Pinging from the ASA CLI

Just a quick question for all the Cisco gurus out there.  I've got a l2l setup between a 10.92.39.0 network and a 10.91.150.0 network.  

Right now I'm logged onto the 10.91.150.0 asa and I am unable to ping the other network from the command line.  If I log into a server on this network I am able to ping the remote network.  What gives?  I need to be able to log into both of the asa's and ping the other networks to do some testing.

Thanks,

vne  
VNEAsked:
Who is Participating?
 
lrmooreCommented:
You can also set the management access <interface> command
  management-access inside

This should allow you to ping the inside address of the ASA from a host on the other side of the vpn tunnel and maybe from asa to asa by designating the source ip.
0
 
Ken BooneNetwork ConsultantCommented:
When you set up your l2l tunnels you define the networks that can talk to each other.  So you defined 10.92.39.0 and 10.91.150.0.  So that is what flows through the tunnels.  When you ping from a cisco device, the source ip address of the ping packet will be the ip address of the interface that the ping packet goes out.  So in your case when you are pinging the other side, the ping packet from the ASA is being sourced with the outside IP address which is not defined to flow through your tunnel so the packet goes into lala land.  So really the test is from internal address to internal address, because even if you set up your tunnel to allow the ASA to ASA which you can do, it doesn't mean that the security associations for the internal to internal networks are working.  With a router or switch you can do what is called an extended ping and specify the source ip address but I don't think you can do that on the ASA.
0
 
FrabbleCommented:
As kenboonejr says, however on the ASA you can specify an interface and it will use the interface address for the source
For example, ping inside x.x.x.x
0
 
mahrens007Commented:
type in "man inside"

This will allow you to ping the ASA inside IP.  

Then do: ping inside <the ip address of the other side>
0
 
VNEAuthor Commented:
Please award full points to Irmoore as he provided the answer that fixed the problem.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.