
(config)#access-list 105 permit icmp any any echo-reply
(config)#access-list 105 permit ip any any

if you want my opinion? just remove this ACL! lets assume that it allows ICMP Echo and Echo Reply, but "access-list 105 permit ip any any" is allowing everything else like there is no ACL.

I hope to get back with feedback if you tried it or another approach.

Regards,
Badi

 

[baddos]

That access-list does do nothing, the very first line would permit every type of icmp packet as well as any other ip packet.

When you say that nobody can ping your 12.250.X.X/30 address, where are you trying to ping it from?

 

[acollard83]

The access list was added because nobody can ping the IP. No one can ping from outside our network.

 

[VinceWhirlwind]

Configure an IP address on your laptop that's in the external subnet of your ATT-facing router, unplug ATT from the router and replace it with your laptop. (probably need a crossover cable).
Can you ping it?