cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2328
Views
0
Helpful
7
Replies

My PCs can't ping firewall's inside interface

tinhnho123
Level 2
Level 2

Hi Everyone. 

 

I've been trying to setup a simple network which has 1 firewall, 1 switch and 2 PCs. Please see the attachment for the topology. 

My goal is that I want my PCs can ping 8.8.8.8 of the 'internet' switch (from my attachment). But  for now, they can't even ping 10.10.10.1 (firewall's inside interface) while these PCs can ping VLAN 10 ( 172.16.1.1) and vlan 20 ( 192.168.10.1) as well as 10.10.10.2. Any thoughts why these PCs can't ping the inside interface of firewall? Thanks alot.

 

Capture.PNG

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

Add below config in ASA 

 

#icmp permit any inside

 

From SW3 are you able to ping to 10.10.10.1 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balagi,

 

Before add this command #icmp permit any inside, Yes, i could ping 10.10.10.1

Just now i tested your config in my lab (eve-ng) all works as expected, here is the results.

 

Basic Confg : ASA 

 

interface Ethernet0
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.252
!
route inside 172.16.1.0 255.255.255.0 10.10.10.2 1

Switch Config :

===========

!
interface Ethernet0/0
no switchport
ip address 10.10.10.2 255.255.255.252
!
interface Ethernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast edge
!
interface Ethernet0/2
switchport access vlan 20
switchport mode access
spanning-tree portfast edge
!
interface Ethernet0/3
!
interface Vlan10
ip address 172.16.1.1 255.255.255.0
!
interface Vlan20
ip address 192.168.10.1 255.255.255.0
!
ip forward-protocol nd
!
no ip http server
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1

 

VPC

===

 

 

VPCS> ip 172.16.1.10/24 172.16.1.1
Checking for duplicate address...
PC1 : 172.16.1.10 255.255.255.0 gateway 172.16.1.1

VPCS> ping 10.10.10.2

10.10.10.2 icmp_seq=1 timeout
84 bytes from 10.10.10.2 icmp_seq=2 ttl=255 time=0.659 ms
84 bytes from 10.10.10.2 icmp_seq=3 ttl=255 time=0.566 ms
84 bytes from 10.10.10.2 icmp_seq=4 ttl=255 time=0.678 ms
84 bytes from 10.10.10.2 icmp_seq=5 ttl=255 time=0.604 ms

VPCS> ping 10.10.10.1

84 bytes from 10.10.10.1 icmp_seq=1 ttl=254 time=5.260 ms
84 bytes from 10.10.10.1 icmp_seq=2 ttl=254 time=1.493 ms
84 bytes from 10.10.10.1 icmp_seq=3 ttl=254 time=1.569 ms
84 bytes from 10.10.10.1 icmp_seq=4 ttl=254 time=1.709 ms
84 bytes from 10.10.10.1 icmp_seq=5 ttl=254 time=1.590 ms

VPCS> ping 172.16.1.1

84 bytes from 172.16.1.1 icmp_seq=1 ttl=255 time=0.384 ms
84 bytes from 172.16.1.1 icmp_seq=2 ttl=255 time=1.521 ms
84 bytes from 172.16.1.1 icmp_seq=3 ttl=255 time=0.657 ms
84 bytes from 172.16.1.1 icmp_seq=4 ttl=255 time=0.562 ms
84 bytes from 172.16.1.1 icmp_seq=5 ttl=255 time=0.704 ms

 

Suggest to save all config, restart the node and test it.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

It was the sw issue, saved the config and rebooted fix the problem. Thanks.

Glad it working, if this is resolved, kindly make it as resolved. so it will be usefull for other community members.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

Try this config on the ASA:

!
object VLAN10
  subnet 172.16.1.0 255.255.255.0
  nat (inside,outside) dynamic interface
!
object VLAN10
  subnet 192.168.10.0 255.255.255.0
  nat (inside,outside) dynamic interface
!
icmp permit any inside
!
policy-map global_policy
 class inspection_default
   inspect icmp
!

 

cheers,

Seb.

 

Hi Seb,

I've just tried your config and the PCs still can't ping firewall's inside interface. I still can ping the 10.10.10.2 just fine.

PC1> ping 10.10.10.1

10.10.10.1 icmp_seq=1 timeout
10.10.10.1 icmp_seq=2 timeout
10.10.10.1 icmp_seq=3 timeout
10.10.10.1 icmp_seq=4 timeout
10.10.10.1 icmp_seq=5 timeout

PC1> ping 10.10.10.2

84 bytes from 10.10.10.2 icmp_seq=1 ttl=255 time=0.388 ms
84 bytes from 10.10.10.2 icmp_seq=2 ttl=255 time=0.336 ms
84 bytes from 10.10.10.2 icmp_seq=3 ttl=255 time=0.366 ms
84 bytes from 10.10.10.2 icmp_seq=4 ttl=255 time=0.326 ms
84 bytes from 10.10.10.2 icmp_seq=5 ttl=255 time=0.351 ms

VPCS>
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: