Re: ASA 5520 Firewall configuration Problem

sridharpoola · ‎04-19-2007

I have an ASA 5520 placed between two different networks and have to provide interconnectivity between them. The ASA is placed between two Layer 3 switches. I had configured ASA as below:

interface GigabitEthernet0/0 //(Outside)

nameif Network-2

security-level 0

ip address 10.66.88.100 255.255.255.0

!

interface GigabitEthernet0/1 //(Inside)

nameif Network-1

security-level 100

ip address 10.68.1.7 255.255.255.0

global (Network-2) 1 10.66.0.0 netmask 255.255.0.0

nat (Network-1) 1 10.68.1.0 255.255.255.0 0 0

route Network-2 10.66.1.0 255.255.255.0 10.66.88.200 1

Note:

1.) Say the two different networks are 10.68.1.0 (network A) and 10.66.1.0 (network B)

2.) 10.66.88.200 is the next hop ip address of the layer3 switch at Network-B

I am able to ping all the systems in the two networks from the ASA.

I am unable to ping interface 10.66.88.100 from Network-A and Network B. How to resolve the problem?? Please guide?.

All helpful posts will be rated

Thanks in Advance

Sridhar

Jon Marshall · ‎04-19-2007

Hi

To allow network B to ping the outside interface try adding this to config

asa(config)# icmp permit 10.66.1.0 255.255.255.0 outside

I don't believe that the ASA device allows you to ping an interface that is remote ie.

from the inside you can only ping the inside interface of the ASA,, you cannot ping the outside interface and vice-versa.

HTH

Jon