https://community.cisco.com/t5/network-security/no-route-to-host-shown-in-packet-tracer-unable-to-ping-gateway/m-p/2396068#M307295 <HTML><HEAD></HEAD><BODY><P>Thanks Jcarvaja. </P><P>It just started working after a while, not sure what transpired but yeah its working now!</P></BODY></HTML> Wed, 11 Dec 2013 13:35:38 GMT suthomas1 2013-12-11T13:35:38Z https://community.cisco.com/t5/network-security/no-route-to-host-shown-in-packet-tracer-unable-to-ping-gateway/m-p/2396066#M307292 <P><SPAN style="font-family: verdana,geneva;">Hi,</SPAN></P><P></P><P>Following is the setup. We are unable to ping the gateway(192.168.100.1) for hosts which is configured on the ASA interface.</P><P></P><P>ASA Connects to a&nbsp; Core Switch </P><P></P><P>ASA configuration:-</P><P>---------------------------</P><P></P><P>int tengig0/9<BR />security-level 50<BR />nameif apps<BR />ip addr 192.168.100.1 255.255.255.0</P><P></P><P>int Po40<BR />desc Connection to Core<BR />nameif local<BR />security-level 100<BR />ip addr 192.168.5.1 255.255.255.248</P><P></P><P>Core configuration:-</P><P>---------------------------</P><P></P><P>int Po40<BR />desc Connection to ASA<BR />no switchport<BR />ip addr 192.168.5.2 255.255.255.248</P><P></P><P>interface gig0/23<BR />des Connection to ASA for apps interface (ASA- tengig0/9 )<BR />switchport access vlan 70 </P><P></P><P>ip route 0.0.0.0 0.0.0.0&nbsp; 192.168.5.1 ( route on Core )</P><P></P><P>int gig0/15</P><P>desc apps user</P><P>switchpo access vlan 70</P><P></P><P></P><P>from the core , we can't ping 192.168.100.1 which is the gateway for all the users connected to this segment apps.</P><P><BR />We tried one of the workstations connected on access vlan 70 on the core &amp; with ip in the range of <BR />192.168.100.x 255.255.255.0 , its gateway being 192.168.100.1 on the ASA.<BR />But we were unable to reach the gateway on ASA from the workstation.</P><P></P><P>Please help with this.Thanks in advance.</P> Tue, 12 Mar 2019 03:15:58 GMT https://community.cisco.com/t5/network-security/no-route-to-host-shown-in-packet-tracer-unable-to-ping-gateway/m-p/2396066#M307292 suthomas1 2019-03-12T03:15:58Z https://community.cisco.com/t5/network-security/no-route-to-host-shown-in-packet-tracer-unable-to-ping-gateway/m-p/2396067#M307293 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Remember that you cannot access a far-end interface. This means that if you sit on the DMZ interface you will be able to ping the ASA DMZ interface IP address but no the Inside interface IP address.</P><P></P><P>This is by design and cannot be changed.</P><P></P><P>That being said if you are pinging from a host on the same subnet than the ASA and the packet is reaching the correct interface this should work.</P><P></P><P>Do </P><P></P><P>capture capin interface inside match icmp host x..x.x.x (192.168.100.x host) 192.168.100.1</P><P></P><P></P><P></P><P>Rate all of the helpful posts!!! <BR /> <BR />Regards, <BR /> <BR />Jcarvaja <BR /> <BR /><SPAN>Follow me on </SPAN><A class="jive-link-external-small" href="http://laguiadelnetworking.com">http://laguiadelnetworking.com</A></P></BODY></HTML> Wed, 11 Dec 2013 12:47:53 GMT https://community.cisco.com/t5/network-security/no-route-to-host-shown-in-packet-tracer-unable-to-ping-gateway/m-p/2396067#M307293 Julio Carvajal 2013-12-11T12:47:53Z https://community.cisco.com/t5/network-security/no-route-to-host-shown-in-packet-tracer-unable-to-ping-gateway/m-p/2396068#M307295 <HTML><HEAD></HEAD><BODY><P>Thanks Jcarvaja. </P><P>It just started working after a while, not sure what transpired but yeah its working now!</P></BODY></HTML> Wed, 11 Dec 2013 13:35:38 GMT https://community.cisco.com/t5/network-security/no-route-to-host-shown-in-packet-tracer-unable-to-ping-gateway/m-p/2396068#M307295 suthomas1 2013-12-11T13:35:38Z