cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
619
Views
5
Helpful
5
Replies

5506 Traffic not forwrding.

shoegal2008
Level 1
Level 1

Hello,

i have a simple 5506 firewall setup with two interfaces, inside 172.19.0.2/24 and outside 10.10.10.1/24

a partner has their firewall in the outside subnet 10.10.10.100/24

I have one static route to reach my other internal subnets:

route inside 172.19.0.0/16 172.19.0.1

and NAT rules so my traffic to 10.10.10.0/24 is hidden behind the outside interface ip address. for specfic servers i have one-to one NATing.

i can manage the ASDM on a different internal subnet so i know it is routing. the partner can access the servers on my lan without a problem. however when i try to access server 10.10.10.10 (inside to outside) i do not get a reply. i see the reply on the ASDM logs being allowed through the ACL's but when i run a wireshark on my PC there is no traffic reaching my PC.

Any ideas?

5 Replies 5

Hi,

 

I can not understand, why you configured the route 

>route inside 172.19.0.0/16 172.19.0.1

 

If I'm not mistaken 172.19.0.0/24 is the subnet from 172.16.0.0/16. I would be configure the inside with ip 172.19.0.2/16.

Can you show your NAT configuration und write please ip from tests pc.

 

Best regards

Hello, sorry that route was a typo. The firewall is configured with 1 static route is 0.0.0.0 0.0.0.0 172.19.0.1 on the inside

 

the below is my NAT config:

 

nat (Inside,Outside) source static Int_VDI Ext_VDI
nat (Inside,Outside) source static Int_ACS Ext_ACS
!
nat (Inside,Outside) after-auto source dynamic Int_Networks interface

 

Int_VDI 172.19.0.5 , Ext_VDI 10.10.10.5

Int_ACS 172.19.0.6 , Ext_ACS 10.10.10.6

 

Int_Networks 172.19.0.0 255.255.0.0 NATed to outside interface 10.10.10.1

 

Did you add "inspect icmp" in your service policy config?

Yes that is enabled. The partner can ping and access resources from their side but i'm unable to do anything my side. When i try to ping the outside interface of the ASA from the inside i get:

 

Failed to locate egress interface for ICMP from Inside

 

Does this matter?

Hi,

 

can you show me your ACL on inside and outside?

Did you try to use Packet Tracer?

 

Best regard

Review Cisco Networking for a $25 gift card