Solved: ASA5540 - No ICMP reply from inside subinterface

PiEich · ‎04-29-2013

Hello guys,

I need to monitor with ping the inside sub-interface of my ASA5540, is that possible?

I get the ICMP requests but no replys going out from the box.

I need to ping the 192.168.10.250 from the 192.168.5.55:

ASA Version 8.0(5)

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 192.168.30.50 255.255.255.0

!

interface GigabitEthernet0/1.1

description Polling

no vlan

no nameif

security-level 100

ip address 192.168.10.250 255.255.255.0

access-list inside_nat0_outbound extended permit ip host 192.168.10.250 host 192.168.5.55

access-list inside_access_in extended permit icmp any any log debugging

icmp permit any inside

Thank you guys!

Jouni Forss · ‎04-29-2013

Hi,

You cant ping an ASA interface from behind another interface.

Only exception to this is for connections coming from a VPN Connection. Then you can use the command "management-access " to enable ICMP and management connections to an ASA interface from behind another interface.

So I dont think you can get this to work.

The host polling with ICMP has to be behind the interface being polled.

Though I guess the method to monitor all the interfaces on the ASA would be to use SNMP.

- Jouni

View solution in original post

Jouni Forss · ‎04-29-2013

Hi,