12-18-2013 03:50 AM - edited 03-11-2019 08:19 PM
Dear All,
I am having a asa with three segments namely inside,outside, management. in this if i am pinging to management segment ip of the firewall from inside pc i am getting RTO. I would appreciate a segession on whether it is possible to ping the A segment ip of the ASA from B segment ??
thanks ,
Selva....
Solved! Go to Solution.
12-18-2013 03:54 AM
What you observed is the native behavior of the ASA and can't be changed. You only can access/ping the interface that is nearest to you. So if you are on a host on the inside, you can only reach the inside interface.
There is one exeption to this rule for management through a VPN, but that doesn't belong to your situation.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-18-2013 03:54 AM
What you observed is the native behavior of the ASA and can't be changed. You only can access/ping the interface that is nearest to you. So if you are on a host on the inside, you can only reach the inside interface.
There is one exeption to this rule for management through a VPN, but that doesn't belong to your situation.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-18-2013 04:16 AM
Hi karsten ,
thanks for your response. can this be tweaked beacuse i want to monitor fw though a monitoring tool which will be in a different segment ..
thanks,
Selva
12-18-2013 04:38 AM
If the monitoring-tool just pings the ASA, then the nearest interface has to be used by the tool. That can not be tweaked. But you could also minitor the ASA with SNMP and get not only the state of the ASA, but also the state of all interfaces and much more.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-19-2013 04:14 AM
Dear all,
Will secondary firewall sesrond to snmp request. is it possible to monitor secondary firewall through Cisco LMS 4.2 ??
12-19-2013 04:16 AM
Yes, you can query both firewalls with SNMP. It should work with any SNMP-tool. Even Cisco Works should be capable of that.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-19-2013 10:30 PM
Thanks Karsten I have discoved both the firewalls through the same segment itself. Not able to discover the Firewall with the ip of the other segment...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: