Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2820
Views
0
Helpful
5
Replies

ASA 5510, Access other interface problem

Go to solution
zafar12233
Level 1
Level 1

‎02-22-2009 09:14 PM - edited ‎03-11-2019 07:54 AM

Hi,

I have just configured my brand new ASA 5510 with ASA Version 8.0(4). i am having a little problem that is: i cannot access(nor even ping) DMZ interface and other interface from Inside Host, mean while i can access the servers behind DMZ and other interfaces.

when i ping to DMZ interface i found the below msgs in logging.

Built inbound ICMP connection for faddr 192.168.10.33/512 gaddr 172.16.250.5/0 laddr 172.16.250.5/0

Details:

% ASA-6-302020: Built {in | out}bound ICMP connection for faddr {faddr | icmp_seq_num} gaddr {gaddr | cmp_type} laddr laddr

An ICMP session was established in the fast-path when stateful ICMP is enabled using the inspect icmp command.

Teardown ICMP connection for faddr 192.168.10.33/512 gaddr 172.16.250.5/0 laddr 172.16.250.5/0

details:

%ASA-6-302021: Teardown ICMP connection for faddr {faddr | icmp_seq_num}

gaddr {gaddr | cmp_type} laddr laddr

An ICMP session was removed in the fast-path when stateful ICMP is enabled using the inspect icmp command.

i tried alot but couldnt get success.

please help!

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎02-23-2009 12:09 AM

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

View solution in original post

0 Helpful

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎02-23-2009 12:11 AM

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

View solution in original post

0 Helpful

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8
In response to zafar12233

‎02-23-2009 01:50 AM

Its there since PIX days.

Its exists for all ASA codes.

Syed Iftekhar Ahmed

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎02-23-2009 12:09 AM

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

0 Helpful

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎02-23-2009 12:11 AM

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

0 Helpful

Go to solution
zafar12233
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎02-23-2009 01:34 AM

Thank you So Much for your Reply Mr. Iftikhar,

I got your point, i sensed that too, but wasnt sure, once again thanks :)

i have a question that this security feature is only available in ASA ver. 8.0(4) or its ASA feature regardless of ASA Version?

Thank you,

Zafar-

0 Helpful

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8
In response to zafar12233

‎02-23-2009 01:50 AM

Its there since PIX days.

Its exists for all ASA codes.

Syed Iftekhar Ahmed

0 Helpful

Go to solution
zafar12233
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎02-23-2009 02:19 AM

Thanks once again :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card