Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
0
Helpful
6
Replies

ASA config - cannot ping through to the internet

admin
Level 1
Level 1

‎01-16-2007 02:05 PM - edited ‎03-11-2019 02:20 AM

I have been looking online and talking with TAC for a solution to this issue for the past couple of days.

I recently have been testing a new ASA 5510 as a replacement for my old PIX 506. The issue that I have is the following:

I have a 3560 switch which is connected to the ASA which is in turn connected to a pair of failover routers managed by my ISP. I am unfortunately unable to ping any public IP addresses from the 3560 on the inside interface of the ASA. I can ping the ASA from the 3560 however. I can also ping public IP addresses from the ASA and I can ping the 3560 from the ASA.

Does anyone know what could be causing this issue, or what part of my config I should be checking to try and troubleshoot this.

Thanks for your help.

Labels:
0 Helpful
6 Replies 6

vijayasankar
Level 4
Level 4

‎01-16-2007 09:10 PM

Hi,

Would it be possible for you to post the config of the firewall ( after removing the sensitive details like public ip..etc..) and the 3560 switch for us to have a look?

-VJ

0 Helpful

admin
Level 1
Level 1
In response to vijayasankar

‎01-17-2007 05:53 AM

Sure, attached is the ASA config and the 3550 config. All secure information has been masked.

Thank you for your help.

Preview file
12 KB
0 Helpful

acomiskey
Level 10
Level 10
In response to admin

‎01-17-2007 06:19 AM

Isn't your acl "Inside_access_in" blocking it? You've only allowed tcp outbound. You can ping inside of asa from 3560 because of icmp permit any inside.

0 Helpful

admin
Level 1
Level 1
In response to acomiskey

‎01-17-2007 06:28 AM

Thank you for pointing that out. I've now fixed that. Certainly this could have been causing the issue, but I won't be able to test it until Saturday.

Anyway, wouldn't this still have allowed http traffic through the firewall since http is a tcp protocol? I was not able to get to any websites either while I was testing.

Maybe there's still something I'm missing and from the looks of it I'm sure it's something really simple.

0 Helpful

acomiskey
Level 10
Level 10
In response to admin

‎01-17-2007 06:29 AM

Are you using external DNS servers?

That would require udp outbound as well.

0 Helpful

admin
Level 1
Level 1
In response to acomiskey

‎01-17-2007 06:36 AM

No, I'm using internal. But this is making sense now as the internal servers are pointing outbound for referals and I couldn't do any dns lookups either.

Thank you for your help. I will test this on Saturday and let you know how it goes.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card