cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


504
Views
0
Helpful
2
Replies
Highlighted
Beginner

ASA5540 - No ICMP reply from inside subinterface

Hello guys,

I need to monitor with ping the inside sub-interface of my ASA5540, is that possible?

I get the ICMP requests but no replys going out from the box.

I need to ping the 192.168.10.250 from the 192.168.5.55:

ASA Version 8.0(5)

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 192.168.30.50 255.255.255.0

!

interface GigabitEthernet0/1.1

description Polling

no vlan

no nameif

security-level 100

ip address 192.168.10.250 255.255.255.0

access-list inside_nat0_outbound extended permit ip host 192.168.10.250 host 192.168.5.55

access-list inside_access_in extended permit icmp any any log debugging

icmp permit any inside

Thank you guys!

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Mentor

ASA5540 - No ICMP reply from inside subinterface

Hi,

You cant ping an ASA interface from behind another interface.

Only exception to this is for connections coming from a VPN Connection. Then you can use the command "management-access " to enable ICMP and management connections to an ASA interface from behind another interface.

So I dont think you can get this to work.

The host polling with ICMP has to be behind the interface being polled.

Though I guess the method to monitor all the interfaces on the ASA would be to use SNMP.

- Jouni

View solution in original post

2 REPLIES 2
Mentor

ASA5540 - No ICMP reply from inside subinterface

Hi,

You cant ping an ASA interface from behind another interface.

Only exception to this is for connections coming from a VPN Connection. Then you can use the command "management-access " to enable ICMP and management connections to an ASA interface from behind another interface.

So I dont think you can get this to work.

The host polling with ICMP has to be behind the interface being polled.

Though I guess the method to monitor all the interfaces on the ASA would be to use SNMP.

- Jouni

View solution in original post

Beginner

ASA5540 - No ICMP reply from inside subinterface

Thank you mate!

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here