cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
789
Views
0
Helpful
3
Replies

ASA5510 - Multiple Outside Interfaces

Saman Shamim
Level 1
Level 1

Hi,

We have added our second WAN circuit into the ASA. However, I can't ping the new gateway or the test destination from the ASA. No ARP entry on the new interface. Is this a licensing/version issue or I'm missing something?

Version 7.0(8)

This platform has a Base license

interface Ethernet0/1

nameif outside-new

security-level 0

ip address X.X.X.178 255.255.255.240

route outside-new 4.2.2.2 255.255.255.255 X.X.X.177

ping outside-new X.X.X.177

Sending 5, 100-byte ICMP Echos to 200.162.131.177, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

ping outside-new 4.2.2.2

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

sh route

S    0.0.0.0 0.0.0.0 [1/0] via 189.108.X.X, outside

S    4.2.2.2 255.255.255.255 [1/0] via X.X.X.177, outside-new

S    X.X.X.X inside

C    X.X.X.X 255.255.255.0 is directly connected, inside

C    189.108.X.X 255.255.255.248 is directly connected, outside

C    X.X.X.176 255.255.255.240 is directly connected, outside-new

sh arp

        outside X.X.X.X 001b.d5f0.64ba 53

        inside X.X.X.X 0006.f68b.7dc4 8584

3 Replies 3

If you can't even ping your directly connected gateway, then I would look first into physical connectivity.

And you really should update the software. 7.0(8) is not only old, it's already smelling strange ...

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

I don't think its a problem related to licensing at all.

Not seeing any ARP behind the new interface is a clear problem.

I would double check that the new public subnet on the new interface is correct. I would also confirm that the gateway IP address is correct. Since if its not then naturally you wont see anything in the ARP.

So the first thing would be to confirm the section between this new interface and the actual ISP gateway for that interface.

- Jouni

Saman Shamim
Level 1
Level 1

Thanks guys.

I have a feeling that the ASA is not connected to the right port on the provider router. That could happen when your provider is in Amsterdam and your remote office is in Sao Paulo and you are managing the turn up from California. Just wanted to make sure no special configuration is needed on the ASA before dispatching another tech.

P.S: Yeah we should upgrade it for sure. It doesn't even support Packet-Trace command :-|

Review Cisco Networking for a $25 gift card