05-20-2015 08:11 AM - edited 03-11-2019 10:58 PM
One of our users reported not being able to reach a hosting site for of their organization's websites - Modwest.com
I can reach it from our external DNS server and from our internet router, but the ASA returns ????? when pinging. There's no ACL blocking their address, and in fact there's nothing in the ASA even close to Modwest's IP. No NAT, no objects, no nothing.
Just as a test, I created ACLs to permit traffic to and from Modwest and added a static route to our outside interface. Still ????? when pinging.
I'm not sure what else to check.
Solved! Go to Solution.
05-20-2015 08:48 AM
Hi,
I don't see any issues trying toi ping this IP.
Do you have any usable Public IP that you can use to NAT a PC behind the ASA device to other than the interface IP and then try to ping the Website. If that works , it means that ASA device interface IP is being blacklisted or blocked on the Web site.
Thanks and Regards,
Vibhor Amrodia
05-20-2015 08:26 AM
Hi,
This is traffic initiated from the ASA device. There will be no configuration on the ASA device that should be blocking the traffic other than the "icmp" command on the ASA device.
Have you tried to verify pinging the IP address for the Web site instead ? Verify the resolved IP address for the Website.
I don't think this might be an issue with the ASA device.
Thanks and Regards,
Vibhor Amrodia
05-20-2015 08:41 AM
Thanks Vibhor.
The ASA also returns ????? when pinging the IP (204.11.247.3) of the site.
Resolved address is correct.
I can ping sites like Google, etc from ASA.
We block no traffic out.
Ping from my desktop -> Core Sw (sends traffic to ASA) -> ASA (cannot ping) -> Internet rtr (can ping)
Like I said, I don't see anything in the ASA that would block it either, but I'm at a loss as to what is doing it, though.
05-20-2015 08:48 AM
Hi,
I don't see any issues trying toi ping this IP.
Do you have any usable Public IP that you can use to NAT a PC behind the ASA device to other than the interface IP and then try to ping the Website. If that works , it means that ASA device interface IP is being blacklisted or blocked on the Web site.
Thanks and Regards,
Vibhor Amrodia
05-20-2015 09:18 AM
Blacklisted!
Should have know. Thanks again Vibhor for pointing me in the right direction!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide