cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
493
Views
0
Helpful
3
Replies

Backup WAN is not pingable on ASA

Matt
Level 1
Level 1

I have an ASA with two WAN uplinks. The backup WAN is not pingable while the primary WAN is. However, I can SSH into the ASA on either uplink. I've seen a few articles saying that this behavior is expected and I was wondering if anyone could explain why I cannot ping the backup WAN even though I can SSH to it. Is there a routing condition that affects pings but not SSH in this case, or is there something else I am missing?

3 Replies 3

Hi @Matt

Firewall does not allow for ping on the outside interfaces for security reason. Most exploit tools use icmp response to make sure host is alive and start scratching.

 If this is necessary for some reason try to allow it:

 

icmp permit any unreachable outside

icmp permit any time-exceeded outside

icmp permit any echo-reply outside

no icmp deny any outside

 

-If I helped you somehow, please, rate it as useful.-

Hi Flavio,

 

That ICMP access is already permitted. Both the WAN1 and WAN2 use the same access-group to permit this traffic so in this case I think it's something outside of the access rules causing it to be unpingable.

Are you inspecting icmp on this firewall ?

 

Review Cisco Networking for a $25 gift card