05-24-2012 09:44 AM - edited 03-11-2019 04:11 PM
We are using Cisco ASA 5580 (8.2) firewall. When i try to ping from inside lan to firewall DMZ interface IP it is not pingable and but from inside users i am able to ping firewall inside interface IP address.
I think we can't ping to other interfaces of ASA by default. But can we allow the single IP address who can ping all the interfaces of firewall?
We are not doing any natting in firewall, for that we used the Load Balancer.
Thanks...
05-24-2012 10:48 AM
Hello Jayesh,
The ASA as a security device will not allow you to ping a distant interface....
What is a distant interface?
As an example imagine you are on a host behind the inside interface.. You will be able to ping the inside interface but you wil NOT be able to ping the DMZ or outside interface... This because they are distant interface for the inside host..
There is nothing you can do to change that behavior, this is done as a security meassure by the ASA ( Built-in feature)
Regards,
Do rate all the helpful posts
Julio
05-25-2012 10:13 AM
Hi Jayesh,
Julio is right that pingis not allowed by default. But you can still allow the PING by allowing ICMP in your access-list DMZ for specific host. You need also to allow ICMP from DMZ inteface.
ASA(config)# icmp permit host xxxx echo DMZ
ASA(config)# access-list DMZ-In extended permit icmp xxxx(DMZ host) host yyyy(inside host)
Thanks,
Jong
05-25-2012 02:10 PM
Hello Jong,
I think he is refering to ping the DMZ interface from the inside.
Regards,
05-25-2012 02:22 PM
Hi Julio,
Oh yes.. its the interface and not the host. Your correct, ping is not allowed for this scenario.
Regards,
Jong
05-25-2012 04:38 PM
Hello Jong,
Yep, that is right.
Have a good one!
Julio
06-09-2012 11:30 PM
Thanks All....
Is there any cisco document is available where this mentioned?
06-10-2012 02:36 AM
Yes. Pls refer the below cisco document.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide