Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
668
Views
0
Helpful
1
Replies

Ciscoworks Natted IP attempting to ping inside interface of another ASA?

Erick.Valle
Level 1
Level 1

‎05-11-2011 08:39 AM

Hello everyone, been looking for some help but I can't seem to get the correct information in regards to my small problem.

I have a Ciscoworks Server Running LMS 3.2,  I perform configuration management to all my ASA's & PIX's with CW.  I am natting the CW Server ip  once it exits the main Firewall to 192.168.20.105 (original IP is 10.10.10.98). once I activated the Nat statement, My other asa's on the outside of my main FW started reporting the following.

%PIX-3-313001: Denied ICMP source outside:192.168.20.105/20937 dest: 10.10.123.1(type=8, code=0) by access-group "outside_access_in

The wired thing about it is that the ciscoworks manages the firewall via the outside interface 192.168.17.5 and should not be trying to ping the inside interface of the outside ASA 10.10.123.1.

Can anyone tell me why ciscoworks attempts to ping the inside interface of a device that is managed by the outside interface?

Thanks

erick

Labels:
0 Helpful
1 Reply 1

Joe Clarke
Cisco Employee
Cisco Employee

‎05-11-2011 12:05 PM

Chances are it's DFM that's doing this pinging.  Go to DFM > Device Mangement > Device Details, and look at the Detailed Device View for this ASA.  See if the private IP address is being managed.  If so unmanage it.

0 Helpful
Customers Also Viewed These Support Documents