04-10-2012 04:25 AM - edited 02-21-2020 06:00 PM
II have a management network 192.168.5.x and VPN network 192.168.25.x. I can ping a all my network elements except to firewall (ASA5510). The ASA has the IP 192.168.5.1. I think that the firewall has some restriction but I don't know. I have 8.2 software and anyconnenct 3.0 and work fine. If I am in the management network (192.168.5.7), I can ping to firewall. The restrict is with the VPN network.
Thanks,
Sent from Cisco Technical Support iPhone App
04-10-2012 04:51 AM
Hi,
I gather you are trying to ping the ASA inside interface from a connected VPN Client?
To my understanding this is not possible.
You can't ping an interface IP address from behind some other interface on the ASA. In this case it would be a ICMP echo coming from outside to inside interface IP
To otherwise enable ICMP to ASA interface use the following command format
icmp permit/deny
- Jouni
04-10-2012 07:55 AM
Thanks but didn't work.
Sent from Cisco Technical Support iPhone App
04-10-2012 08:00 AM
Hey,
As I said you can't ping an ASA interface behind another interface.
So pinging from VPN Client host (which is behind outside) to inside interface IP (which is "behind" inside interface) isnt possible to my knowledge.
The command format I added is just to point out how you can allow ICMP when you are pinging the ASA interface IP behind that same interface.
- Jouni
04-10-2012 12:29 PM
Hi,
In order for you to ping the ASA itself coming over a VPN tunnel, you must use the "management access" command.
You can only have one management interface at the time.
Please let us know if it helps you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide