We have site-to-site VPNs, all of them through PIX firewalls, and for management purposes would like to ping inside ip address of PIX firewall. Pinging the inside IP address of the PIX would determine if the VPN Tunnel has been established. Our software would then alert us when VPN tunnel is no longer up when the pings fail.
Re: Ping inside interface of PIX across VPN Tunnel
This currently is not possible, you can't ping an interface on a PIX from another interface, even over a VPN tunnel. I agree that this functionality is very useful in your situation where you have remote PIX's, and the only way you have to connect to them is via their inside interface. This is especially necessary when the PIX gets it's outside IP address via DHCP from the ISP, in that scenario you have no way of knowing if the PIX is up or not.
I believe this functionality is being included in 6.3 code due out late this month/early April, since a lot of customers complained about it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...