Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
1
Replies

Ping reply from Public NAT IP

Danilo Dy
VIP Alumni
VIP Alumni

‎07-17-2003 06:27 PM - edited ‎03-09-2019 04:05 AM

Hi,

I'm here again, I have a problem with the ping results I'm getting when I'm pinging from Inside host to DMZ host's private IP address, The ping reply is intermittent, sometimes the reply is from the DMZ server Public NAT IP and sometimes.

Any idea how this thing happen and what could be the workaround..

Thanks,

Ivan

Labels:
0 Helpful
1 Reply 1

l.mourits
Level 5
Level 5

‎07-18-2003 05:20 AM

Hi Ivan,

First take a look at this URL please:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb0b3.html#1008066

This URL contains a document about how the ASA (Adaptive Security Algorhitm) handles traffic within the PIX, and it states that ICMP is not handled by the ASA, where IP is. So, there's a big difference in IP and ICMP handling on the PIX.

Are you using ping just to test a new setup?

- if yes, don't do that again :-)

- if no, why you need ICMP?

In case you really need ICMP returning traffic from the dmz interface to the inside interface you have to configure this properly within your PIX.

Hope this helps,

Kind Regards,

Leo

0 Helpful
Customers Also Viewed These Support Documents