Showing results for 
Search instead for 
Did you mean: 


Cisco ASA Integration with Unifi Security Gateway

Dear All,


I'm trying to add Unifi Security Gateway to a Cisco ASA that is already configured, I want to have ASA as a second layer of security since the licenses of the URL filtering and malware protection have expired, so I want to add Unifi Security Gateway and have ASA as a second layer of security. 

I have a Cisco Coreswitch that has the ASA as its default gateway, and the default gateway of the ASA is the Unifi Security Gateway. Cisco Coreswitch is connected to port 2 of the ASA where as port 3 of the ASA is connected to the USG. I'm able to ping from the coreswitch to port 2 since they're directly connected whereas I can't ping port 3 on the ASA which is connected to the USG.

I gave Cisco Coreswitch Port an IP of and the Cisco ASA port 3, on the ASA I gave port 3 an IP of and on the USG port an IP of

I'm not having connection from the ASA to the USG. Coreswitch can only see port 2 on the ASA.

What could be the problem? 

Thanks in advance!

Rob Ingram
VIP Expert

@AhmadZ are you pinging the ASA's interface 3 from the core switch? If so you cannot be connected to one ASA interface and ping through the ASA to the ASA's far interface, that is by design.


If you cannot ping the USG you either need to configure inbound ACL on the outside ASA interface or run the command fixup protocol icmp to inspect icmp traffic.

Yes, I'm trying to ping ASA interface 3 (which is connected to USG) from the coreswitch.

what I need is to have traffic between coreswitch and USG, because I'm not able to access internet on the coreswitch through USG where my IPS are connected to the USG.

@AhmadZ The USG possibly won't know about the local networks behind the ASA, so you may need routes on the USG or just NAT behind the ASA.

@Rob Ingram I've done static routes on the USG, but still same issue

Recognize Your Peers
Content for Community-Ad