Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3625
Views
11
Helpful
4
Replies

Failed to locate egress interface

Go to solution
kostasthedelegate
Level 4
Level 4

‎03-04-2021 05:26 AM

Hello, 

 

I have a network with ASA 5520 and several cisco switches (2960 and 2950).

I had an interface in ASA for the inside network (native VLAN)

I configured two extra subinterfaces with two new VLAN each.

 

I configured the connections to be trunk (ASA-Switch and switch-switch)

 

The thing is that I performed various tests. 

From a PC on the new VLAN I ping another PC on the new VLAN and it does not succeed. 

From a PC on the new VLAN I ping another PC on the existing VLAN and it does not succeed. 

 

From a PC on the new VLAN I ping the FW on the new VLAN and it succeeds.

From the FW I cannot ping the PC on the new VLAN.

 

In the logs I get the  Failed to locate egress interface, though I have enabled the same security level and the hosts connected on the same interface below the interfaces options. 

 

Any ideas what might be wrong?

 

Thanks and regards, 

Konstantinos

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-04-2021 05:29 AM

Post the show run configuration to understand what is configure also give us information on what is PC IP address?

 

make sure end Device Pc have default FW enabled, disable for testing purpose.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Rob Ingram
VIP
VIP

‎03-04-2021 05:48 AM

@kostasthedelegate 

Do you have same-security-traffic permit inter-interface configured to permit traffic between interfaces with the same security level? This allows traffic flow freely between all same security interfaces without ACLs.

 

If you can ping the ASA from the PC but cannot ping the same PC from the ASA, that might indicate the PC has a local firewall enabled?

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-04-2021 05:29 AM

Post the show run configuration to understand what is configure also give us information on what is PC IP address?

 

make sure end Device Pc have default FW enabled, disable for testing purpose.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Rob Ingram
VIP
VIP

‎03-04-2021 05:48 AM

@kostasthedelegate 

Do you have same-security-traffic permit inter-interface configured to permit traffic between interfaces with the same security level? This allows traffic flow freely between all same security interfaces without ACLs.

 

If you can ping the ASA from the PC but cannot ping the same PC from the ASA, that might indicate the PC has a local firewall enabled?

Go to solution
kostasthedelegate
Level 4
Level 4

‎03-04-2021 09:57 AM

Yes the PC FW was enabled.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to kostasthedelegate

‎03-04-2021 10:22 AM

Disable should be able to work as we expected.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card