Solved

The ping is successful at ASA ?

Posted on 2014-09-19
4
194 Views
Last Modified: 2014-10-03
Dear All

Here is a question. Can you give your answer to it ?

Topology:
e1-ASA-e0--------------e0/1-Router

Config:
ASA:
interface e0
ip address 12.1.1.1 255.255.255.0
outside
interface e1
ip address 10.1.1.1 255.255.255.0
inside

Router
interface e0/1
ip address 12.1.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 12.1.1.1

The question is, at ASA, command "ping inside 12.1.1.2" is succcessful? why ?
0
Comment
Question by:EESky
  • 2
  • 2
4 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 500 total points
ID: 40334168
Why would you want to ping the outside IP from the inside?

This is completely normal :)

screen grab
0
 

Author Comment

by:EESky
ID: 40334334
Thank you for your fast reply. The reason that i asked the question is that i am trying to setup vpn asa to asa. I did not attach PC to the inside of ASA. In order to initiate the vpn connection without attached PC, I want to use the command to replace ping from the PC. But the command ping inside x.x.x.x did not work at my ASA. I do not know why. that is why i want to know how the command works.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 40334340
OK I see, first before you do anything make sure you have a default inspection map, and that map inspects ICMP like this;
Cisco Firewalls and PING

OK asuming you have that in place, if the lan on network A is 192.168.1.0/24 (and the firewall internal interface is 192.168.1.1). And NEtwork B is 192.168.2.0/24 (firewall inside interface is 192.168.2.1).

From the Firewall at Site A if you issue;

ping inside 192.168.2.1

(Assuming the tunnel is up and estalished) - the ping will fail - UNLESS both firewalls have the following command in their config;

management-access inside
0
 

Author Comment

by:EESky
ID: 40334349
Yes, you are right. the ping in this situation should not be successful
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now