cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1254
Views
0
Helpful
6
Replies

Not able to ping the ASA ip of the other segments..

selva Kathir
Level 1
Level 1

Dear All,

I am having a asa with three segments namely inside,outside, management. in this if i am pinging to management segment ip of the firewall from inside pc i am getting RTO. I would appreciate a segession on whether it is possible to ping the A segment ip of the ASA from B segment ??

thanks ,

Selva....

1 Accepted Solution

Accepted Solutions

What you observed is the native behavior of the ASA and can't be changed. You only can access/ping the interface that is nearest to you. So if you are on a host on the inside, you can only reach the inside interface.

There is one exeption to this rule for management through a VPN, but that doesn't belong to your situation.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

6 Replies 6

What you observed is the native behavior of the ASA and can't be changed. You only can access/ping the interface that is nearest to you. So if you are on a host on the inside, you can only reach the inside interface.

There is one exeption to this rule for management through a VPN, but that doesn't belong to your situation.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Hi karsten ,

thanks for your response. can this be tweaked beacuse i want to monitor fw though a monitoring tool which will be in a different segment ..

thanks,

Selva

If the monitoring-tool just pings the ASA, then the nearest interface has to be used by the tool. That can not be tweaked. But you could also minitor the ASA with SNMP and get not only the state of the ASA, but also the state of all interfaces and much more.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Dear all,

Will secondary firewall sesrond to snmp request. is it possible to monitor secondary firewall through Cisco LMS 4.2 ??

Yes, you can query both firewalls with SNMP. It should work with any SNMP-tool. Even Cisco Works should be capable of that.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Thanks Karsten I have discoved both the firewalls through the same segment itself. Not able to discover the Firewall with the ip of the other segment...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: