Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA (from LAN network to ASA outside interface ping )

ASA insideOutside.jpg

R1

int G0/0  IP Add 192.168.1.1/24

ASA

Int G0/1 IP Add 192.168.1.10/24

Int G0/0 IP Add 210.19.10.10/24

R2

Int G0/0 IP Add 210.19.10.1/24

___________________________________________

If i ping fro R1 int g0/0 to  ASA g0/1 its working

R1# ping 192.168.1.10

!!!!!

*but i cant ping  from R1 int G0/0 to  ASA int G0/0

R1# ping 210.19.10.10 ??????????????????

*  please tell me reason ?

4 REPLIES

ASA (from LAN network to ASA outside interface ping )

It's a security feature of the ASA.

New Member

ASA (from LAN network to ASA outside interface ping )

Hi Lalit,

It's right it's the security feature of ASA in which user at one end is not able to ping far end interface of the ASA, you could ping across the ASA but not the ip of ASA's far end interface.

- Prateek Verma

New Member

ASA (from LAN network to ASA outside interface ping )

Thanks Prateek

  i want know according  to packet flow of firewall, when  we ping that interface  where this packet is drop.

New Member

ASA (from LAN network to ASA outside interface ping )

Hi Lalit,

It's the default security feature of ASA due to which it is not allowed to ping far end interface ip of ASA. If you will try to run packet-tracer on ASA , you will see everything is allowed but it would get dropped in slow path secuirty check failed ( that's due to the default security feature of ASA).

- Prateek Verma

181
Views
0
Helpful
4
Replies
CreatePlease login to create content