How to PING all ASA interfaces for monitoring

Unanswered Question
Apr 1st, 2008

Hi All,

We want to ping all interfaces from an ASA from a monitoring server located in one Management DMZ.

It works fine for the interface directly connected to the monitoring server, but it fails for all others,

Any ideas on how to solve this issue ?

Thanks a lot.

Christian

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
christian.belkreir Tue, 04/01/2008 - 03:52

Thanks Jorge

But it doesn't solve the issue.

I've already permitted any ICMP on all interfaces and I've already put access rules that allow the monitoring server to do ICMP to all ASA interfaces.

This access rule is applied on the interface where the monitoring server resides.

I also enable the ICMP inspect option.

Any other ideas ?

Rgds,

Christian

cisco24x7 Tue, 04/01/2008 - 04:17

That's the nature of Pix/ASA device. You can

NOT ping the far side of the interface from

the same machine. In other words, let say

your PC is connected to "inside" interface and

that you have "outside", "inside" and "dmz" on

the firewall. From that PC you will NOT be

able to ping the "outside" and "dmz" interface.

That's the way the firewall is designed.

I've asked for this feature way back in

version 5.1. That was seven years ago.

CCIE Security

JORGE RODRIGUEZ Tue, 04/01/2008 - 04:19

Hmm..some other rules must be blocking icmp to the interface in questioned.. do you see anything in asa logs when monitoring server attempts icmp on the interface?

David post right argument.

Steve Rodrigue Tue, 04/13/2010 - 21:20

Same issue here!

One of my customer wants to do the exact same thing!   From the inside interface, ping all dmz interfaces for monitoring...

Jennifer Halim Tue, 04/13/2010 - 21:23

Not supported on ASA/PIX to ping the opposite interfaces. You can only ping the directly connected ASA interfaces.

Actions

This Discussion