Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

Ping to failover ip address...normal??

From one of the PIX firewall's tech notes, it was mentioned that by default,

a ping initiated from a host on a PIX interface's network segment

destined for a far side (or other interface) of the PIX is not allowed. There's

also no way of enabling this. However, is it normal that the same host can ping

the failover IP address assigned for a far side interface?

For instance:

PIX-Active(Outside) = 192.168.1.1

PIX-Active(Inside) =10.1.1.1

PIX-Active(DMZ) = 172.16.1.1

failover ip address outside 192.168.1.2

failover ip address inside 10.1.1.2

failover ip address dmz 172.16.1.2

A host residing on the inside network can ping 192.168.1.2.

Any input is greatly appreciated. Thanks.

1 REPLY
Bronze

Re: Ping to failover ip address...normal??

It is possible to ping the outside interface of failoever. However, you should not be able to ping beyond that point.

161
Views
0
Helpful
1
Replies
CreatePlease to create content