Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1237
Views
5
Helpful
3
Replies

Why is Source IP iOutside interface IP of ASA5505

CiscoPurpleBelt
Level 6
Level 6

‎03-19-2019 05:54 PM

So I am looking at logs on my ASA5505 in my lab and noticed when doing pings from a host on the Outside interface, the source IP in Real-time log viewer is the Outside interface and not host machine - see attached.

 

Also, I don't see pings on the logs when they are successful only when the are denied is this normal?

Labels:
Preview file
10 KB
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎03-19-2019 06:07 PM

Hi,
Do you have nat configured?
If you run "debug icmp trace" on the ASA you will be able to see the output of the ping and also the nat translation taking place.

HTH

CiscoPurpleBelt
Level 6
Level 6
In response to Rob Ingram

‎03-19-2019 07:01 PM - edited ‎03-19-2019 07:36 PM

No that is the weird thing.

ASA# sh nat
ASA#

Also, I am trying to allow internal hosts to the net. It works if I just allow all IP suite, but when just doing http, https, and DNS it doesn't work, logs keep saying the Outside interface denies it on port 53. 

Preview file
57 KB
0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni
In response to CiscoPurpleBelt

‎03-20-2019 01:05 AM

Bluebelt. So you have an access list into your internal interface permitting any from your internal lan. But when you make it morr granular and permit only http it stops working? Can you share config after sanatising. Cheers

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card