https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945965#M435945 <HTML><HEAD></HEAD><BODY><P>Hello Jong,</P><P></P><P>Yep, that is right.</P><P></P><P>Have a good one!</P><P></P><P>Julio</P></BODY></HTML> Fri, 25 May 2012 23:38:39 GMT Julio Carvajal 2012-05-25T23:38:39Z https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945960#M435932 <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; We are using Cisco ASA 5580 (8.2) firewall. When i try to ping from inside lan to firewall DMZ interface IP it is not pingable and but from inside users i am able to ping firewall inside interface IP address.</P><P></P><P>I think we can't ping to other interfaces of ASA by default. But can we allow the single IP address who can ping all the interfaces of firewall?</P><P></P><P>We are not doing any natting in firewall, for that we used the Load Balancer. </P><P></P><P>Thanks...</P> Mon, 11 Mar 2019 23:11:13 GMT https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945960#M435932 Jayesh Rajan 2019-03-11T23:11:13Z https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945961#M435933 <HTML><HEAD></HEAD><BODY><P>Hello Jayesh,</P><P></P><P>The ASA as a security device will not allow you to ping&nbsp; a distant interface....</P><P></P><P>What is a distant interface?</P><P></P><P>As an example imagine you are on a host behind the inside interface.. You will be able to ping the inside interface but you wil NOT be able to ping the DMZ or outside interface... This because they are distant interface for the inside host..</P><P></P><P>There is nothing you can do to change that behavior, this is done as a security meassure by the ASA ( Built-in feature)</P><P></P><P>Regards,</P><P></P><P><STRONG>Do rate all the helpful posts</STRONG></P><P></P><P>Julio</P></BODY></HTML> Thu, 24 May 2012 17:48:33 GMT https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945961#M435933 Julio Carvajal 2012-05-24T17:48:33Z https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945962#M435935 <HTML><HEAD></HEAD><BODY><P> Hi Jayesh,</P><P></P><P>Julio is right that pingis not allowed by default. But you can still allow the PING by allowing ICMP in your access-list DMZ for specific host. You need also to allow ICMP from DMZ inteface.</P><P></P><P></P><P>ASA(config)# icmp permit host xxxx echo DMZ</P><P>ASA(config)# access-list DMZ-In extended permit icmp xxxx(DMZ host) host yyyy(inside host)</P><P></P><P></P><P>Thanks,</P><P>Jong</P></BODY></HTML> Fri, 25 May 2012 17:13:28 GMT https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945962#M435935 jong_r0602 2012-05-25T17:13:28Z https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945963#M435936 <HTML><HEAD></HEAD><BODY><P>Hello Jong,</P><P></P><P>I think he is refering to ping the DMZ interface from the inside.</P><P></P><P>Regards,</P></BODY></HTML> Fri, 25 May 2012 21:10:13 GMT https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945963#M435936 Julio Carvajal 2012-05-25T21:10:13Z https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945964#M435944 <HTML><HEAD></HEAD><BODY><P> Hi Julio,</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Oh yes.. its the interface and not the host. Your correct, ping is not allowed for this scenario.</P><P></P><P></P><P>Regards,</P><P>Jong</P></BODY></HTML> Fri, 25 May 2012 21:22:11 GMT https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945964#M435944 jong_r0602 2012-05-25T21:22:11Z https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945965#M435945 <HTML><HEAD></HEAD><BODY><P>Hello Jong,</P><P></P><P>Yep, that is right.</P><P></P><P>Have a good one!</P><P></P><P>Julio</P></BODY></HTML> Fri, 25 May 2012 23:38:39 GMT https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945965#M435945 Julio Carvajal 2012-05-25T23:38:39Z https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945966#M435946 <HTML><HEAD></HEAD><BODY><P>Thanks All....</P><P></P><P>Is there any cisco document is available where this mentioned?</P></BODY></HTML> Sun, 10 Jun 2012 06:30:26 GMT https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945966#M435946 Jayesh Rajan 2012-06-10T06:30:26Z https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945967#M435947 <HTML><HEAD></HEAD><BODY><P> Yes. Pls refer the below cisco document.</P><P></P><P><A href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0</A></P></BODY></HTML> Sun, 10 Jun 2012 09:36:54 GMT https://community.cisco.com/t5/network-security/can-t-ping-asa-different-interfaces/m-p/1945967#M435947 nkarthikeyan 2012-06-10T09:36:54Z