https://community.cisco.com/t5/network-security/unable-to-ping-from-directly-connected-switch-to-asa/m-p/2529060#M237727 <P>&nbsp;</P><P>Many thanks Najaf</P><P>Regards</P><P>Mahesh</P> Sat, 07 Jun 2014 20:04:23 GMT mahesh18 2014-06-07T20:04:23Z https://community.cisco.com/t5/network-security/unable-to-ping-from-directly-connected-switch-to-asa/m-p/2529058#M237725 <P>&nbsp;</P><P>Hi Everyone,</P><P>&nbsp;</P><P>Here is setup below</P><P>ASA1-----SW------access port to ----ASA2</P><P>ASA1 has vlan 4 IP 192.168.1.171</P><P>ASA2 has vlan 4 IP 192.168.1.173.</P><P>&nbsp;</P><P>ASA1 has direct connection to Switch&nbsp; and Switch has direct connection to ASA2.</P><P>I can ping from ASA1 to IP&nbsp; 192.168.1.173.</P><P>&nbsp;</P><P>Switch config is below</P><P>&nbsp;</P><P>Switch port connected to ASA1 and ASA2 has config below</P><P>switchport mode access</P><P>switchport access vlan 4</P><P>&nbsp;</P><P>Switch does not have SVI vlan 4.</P><P>From switch i can not ping the IP 192.168.1.171 or 173.</P><P>When i config SVI vlan 4 with IP 192.168.1.174 on switch then i can ping IP 192.168.2.171 and .173</P><P>&nbsp;</P><P>Need to know is this default behaviour?</P><P>&nbsp;</P><P>Regards</P><P>Mahesh</P> Tue, 12 Mar 2019 04:18:25 GMT https://community.cisco.com/t5/network-security/unable-to-ping-from-directly-connected-switch-to-asa/m-p/2529058#M237725 mahesh18 2019-03-12T04:18:25Z https://community.cisco.com/t5/network-security/unable-to-ping-from-directly-connected-switch-to-asa/m-p/2529059#M237726 <P>Hi Mahesh,</P><P>This is expected behavior.</P><P>When you have SVI for vlan 4 created on the SW and when you initiate a ping, the ping will be sourced with SVI vlan 4 interface. The switch now knows both the source and destination is on same subnet and hence send a arp broadcast to all vlan 4 ports and ASA responds with its MAC address and ping works.</P><P>But when you don't have a SVI for vlan 4 on switch, the ping will be sourced with some other ip address (may be the managment interface of switch) and there should be routing enabled in route this packet to different network.</P><P>Hope that helps.</P><P>Regards</P><P>Najaf</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 07 Jun 2014 19:50:49 GMT https://community.cisco.com/t5/network-security/unable-to-ping-from-directly-connected-switch-to-asa/m-p/2529059#M237726 kcnajaf 2014-06-07T19:50:49Z https://community.cisco.com/t5/network-security/unable-to-ping-from-directly-connected-switch-to-asa/m-p/2529060#M237727 <P>&nbsp;</P><P>Many thanks Najaf</P><P>Regards</P><P>Mahesh</P> Sat, 07 Jun 2014 20:04:23 GMT https://community.cisco.com/t5/network-security/unable-to-ping-from-directly-connected-switch-to-asa/m-p/2529060#M237727 mahesh18 2014-06-07T20:04:23Z https://community.cisco.com/t5/network-security/unable-to-ping-from-directly-connected-switch-to-asa/m-p/2529061#M237734 <P>Thanks Mahesh for marking this as correct answer&nbsp;<IMG alt="smiley" height="23" src="https://supportforums.cisco.com/profiles/commons/libraries/ckeditor/plugins/smiley/images/regular_smile.png" title="smiley" width="23" /></P> Sat, 07 Jun 2014 20:16:01 GMT https://community.cisco.com/t5/network-security/unable-to-ping-from-directly-connected-switch-to-asa/m-p/2529061#M237734 kcnajaf 2014-06-07T20:16:01Z