I have following scenario where i am trying to ping from 10.30.1.100 PC to ASA interface 10.20.1.1 not pinging but i can ping 10.20.1.100 so why ASA not allowing to ping distinct interface but interesting thing i can ping from PC A to 10.10.1.1 interface.
SL are Security Level
Result:
- from PC
Ato PCB– Ping successful - from PC
Ato ASA interface10.20.1.1– Ping Failed - from PC
Ato ASA interface10.10.1.1– Ping Failed
Best Answer
It is confused as you wrote "but interesting thing i can ping from PC A to 10.10.1.1 interface." and in the Result you wrote: "3. from PC A to ASA interface 10.10.1.1 - Ping Failed"
With Cisco ASA, you CANNOT ping other ASA interfaces rather than the one you are on.
That means from PC A (10.30.1.100) you CAN ping 10.30.1.1 (Interface IP with SL 100) and CANNOT ping 10.20.1.1 (Interface IP with SL 75) or 10.10.1.1 (Interface IP with SL 50).
Updated answer:
Looks like the real reason is not publicly revealed (or there is no real reason at all :), but I personally think it could be for security purposes ). It is just how Cisco Firewall is degined (since PIX Firewall).
You can find the latest information at here. And I hope this answers your question.