cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

987
Views
4
Helpful
6
Replies
rechard_david
Beginner

Cannot Ping to Backup Wan on ASA 5505

Dear all,

Currently i have 2 wan internet connection and i'm using sla monitor for Active and backup.

and it is working fine when the Active down , the backup link will switch to Active auto.

my issue that i want to monitor ( ping ) on Backup connection to make sure the link backup is alive.

from inside cannot ping to interface outside ( public ip address) , do we have any solution for ping on interface outside ( on ASA)?

Best Regards,

Rechard

6 REPLIES 6
Marius Gunnerud
VIP Advisor

If you are trying to ping the ASA interface for ISP2 then this will never work as the ASA does not allow traffic entering one interface with a destination of another ASA interface IP.  You would need to ping the ASA's next hop.  Or have I misunderstood what you are trying to do.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Dear marius,

Do you have any solution for monitor connection on ISP2?

I just to make sure connection 2 ( ISP2) is working ( mean alive) during ISP1 is on Active.

if we don't have monitor on ISP2 so we don't know the connection is working or not, some time when the Active down so the ISP2 is not working too bec we don't have any tracking during it on backup connection.

Best Regards,

Rechard

Dear all,

Do you have any advice on this case ?

Best Regards,

So you are trying to ping an IP on ISP2 from the inside network?  If so, then the only solution I can when using ASA5505 is to ping the next hop of the ASA (ISP2 router). Since this a directly connected network you should be able to ping this IP without having to place a static route on the ASA.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Hello All.

I'm having this same issue.

 

I have dual ISP and I cannot ping the second ISP directly connected router when my primary is active.

 

Do we have any way to allow my internal hosts to ping my secondary ISP that is directly connected?

I too struggled with this issue and finally took the time to trace it down today.  

 

It seems to be the route.  When an ICMP echo-request packet comes in on WAN2 the echo-reply seems to disappear into a black hole resulting in a timeout.

 

One workable solution was to add a route entry for WAN2 for the public IP which will be used to ping from.  Keep in mind you would no longer be able to ping WAN1 from this public IP.  

 

route outside 0.0.0.0 0.0.0.0 55.55.55.65 1

route outside2 1.2.3.4 255.255.255.255 22.33.44.55 1

 

route outside2 (WAN2 interface name) 1.2.3.4 (source IP from which you will ping) 255.255.255.255 22.33.44.55 (default gateway for WAN2) 1

 

Another solution was to NAT ICMP traffic from WAN2 to a host on the LAN.  

 

Hope this helps, Tim