Re: Switch to ASA Ping

NIKHIL M K · ‎06-14-2023

Hi Guys,

Getting this log on ASA while I'm trying to ping from switch that attached to ASA and new ASA interface. Could you please advise?

Thanks

Nik

Rob Ingram · ‎06-14-2023

@NIKHIL M K does the ASA have a route to the IP address mentioned in the output of the logs?

From the ASA you can run packet tracer to simulate the traffic flow, this would indicate a routing or NAT issue that might produce this event log.

NIKHIL M K · ‎06-14-2023

Thanks for the response. Yes we do have route to ASA. This error was getting while I'm ping from the switch to one of the ASA interface.

Rob Ingram · ‎06-14-2023

@NIKHIL M K to which ASA interface were you pinging?

You can ping the ASA interface you are connected behind (i.e., inside), but you cannot be connected behind the inside interface and ping through the ASA to one of the ASA's other interfaces (outside/dmz etc), that will not work by default.

"The ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface to a far interface". https://www.cisco.com/c/en/us/td/docs/security/asa/asa919/configuration/firewall/asa-919-firewall-config/access-rules.html

MHM Cisco World · ‎06-14-2023

Instead of use

Ping x.xx.x

Use

Ping -> enter then select the destiantion and source of your ping' make source ip of interface direct connect to SW.

Share result