Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
0
Helpful
2
Replies

ASA 5510 Virtual IP & Sub-Interfaces

ansuman07
Level 1
Level 1

‎08-30-2007 03:12 AM - edited ‎03-11-2019 04:04 AM

Hi All,

I have a server farm on my DMZ. I have statically NATted the Servers' IP addresses to other IP addresses for the inside & outside networks. I can http in to web server's NATted IP, but i cannot ping these addresses. Is there a way i can ping these virtual addresses.

Can i use the subinterfaces on say the outside or inside interfaces to assign public IPs and then map the addresses of the servers on DMZ to those on the subinterfaces.

Labels:
0 Helpful
2 Replies 2

purohit_810
Level 5
Level 5

‎08-30-2007 05:40 AM

Yes you can do but in that case your all OUTSIDE INterface has priority will be 0.

Open Access list ICMP extended to ping.

Regards,

Dharmesh

0 Helpful

srue
Level 7
Level 7
In response to purohit_810

‎08-30-2007 09:00 AM

To allow inbound pings, you must specify on your outside acl:

permit icmp any any echo

To allow outbound pings (the return response), again, on your outside acl:

permit icmp any any echo-reply

These assume you have no outbound acl's.

The other option, turn on icmp inspection.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card