Solved: Hello; - Page 3

j_j624001 · ‎07-03-2016

Having a few problems with my outside vlan 5 and inside vlan 10; my outside vlan are all pingable; but when i try to ping from the or switch my inside vlan10 gateway its unpingable to inside gateway. I have two route setup on the ASA5510 firewall; one for my outside network default 0.0.0.0 0.0.0.0 Outside and i have another to allow my internal vlans to reach the outside network 10.0.0.0 255.0.0.0 Outside. I don't what else can be blocking ping access to my internal gateway; all of my acl are allowing traffic. Does any else have this problem where your outside network are pingable but your internal network is not pingable to the gateway; Could it be a switch port on the switch or could it be the router ??

Please if any have some suggestions feel free

thanks

Francesco Molino · ‎07-09-2016

What you're trying to do?

Did you add the outside network to your nat config?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

j_j624001 · ‎07-09-2016

I just wanna make sure everyone can ping each other especially google servers; and the firewall is the only one that can't ping 8.8.8.8; yes i did a route on my router

ip route 10.10.0.0 255.255.0.0 10.85.85.2

Im getting alot of traffic from IN and out network see screen shot

Francesco Molino · ‎07-09-2016

On ASA you authorize wan network to reach your wan network in icmp. You should say any to out-network

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

j_j624001 · ‎07-10-2016

Ok; i was able to change it and im still seeing hits off the outside network; but i think im done with the fw; im seeing traffic In and Out; I'm just messing with the ACL to restrict certain packets coming In and Out. The only thing i can't understand is why the Fw can't ping 8.8.8.8 from the In or out network; but other than that im think good

Francesco Molino · ‎07-10-2016

The firewall doesn't work like a router where you can source your packet. However if you type ping 8.8.8.8 it knows how to go outside and it should works. When you do so, do you see any packet on router, any nat?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

j_j624001 · ‎07-10-2016

Hello;

No i don't see any packets on router using NAT; and also on the Firewall the only thing i see in the logs is see screen shot; source ip is 10.85.85.2

Francesco Molino · ‎07-10-2016

Could you drop your router config?

could you do a debug ip packet on the router to see if you see packets?

maybe a packet-capture on asa would help as well.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

j_j624001 · ‎07-10-2016

Hello;

This is what im seeing when i run packet tracker from the outside network; see screen shot; also a screen shot of current acl

Thanks

Outside Vlan & inside Vlan ASA5510