- Posts: 9
- Thank you received: 0
Unable to ping firewall
17 years 8 months ago #21153
by alpine
Unable to ping firewall was created by alpine
I have the following problem, Clients are unable to ping the Ethernet 0/0 on the asa 5505, resulting in no internet address. From ASDM I can ping the router and clients inside no problem. I have configured a default route on the asa pointing to the Ethernet 0/0 of the router.
Where would be a good place to start?
thanks,
Where would be a good place to start?
thanks,
17 years 8 months ago #21167
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Unable to ping firewall
I there, you are unable to ping through to an interface on the Pix (So i am guessing since its the same code, you cannot on the ASA). This is actually by design.
By this (to make myself a little more clear) i mean, if you have inside on Ethernet 0/1 and Outside on Ethernet 0/0, client on the inside network cannot directly ping the address of Ethernet 0/0 (if if you have more cards, E0/2, E03, etc... you would not be able to ping them).
The clients on the inside can ping E0/1, the problem is when you are going through the device to try and hit an address thats physically on that device.
Hope it makes sense ? I don't know a way around this. You should still be able to ping past the Interface as long as you have the necessary access rules in place.
i.e. E0/0 = 10.10.10.254/24 and the Internet Router is on 10.10.10.1/24. E0/1 - 172.16.0.1 and a client is on 172.16.0.10. The client will be able to ping 10.10.10.1 but not 10.10.10.254.
Cheers
By this (to make myself a little more clear) i mean, if you have inside on Ethernet 0/1 and Outside on Ethernet 0/0, client on the inside network cannot directly ping the address of Ethernet 0/0 (if if you have more cards, E0/2, E03, etc... you would not be able to ping them).
The clients on the inside can ping E0/1, the problem is when you are going through the device to try and hit an address thats physically on that device.
Hope it makes sense ? I don't know a way around this. You should still be able to ping past the Interface as long as you have the necessary access rules in place.
i.e. E0/0 = 10.10.10.254/24 and the Internet Router is on 10.10.10.1/24. E0/1 - 172.16.0.1 and a client is on 172.16.0.10. The client will be able to ping 10.10.10.1 but not 10.10.10.254.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.126 seconds