Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
870
Views
0
Helpful
7
Replies

Cisco ASA 9.1(1) Cannot Ping Public Server

Michael Darr
Level 1
Level 1

‎04-28-2015 02:06 PM - edited ‎03-11-2019 10:51 PM

Cisco ASA 9.1(1) I have defined a public server.  Ping from outside fails.  Packet Tracer shows the following:

What is going on here?

Labels:
0 Helpful
7 Replies 7

johnd2310
Level 8
Level 8

‎04-28-2015 06:09 PM

Hi,

It seems Packet Tracer is showing the IP as on Inside-Test interface. Is the routing configured correctly?

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to johnd2310

‎04-28-2015 11:47 PM

Hi,

I think the routing is correct.

It is a RPF drop. If you check the 1st NAT phase , that NAT statement seems to be different than the one in the displayed section.

This is the reason for this drop.

I would request you to send me the NAT configuration and the complete trace output.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Michael Darr
Level 1
Level 1
In response to Vibhor Amrodia

‎05-01-2015 07:57 AM

Thank you for responding, Vibhor:  Here are the pertinent NAT statements in my running configuration:

object network Grede-Test-Server
host xx.xx.xx.xx (Public IP Address)
description Grede Test Server Menocon

object network Grede-Test-Server-Private
host 10.1.104.21
description Grede-Test Server

nat (Inside-Test,Outside) source static Grede-Test-Server-Private Grede-Test-Server

Cheers,

M.

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Michael Darr

‎05-01-2015 07:24 PM

Hi,

Thank you for updating the NAT statement. I would request you to still update me with the Complete Packet Tracer as this is a NAT misconfiguration causing this issue.

I think there might be another NAT configured which is causing this issue on the ASA device.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Michael Darr
Level 1
Level 1
In response to Vibhor Amrodia

‎05-04-2015 01:45 PM

I have attached the response.

Preview file
278 KB
0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Michael Darr

‎05-04-2015 11:07 PM

Hi,

The Packet Tracer is incorrect.

You need to use the destination ip in it as the Public IP instead of the Private Ip as you have used.

Correct that and let me know what you get as the output from the tracer.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Michael Darr
Level 1
Level 1
In response to johnd2310

‎05-01-2015 07:14 AM

Hi, John;

That is correct.  It is an isolated test server on an isolated test network.  Does not everyone have one of these for testing firewall configuration?  Thanks for the response.

Cheers,

M.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card