Scribd Logo
Upload

Welcome to Scribd!

  • ASA - LAB - Cisco 1 PDF

    Uploaded by

    rajesh tenet
    16 views1 page
    To check connectivity between two VMs using ping commands, first turn on ICMP debugging on the ASA using "debug icmp trace". Then ping between the VMs with a maximum of 3 packets using "-n3" or "-c3" to limit the packets and avoid leaving pings running. The VMs may not be able to ping each other by default as the ASA blocks inbound ICMP traffic from interfaces with lower security levels to higher levels by default, while allowing outbound ICMP.

    Original Description:

    Original Title

    ASA_LAB_Cisco 1.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    To check connectivity between two VMs using ping commands, first turn on ICMP debugging on the ASA using "debug icmp trace". Then ping between the VMs with a maximum of 3 packets using "-n3" or "-c3" to limit the packets and avoid leaving pings running. The VMs may not be able to ping each other by default as the ASA blocks inbound ICMP traffic from interfaces with lower security levels to higher levels by default, while allowing outbound ICMP.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    16 views1 page

    ASA - LAB - Cisco 1 PDF

    Uploaded by

    rajesh tenet
    To check connectivity between two VMs using ping commands, first turn on ICMP debugging on the ASA using "debug icmp trace". Then ping between the VMs with a maximum of 3 packets using "-n3" or "-c3" to limit the packets and avoid leaving pings running. The VMs may not be able to ping each other by default as the ASA blocks inbound ICMP traffic from interfaces with lower security levels to higher levels by default, while allowing outbound ICMP.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    Switch on the ICMP debugging trace logging, using the following command:

    ciscoasa(config)# debug icmp trace


    From the two VM’s connectivity can be checked using ping from console windows.
    Limit the ping packets to a max of 3 with –n3 –c3 or CTRL+C to stop the ping.
    DO NOT LEAVE
    PINGS RUNNING AS WE ARE WORKING ON SHARED VIRTUAL NETWORKS!
    Linux: ping –c3 dest_adddress Windows: ping –n3 dest_adddress
    Questions
    Q: Can the WINDOWS VM ping the Linux VM?
    Q: Can the Linux VM ping the WINDOWS VM?
    Q: What might be causing this?
    The ICMP ping traffic and traceroute traffic on the ASA are handled differently to a router by
    default.
    ICMP to an interface is replied to, but inbound ICMP through the ASA is blocked by default, as
    traffic
    is not allowed to go from an interface with a lower security level to an interface with a higher level
    (outside 0 to inside 100 is not allowed). Outbound ICMP is permitted (inside 100 to ouside 0 is
    allowed), but the reply is blocked by default

    You might also like