Solved

The ping is successful at ASA ?

Posted on 2014-09-19
4
199 Views
Last Modified: 2014-10-03
Dear All

Here is a question. Can you give your answer to it ?

Topology:
e1-ASA-e0--------------e0/1-Router

Config:
ASA:
interface e0
ip address 12.1.1.1 255.255.255.0
outside
interface e1
ip address 10.1.1.1 255.255.255.0
inside

Router
interface e0/1
ip address 12.1.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 12.1.1.1

The question is, at ASA, command "ping inside 12.1.1.2" is succcessful? why ?
0
Comment
Question by:EESky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 500 total points
ID: 40334168
Why would you want to ping the outside IP from the inside?

This is completely normal :)

screen grab
0
 

Author Comment

by:EESky
ID: 40334334
Thank you for your fast reply. The reason that i asked the question is that i am trying to setup vpn asa to asa. I did not attach PC to the inside of ASA. In order to initiate the vpn connection without attached PC, I want to use the command to replace ping from the PC. But the command ping inside x.x.x.x did not work at my ASA. I do not know why. that is why i want to know how the command works.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 40334340
OK I see, first before you do anything make sure you have a default inspection map, and that map inspects ICMP like this;
Cisco Firewalls and PING

OK asuming you have that in place, if the lan on network A is 192.168.1.0/24 (and the firewall internal interface is 192.168.1.1). And NEtwork B is 192.168.2.0/24 (firewall inside interface is 192.168.2.1).

From the Firewall at Site A if you issue;

ping inside 192.168.2.1

(Assuming the tunnel is up and estalished) - the ping will fail - UNLESS both firewalls have the following command in their config;

management-access inside
0
 

Author Comment

by:EESky
ID: 40334349
Yes, you are right. the ping in this situation should not be successful
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question