06-14-2023 02:07 AM
Hi Guys,
Getting this log on ASA while I'm trying to ping from switch that attached to ASA and new ASA interface. Could you please advise?
Thanks
Nik
06-14-2023 02:19 AM
@NIKHIL M K does the ASA have a route to the IP address mentioned in the output of the logs?
From the ASA you can run packet tracer to simulate the traffic flow, this would indicate a routing or NAT issue that might produce this event log.
06-14-2023 03:50 AM
Thanks for the response. Yes we do have route to ASA. This error was getting while I'm ping from the switch to one of the ASA interface.
06-14-2023 03:58 AM - edited 06-14-2023 04:08 AM
@NIKHIL M K to which ASA interface were you pinging?
You can ping the ASA interface you are connected behind (i.e., inside), but you cannot be connected behind the inside interface and ping through the ASA to one of the ASA's other interfaces (outside/dmz etc), that will not work by default.
"The ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface to a far interface". https://www.cisco.com/c/en/us/td/docs/security/asa/asa919/configuration/firewall/asa-919-firewall-config/access-rules.html
06-14-2023 02:58 AM - edited 06-14-2023 04:01 AM
Instead of use
Ping x.xx.x
Use
Ping -> enter then select the destiantion and source of your ping' make source ip of interface direct connect to SW.
Share result
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide