Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1396
Views
0
Helpful
8
Replies

ASA acting as default gateway but cannot ping devices on the far end

Alfred
Level 1
Level 1

‎09-27-2012 10:55 AM - edited ‎03-11-2019 05:00 PM

I have 2 x ASA acting as default gateways the two can ping each other but when i tried to ping the far end devices like servers from one of the ASA it does not ping.

dc3-fw1# ping 192.168.98.13

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.98.13, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

dc3-fw1#

Labels:
0 Helpful
8 Replies 8

Harish Balakrishnan
Spotlight
Spotlight

‎09-27-2012 11:26 AM

Hello Alfred,

How is the server connected to the ASA and are they in same subnet ( ASA and the servers) Could you post the configuraton and give some lights about the scenario as well

regards

Harish.

0 Helpful

Alfred
Level 1
Level 1

‎09-27-2012 12:00 PM

Thanks Hamis

Fw2 cannot ping servers beyound the FW 1 please note these two acts as gateway.An answer will be appreciated.once again thanks

135805-cisco FW 2.txt.zip
0 Helpful

Harish Balakrishnan
Spotlight
Spotlight
In response to Alfred

‎09-27-2012 12:22 PM

Hello Alfred,

Looks like you do not have permission on FW1 for allowing the communication from FW1

please add the following lines on FW1

access-list x-connect-in extended permit icmp host 192.168.95.1 host 192.168.98.13

access-group x-connect-in in interface x-connect

now try to ping the server 192.168.98.13 from your FW2 and let me know

regards

Harish

0 Helpful

Alfred
Level 1
Level 1
In response to Harish Balakrishnan

‎09-27-2012 12:53 PM

Harish

|From the visio,If i am logged in FW1 and try to ping any servers in FW2 e.g 192.168.98.13 this will never work.note these FW act as Default gateway Once again thanks

Alf

0 Helpful

Harish Balakrishnan
Spotlight
Spotlight
In response to Alfred

‎09-27-2012 01:07 PM

Hello Alf,,

you configuration file name and visio name is toggled.. ok

so the above mentioned command has to be entered in visio fw2

access-list x-connect-in extended permit icmp host 192.168.95.1 host 192.168.98.13

access-group x-connect-in in interface x-connect

regards

Harish

0 Helpful

Alfred
Level 1
Level 1
In response to Harish Balakrishnan

‎09-27-2012 01:31 PM

Harish,

Now FW1 is on the other side of FW2 if i ping any device in FW2 as stated all is fine as stated below.If i ping from FW1 then no responce

-fw-2(config)# ping 192.168.98.13

Sending 5, 100-byte ICMP Echos to 192.168.98.13, timeout is 2 seconds:

!!!!!

-fw1# ping 192.168.98.13

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.98.13, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

dc3-fw1#

The problem is FW1 pinging any servers in FW2 ,Hope i am now cleared

Once again thank very much.

Alf

0 Helpful

Alfred
Level 1
Level 1
In response to Alfred

‎09-28-2012 01:14 AM

Hello Everyone,

Can somebody help me ..i need this sorted out urgently.

Thanks

Alf

0 Helpful

Alfred
Level 1
Level 1
In response to Alfred

‎09-30-2012 01:41 PM

Hello

Any help on this??

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card