ASA TCP ping

Did you know that the latest code for Cisco ASA firewall (8.4) now supports TCP ping? I have earlier complained about the fact that you cannot telnet out from an ASA cli. You still can´t, but at least you can use the tcp ping feature to see if a specific tcp port is reachable. That´s awesome!


asa-firewall# ping tcp 80
Type escape sequence to abort.
No source specified. Pinging from identity interface.
Sending 5 TCP SYN requests to port 80
from, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/14 ms


For each exclamation mark above there are 3 packets generated:

  1. SYN-packet from the ASA to the destination host.
  2. SYN-ACK-packet from the destination host back to the ASA.
  3. RST-packet from the ASA to the destination host.


The ‘ping tcp’-command is a great way to generate outbound tcp-traffic to verify reachability to a foreign host!

Tagged with: ,
Posted in Cisco Security, Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *



[mc4wp_form id="2457"]
Website Security Test