Can't ping management IP on ASA from inside

Unanswered Question
Jun 12th, 2007

I'm trying to figure out why I can't ping the inside management IP address of my ASA. I can ping any other IP on the same subnet from my desktop except this one. When I perform a debug icmp trace on the ASA, it shows the ping coming from my desktop but not returning.

Any suggestions? Thanks, Tony

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vitripat Tue, 06/12/2007 - 08:12

Hi Tony,


It seems that sitting on the inside subnet, you are trying to ping the IP address on management interface which is not working. However, you are able to ping everything else on the management subnet. Please correct me if wrong.


You wont be able to ping the management interface IP. This is not allowed on firewall. Please refer to following link-


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml


"The information in this document is based on PIX Software versions 4.1(6) and later."


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#pingsown


"You are not able to ping interfaces on the "far side" of the PIX in any version."


Hope this clear up things.


Regards,

Vibhor.


ttrevino1 Tue, 06/12/2007 - 08:28

Hi Vibhor, thanks for the information, the diagram on that page helps. It's a little strange though, as I can ping the "inside" interface, which is on 10.2.1.0, from 10.4.13.0 (me), but can't ping the "management" interface, which is on 10.100.1.0.

Actions

This Discussion