Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
301
Views
0
Helpful
1
Replies

Ping interface gateway

vgulinolite
Level 1
Level 1

‎06-28-2013 10:36 AM - edited ‎03-11-2019 07:04 PM

Hello,

I have an ASA5505 with the Security Plus License, I have 3 vlans, 1 external, and two internal. When I try try to ping the gateway of the oposing internal vlans gway I get the following error "

6Jun 28 201313:33:44110002source_ip1

Failed to locate egress interface for ICMP from private_lan:source_ip 3/1 to dest_vlan_gw/0

I can ping the source vlan gw & all hosts. I can ping all hosts on the oposing vlan. I cannot ping the oposing vlan gw.

I have turnon on icmp inspection.

Thanks!
"

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎06-28-2013 10:51 AM

Hi,

This is by design.

You wont be able to ping an interface IP address that is a remote interface for the source LAN.

So lets you have the following interface

interface Vlan10

nameif LAN

security-level 100

ip add 10.10.10.1 255.255.255.0

interface Vlan20

nameif DMZ

security-level 50

ip add 10.10.20.1 255.255.255.0

Hosts behind the interface "LAN" will be able to PING that interface IP address and the hosts behind the interface "DMZ" will be able to PING that interfaces IP address.

However hosts behind "LAN" wont be able to PING the "DMZ" interface IP address nor will the hosts behind "DMZ" be able to PING the interface IP address of "LAN".

Hope this clarifies things

Please do remember to mark the reply as the correct answer if it answered your question.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card