Solved: Re: How do I ping between ASA subnets in a Site to Site VPN?

ShadowoftheD · ‎03-11-2020

Hi,

I have a site to site VPN between my HQ and a Remote site. Remote site has the ASA 5506 in it.

I really really want to be able to ping my remote site subnets from my HQ and vice versa. The problem is the only interface that can be pinged are those that are enabled with the management access command.

How do i enable it to make all interfaces be pingable via Site to Site VPN setup?

Thanks

Marvin Rhoads · ‎03-11-2020

By design you wont be able to ping remote site ASA interfaces that aren't configured as "management-access".

You can only get return traffic (icmp echo replies) if the traffic egresses the remote site ASA in the first place.

You should be able to ping hosts in those subnets however.

View solution in original post

Marvin Rhoads · ‎03-11-2020

By design you wont be able to ping remote site ASA interfaces that aren't configured as "management-access".

You can only get return traffic (icmp echo replies) if the traffic egresses the remote site ASA in the first place.

You should be able to ping hosts in those subnets however.

ShadowoftheD · ‎03-13-2020

Yeah, it looks like it. I've been poring over documents and links and it seems like the behaviour of ASA.

Thanks!