cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1227
Views
0
Helpful
8
Replies

How to PING all ASA interfaces for monitoring

Hi All,

We want to ping all interfaces from an ASA from a monitoring server located in one Management DMZ.

It works fine for the interface directly connected to the monitoring server, but it fails for all others,

Any ideas on how to solve this issue ?

Thanks a lot.

Christian

8 Replies 8

JORGE RODRIGUEZ
Level 10
Level 10

you can try:

asa(config)#no imcp deny any

Rgds

Jorge

Jorge Rodriguez

Thanks Jorge

But it doesn't solve the issue.

I've already permitted any ICMP on all interfaces and I've already put access rules that allow the monitoring server to do ICMP to all ASA interfaces.

This access rule is applied on the interface where the monitoring server resides.

I also enable the ICMP inspect option.

Any other ideas ?

Rgds,

Christian

That's the nature of Pix/ASA device. You can

NOT ping the far side of the interface from

the same machine. In other words, let say

your PC is connected to "inside" interface and

that you have "outside", "inside" and "dmz" on

the firewall. From that PC you will NOT be

able to ping the "outside" and "dmz" interface.

That's the way the firewall is designed.

I've asked for this feature way back in

version 5.1. That was seven years ago.

CCIE Security

Thanks a lot for this confirmation.

Hmm..some other rules must be blocking icmp to the interface in questioned.. do you see anything in asa logs when monitoring server attempts icmp on the interface?

David post right argument.

Jorge Rodriguez

Steve Rodrigue
Level 1
Level 1

Same issue here!

One of my customer wants to do the exact same thing!   From the inside interface, ping all dmz interfaces for monitoring...

Not supported on ASA/PIX to ping the opposite interfaces. You can only ping the directly connected ASA interfaces.

Ok... So it's clear!

I'll inform my customer. We'll have to find a workaround.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: