12-31-2013 05:09 PM - edited 03-11-2019 08:23 PM
R1
int G0/0 IP Add 192.168.1.1/24
ASA
Int G0/1 IP Add 192.168.1.10/24
Int G0/0 IP Add 210.19.10.10/24
R2
Int G0/0 IP Add 210.19.10.1/24
___________________________________________
If i ping fro R1 int g0/0 to ASA g0/1 its working
R1# ping 192.168.1.10
!!!!!
*but i cant ping from R1 int G0/0 to ASA int G0/0
R1# ping 210.19.10.10 ??????????????????
* please tell me reason ?
12-31-2013 07:33 PM
It's a security feature of the ASA.
01-09-2014 06:31 AM
Hi Lalit,
It's right it's the security feature of ASA in which user at one end is not able to ping far end interface of the ASA, you could ping across the ASA but not the ip of ASA's far end interface.
- Prateek Verma
01-09-2014 07:14 AM
Thanks Prateek
i want know according to packet flow of firewall, when we ping that interface where this packet is drop.
01-09-2014 07:24 AM
Hi Lalit,
It's the default security feature of ASA due to which it is not allowed to ping far end interface ip of ASA. If you will try to run packet-tracer on ASA , you will see everything is allowed but it would get dropped in slow path secuirty check failed ( that's due to the default security feature of ASA).
- Prateek Verma
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide