Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
654
Views
0
Helpful
6
Replies

pix---ping to inside inf from dmzs ?

Go to solution
secureIT
Level 4
Level 4

‎03-22-2010 11:31 PM - edited ‎03-11-2019 10:24 AM

hi experts,

is it possible to ping the inside interface of the pix firewall from dmz or outside.. if yes, what are the configurations to be done on it..

pls help....

rajesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to secureIT

‎03-23-2010 04:44 AM

No, you can only ping from directly connected interface, ie: from outside, you can only ping the outside interface, from dmz, you can only ping the dmz interface, etc etc.

If you are connecting via VPN on the outside interface, you can configure "management-access inside" to be able to ping the inside interface.

However you can only configure 1 management-access line, not multiple lines. Therefore you would need to choose which interface you would like to ping when you VPN in.

Here is the command for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1987122

Hope that helps.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
sean_evershed
Level 7
Level 7

‎03-23-2010 02:43 AM

Hi,

This link will help

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic2

It states the following:

Pings Inbound

Pings initiated from the outside, or another low security interface of       the PIX, are denied be default. The pings can be allowed by the use of static       and access lists or access lists alone.

0 Helpful

Go to solution
secureIT
Level 4
Level 4
In response to sean_evershed

‎03-23-2010 03:42 AM

Hi,

thanks for your reply...

my intention is to ping to the INSIDE INTERFACE from any other dmzz/outside network !!!!

pls check and let me know...

rajesh

0 Helpful

Go to solution
r3linquish3d
Level 1
Level 1
In response to secureIT

‎03-23-2010 03:52 AM

Can you please attach the running configuration file?

0 Helpful

Go to solution
secureIT
Level 4
Level 4
In response to r3linquish3d

‎03-23-2010 04:35 AM

ethernet 0 outside -> 172.16.1.1

ethernet 2 dmz -> 192.168.1.1

ethernet 1 inside -> 10.0.0.1

icmp permit any inside

icmp permit any outside

icmp permit any dmz

access-list 101 permit ip any any

access-group 101 in interface inside

access-group 101 in interface outside

access-group 101 in interface dmz

0 Helpful

Go to solution
r3linquish3d
Level 1
Level 1
In response to secureIT

‎03-23-2010 04:42 AM

I dont know the security level of the interfaces. So set the security-level to 100 for inside and dmz interface.

security-level 100

same-security-traffic permit intra-interface

access-group 101 out interface dmz

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to secureIT

‎03-23-2010 04:44 AM

No, you can only ping from directly connected interface, ie: from outside, you can only ping the outside interface, from dmz, you can only ping the dmz interface, etc etc.

If you are connecting via VPN on the outside interface, you can configure "management-access inside" to be able to ping the inside interface.

However you can only configure 1 management-access line, not multiple lines. Therefore you would need to choose which interface you would like to ping when you VPN in.

Here is the command for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1987122

Hope that helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card