Solved: Extended Ping on PIX and show crypto engine

pengfang · ‎12-11-2006

1.Anyboday know how can I do extened Ping from PIX ?for example after I created VPN tunnel between 2 PIX, I want to ping beween 2 inside interface ? Router no problem to do so.

2. Dose PIX have the command like router:

"show crypto engine connection active" so I can check encryption and decryption statistics

Thanks in advanced

Andy Robinson · ‎12-12-2006

If I understand correctly what you are trying to do you should be able to use the configuration command "management inside" and then do a "ping inside ip address" where "ip address" is the destination IP to select that the source of the ping is the inside interface of the pix.

View solution in original post

zulqurnain · ‎12-11-2006

hi,

pix does not have extended ping like routers do, as for pinging between 2 inside interface you can achieve easily by defining the interesting traffic to bring the tunnel up, once established you should be able to ping the hosts on other side. to check the status of your tunnel do this

sh crypto isakmp sa

will tell you if the tunnel is up and created.

sh crypto ipsec sa

will tell you if the packets are going through the tunnel and encryption and decryption statistics.

please rate if it's helpful

pengfang · ‎12-11-2006

Thanks for reply,the problem is sometime we don't have access to client's host but PIX and "show crypto ipsec sa" is not so straight forward like " show crypto engine connections active" if we have a bunch of IPSec SAs.

zulqurnain · ‎12-11-2006

hi

True, but you have to treat routers and firewalls separately.

Andy Robinson · ‎12-12-2006

If I understand correctly what you are trying to do you should be able to use the configuration command "management inside" and then do a "ping inside ip address" where "ip address" is the destination IP to select that the source of the ping is the inside interface of the pix.

pengfang · ‎12-12-2006

Hi Andy, you are absolutely correct, it resolved my issues,thanks a lot.