cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

523
Views
0
Helpful
0
Replies
Gerard Roy
Explorer

ASA - No ping response and does not show blocked

When pinging Gateway IP of ASA from computer on inside. It is doing Hide Nat (Pat) btw, IP is 192.168.1.110. It gets a response.

I try the same ping with the IP on PC using a static Nat I created but it never responds to the ping. I am using ip 192.168.1.109. The logs do not show it being dropped. What am I doing wrong? You can see objects and nat below

 

Denver-ASA5506-X# term page 0
ASA Version 9.8(2)
!
hostname Denver-ASA5506-X
domain-name xxx.xxx
enXXle password xxx
names
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address x.x.159.82 255.255.255.240
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Management1/1
management-only
nameif management
security-level 100
ip address dhcp
!
boot system disk0:/asa982-lfbff-k8.SPA
ftp mode passive
dns server-group DefaultDNS
domain-name xxx.xxx
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network OBJ-NAT-ALL
subnet 192.168.1.0 255.255.255.0
object network VPN-DENVER
subnet 192.168.1.0 255.255.255.0
object network dmz-xxx-prod
subnet 10.1.1.0 255.255.255.0
object network inside-xxx-prod
subnet 192.168.50.0 255.255.255.0
object network XX1
host 192.168.1.101
object network XX1-out
host x.x.159.84
object network XX3
host 192.168.1.103
object network XX3-out
host x.x.159.86
object network XX4
host 192.168.1.104
object network XX4-out
host x.x.159.87
object network XX9
host 192.168.1.109
object network XX9-out
host x.x.159.133
object network DENVER-WAN
subnet x.x.159.80 255.255.255.240
object-group network VPN-xxx-PROD
description Subnets to get to inside and DMZ in PROD
network-object object dmz-xxx-prod
network-object object inside-xxx-prod
object-group network RDPServers
description All xxxxxxx RDP servers
network-object object XX1
network-object object XX3
network-object object XX4
network-object object XX9
access-list outside_access_in extended permit ip any any
access-list outside_access_in_1 extended permit icmp object DENVER-WAN object DENVER-WAN
icmp unreachable rate-limit 1 burst-size 1
icmp permit host 191.198 outside
icmp permit 174.46.237.224 255.255.255.224 outside
icmp permit 65.203.136.0 255.255.255.0 outside
icmp permit x.x.159.80 255.255.255.240 outside
icmp permit 192.168.1.0 255.255.255.0 inside
icmp permit 192.168.86.0 255.255.255.0 management
asdm image disk0:/asdm-781-150.bin
!
object network OBJ-NAT-ALL
nat (inside,outside) dynamic interface
object network XX1
nat (inside,outside) static XX1-out
object network XX3
nat (inside,outside) static XX3-out
object network XX4
nat (inside,outside) static XX4-out
object network XX9
nat (inside,outside) static XX9-out
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.159.81 1
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enXXle
http 192.168.86.0 255.255.255.0 management
http x.x.159.80 255.255.255.240 outside
http 192.168.1.0 255.255.255.0 inside
http x.x.191.198 255.255.255.255 outside
http x.x.237.224 255.255.255.224 outside
management-access management
!
: end

 

0 REPLIES 0
Content for Community-Ad