10-03-2020 01:06 PM
I have attached a simple setup that I cannot get to work with real equipment. I used packet tracer as more of an illustration to explain the problem but it works in packet tracer. The equipment is not avail in packet tracer so I labeled what I have and the running configs are included. Basically factory ASA 5520 management interface plugged into a factory switch and 1 pc also plugged into the switch. Cannot ping from the ASA to the PC. But I can ping from the PC to the ASA. As a side effect the vlan1 interface on the switch picked up the dhcp assignment and I can ping the switch from the ASA or the PC no problem. I know it is something painfully simple that I am overlooking but I just cannot figure it out. This was a much more complicated setup that I tried and tried to get it to work. Finally I just went as simple as I could to find out the problem and will build on it after I get an answer. I have tried access-lists in and out permitting everything but it just will not work.
10-04-2020 02:22 PM
If you can ping from the PC to the ASA but not the other way round check your PC for a firewall.
Jon
10-05-2020 01:46 PM
If the issue is just pinging the PC from the ASA or switch then this is most probably being blocked by the windows firewall on the PC, as Jon has already mentioned. If you are having issues passing traffic through the ASA between the interfaces then there are a couple things that is the issue here.
1. you are connecting the managment interface, which you are using is configured for management only. This will not allow data traffic to pass through that ASA interface. Only to the box traffic is allowed.
2. you are missing the command same-security-traffic permit inter-interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide