https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497096#M660170 <P><SPAN style=": ; color: #333333; font-size: 10pt; sans-serif&amp;quot: ; font-family: Arial; , &amp;quot: ; Arial&amp;quot: ; ">Dear all,</SPAN></P><P><SPAN style="font-family: &amp;quot;Arial&amp;quot;, &amp;quot;sans-serif&amp;quot;; color: #333333; font-size: 10pt;"><SPAN style="font-family: Arial;">recently I faced a problem when we launched HP OV monitoring system. It is required to ping all enabled interfaces on ASA. "Inside" interface is monitored well but "Outside" is unavailable by ICMP and due to this alarm generated. I know that PIX's and ASA's with 7.x versions of software don't allow to do this (this is clearly noticed in documentation, </SPAN><A href="https://community.cisco.com/" target="_blank"><SPAN style="font-family: Arial;">here</SPAN></A><SPAN style="font-family: Arial;"> for example). But in </SPAN><A href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/config.html" target="_blank"><SPAN style="font-family: Arial;">documentation</SPAN></A><SPAN style="font-family: Arial;"> for version 8.2 (actually this version software installed now) I can't find any information regarding this question. I wonder if I missed something and such function was enabled in recent versions of software? </SPAN></SPAN></P><P class="MsoNormal" style="margin: 0in 0in 0pt;"><SPAN style="color: #000000; font-size: 12pt;"><BR /><SPAN style="font-size: 10pt;">Cheers</SPAN>,<BR /><SPAN style="font-size: 10pt;">Dmitriy</SPAN> </SPAN></P> Mon, 11 Mar 2019 18:21:24 GMT Helpdesk_ 2019-03-11T18:21:24Z https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497096#M660170 <P><SPAN style=": ; color: #333333; font-size: 10pt; sans-serif&amp;quot: ; font-family: Arial; , &amp;quot: ; Arial&amp;quot: ; ">Dear all,</SPAN></P><P><SPAN style="font-family: &amp;quot;Arial&amp;quot;, &amp;quot;sans-serif&amp;quot;; color: #333333; font-size: 10pt;"><SPAN style="font-family: Arial;">recently I faced a problem when we launched HP OV monitoring system. It is required to ping all enabled interfaces on ASA. "Inside" interface is monitored well but "Outside" is unavailable by ICMP and due to this alarm generated. I know that PIX's and ASA's with 7.x versions of software don't allow to do this (this is clearly noticed in documentation, </SPAN><A href="https://community.cisco.com/" target="_blank"><SPAN style="font-family: Arial;">here</SPAN></A><SPAN style="font-family: Arial;"> for example). But in </SPAN><A href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/config.html" target="_blank"><SPAN style="font-family: Arial;">documentation</SPAN></A><SPAN style="font-family: Arial;"> for version 8.2 (actually this version software installed now) I can't find any information regarding this question. I wonder if I missed something and such function was enabled in recent versions of software? </SPAN></SPAN></P><P class="MsoNormal" style="margin: 0in 0in 0pt;"><SPAN style="color: #000000; font-size: 12pt;"><BR /><SPAN style="font-size: 10pt;">Cheers</SPAN>,<BR /><SPAN style="font-size: 10pt;">Dmitriy</SPAN> </SPAN></P> Mon, 11 Mar 2019 18:21:24 GMT https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497096#M660170 Helpdesk_ 2019-03-11T18:21:24Z https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497097#M660172 <HTML><HEAD></HEAD><BODY><P>i think its still not possible but i can confirm on that, its more of a security feature which doesnt let u ping accross the asa and dont htin kthat would change</P><P></P><P>in any case i can confirm tht</P></BODY></HTML> Thu, 05 Aug 2010 06:39:00 GMT https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497097#M660172 Jitendriya Athavale 2010-08-05T06:39:00Z https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497098#M660174 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Take a look here, maybe you know it:</P><P><SPAN class="content"></SPAN></P><H2 class="pCRC_CmdRefCommand">management-access</H2><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/m_72.html#wp1794331">http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/m_72.html#wp1794331</A></P><P></P><P>What is the feedback?</P><P></P><P>Best regards</P></BODY></HTML> Thu, 05 Aug 2010 06:40:34 GMT https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497098#M660174 netsec 2010-08-05T06:40:34Z https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497099#M660176 <HTML><HEAD></HEAD><BODY><P>That’s is only to access the interface on the other side through the vpn tunnel</P><P></P><P>The idea behind this is since you are using vpn to get in through the outside, there is no reason why I should be denying you from accessing the firewall using my inside ip because ideally vpn means internal (network that u trust) so they are like your inside</P><P></P><P>This feature is mainly introduced to manage the firewall through the vpn</P><P></P><P>This command works only for the vpn traffic and also you can configure only 1 interface as management-access</P><P></P><P>Hope this helps</P></BODY></HTML> Thu, 05 Aug 2010 06:47:10 GMT https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497099#M660176 Jitendriya Athavale 2010-08-05T06:47:10Z https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497100#M660183 <HTML><HEAD></HEAD><BODY><P>Hi <SPAN style="color: #000000; font-size: 10pt; ">Dmitriy,</SPAN></P><P></P><P><SPAN style="color: #000000; font-size: 10pt; ">Jitendriya is correct--it is still not possible to ping a far-side interface on the ASA. This is by design and cannot be changed due to security restrictions. Here is the documentation for 8.2 that outlines this:</SPAN></P><P></P><P><A href="http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i1.html#wp1697623">http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i1.html#wp1697623</A></P><P></P><P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote">The adaptive security appliance only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface to a far interface. </PRE><BR /> Hope that helps.</P><P></P><P>-Mike</P></BODY></HTML> Thu, 05 Aug 2010 18:40:21 GMT https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497100#M660183 mirober2 2010-08-05T18:40:21Z https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497101#M660188 <HTML><HEAD></HEAD><BODY><P>Thanks a lot to all of you, guys. I will keep in mind that this is not possible.</P><P></P><P>Best regrads,</P><P>Dmitriy</P></BODY></HTML> Fri, 06 Aug 2010 09:30:58 GMT https://community.cisco.com/t5/network-security/once-again-about-pinging-asa-s-outside-interface-from-internal/m-p/1497101#M660188 Helpdesk_ 2010-08-06T09:30:58Z