Hi Shoaib,

shoaibmaqbool8260 · ‎10-30-2015

Hello ,

I am new to ASA's and using ASA 5520 to connect inside network to outside(Internet).But i am unable to ping even my ISP Gateway menas the ASA is not routing any thing outside or may be its blocking the replies from out to in.

MyPC---Switch/vlan200--------ASA5520---------ISP(202.59.74.209)

Did same config in gns3 and there its working perfect

Kindly help me my configuration is under.

Mohammed Ismail Shareef · ‎10-30-2015

Dear Shoeb,

Cloud you also share the config for Switch.

Can you ping your ISP(202.59.74.209) from firewall ?

You can add me to Skype if its urgent : mshareef2833

Regards

@Mohammed

Akshay Rastogi · ‎10-31-2015

Hi Shoaib,

On GNS3 it is working as there is no real time ISP on it.

- I believe that ISP is not replying to ASA pings. Please check 'show arp' output and check if you see arp entry for ISP IP with correct MAC address for ISP modem or router.

Also you could take ARP captures on ASA outside interface :

capture isp ether arp interface outside

show cap isp

Now run ping from ASA for your gateway .209 and see if you receive a reply? This would show if ASA is sending an ARP request and receiving any arp reply (if arp entry is not present in arp table)

You could take captures on ASA outside interface for icmp packets and see if you receive any icmp reply :

capture capout interface outside match icmp any any

show capture capout

If you only see icmp echo request going but no echo reply coming then ISP router or modem is the issue

- for your through traffic, run below command and share the output :

'packet-tracer input inside icmp 192.168.200.37 8 0 4.2.2.2 detail' and share the output.

Please share your findings.

Regards,

Akshay Rastogi

Internet Connectivity and route to outside interface issue 5520