Pinging ASA Interfaces


Being able to ping the ASA interface should seem like a normal behavior but there’s a little twist here. You cannot ping an interface other than the interface you are behind at. Got a little confused there, eh?

Let’s dig a bit deeper…



In the figure above, you will be able to ping the e1 interface of the ASA from the INSIDE network, e2 interface from the DMZ network and the e0 interface from the Internet. What you won’t be able to do is, ping e2 interface from the INSIDE network, e1 interface from the DMZ network, da da da daaa… you got that, right? And of course the pings are supposed to be originating from the hosts behind the interfaces and not the ASA itself.

This is no big deal but it can save you some troubleshooting time if you’re beating around the bush like me. :-P 

Advertisements

One thought on “Pinging ASA Interfaces

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s