01-27-2010 04:51 AM - edited 03-11-2019 10:02 AM
I have the following network as shown. I seem to have some problems configuring routes for the ASA 5510.
I need hosts on 194.1.10.0/24 network (HEADQUATER) to be able to ping the hosts on 194.1.20.0/24 (BRANCH). But hosts on the headquater network can only ping the outside interface of the ASA firewall (200.200.200.2). The hosts on HQ network are not able to ping the inside interface or the host on the branch network.
This is my firewall route configuration
Outside:
network: 194.1.10.0 next-hop: 200.200.200.1
network: 194.1.30.0 next-hop: 200.200.200.1
How to fix this problem? Thanks in advance
01-27-2010 05:22 AM
Hi
by design you cant ping the inside interface coming in from the outside.
please post your config of the ASA - it could be your ACL's blocking echo-replies
the route on the ASA looks good but do need to the see the config of the ASA
thanks
01-27-2010 06:23 AM
On the ASA try adding "inspect icmp" and see if that helps.
-KS
01-27-2010 07:56 PM
kusankar wrote:
On the ASA try adding "inspect icmp" and see if that helps.
-KS
its not really a acl problem, i have allowed all incoming and outgoing IP traffic on both interfaces. Its more like routing problem
I have a route (to my HEADQUATER network) on my OUTSIDE interface. But i dont have this route on my INSIDE interface. Which is why the echo-reply packets cannot find a way back when i ping the inside interface.
But if i try adding a route to the inside interface....the asa says a route with the same gateway already exists
Why is this so?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide