cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5470
Views
10
Helpful
8
Replies

asa 5510 port channel

miket
Contributor
Contributor

I have a ASA 5510, the inside addresses go to a 3750 as a channel group two interfaces on the asa are used. The channel group is setup  as a trunk. I can ping the address from the  direct connected switch connected switch however from another switch on hop away I cannot. I can ping the the ASA port channels...I can ping the default gateway..

The code on the asa is 8.x

Hope all this makes sense                  

1 Accepted Solution

Accepted Solutions

Hello,

It does... Thanks for the explanation

Now if you are behind the inside interface you should be able to ping it.

Can you share the show run icmp

Also do the following on the ASA

cap capin interface inside match icmp any host 172.17.120.254

cap asp type asp-drop all circular-buffer

Then try to ping the ASA inside interface and provide me:

show cap capin

show cap asp | include 172.17.120.254

Regards,

We are here to help, Remember to rate all the post that help ( If you do not know how to rate a post, just let me know, I will let you know how )

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

8 Replies 8

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

Miket, Okay code version is 8.what?

Also so from a hop away switch  from the ASA you cannot ping what?

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

I should have been clearer,. I cannot ping the insode interface.. So the ASA inside is 172.17.120.254, the vlan is on a 3750 with vlan interface 172.17.120.1.       

the switch that i cant ping from is trunked to the first switch;  I can ping the vlan interface which is 172.17.120.1 , but I cannot ping the .254 which is the ASA.

any other device in the 172.17.120.x subnet is pingable but this darn ASA.

So the asa inside interface should be pingable or am I wrong. I will get you the code level I think it is 8.5

thanks hope this makes sense it has been a long day

Hello,

It does... Thanks for the explanation

Now if you are behind the inside interface you should be able to ping it.

Can you share the show run icmp

Also do the following on the ASA

cap capin interface inside match icmp any host 172.17.120.254

cap asp type asp-drop all circular-buffer

Then try to ping the ASA inside interface and provide me:

show cap capin

show cap asp | include 172.17.120.254

Regards,

We are here to help, Remember to rate all the post that help ( If you do not know how to rate a post, just let me know, I will let you know how )

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Julio, found it.. I added a static route for the inside interace and sliiped a number  deleted and added correct route and all is okay.  finger checks when you are tired.. I also thing I may not have applied after I changed it,

Awesome help from you Thanks you

Tell me where to rate and I will

Hello,

Great to hear that I could help

To rate a post go over any of the responses and select the fiver starts at the bottom of each post

Hope you have a great day

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hope that worked with stars

Hello Mike,

It did, thanks

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: