https://community.cisco.com/t5/network-security/ping-interface-gateway/m-p/2251338#M347338 <P>Hello, </P><P></P><P>I have an ASA5505 with the Security Plus License, I have 3 vlans, 1 external, and two internal. When I try try to ping the gateway of the oposing internal vlans gway I get the following error "</P><TABLE><TBODY><TR><TD>6</TD><TD>Jun 28 2013</TD><TD>13:33:44</TD><TD>110002</TD><TD>source_ip</TD><TD>1</TD><TD><BR /></TD><TD><BR /></TD><TD>Failed to locate egress interface for ICMP from private_lan:source_ip 3/1 to dest_vlan_gw/0</TD></TR></TBODY></TABLE><P></P><P>I can ping the source vlan gw &amp; all hosts. I can ping all hosts on the oposing vlan. I cannot ping the oposing vlan gw. </P><P></P><P>I have turnon on icmp inspection.</P><P></P><P>Thanks!<BR />"</P> Tue, 12 Mar 2019 02:04:36 GMT vgulinolite 2019-03-12T02:04:36Z https://community.cisco.com/t5/network-security/ping-interface-gateway/m-p/2251338#M347338 <P>Hello, </P><P></P><P>I have an ASA5505 with the Security Plus License, I have 3 vlans, 1 external, and two internal. When I try try to ping the gateway of the oposing internal vlans gway I get the following error "</P><TABLE><TBODY><TR><TD>6</TD><TD>Jun 28 2013</TD><TD>13:33:44</TD><TD>110002</TD><TD>source_ip</TD><TD>1</TD><TD><BR /></TD><TD><BR /></TD><TD>Failed to locate egress interface for ICMP from private_lan:source_ip 3/1 to dest_vlan_gw/0</TD></TR></TBODY></TABLE><P></P><P>I can ping the source vlan gw &amp; all hosts. I can ping all hosts on the oposing vlan. I cannot ping the oposing vlan gw. </P><P></P><P>I have turnon on icmp inspection.</P><P></P><P>Thanks!<BR />"</P> Tue, 12 Mar 2019 02:04:36 GMT https://community.cisco.com/t5/network-security/ping-interface-gateway/m-p/2251338#M347338 vgulinolite 2019-03-12T02:04:36Z https://community.cisco.com/t5/network-security/ping-interface-gateway/m-p/2251339#M347341 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>This is by design.</P><P></P><P>You wont be able to ping an interface IP address that is a remote interface for the source LAN.</P><P></P><P>So lets you have the following interface</P><P></P><P><STRONG>interface Vlan10</STRONG></P><P><STRONG> nameif LAN</STRONG></P><P><STRONG> security-level 100</STRONG></P><P><STRONG> ip add 10.10.10.1 255.255.255.0</STRONG></P><P></P><P><STRONG>interface Vlan20</STRONG></P><P><STRONG> nameif DMZ</STRONG></P><P><STRONG> security-level 50</STRONG></P><P><STRONG> ip add 10.10.20.1 255.255.255.0</STRONG></P><P></P><P>Hosts behind the interface <STRONG>"LAN" </STRONG>will be able to PING that interface IP address and the hosts behind the interface <STRONG>"DMZ"</STRONG> will be able to PING that interfaces IP address.</P><P></P><P>However hosts behind <STRONG>"LAN"</STRONG> wont be able to PING the <STRONG>"DMZ"</STRONG> interface IP address nor will the hosts behind <STRONG>"DMZ"</STRONG> be able to PING the interface IP address of<STRONG> "LAN"</STRONG>.</P><P></P><P>Hope this clarifies things <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Please do remember to mark the reply as the correct answer if it answered your question.</P><P></P><P>- Jouni</P></BODY></HTML> Fri, 28 Jun 2013 17:51:33 GMT https://community.cisco.com/t5/network-security/ping-interface-gateway/m-p/2251339#M347341 Jouni Forss 2013-06-28T17:51:33Z