Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
2
Replies

ASA 5540 dropping packets

Brian Green
Level 1
Level 1

‎10-15-2015 07:16 AM - edited ‎03-11-2019 11:45 PM

I have an ASA 5540 that is behaving strangely.  I have two interfaces, both at the same security level - 0.  In the Access Rules there are only two - the implicit deny all and before that I created a simple one to allow all (source:any, destination:any, service:ip & icmp, permit).

 

When I try to ping across it it doesn't work.  Using the Packet Tracer in ADSM it tells me that an implicit rule is dropping an icmp packet from my source to my destination.

 

Any thoughts?  I'm stumped by this!

 

Thanks,

 

Brian

Labels:
0 Helpful
2 Replies 2

Rishabh Seth
Level 7
Level 7

‎10-15-2015 07:24 AM

Hi,

By default traffic between interfaces with same security level is not allowed.

Try the command : 

same-security-traffic permit inter-interface

 

Hope it helps!!!

Thanks,

R.Seth

Mark the answer as correct if it helps in resolving your query!!!

0 Helpful

Brian Green
Level 1
Level 1
In response to Rishabh Seth

‎10-15-2015 08:42 AM

I tried adding that - it didn't seem to work.

 

One other thing I notice - on the device, when I ping an address in the range of the external interface (i.e. not on the other side of a router) I get a ? telling me that it doesn't know how to get there, even though it is inside the same subnet.  Is it possible that this firewall is dead?  Or should I try another interface?

 

Thanks,

 

Brian

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card