Ping Remote ASA's Internal Interface Through VPN

Unanswered Question
Feb 29th, 2008

Hello everyone,

I'm trying to ping a remote ASA's internal interface through an L2L VPN, but I'm getting a

Denied ICMP type = 8, code = 0 from interface 1

in my debug icmp trace when I do so.

It's pretty strange because I have another ASA close to that location with no funky configs and it pings fine.

I can ping to devices behind the ASA in question which have the same subnet IPs.

I've enabled:

icmp permit any echo-reply inside

icmp permit any echo-reply outside

and I've even enabled:

management-access inside

but still no luck...

I'd appreciate it if anyone had any insight of what's happening here and shared it with me.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
amiralisetoudeh Fri, 02/29/2008 - 10:55

Ok - I think I got it right.

I enabled:

icmp permit any inside

and it started working... hmm. Looks like it needs something more than echo-reply to reply to pings?



This Discussion