Cannot ping external ip addresses from my router cisco 2911

Hi there,
For some reason I cannot ping external IP addresses from my router cisco 2911.  Any device behind my router 2911 is perfectly fine and can ping, its only the router which cannot.  Need help in identifying where the fault is.  I forgot if I used to ping external address from my router or not as the devices behind it have no issue, some change at the ISP end might have occurred.  I have also contacted ISP according to them it is the internal issue.  
Here is the sample of ping from this router:
EXternal pings:
**********************************************
MyRouter_2911#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
*********************************************
Internal pings from this router:
********************************************
MyRouter_2911#ping 10.10.10.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
**************************************************
Show ver:
************************************************
System image file is "flash:/c2900-universalk9-mz.SPA.152-4.M9.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2911/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FTX1440A28K
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
254464K bytes of ATA System CompactFlash 0 (Read/Write)


License Info:
********************************************************************************************
Show run is attached.  Need help
showrunEEPURPOSEDtDec72017.TXT
LVL 5
amanzoorNetwork infrastructure AdminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
Check filtering on WAN:

interface GigabitEthernet0/1.420
 ip access-group 101 in

icmp is permitted for
access-list 101 permit icmp host 64. host 72.

access-list 101 permit icmp host 64. host 72.
access-list 101 permit icmp host 74. host 72.
access-list 101 permit icmp host 74. host 72.
access-list 101 permit icmp host 184 host 72.
access-list 101 permit icmp host 64. host 72.
access-list 101 permit icmp host 64. host 72.
access-list 101 permit icmp host 64. host 72.
?There is no 8.8.8.8 as source (except is it a part of statement
access-list 101 permit ip any host 72.

For test you can remove filtering from interface, and then adjust access list if that is the issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
amanzoorNetwork infrastructure AdminAuthor Commented:
Predrag:
Excellent.  I removed the access-list 101 and I was able to ping external IP addresses.  
Now keeping in mind security of network, is it good/necessary for a router to ping every external address?
I appreciate your time looking into it.
0
JustInCaseCommented:
If you forbid icmp completely you can cause problem with frame fragmentation. So, it would be recommended to enable icmp (at least some types of icmp messages and it would be recommendable to rate limit (police) number of icmp packets that have access to control plane.
0
amanzoorNetwork infrastructure AdminAuthor Commented:
Thanks Predrag,
Really appreciate it.
0
JustInCaseCommented:
You're welcome.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.