Question:
I have this Cisco2921-V debug error on my router

Mar 7 10:58:26.296: ICMP: dst (81.21.95.206) administratively prohibited unreachable sent to 79.164.27.174

81.21.95.206 is my outside interface

ip access-list extended NAT
permit ip host 10.0.22.2 any
permit ip host 10.0.21.2 any
permit ip host 10.0.50.10 any
permit ip 10.0.42.0 0.0.0.255 any
permit ip 10.0.10.0 0.0.0.255 any
permit ip host 10.0.31.2 any
permit ip host 10.0.31.3 any
permit ip host 10.0.31.4 any
permit ip host 10.0.31.5 any
permit ip host 10.0.31.6 any
permit ip host 10.0.31.7 any
permit ip host 10.0.31.8 any
permit ip host 10.0.31.9 any
permit icmp any any
permit ip host 10.0.32.253 any

ip access-list extended outside
permit udp any eq domain any gt 1023
permit tcp any any established
permit tcp any host x.x.x.x eq smtp

interface FastEthernet0/0
description Internet
ip address 81.21.95.206 255.255.255.252
ip access-group outside in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto

this is some config from router

pings from router an through router not passing

what can be the problem?

Answer:

I'm assuming that you're trying to ping from the lan and you're not getting the return icmp response. If that's the case, add "permit icmp any any echo-reply" and you should be good.... C2901-VSEC