Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
0
Helpful
4
Replies

VPN anyconnect no Ping ip firewall

Polkara10
Level 1
Level 1

‎04-10-2012 04:25 AM - edited ‎02-21-2020 06:00 PM

II have a management network 192.168.5.x and VPN network 192.168.25.x. I can ping a all my network elements except to firewall (ASA5510). The ASA has the IP 192.168.5.1. I think that the firewall has some restriction but I don't know. I have 8.2 software and anyconnenct 3.0 and work fine. If I am in the management network (192.168.5.7), I can ping to firewall. The restrict is with the VPN network.

Thanks,

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎04-10-2012 04:51 AM

Hi,

I gather you are trying to ping the ASA inside interface from a connected VPN Client?

To my understanding this is not possible.

You can't ping an interface IP address from behind some other interface on the ASA. In this case it would be a ICMP echo coming from outside to inside interface IP

To otherwise enable ICMP to ASA interface use the following command format

icmp permit/deny

- Jouni

0 Helpful

Polkara10
Level 1
Level 1

‎04-10-2012 07:55 AM

Thanks but didn't work.

Sent from Cisco Technical Support iPhone App

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Polkara10

‎04-10-2012 08:00 AM

Hey,

As I said you can't ping an ASA interface behind another interface.

So pinging from VPN Client host (which is behind outside) to inside interface IP (which is "behind" inside interface) isnt possible to my knowledge.

The command format I added is just to point out how you can allow ICMP when you are pinging the ASA interface IP behind that same interface.

- Jouni

0 Helpful

Javier Portuguez
Level 9
Level 9

‎04-10-2012 12:29 PM

Hi,

In order for you to ping the ASA itself coming over a VPN tunnel, you must use the "management access" command.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_management.html#wp1064497

You can only have one management interface at the time.

Please let us know if it helps you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents