https://community.cisco.com/t5/network-security/asa5540-no-icmp-reply-from-inside-subinterface/m-p/2254073#M350838 <HTML><HEAD></HEAD><BODY><P>Thank you mate!</P></BODY></HTML> Fri, 03 May 2013 01:57:57 GMT PiEich 2013-05-03T01:57:57Z https://community.cisco.com/t5/network-security/asa5540-no-icmp-reply-from-inside-subinterface/m-p/2254071#M350836 <P>Hello guys,</P><P>I need to monitor with ping the inside sub-interface of my ASA5540, is that possible?</P><P>I get the ICMP requests but no replys going out from the box.</P><P></P><P></P><P>I need to ping the 192.168.10.250 from the 192.168.5.55:</P><P></P><P></P><P><SPAN style="font-family: courier new,courier;"><STRONG>ASA Version 8.0(5)</STRONG></SPAN></P><P></P><P><SPAN style="font-family: courier new,courier;"><STRONG>interface GigabitEthernet0/1</STRONG></SPAN></P><P><SPAN style="font-family: courier new,courier;"><STRONG> nameif inside</STRONG></SPAN></P><P><SPAN style="font-family: courier new,courier;"><STRONG> security-level 100</STRONG></SPAN></P><P><SPAN style="font-family: courier new,courier;"><STRONG> ip address 192.168.30.50 255.255.255.0 </STRONG></SPAN></P><P><SPAN style="font-family: courier new,courier;"><STRONG>!</STRONG></SPAN></P><P><SPAN style="font-family: courier new,courier;"><STRONG>interface GigabitEthernet0/1.1</STRONG></SPAN></P><P><SPAN style="font-family: courier new,courier;"><STRONG> description Polling</STRONG></SPAN></P><P><SPAN style="font-family: courier new,courier;"><STRONG> no vlan</STRONG></SPAN></P><P><SPAN style="font-family: courier new,courier;"><STRONG> no nameif</STRONG></SPAN></P><P><SPAN style="font-family: courier new,courier;"><STRONG> security-level 100</STRONG></SPAN></P><P><SPAN style="font-family: courier new,courier;"><STRONG> ip address 192.168.10.250 255.255.255.0 </STRONG></SPAN></P><P></P><P><SPAN style="font-family: courier new,courier;"><STRONG>access-list inside_nat0_outbound extended permit ip host 192.168.10.250 host 192.168.5.55 </STRONG></SPAN></P><P></P><P><SPAN style="font-family: courier new,courier;"><STRONG>access-list inside_access_in extended permit icmp any any log debugging </STRONG></SPAN></P><P></P><P><SPAN style="font-family: courier new,courier;"><STRONG>icmp permit any inside</STRONG></SPAN></P><P></P><P></P><P></P><P>Thank you guys!</P> Tue, 12 Mar 2019 01:36:31 GMT https://community.cisco.com/t5/network-security/asa5540-no-icmp-reply-from-inside-subinterface/m-p/2254071#M350836 PiEich 2019-03-12T01:36:31Z https://community.cisco.com/t5/network-security/asa5540-no-icmp-reply-from-inside-subinterface/m-p/2254072#M350837 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You cant ping an ASA interface from behind another interface.</P><P></P><P>Only exception to this is for connections coming from a VPN Connection. Then you can use the command "management-access <NAMEIF>" to enable ICMP and management connections to an ASA interface from behind another interface.</NAMEIF></P><P></P><P>So I dont think you can get this to work.</P><P></P><P>The host polling with ICMP has to be behind the interface being polled.</P><P></P><P>Though I guess the method to monitor all the interfaces on the ASA would be to use SNMP.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 29 Apr 2013 23:49:25 GMT https://community.cisco.com/t5/network-security/asa5540-no-icmp-reply-from-inside-subinterface/m-p/2254072#M350837 Jouni Forss 2013-04-29T23:49:25Z https://community.cisco.com/t5/network-security/asa5540-no-icmp-reply-from-inside-subinterface/m-p/2254073#M350838 <HTML><HEAD></HEAD><BODY><P>Thank you mate!</P></BODY></HTML> Fri, 03 May 2013 01:57:57 GMT https://community.cisco.com/t5/network-security/asa5540-no-icmp-reply-from-inside-subinterface/m-p/2254073#M350838 PiEich 2013-05-03T01:57:57Z