How to PING all ASA interfaces for monitoring

Unanswered Question
Apr 1st, 2008
User Badges:

Hi All,

We want to ping all interfaces from an ASA from a monitoring server located in one Management DMZ.

It works fine for the interface directly connected to the monitoring server, but it fails for all others,

Any ideas on how to solve this issue ?

Thanks a lot.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Tue, 04/01/2008 - 03:35
User Badges:
  • Green, 3000 points or more

you can try:

asa(config)#no imcp deny any



christian.belkreir Tue, 04/01/2008 - 03:52
User Badges:

Thanks Jorge

But it doesn't solve the issue.

I've already permitted any ICMP on all interfaces and I've already put access rules that allow the monitoring server to do ICMP to all ASA interfaces.

This access rule is applied on the interface where the monitoring server resides.

I also enable the ICMP inspect option.

Any other ideas ?



cisco24x7 Tue, 04/01/2008 - 04:17
User Badges:
  • Silver, 250 points or more

That's the nature of Pix/ASA device. You can

NOT ping the far side of the interface from

the same machine. In other words, let say

your PC is connected to "inside" interface and

that you have "outside", "inside" and "dmz" on

the firewall. From that PC you will NOT be

able to ping the "outside" and "dmz" interface.

That's the way the firewall is designed.

I've asked for this feature way back in

version 5.1. That was seven years ago.

CCIE Security

JORGE RODRIGUEZ Tue, 04/01/2008 - 04:19
User Badges:
  • Green, 3000 points or more

Hmm..some other rules must be blocking icmp to the interface in questioned.. do you see anything in asa logs when monitoring server attempts icmp on the interface?

David post right argument.

Steve Rodrigue Tue, 04/13/2010 - 21:20
User Badges:

Same issue here!

One of my customer wants to do the exact same thing!   From the inside interface, ping all dmz interfaces for monitoring...

Jennifer Halim Tue, 04/13/2010 - 21:23
User Badges:
  • Cisco Employee,

Not supported on ASA/PIX to ping the opposite interfaces. You can only ping the directly connected ASA interfaces.

Steve Rodrigue Tue, 04/13/2010 - 21:31
User Badges:

Ok... So it's clear!

I'll inform my customer. We'll have to find a workaround.


This Discussion