Pinging outside interface of remote ASA5510 VPN peer
Hi Group, hope someone here can help.
We have two sites, A and B each with an ASA5510 providing a backup VPN for a fibre link between the sites. Both the fibre & VPN links work fine.
Site A has an internal network monitor that continuously pings our network infrastructure and alerts us when something goes down.
We need to ping the external interface of Site B's ASA5510 to monitor the link through both sites' ISP's, however the monitors' pings all fail.
We have set icmp inspection at both sites and hosts from inside each site can ping other external hosts with:
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply outside
icmp permit any unreachable outside
icmp permit host SiteB_External outside
icmp permit any outside <--------- allow external icmp requests from anywhere for testing
So from home or any other external network we can ping the external interfaces of both ASA's. However from within the network or from the ASA's themselves we get no response when trying to ping the remote ASA external interface.
The ASA versions are 8.2 for site A & 8.4 for site B. I suspect the VPN is in some way influencing the situation, or perhaps even NAT but am not proficient enough to confirm this.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :