Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

How to PING all ASA interfaces for monitoring

Hi All,

We want to ping all interfaces from an ASA from a monitoring server located in one Management DMZ.

It works fine for the interface directly connected to the monitoring server, but it fails for all others,

Any ideas on how to solve this issue ?

Thanks a lot.

Christian

8 REPLIES

Re: How to PING all ASA interfaces for monitoring

you can try:

asa(config)#no imcp deny any

Rgds

Jorge

Re: How to PING all ASA interfaces for monitoring

Thanks Jorge

But it doesn't solve the issue.

I've already permitted any ICMP on all interfaces and I've already put access rules that allow the monitoring server to do ICMP to all ASA interfaces.

This access rule is applied on the interface where the monitoring server resides.

I also enable the ICMP inspect option.

Any other ideas ?

Rgds,

Christian

Silver

Re: How to PING all ASA interfaces for monitoring

That's the nature of Pix/ASA device. You can

NOT ping the far side of the interface from

the same machine. In other words, let say

your PC is connected to "inside" interface and

that you have "outside", "inside" and "dmz" on

the firewall. From that PC you will NOT be

able to ping the "outside" and "dmz" interface.

That's the way the firewall is designed.

I've asked for this feature way back in

version 5.1. That was seven years ago.

CCIE Security

Re: How to PING all ASA interfaces for monitoring

Thanks a lot for this confirmation.

Re: How to PING all ASA interfaces for monitoring

Hmm..some other rules must be blocking icmp to the interface in questioned.. do you see anything in asa logs when monitoring server attempts icmp on the interface?

David post right argument.

New Member

Re: How to PING all ASA interfaces for monitoring

Same issue here!

One of my customer wants to do the exact same thing!   From the inside interface, ping all dmz interfaces for monitoring...

Cisco Employee

Re: How to PING all ASA interfaces for monitoring

Not supported on ASA/PIX to ping the opposite interfaces. You can only ping the directly connected ASA interfaces.

New Member

Re: How to PING all ASA interfaces for monitoring

Ok... So it's clear!

I'll inform my customer. We'll have to find a workaround.

489
Views
0
Helpful
8
Replies
CreatePlease login to create content