Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ciscoworks DFM alert unreachable for PIX interfaces

Hi,

I understand that for DFM to determine reachability for device interfaces, it will attempt to ping and then query via snmp.

Now, when the Ciscoworks server behind the inside interface of a PIX ping its outside interface, there will not be a response and Ciscoworks DFM will alert saying that the interface is unreachable (but in fact is not down). How do you I around this problem?

3 REPLIES
Silver

Re: Ciscoworks DFM alert unreachable for PIX interfaces

Hi,

i am not a professional at PIX-boxes, but try to ping or snmp an outside host. If this works, everything is fine.

On a PIX it is not possible to access the external interface directly via an internal one.

Please refer to the security feature ASA (Adaptive Security Algorithm) in the PIX documentation.

Best regards,

Frank

New Member

Re: Ciscoworks DFM alert unreachable for PIX interfaces

You can enable ping, telnet, ssh in ver 6.3 or higher of PIX software with 'management-access [int]'. You have to enable each interface you want to access with this command. Prior to 6.3 this was not possible,

New Member

Re: Ciscoworks DFM alert unreachable for PIX interfaces

I believe that won't help. I saw the same issue with Cat6509 FWSM.

If the Ciscoworks is connected to the inside interface, it can only ping the inside interface, if allowed. Even if you allow ping and permit icmp any any to all interfaces, Ciscoworks will not be able to ping the other interfaces.

Let me know if anyone has a workaround for this.

140
Views
0
Helpful
3
Replies