12-09-2013 05:32 AM - edited 03-11-2019 08:14 PM
i have an ASA 5540 that is not connected Via HSRP, however, i am running HSRP in the internal network(S)
i added a DMZ port and switch in order to convert things to the DMZ, however, for debugging and connectivity purposes i made sure ICMP is working between the DMZ and the inside network. i will secure it at a later time.
i have Anti-spoofing on all interfaces enabled
i try to use an ICMP ping, and i get an error about reverse patth checking and the packets are dropped. they are from a source interface that is the
on my sh stand here is my setup
Vlan6 - Group 0
State is Active
7 state changes, last state change 00:15:27
Virtual IP address is 192.168.52.1
Active virtual MAC address is 0000.0c07.ac00
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.492 secs
Preemption enabled
Active router is local
Standby router is 192.168.52.254, priority 100 (expires in 7.945 sec)
Priority 100 (default 100)
Track interface GigabitEthernet1/0/1 state Up decrement 50
IP redundancy name is "hsrp-Vl6-0" (default)
vlan config on core router
interface Vlan6
ip address 192.168.53.254 255.255.254.0
ip access-group 160 out
ip pim sparse-mode
standby ip 192.168.52.1
standby preempt
standby track GigabitEthernet1/0/1 50
i do have the IP address to ping allowed through the DMZ which is 10.20.20.4 on ACL 160
ive been searching, but coming up with nothing. i turn off anti-spoofing on the insdie interface, i dont get errors, but packets do not reach my destination, and i get no ASA logs.
Solved! Go to Solution.
12-17-2013 09:26 AM
Hello Mark,
Kudos to you,
Thanks for posting the solution. Please go ahead and mark the question as answered so future users can learn from this.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
12-09-2013 11:20 AM
Hello Mark,
Make sure if you get a packet on the inside you have a route for this IP/network poiting to the inside, same thing for DMZ.
Can you share a packet tracer result?
packet in source_interface icmp source_IP 8 0 destination_IP
Regards,
Felipe.
Remember to rate useful posts.
12-10-2013 05:21 AM
RPF violation :/
12-17-2013 07:25 AM
i'm an idiot.
this is resolved
looking at my ASA routes i noticed it was not in the route list.
double checked my config on the gateway, missing my subnet wildcard on the nighbor added it and it works fine.
12-17-2013 09:26 AM
Hello Mark,
Kudos to you,
Thanks for posting the solution. Please go ahead and mark the question as answered so future users can learn from this.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: