Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pinging outside interface of remote ASA5510 VPN peer

Hi Group, hope someone here can help.

We have two sites, A and B each with an ASA5510 providing a backup VPN for a fibre link between the sites. Both the fibre & VPN links work fine.

Site A has an internal network monitor that continuously pings our network infrastructure and alerts us when something goes down.

We need to ping the external interface of Site B's ASA5510 to monitor the link through both sites' ISP's, however the monitors' pings all fail.

We have set icmp inspection at both sites and hosts from inside each site can ping other external hosts with:

icmp unreachable rate-limit 1 burst-size 1

icmp permit any echo-reply outside

icmp permit any unreachable outside

icmp permit host SiteB_External outside

icmp permit any outside                                        <--------- allow external icmp requests from anywhere for testing

policy-map global_policy

class inspection_default

.

.

  inspect tftp

  inspect icmp

So from home or any other external network we can ping the external interfaces of both ASA's. However from within the network or from the ASA's themselves we get no response when trying to ping the remote ASA external interface.

The ASA versions are 8.2 for site A & 8.4 for site B. I suspect the VPN is in some way influencing the situation, or perhaps even NAT but am not proficient enough to confirm this.

Any help would be much appreciated.

Everyone's tags (2)
1 REPLY
New Member

Pinging outside interface of remote ASA5510 VPN peer

The interfaces will answer to ping without any configuration.

But you need to permit icmp from inside, and echo reply from outside.

However, pinging from the outside interface should be possible.

396
Views
0
Helpful
1
Replies
CreatePlease login to create content