<div>
Thanks masnrock for the reply. &nbsp;I am able to ping the internal address of the server.<br />
<br />
ICMP is exactly the same on the ASA as it was 4 months ago when I made my last backup. &nbsp;Below are the ICMP settings.<br />
<br />

<pre><code class="code-10 nolinks" id="code-20-41828458-1"><span>object-group icmp-type icmpallow</span>
<span> icmp-object echo-reply</span>
<span> icmp-object traceroute</span>
<span> icmp-object unreachable</span>
<span> icmp-object source-quench</span>
<span></span>
<span>access-list outsideif_in extended permit icmp any any object-group icmpallow</span>
<span></span>
<span>icmp unreachable rate-limit 1 burst-size 1</span>
<span></span>
<span>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</span>
<span></span>
<span>  inspect icmp</span>
</code></pre>
<br />
This is really strange that it just stopped working last week. &nbsp;It seems as though the ISP has change something or blocked something, but they assure me nothing has changed. &nbsp;Ughhhh!
</div>


<div>
Is there anyone that might have a suggestion of the issue I am having?
</div>


<div>
So the problem is definitely within the ASA. Have you tried clearing out the ICMP configuration, then setting it up again with the same rule?<br />
<br />
Another step you can try is to change &quot;outsideif_in&quot; to &quot;outside_in&quot; on line 7.
</div>


<div>
Thanks Masnrock: &nbsp;I tried what you suggested, but no luck. &nbsp;Still unable to ping the from outside the network. &nbsp;This is really crazy, because this was working and nothing had changed on my side. &nbsp;No firewall or server changes.
</div>


<div>
Can you pull up any firewall logs that may help? Usually there is going to be something that will indicate what rule denied or rejected it?
</div>


<div>
Hello Masnrock. &nbsp;You were correct, there was a problem with the ICMP. We ended up adding the last line &quot;icmp-object echo&quot; and that fixed the issue. &nbsp;Really not sure how this was working before, but happy it is now. <br />
<br />
bsesingasa# sho run object-group id icmpallow<br />
object-group icmp-type icmpallow<br />
&nbsp;icmp-object echo-reply<br />
&nbsp;icmp-object traceroute<br />
&nbsp;icmp-object unreachable<br />
&nbsp;icmp-object source-quench<br />
&nbsp;icmp-object echo<br />
<br />
Thanks for you great help. &nbsp;Mike
</div>


<div>
You're quite welcome, and glad you're functioning properly at this point.
</div>


<div>
<div class="content wysiwyg-content">
RRAS has been working successfully for a few years. &nbsp;Last week something seems to have changed and we are no longer able to ping the public IP Address that is port forwarded to the Windows 2k3 server IP Address 192.168.100.3<br />
<br />
From the 192.168.100.3 server, if we go to <a href="http://canyouseeme.org" rel="ugc">http://canyouseeme.org</a>&nbsp;we see our public IP address. &nbsp;When we check Port 1723 (PPTP port) we get a successful reply which leads us to believe that both the firewall and ISP are not blocking this port.<br />
<br />
We are currently using an ASA 5506-X running ASA Version 9.4(1)<br />
<br />

<pre><code class="code-1 nolinks" id="code-10-28974065-1"><span>access-list outsideif_in extended permit tcp any object obj-192.168.100.3 eq pptp</span>
<span></span>
<span>object network obj-192.168.100.3</span>
<span> nat (insideif,outsideif) static (Public IP Address)</span>
</code></pre>
<br />
netstat -an -o |find /i &quot;listening&quot; shows in attahcment.<br />
<br />
Does anyone have any suggestions?<br />
<a href="https://filedb.experts-exchange.com/incoming/2016/10_w41/1120312/netstat.JPG" target="_blank" class="file-inline" title="netstat.JPG (65 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>netstat.JPG</a>
</div>
</div>


netstat.JPG

RRAS has been working successfully for a few years.  Last week something seems to have changed and we are no longer able to ping the public IP Address that is port forwarded to the Windows 2k3 server IP Address 192.168.100.3

From the 192.168.100.3 server, if we go to http://canyouseeme.org we see our public IP address.  When we check Port 1723 (PPTP port) we get a successful reply which leads us to believe that both the firewall and ISP are not blocking this port.

We are currently using an ASA 5506-X running ASA Version 9.4(1)

(CODE)

netstat -an -o |find /i "listening" shows in attahcment.

Does anyone have any suggestions?

Problem pinging RRAS server from outside the network

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

The Windows operating systems have distinct methodologies for designing and implementing networks, and have specific systems to accomplish various networking processes, such as Exchange for email, Sharepoint for shared files and programs, and IIS for delivery of web pages. Microsoft also produces server technologies for networked database use, security and virtualization.

Windows Networking

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).