cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
519
Views
0
Helpful
4
Replies

ASA (from LAN network to ASA outside interface ping )

LALIT MEHTA
Level 1
Level 1

ASA insideOutside.jpg

R1

int G0/0  IP Add 192.168.1.1/24

ASA

Int G0/1 IP Add 192.168.1.10/24

Int G0/0 IP Add 210.19.10.10/24

R2

Int G0/0 IP Add 210.19.10.1/24

___________________________________________

If i ping fro R1 int g0/0 to  ASA g0/1 its working

R1# ping 192.168.1.10

!!!!!

*but i cant ping  from R1 int G0/0 to  ASA int G0/0

R1# ping 210.19.10.10 ??????????????????

*  please tell me reason ?

4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

It's a security feature of the ASA.

prateeve
Level 1
Level 1

Hi Lalit,

It's right it's the security feature of ASA in which user at one end is not able to ping far end interface of the ASA, you could ping across the ASA but not the ip of ASA's far end interface.

- Prateek Verma

LALIT MEHTA
Level 1
Level 1

Thanks Prateek

  i want know according  to packet flow of firewall, when  we ping that interface  where this packet is drop.

Hi Lalit,

It's the default security feature of ASA due to which it is not allowed to ping far end interface ip of ASA. If you will try to run packet-tracer on ASA , you will see everything is allowed but it would get dropped in slow path secuirty check failed ( that's due to the default security feature of ASA).

- Prateek Verma

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: