81-4
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter81 Troubleshooting
Testing Your Configuration
The Ping tool uses ICMP (as described in RFC 777 and RFC 792) to define an echo request-and-reply
transaction between two network devices. The echo request packet is sent to the IP address of a network
device. The receiving device reverses the source and destination address and sends the packet back as
the echo reply.
Administrators can use the ASDM Ping interactive diagnostic tool in these ways:
Loopback testing of two interfaces—A ping may be initiated from one interface to another on the
same ASA, as an external loopback test to verify basic “up” status and operation of each interface.
Pinging to an ASA—The Ping tool can ping an interface on another ASA to verify that it is up and
responding.
Pinging through an ASA—Ping packets originating from the Ping tool may pass through an
intermediate ASA on their way to a device. The echo packets will also pass through two of its
interfaces as they return. This procedure can be used to perform a basic test of the interfaces,
operation, and response time of the intermediate unit.
Pinging to test questionable operation of a network device—A ping may be initiated from an ASA
interface to a network device that is suspected of functioning incorrectly. If the interface is
configured correctly and an echo is not received, there may be problems with the device.
Pinging to test intermediate communications—A ping may be initiated from an ASA interface to a
network device that is known to be functioning correctly and returning echo requests. If the echo is
received, the correct operation of any intermediate devices and physical connectivity is confirmed.
Pinging From an ASA Interface
For basic testing of an interface, you can initiate a ping from an ASA interface to a network device that
you know is functioning correctly and returning replies through the intermediate communications path.
For basic testing, make sure you do the following:
Verify receipt of the ping from the ASA interface by the “known good” device. If the ping is not
received, a problem with the transmitting hardware or interface configuration may exist.
If the ASA interface is configured correctly and it does not receive an echo reply from the “known
good” device, problems with the interface hardware receiving function may exist. If a different
interface with “known good” receiving capability can receive an echo after pinging the same “known
good” device, the hardware receiving problem of the first interface is confirmed.
Pinging to an ASA Interface
When you try to ping to an ASA interface, verify that the pinging response (ICMP echo reply) is enabled
for that interface by choosing Tools > Pi ng. When pinging is disabled, the ASA cannot be detected by
other devices or software applications, and does not respond to the ASDM Ping tool.
Pinging Through the ASA Interface
To verify that other types of network traffic from “known good” sources are being passed through the
ASA, choose Monitoring > Interfaces > Interface Graphs or an SNMP management station.
To enable internal hosts to ping external hosts, configure ICMP access correctly for both the inside and
outside interfaces, choose Configuration > Firewall > Objects > IP Names.