Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Unable to ping the internal ip address of the secondary firewall

Cisco ASA is configured in HA

But unable to ping the internal interface ip of the secondary box from the primary

2 REPLIES

Re: Unable to ping the internal ip address of the secondary fire

Hi,

One thing to check would be to make sure you have 'icmp permit ' configured to allow you to ping the internal interface from the Primary IP address.

Also, check to be sure you have standby IP addresses configured on each interface ('ip address standby ').

If you are still having trouble, please post the output of 'show failover' and 'show run icmp'.

-Mike

Re: Unable to ping the internal ip address of the secondary fire

Are you running any dynaminc routing on the box, like OSPF/EIGRP etc.? Neighbor relationships are only formed with the active unit. If the 'source IP' of the machine you are using to telnet to the secondary firewall is not reachable to the firewalll via a static route, you won't be able to telnet/ping.

Regards

Farrukh

305
Views
0
Helpful
2
Replies
CreatePlease to create content