Can't ping management IP on ASA from inside

ttrevino1 · ‎06-12-2007

I'm trying to figure out why I can't ping the inside management IP address of my ASA. I can ping any other IP on the same subnet from my desktop except this one. When I perform a debug icmp trace on the ASA, it shows the ping coming from my desktop but not returning.

Any suggestions? Thanks, Tony

vitripat · ‎06-12-2007

Hi Tony,

It seems that sitting on the inside subnet, you are trying to ping the IP address on management interface which is not working. However, you are able to ping everything else on the management subnet. Please correct me if wrong.

You wont be able to ping the management interface IP. This is not allowed on firewall. Please refer to following link-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

"The information in this document is based on PIX Software versions 4.1(6) and later."

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#pingsown

"You are not able to ping interfaces on the "far side" of the PIX in any version."

Hope this clear up things.

Regards,

Vibhor.

ttrevino1 · ‎06-12-2007

Hi Vibhor, thanks for the information, the diagram on that page helps. It's a little strange though, as I can ping the "inside" interface, which is on 10.2.1.0, from 10.4.13.0 (me), but can't ping the "management" interface, which is on 10.100.1.0.