10-16-2012 11:37 AM - edited 03-11-2019 05:10 PM
We have two networks HQ and Site1 and for some reason we can’t ping the inside IP for Site1 PIX device. We have site-site-VPN set up between the two and everything works fine except we can’t ping the Site1 PIX from internal IP. However, I can ASDM/SSH in from HQ to the external IP of the Site1 PIX.
HQ is using an ASA 5550 (172.1.0.1)
PC from HQ (172.1.64.x)
Site1 is using a PIX-515E (172.2.0.1)
PC from Site1 (172.2.64.x)
Ping from HQ PC to Site1 PC (172.1.64.x to 172.2.64.x) works fine
Ping from Site1 PC to HQ PC (172.2.64.x to 172.1.64.x) works fine
Ping from HQ PC to Site1 PIX internal IP (172.1.64.x to 172.2.0.1) doesn’t work
Ping from HQ PC to Site1 PIX external IP (172.1.64.x to Site1 external IP) works fine
ASDM/SSH from any HQ PC to Site1 PIX internal IP (172.1.64.x to 172.2.0.1) doesn’t work
ASDM/SSH from any HQ PC to Site1 PIX external IP (172.1.64.x to Site1 external IP) works fine
Everything was working fine until we recently changed the outside IP address for Site1 because we switch to a different ISP. Nothing changed on the HQ ASA or Site1 PIX other than the outside IP address on Site1 PIX. I did rebuild the site-to-site VPN tunnel between Site1 and HQ.
Thanks first in advance for any ideas/suggestions.
10-16-2012 09:07 PM
Do you have the command: management-access inside configured on the PIX?
10-17-2012 08:02 AM
Jennifer, Thank you for your reply. Yes, I do have management-access inside configured on the PIX.
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
Any other suggestions?
10-16-2012 09:23 PM
Hello IT Dept,
What version are you running on the Pix??
Can you add the following just in case you are running a modern version
management-access inside
Any other question..Sure..Remember to rate all of my answers,.
Julio
10-17-2012 08:04 AM
Thanks Julio for your reply. We are currently running PIX Version 8.0 (3) and yes we do have management-access inside configured.
Cisco PIX Security Appliance Software Version 8.0(3)
Device Manager Version 6.0(3)
Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
10-17-2012 12:10 PM
Hello,
Please set an ASP capture and let us know the result when you attempt to connect to the PIX inside interface
cap asp type asp-drop all circular-buffer
show cap asp | includre remote_host_ip
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide