Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
798
Views
0
Helpful
3
Replies

Cisco ASA connected to P2p and ISP Link

cawaafe79
Level 1
Level 1

‎05-21-2015 06:29 PM - edited ‎03-11-2019 10:58 PM

Hi, We have a customer site and datacentre. On the customer site there is  accesss Switch and ASA firewall, from the firewall we have a ISP link and P2P link connected to Switch on our datacentre.

 

                                                                                             

Inside LAN:                                                            --------------------------ISP

10.80.1.0/24 -------->access Switch--------->ASA

                                                                             ------------10.10.222.0/24 ----------P2P--------Switch datacentre---------Server:10.99.80.1

we want to access the server on datacentre through the P2P line, it is very simple task but the strange thing is we have been having and issue where when Everything is setup we can ping from the server (IP: 10.99.80.1) to a host on the client site (IP: 10.8.1.105) but not from the same host to the server. No ACLs or anything that are blocking traffic from the host behind the firewall to the server in the datacentre. Routing are setup because we can reach the host from the server. Does anyone have any idea what might be a cause for this ?

 

Labels:
0 Helpful
3 Replies 3

nwadiwal123
Level 1
Level 1

‎05-22-2015 10:41 AM

Since your client is sitting on the outside of ASA, you need to explicitly configure Access Control List coming inbound on the outside interface.

You are able to ping the host from the server because you are coming from inside interface and going outside.  It is possible that on your ASA you might be allowing ICMP via ACL or you might be inspecting ICMP traffic from inside to outside only.

 

0 Helpful

cawaafe79
Level 1
Level 1
In response to nwadiwal123

‎05-22-2015 02:58 PM

Thanks for the response, the ASA is on client office and connected to our datacentre through the p2p link. from the ASA the LAN where the client PCs are located is the INSIDE and the P2P has a security level of 50. ACL is apllied on the P2P interface and since we can ping from the Server through the P2P the ACL is permiting traffic from lower to higher sercurity level. The wierd thing is traffic from the inside through the P2P to the server located in the datacentre is not working. We have tested to ping from the ASA (ping p2p 10.99.80.1 , is working and reaching the server on our datacentre but ping INSIDE 10.99.80.1" is not working. Static nat for (inside,p2p) is there to prevent those network from the nat overload.

0 Helpful

rosaho
Level 3
Level 3
In response to cawaafe79

‎07-29-2015 03:16 PM

This discussion has been reposted from Cisco Support Community Olympics Trivia to the Firewalling community.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card