Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
895
Views
0
Helpful
3
Replies

Cisco ASA Public Interface

maileh
Level 1
Level 1

‎07-26-2018 07:14 PM - edited ‎03-11-2019 01:47 AM

Hi 

Is it possible to access from a network behind a Cisco ASA Firewall Lan Interface to its own public IP Interface.

 

Eg 

 

User 10.1.1.100/24 ------------10.1.1.1/24 : LAN FW PUB : 1.1.1.1/32

 

Is it possible that the user (10.1.1.100) can access to ip 1.1.1.1 of the ASA Public Interface.

0 Helpful
3 Replies 3

Troy Jackson
Level 1
Level 1

‎07-26-2018 07:37 PM

No it’s not possible. The ASA will not allow you to reach it’s own interface through the device.

 

Please remember to rate useful posts, by clicking on the star below.
-Troy J.
0 Helpful

maileh
Level 1
Level 1
In response to Troy Jackson

‎07-26-2018 07:50 PM

Hi Troy

Thanks for your confirmation. Yes thats right and that is what i am experiencing.

I also work with Huawei UDEMON FW which they allowed.

Its really interesting to know why ?

 

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to maileh

‎07-26-2018 10:35 PM

The usage guidelines @ icmp -- import webvpn webcontent states,

...

The ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface to a far interface.

... 

It's probably due to routing in a stateful firewall, such as ASA.

For network troubleshooting, we may ping another device either in the same public subnet or further upstream.

0 Helpful
Customers Also Viewed These Support Documents