Unable to ping the internal ip address of the secondary firewall

Unanswered Question
Aug 9th, 2008

Cisco ASA is configured in HA

But unable to ping the internal interface ip of the secondary box from the primary

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
robertson.michael Sat, 08/09/2008 - 14:26


One thing to check would be to make sure you have 'icmp permit ' configured to allow you to ping the internal interface from the Primary IP address.

Also, check to be sure you have standby IP addresses configured on each interface ('ip address standby ').

If you are still having trouble, please post the output of 'show failover' and 'show run icmp'.


Farrukh Haroon Sat, 08/09/2008 - 21:34

Are you running any dynaminc routing on the box, like OSPF/EIGRP etc.? Neighbor relationships are only formed with the active unit. If the 'source IP' of the machine you are using to telnet to the secondary firewall is not reachable to the firewalll via a static route, you won't be able to telnet/ping.




This Discussion