Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
3
Replies

ASA5510 - Multiple Outside Interfaces

Saman Shamim
Level 1
Level 1

‎12-05-2013 10:58 AM - edited ‎03-11-2019 08:13 PM

Hi,

We have added our second WAN circuit into the ASA. However, I can't ping the new gateway or the test destination from the ASA. No ARP entry on the new interface. Is this a licensing/version issue or I'm missing something?

Version 7.0(8)

This platform has a Base license

interface Ethernet0/1

nameif outside-new

security-level 0

ip address X.X.X.178 255.255.255.240

route outside-new 4.2.2.2 255.255.255.255 X.X.X.177

ping outside-new X.X.X.177

Sending 5, 100-byte ICMP Echos to 200.162.131.177, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

ping outside-new 4.2.2.2

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

sh route

S    0.0.0.0 0.0.0.0 [1/0] via 189.108.X.X, outside

S    4.2.2.2 255.255.255.255 [1/0] via X.X.X.177, outside-new

S    X.X.X.X inside

C    X.X.X.X 255.255.255.0 is directly connected, inside

C    189.108.X.X 255.255.255.248 is directly connected, outside

C    X.X.X.176 255.255.255.240 is directly connected, outside-new

sh arp

        outside X.X.X.X 001b.d5f0.64ba 53

        inside X.X.X.X 0006.f68b.7dc4 8584

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎12-05-2013 11:03 AM

If you can't even ping your directly connected gateway, then I would look first into physical connectivity.

And you really should update the software. 7.0(8) is not only old, it's already smelling strange ...

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni

‎12-05-2013 11:03 AM

Hi,

I don't think its a problem related to licensing at all.

Not seeing any ARP behind the new interface is a clear problem.

I would double check that the new public subnet on the new interface is correct. I would also confirm that the gateway IP address is correct. Since if its not then naturally you wont see anything in the ARP.

So the first thing would be to confirm the section between this new interface and the actual ISP gateway for that interface.

- Jouni

0 Helpful

Saman Shamim
Level 1
Level 1

‎12-05-2013 11:49 AM

Thanks guys.

I have a feeling that the ASA is not connected to the right port on the provider router. That could happen when your provider is in Amsterdam and your remote office is in Sao Paulo and you are managing the turn up from California. Just wanted to make sure no special configuration is needed on the ASA before dispatching another tech.

P.S: Yeah we should upgrade it for sure. It doesn't even support Packet-Trace command :-|

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card