04-01-2008 02:37 AM - edited 03-11-2019 05:25 AM
Hi All,
We want to ping all interfaces from an ASA from a monitoring server located in one Management DMZ.
It works fine for the interface directly connected to the monitoring server, but it fails for all others,
Any ideas on how to solve this issue ?
Thanks a lot.
Christian
04-01-2008 03:35 AM
you can try:
asa(config)#no imcp deny any
Rgds
Jorge
04-01-2008 03:52 AM
Thanks Jorge
But it doesn't solve the issue.
I've already permitted any ICMP on all interfaces and I've already put access rules that allow the monitoring server to do ICMP to all ASA interfaces.
This access rule is applied on the interface where the monitoring server resides.
I also enable the ICMP inspect option.
Any other ideas ?
Rgds,
Christian
04-01-2008 04:17 AM
That's the nature of Pix/ASA device. You can
NOT ping the far side of the interface from
the same machine. In other words, let say
your PC is connected to "inside" interface and
that you have "outside", "inside" and "dmz" on
the firewall. From that PC you will NOT be
able to ping the "outside" and "dmz" interface.
That's the way the firewall is designed.
I've asked for this feature way back in
version 5.1. That was seven years ago.
CCIE Security
04-01-2008 04:49 AM
Thanks a lot for this confirmation.
04-01-2008 04:19 AM
Hmm..some other rules must be blocking icmp to the interface in questioned.. do you see anything in asa logs when monitoring server attempts icmp on the interface?
David post right argument.
04-13-2010 09:20 PM
Same issue here!
One of my customer wants to do the exact same thing! From the inside interface, ping all dmz interfaces for monitoring...
04-13-2010 09:23 PM
Not supported on ASA/PIX to ping the opposite interfaces. You can only ping the directly connected ASA interfaces.
04-13-2010 09:31 PM
Ok... So it's clear!
I'll inform my customer. We'll have to find a workaround.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide