Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Extended Ping on PIX and show crypto engine

1.Anyboday know how can I do extened Ping from PIX ?for example after I created VPN tunnel between 2 PIX, I want to ping beween 2 inside interface ? Router no problem to do so.

2. Dose PIX have the command like router:

"show crypto engine connection active" so I can check encryption and decryption statistics

Thanks in advanced

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Extended Ping on PIX and show crypto engine

If I understand correctly what you are trying to do you should be able to use the configuration command "management inside" and then do a "ping inside ip address" where "ip address" is the destination IP to select that the source of the ping is the inside interface of the pix.

5 REPLIES
Bronze

Re: Extended Ping on PIX and show crypto engine

hi,

pix does not have extended ping like routers do, as for pinging between 2 inside interface you can achieve easily by defining the interesting traffic to bring the tunnel up, once established you should be able to ping the hosts on other side. to check the status of your tunnel do this

sh crypto isakmp sa

will tell you if the tunnel is up and created.

sh crypto ipsec sa

will tell you if the packets are going through the tunnel and encryption and decryption statistics.

please rate if it's helpful

New Member

Re: Extended Ping on PIX and show crypto engine

Thanks for reply,the problem is sometime we don't have access to client's host but PIX and "show crypto ipsec sa" is not so straight forward like " show crypto engine connections active" if we have a bunch of IPSec SAs.

Bronze

Re: Extended Ping on PIX and show crypto engine

hi

True, but you have to treat routers and firewalls separately.

New Member

Re: Extended Ping on PIX and show crypto engine

If I understand correctly what you are trying to do you should be able to use the configuration command "management inside" and then do a "ping inside ip address" where "ip address" is the destination IP to select that the source of the ping is the inside interface of the pix.

New Member

Re: Extended Ping on PIX and show crypto engine

Hi Andy, you are absolutely correct, it resolved my issues,thanks a lot.

658
Views
8
Helpful
5
Replies