Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
5
Helpful
1
Replies

unable to ping firewall

Go to solution
dhanikonda
Level 1
Level 1

‎04-19-2012 02:49 AM - edited ‎03-11-2019 03:55 PM

Dear All,

We are going to impliment Spectrum (CA) in my network,i have ASA-5580-20 firewall now my spectrum server want to communicate with firewall,then only it will discover the firewall logs.

Now the problem is my spectrum server is in MZ zone(10.10.10.45) security leval is 70 and my inside interface(10.20.20.101) security leval is 100.

Iam unable to ping from spectrum server to firewall because of high security leval.

How can i solve this problem,can  i change my inside security leval to 69 then i think it will ping.

Please give ur valuble suggessions on this.

Srini

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10

‎04-19-2012 02:55 AM

Hi Dhani,

It is a security feature of the ASA appliance, you would not be able to ping remote interfaces, which means if your machine is on the DMZ interface, then you can only ping the DMZ interface from there, no other interface would be pingable.

It is valid for pings, ssh,telnet or ASDM access. You would only be able to access the firewall on the interface behind which you are connected.

Moreover, if you have any machine connected behind the inside interface, then you can ping it using NAT and ACL.

Hope this would be helpful.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

1 Reply 1

Go to solution
varrao
Level 10
Level 10

‎04-19-2012 02:55 AM

Hi Dhani,

It is a security feature of the ASA appliance, you would not be able to ping remote interfaces, which means if your machine is on the DMZ interface, then you can only ping the DMZ interface from there, no other interface would be pingable.

It is valid for pings, ssh,telnet or ASDM access. You would only be able to access the firewall on the interface behind which you are connected.

Moreover, if you have any machine connected behind the inside interface, then you can ping it using NAT and ACL.

Hope this would be helpful.

Thanks,

Varun

Thanks,
Varun Rao
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card