cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1983
Views
0
Helpful
2
Replies

New to ASA. Can you source ping from inside interface to Internet?

Difan Zhao
Level 5
Level 5

Hi Guys,

Am I supposed to be able to ping an internet address sourced from the inside interface?

ping inside 1.1.1.1

I can ping this address from outside interface.

Here is my config:

interface Ethernet0/0

nameif outside

security-level 0

ip address 2.2.2.1 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.2.1.1 255.255.255.0

!

access-list ACL-outside extended permit icmp any any

access-list ACL-outside extended permit ip any any

access-list ACL-inside extended permit icmp any any

access-list ACL-inside extended permit ip any any

!

nat (inside) 1 192.168.2.0 255.255.255.0

nat (inside) 1 10.2.1.0 255.255.255.0

global (outside) 1 interface

!

access-group ACL-outside in interface outside

access-group ACL-inside in interface inside

route outside 0.0.0.0 0.0.0.0 2.2.2.254 1

Thanks!

Difan

1 Accepted Solution

Accepted Solutions

Yudong Wu
Level 7
Level 7

On ASA, you can not specify source IP of Ping packet.

If using "ping inside 1.1.1.1" and host 1.1.1.1 can be reachable via "inside" interface, your ping is OK. If host 1.1.1.1 is reachable via interface other than "inside", your ping will be fail.

Not sure if this is your question.

View solution in original post

2 Replies 2

andrew.prince
Level 10
Level 10

No.

HTH>

Yudong Wu
Level 7
Level 7

On ASA, you can not specify source IP of Ping packet.

If using "ping inside 1.1.1.1" and host 1.1.1.1 can be reachable via "inside" interface, your ping is OK. If host 1.1.1.1 is reachable via interface other than "inside", your ping will be fail.

Not sure if this is your question.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: