Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510, Access other interface problem

Hi,

I have just configured my brand new ASA 5510 with ASA Version 8.0(4). i am having a little problem that is: i cannot access(nor even ping) DMZ interface and other interface from Inside Host, mean while i can access the servers behind DMZ and other interfaces.

when i ping to DMZ interface i found the below msgs in logging.

Built inbound ICMP connection for faddr 192.168.10.33/512 gaddr 172.16.250.5/0 laddr 172.16.250.5/0

Details:

% ASA-6-302020: Built {in | out}bound ICMP connection for faddr {faddr | icmp_seq_num} gaddr {gaddr | cmp_type} laddr laddr

An ICMP session was established in the fast-path when stateful ICMP is enabled using the inspect icmp command.

Teardown ICMP connection for faddr 192.168.10.33/512 gaddr 172.16.250.5/0 laddr 172.16.250.5/0

details:

%ASA-6-302021: Teardown ICMP connection for faddr {faddr | icmp_seq_num}

gaddr {gaddr | cmp_type} laddr laddr

An ICMP session was removed in the fast-path when stateful ICMP is enabled using the inspect icmp command.

i tried alot but couldnt get success.

please help!

3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: ASA 5510, Access other interface problem

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

Re: ASA 5510, Access other interface problem

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

Re: ASA 5510, Access other interface problem

Its there since PIX days.

Its exists for all ASA codes.

Syed Iftekhar Ahmed

5 REPLIES

Re: ASA 5510, Access other interface problem

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

Re: ASA 5510, Access other interface problem

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

New Member

Re: ASA 5510, Access other interface problem

Thank you So Much for your Reply Mr. Iftikhar,

I got your point, i sensed that too, but wasnt sure, once again thanks :)

i have a question that this security feature is only available in ASA ver. 8.0(4) or its ASA feature regardless of ASA Version?

Thank you,

Zafar-

Re: ASA 5510, Access other interface problem

Its there since PIX days.

Its exists for all ASA codes.

Syed Iftekhar Ahmed

New Member

Re: ASA 5510, Access other interface problem

Thanks once again :)

1802
Views
0
Helpful
5
Replies