Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9211
Views
0
Helpful
5
Replies

Can't ping ASA 5510 inside interface

Go to solution
bc4switch
Level 1
Level 1

‎04-14-2013 07:14 AM - edited ‎03-11-2019 06:28 PM

Hello, everyone,

I  ran into a very strange icmp ping issue that I could not seem to undersatand, hope someone can provide a troubleshooting tip on this. The network has been working fine other than the issue listed below, L2L VPN works

fine and all three data centers can access each other via L2L VPN.


I have three ASA5510: 

     asa10

          Location: datacenter10

          Inside IP: 10.10.10.254

          L2LVPN:  asa10TOasa20, asa10TOasa30

     asa20

          Location: datacenter20

          Inside IP: 10.20.20.254

          L2LVPN:  asa10TOasa20, asa10TOasa30

     asa30

          Location: datacenter30

          Inside IP: 10.30.30.254

          L2LVPN:  asa10TOasa20, asa10TOasa30

Other than, global IP addresses, subnet IP addresses, the run configs are pretty much the same.

Problems:

From network 10.10.10.0, can ping 10.10.10.254, 10.20.20.254

Can't ping 10.30.30.254

From network 10.20.20.0, can ping 10.10.10.254, 10.20.20.254

Can't ping 10.30.30.254

From network 10.30.30.0, can ping 10.20.20.254, 10.30.30.254

Can't ping 10.10.10.254,

Please help by providing your insights or troubleshooting tips. My customer would not allow me to post configs.

Thanks.


Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Simerjeet Singh
Cisco Employee
Cisco Employee

‎04-14-2013 10:14 AM

Assuming that u have the vpn config in place, pls ensure that you have the following configured in the config mode on asa30

man inside

Where "inside" is the name of the interface u r trying to ping.




Sent from Cisco Technical Support Android App

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Paul Preston
Level 1
Level 1

‎04-14-2013 07:22 AM

Hi Bin,

I have spent hours trying to resolve it first time...

In my case the issue was with dynamic nat. When you use object definition for PAT, please use range (excluding ip of the firewall) as opposed to subnet.

Let me know if that helps.

Kind Regards,

--
Paul Preston
Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479
Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL
Tel:  (+44) 0844 809 4335
Fax: (+44) 01732 468 574
Mob: (+44) 077 9509 3450
Web: www.proxar.co.uk
Email: paul.preston@proxar.co.uk

--
Paul Preston
Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479
Unit 1, 205 London Road, Sevenoaks, Kent, TN13 1DW
Tel: +44 203 196 6566
Fax: (+44) 01732 468 574
Mob: (+44) 077 9509 3450
Web: www.proxar.co.uk
Email
0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎04-14-2013 09:41 AM

Hello Bin,

add the route-lookup to the nat statement,

without configs we are blind

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Simerjeet Singh
Cisco Employee
Cisco Employee

‎04-14-2013 10:14 AM

Assuming that u have the vpn config in place, pls ensure that you have the following configured in the config mode on asa30

man inside

Where "inside" is the name of the interface u r trying to ping.




Sent from Cisco Technical Support Android App

0 Helpful

Go to solution
bc4switch
Level 1
Level 1
In response to Simerjeet Singh

‎04-14-2013 05:43 PM

Thanks. "man inside" did work.

But do you have to do this for L2L VPN? I mean is "man inside" a required configuration?

Thanks.

0 Helpful

Go to solution
Simerjeet Singh
Cisco Employee
Cisco Employee

‎04-14-2013 07:34 PM

Bin, it is only required if u have management traffic directed towards interface over the vpn tunnel.

Regards,
Sim.

Please mark resolved questions as "Answered"


Sent from Cisco Technical Support Android App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card