cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2931
Views
0
Helpful
5
Replies

ASA 5510, Access other interface problem

zafar12233
Level 1
Level 1

Hi,

I have just configured my brand new ASA 5510 with ASA Version 8.0(4). i am having a little problem that is: i cannot access(nor even ping) DMZ interface and other interface from Inside Host, mean while i can access the servers behind DMZ and other interfaces.

when i ping to DMZ interface i found the below msgs in logging.

Built inbound ICMP connection for faddr 192.168.10.33/512 gaddr 172.16.250.5/0 laddr 172.16.250.5/0

Details:

% ASA-6-302020: Built {in | out}bound ICMP connection for faddr {faddr | icmp_seq_num} gaddr {gaddr | cmp_type} laddr laddr

An ICMP session was established in the fast-path when stateful ICMP is enabled using the inspect icmp command.

Teardown ICMP connection for faddr 192.168.10.33/512 gaddr 172.16.250.5/0 laddr 172.16.250.5/0

details:

%ASA-6-302021: Teardown ICMP connection for faddr {faddr | icmp_seq_num}

gaddr {gaddr | cmp_type} laddr laddr

An ICMP session was removed in the fast-path when stateful ICMP is enabled using the inspect icmp command.

i tried alot but couldnt get success.

please help!

3 Accepted Solutions

Accepted Solutions

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

View solution in original post

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

View solution in original post

Its there since PIX days.

Its exists for all ASA codes.

Syed Iftekhar Ahmed

View solution in original post

5 Replies 5

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

A host residing on an interface can only ping its adjacnet ASA interface.It cannot ping the far end

interface of ASA. For example if you have a host on inside, this host can only ping the

inside interface of ASA and no other interface (eg: outside or dmz). Although the Hosts connected to "Far end interfaces" can be pinged, "Far end interface" cannot be pinged by a host . This is a security feature on ASA firewalls.

Syed Iftekhar Ahmed

Thank you So Much for your Reply Mr. Iftikhar,

I got your point, i sensed that too, but wasnt sure, once again thanks :)

i have a question that this security feature is only available in ASA ver. 8.0(4) or its ASA feature regardless of ASA Version?

Thank you,

Zafar-

Its there since PIX days.

Its exists for all ASA codes.

Syed Iftekhar Ahmed

Thanks once again :)

Review Cisco Networking for a $25 gift card