Hi Group, hope someone here can help.
We have two sites, A and B each with an ASA5510 providing a backup VPN for a fibre link between the sites. Both the fibre & VPN links work fine.
Site A has an internal network monitor that continuously pings our network infrastructure and alerts us when something goes down.
We need to ping the external interface of Site B's ASA5510 to monitor the link through both sites' ISP's, however the monitors' pings all fail.
We have set icmp inspection at both sites and hosts from inside each site can ping other external hosts with:
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply outside
icmp permit any unreachable outside
icmp permit host SiteB_External outside
icmp permit any outside <--------- allow external icmp requests from anywhere for testing
policy-map global_policy
class inspection_default
.
.
inspect tftp
inspect icmp
So from home or any other external network we can ping the external interfaces of both ASA's. However from within the network or from the ASA's themselves we get no response when trying to ping the remote ASA external interface.
The ASA versions are 8.2 for site A & 8.4 for site B. I suspect the VPN is in some way influencing the situation, or perhaps even NAT but am not proficient enough to confirm this.
Any help would be much appreciated.