Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
272
Views
0
Helpful
1
Replies

Ping Remote ASA's Internal Interface Through VPN

amiralisetoudeh
Level 1
Level 1

‎02-29-2008 09:43 AM - edited ‎02-21-2020 03:35 PM

Hello everyone,

I'm trying to ping a remote ASA's internal interface through an L2L VPN, but I'm getting a

Denied ICMP type = 8, code = 0 from 192.168.0.7on interface 1

in my debug icmp trace when I do so.

It's pretty strange because I have another ASA close to that location with no funky configs and it pings fine.

I can ping to devices behind the ASA in question which have the same subnet IPs.

I've enabled:

icmp permit any echo-reply inside

icmp permit any echo-reply outside

and I've even enabled:

management-access inside

but still no luck...

I'd appreciate it if anyone had any insight of what's happening here and shared it with me.

-Ali

Labels:
0 Helpful
1 Reply 1

amiralisetoudeh
Level 1
Level 1

‎02-29-2008 10:55 AM

Ok - I think I got it right.

I enabled:

icmp permit any inside

and it started working... hmm. Looks like it needs something more than echo-reply to reply to pings?

-Ali

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents