Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
5
Replies

ASA to inside subnet PING problem

Go to solution
Jon Moots
Level 1
Level 1

‎03-06-2015 09:04 AM - edited ‎03-11-2019 10:36 PM

I have another question for the group.

I just received an ASA 5500-X device and am in the process of giving it an initial config. I set up the inside interface only with the ip 192.168.1.1 /24. I have a workstation on the same subnet with IP address 192.168.1.10/24 and it can ping it fine and even use ssh to get into it. 

Here is my problem: I am trying to setup the syslog and tftp server on the internal subnet on the workstation mentioned above, I can get into the ASA from the workstation just fine and can even ping it, but I cannot get a ping reply or TFTP reply from the ASA to the workstation. I can only get time-out error's or access denied error. 

I have allowed an access-list to allow icmp, I have added syslog ip address, everything works from the workstation to the ASA but not in reverse..... I don't know what else to try...

 

Jon.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Jon Moots

‎03-06-2015 10:00 AM

Okay, so the issue is the ASA cannot ping the workstation and not the other way round ?

Can you check on the workstation whether there is a firewall or anti virus that may also be running a firewall ?

Jon

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-06-2015 09:26 AM

Jon

On the ASA, unlike IOS, acls only control traffic through the ASA not to the ASA.

If you want to allow ping to the ASA -

icmp permit any inside

or specifically for your workstation -

icmp permit host 192.168.1.0 inside

Jon

0 Helpful

Go to solution
Jon Moots
Level 1
Level 1
In response to Jon Marshall

‎03-06-2015 09:52 AM

Jon,

 I created the ACL as  a troubleshooting measure, not as a general rule. What I cannot figure out is that I cannot ping anything from the ASA internal interface to anything on the internal subnet.

I have an syslog/tftp server on the same subnet and I cannot get the ASA to talk to it, however the server can ping the internal interface with no problems and get to it via ssh. The internal int on the ASA should be able to see and respond to anything that is direct connected to it, but is not.

That is what I am trying to figure out and am at a loss...

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Jon Moots

‎03-06-2015 10:00 AM

Okay, so the issue is the ASA cannot ping the workstation and not the other way round ?

Can you check on the workstation whether there is a firewall or anti virus that may also be running a firewall ?

Jon

0 Helpful

Go to solution
Jon Moots
Level 1
Level 1
In response to Jon Marshall

‎03-06-2015 10:03 AM

It was the anti-virus.

Will  properly punish myself later...:)

 

Thanks.

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Jon Moots

‎03-06-2015 02:08 PM

Will  properly punish myself later...:)

:-)

It's bad enough with just one firewall :-)

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card