Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1612
Views
5
Helpful
3
Replies

Ping firewall in CML

Go to solution
kingdwight1
Level 1
Level 1

‎07-21-2020 10:45 AM

I have reserved a session for Cisco Modeling Labs (CML) Sandbox.  I am currently testing some automation using Python which requires me to ping the device before I try to make a SSH connection. I am able to telnet and SSH into the firewall from my home desktop using the AnyConnect connection but I cannot ping it.  Is there any way I can modify the sandbox environment to allow for ping to go through to the ASA in the sandbox ip address 10.10.20.171?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
bigevilbeard
VIP
VIP

‎07-22-2020 06:06 AM

Its been a while since i did any ASA stuff, so might be totally wrong here! By default does the ASA allow interfaces to respond to ICMP? I do not believe with the SBX there is any rules denying ICMP to the mgmt devices or over the VPN tunnel (anyconnect). Run a packet capture on the ASA and see if you see this being denied.

 

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

View solution in original post

Go to solution
kingdwight1
Level 1
Level 1
In response to bigevilbeard

‎07-22-2020 07:33 AM

Hi All,

 

A quick update.  I reached out to Cisco Modeling Labs Sandbox Support webex and they helped me understand that ping may not be feasible as I want to use it but more importantly, I should use try/except in my script rather than ping which after a little research, seems to make sense.  So I will be going that route.  Thank you all!!!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
bigevilbeard
VIP
VIP

‎07-22-2020 06:06 AM

Its been a while since i did any ASA stuff, so might be totally wrong here! By default does the ASA allow interfaces to respond to ICMP? I do not believe with the SBX there is any rules denying ICMP to the mgmt devices or over the VPN tunnel (anyconnect). Run a packet capture on the ASA and see if you see this being denied.

 

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

Go to solution
kingdwight1
Level 1
Level 1
In response to bigevilbeard

‎07-22-2020 07:33 AM

Hi All,

 

A quick update.  I reached out to Cisco Modeling Labs Sandbox Support webex and they helped me understand that ping may not be feasible as I want to use it but more importantly, I should use try/except in my script rather than ping which after a little research, seems to make sense.  So I will be going that route.  Thank you all!!!

0 Helpful

Go to solution
bigevilbeard
VIP
VIP
In response to kingdwight1

‎07-22-2020 08:45 AM

Good to know, thanks for the update!
Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful
Customers Also Viewed These Support Documents