cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
245
Views
0
Helpful
1
Replies

Ping interface gateway

vgulinolite
Level 1
Level 1

Hello,

I have an ASA5505 with the Security Plus License, I have 3 vlans, 1 external, and two internal. When I try try to ping the gateway of the oposing internal vlans gway I get the following error "

6Jun 28 201313:33:44110002source_ip1

Failed to locate egress interface for ICMP from private_lan:source_ip 3/1 to dest_vlan_gw/0

I can ping the source vlan gw & all hosts. I can ping all hosts on the oposing vlan. I cannot ping the oposing vlan gw.

I have turnon on icmp inspection.

Thanks!
"

1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

This is by design.

You wont be able to ping an interface IP address that is a remote interface for the source LAN.

So lets you have the following interface

interface Vlan10

nameif LAN

security-level 100

ip add 10.10.10.1 255.255.255.0

interface Vlan20

nameif DMZ

security-level 50

ip add 10.10.20.1 255.255.255.0

Hosts behind the interface "LAN" will be able to PING that interface IP address and the hosts behind the interface "DMZ" will be able to PING that interfaces IP address.

However hosts behind "LAN" wont be able to PING the "DMZ" interface IP address nor will the hosts behind "DMZ" be able to PING the interface IP address of "LAN".

Hope this clarifies things

Please do remember to mark the reply as the correct answer if it answered your question.

- Jouni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: