In the figure above, you will be able to ping the e1 interface of the ASA from the INSIDE network, e2 interface from the DMZ network and the e0 interface from the Internet. What you won’t be able to do is, ping e2 interface from the INSIDE network, e1 interface from the DMZ network, da da da daaa… you got that, right? And of course the pings are supposed to be originating from the hosts behind the interfaces and not the ASA itself.
This is no big deal but it can save you some troubleshooting time if you’re beating around the bush like me. :-P
Being able to ping the ASA interface should seem like a normal behavior but there’s a little twist here. You cannot ping an interface other than the interface you are behind at. Got a little confused there, eh?
Let’s dig a bit deeper…