New to ASA. Can you source ping from inside interface to Internet?

Answered Question
Mar 2nd, 2009
User Badges:

Hi Guys,


Am I supposed to be able to ping an internet address sourced from the inside interface?


ping inside 1.1.1.1


I can ping this address from outside interface.


Here is my config:

interface Ethernet0/0

nameif outside

security-level 0

ip address 2.2.2.1 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.2.1.1 255.255.255.0

!

access-list ACL-outside extended permit icmp any any

access-list ACL-outside extended permit ip any any

access-list ACL-inside extended permit icmp any any

access-list ACL-inside extended permit ip any any

!

nat (inside) 1 192.168.2.0 255.255.255.0

nat (inside) 1 10.2.1.0 255.255.255.0

global (outside) 1 interface

!

access-group ACL-outside in interface outside

access-group ACL-inside in interface inside

route outside 0.0.0.0 0.0.0.0 2.2.2.254 1


Thanks!

Difan

Correct Answer by Yudong Wu about 8 years 3 weeks ago

On ASA, you can not specify source IP of Ping packet.

If using "ping inside 1.1.1.1" and host 1.1.1.1 can be reachable via "inside" interface, your ping is OK. If host 1.1.1.1 is reachable via interface other than "inside", your ping will be fail.


Not sure if this is your question.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Yudong Wu Tue, 03/03/2009 - 14:42
User Badges:
  • Gold, 750 points or more

On ASA, you can not specify source IP of Ping packet.

If using "ping inside 1.1.1.1" and host 1.1.1.1 can be reachable via "inside" interface, your ping is OK. If host 1.1.1.1 is reachable via interface other than "inside", your ping will be fail.


Not sure if this is your question.

Actions

This Discussion