Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

unable to ping firewall

Dear All,

We are going to impliment Spectrum (CA) in my network,i have ASA-5580-20 firewall now my spectrum server want to communicate with firewall,then only it will discover the firewall logs.

Now the problem is my spectrum server is in MZ zone(10.10.10.45) security leval is 70 and my inside interface(10.20.20.101) security leval is 100.

Iam unable to ping from spectrum server to firewall because of high security leval.

How can i solve this problem,can  i change my inside security leval to 69 then i think it will ping.

Please give ur valuble suggessions on this.

Srini

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Red

unable to ping firewall

Hi Dhani,

It is a security feature of the ASA appliance, you would not be able to ping remote interfaces, which means if your machine is on the DMZ interface, then you can only ping the DMZ interface from there, no other interface would be pingable.

It is valid for pings, ssh,telnet or ASDM access. You would only be able to access the firewall on the interface behind which you are connected.

Moreover, if you have any machine connected behind the inside interface, then you can ping it using NAT and ACL.

Hope this would be helpful.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
1 REPLY
Red

unable to ping firewall

Hi Dhani,

It is a security feature of the ASA appliance, you would not be able to ping remote interfaces, which means if your machine is on the DMZ interface, then you can only ping the DMZ interface from there, no other interface would be pingable.

It is valid for pings, ssh,telnet or ASDM access. You would only be able to access the firewall on the interface behind which you are connected.

Moreover, if you have any machine connected behind the inside interface, then you can ping it using NAT and ACL.

Hope this would be helpful.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
270
Views
5
Helpful
1
Replies