Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
678
Views
4
Helpful
6
Replies

new ASA - basic connections

Go to solution
jlmickens
Level 1
Level 1

‎06-05-2014 02:09 AM - edited ‎03-11-2019 09:17 PM

Maybe it's because it's so late, but I'm confused.  I've got an out of the box ASA 5520 with just a basic config on it - the default mostly, except the Gi0/0 and 0/1 ports are not in shutdown mode.  I've got connection lights, and both the ASA and the switch it's connected to show the links as being up, but I just can't communicate with it.  I can connect to the management port and get into the ASDM.  It is configured for Gi0/1 as the Inside, and it has an IP address assigned.  The switch sees the mac address of the inside interface briefly when the ASA first boots up, but then it ages out and won't show again.  I'm not even worried about the outside connection yet - I haven't assigned an address to it yet as I wanted to just get it hooked up on the inside and start configuring from there.  Any ideas?  I'm at a loss at the moment.

Labels:
Preview file
4 KB
Preview file
5 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP
In response to jlmickens

‎06-05-2014 04:05 AM

It is most probably that one of the trunks between the layer 2 switch and the core switch is not configured to carry VLAN 255.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marius Gunnerud
VIP
VIP

‎06-05-2014 03:35 AM

Out of curiosity, is this a layer 2 or layer 3 switch?  My guess is that the switch does not have a configured IP that it can source the ping from.  It needs an IP within the range that is configured on the ASA.  Have you tried to configure another port in VLAN10 and connect a PC to it and ping from it?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
jlmickens
Level 1
Level 1
In response to Marius Gunnerud

‎06-05-2014 03:39 AM

The switch itself is layer 2.  Layer 3 stuff is done further upstream.  That has an IP on the same VLAN and I can see MAC addresses on the VLAN coming from the upstream switch.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to jlmickens

‎06-05-2014 03:47 AM

From your post it looks like you are trying to ping the ASA from the switch...this will not work as it does not have an IP within the subnet that is configured on the ASA.  Configure an interface in VLAN 255 on the switch, connect a PC to the port and configure that PC with an IP 10.255.255.2 255.255.255.0, for example.  Then try to ping the ASA from the PC.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Go to solution
jlmickens
Level 1
Level 1
In response to Marius Gunnerud

‎06-05-2014 04:02 AM

I tried from the L3 switch that has an IP address on that subnet, but it didn't work either.  I will try with a PC in the local switch, but it should have worked from the L3 switch.  All the links between the switches are trunks and have the VLAN allowed.

 

Edit:  Ok, I just tried the workstation thing.  I can put a workstation on the same switch in the same VLAN/Subnet and can ping the inside interface of the router, but can't ping the core switch that's doing all the layer 3 routing.  So it seems the problem is between the switches someplace.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to jlmickens

‎06-05-2014 04:05 AM

It is most probably that one of the trunks between the layer 2 switch and the core switch is not configured to carry VLAN 255.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
jlmickens
Level 1
Level 1
In response to Marius Gunnerud

‎06-05-2014 04:08 AM

Yep.  I just found it between the L3 core switch and the intermediate switch before the one the ASA is connected to.  I knew it was something stupid.  I just couldn't see it.  Thanks for pointing me in the right direction.  Time to get some sleep, I think.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card