Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
0
Helpful
2
Replies

Unable to ping the internal ip address of the secondary firewall

ssocsupport
Level 1
Level 1

‎08-09-2008 12:41 PM - edited ‎03-11-2019 06:29 AM

Cisco ASA is configured in HA

But unable to ping the internal interface ip of the secondary box from the primary

Labels:
0 Helpful
2 Replies 2

robertson.michael
Level 3
Level 3

‎08-09-2008 02:26 PM

Hi,

One thing to check would be to make sure you have 'icmp permit ' configured to allow you to ping the internal interface from the Primary IP address.

Also, check to be sure you have standby IP addresses configured on each interface ('ip address standby ').

If you are still having trouble, please post the output of 'show failover' and 'show run icmp'.

-Mike

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-09-2008 09:34 PM

Are you running any dynaminc routing on the box, like OSPF/EIGRP etc.? Neighbor relationships are only formed with the active unit. If the 'source IP' of the machine you are using to telnet to the secondary firewall is not reachable to the firewalll via a static route, you won't be able to telnet/ping.

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card