Solved: Ping subinterface ip on asa 9.4

giovannipetroselli · ‎03-31-2016

Hi to everyone

I've setting up an Asav 9.4 with two subinterfaces gig0.0.20 and gig0.0.30 in vlan 20 and 30 respectively and in the same security level (100) and with the option permit the traffic flows between interfaces with same security level. The ip of the subif are 20.20.20.254 for the vlan 20 and 30.30.30.254 for the vlan 30. I ve also configured also two pc for testing one in vlan 20 and the other one in vlan 30.now the intravlan routing works great so I can ping without any problems from the pc to the another pc address.I can also ping the gateway address of asa in the same vlan. The only issue is that I can't ping the gateway of the other vlan. So from pc1 in vlan 20 I cannot ping the 30.30.30.254 address?

Why the asa doesn't reply to the echo request?

Is there some configuration that I ve missed?

Thanks

Giovanni

Karsten Iwen · ‎03-31-2016

Yes it's by design. But I'm not aware of the reason that it was implemented that way.

View solution in original post

Karsten Iwen · ‎03-31-2016

That's how the ASA works without an option to enable that. You can only reach the interface that is nearest to the PC.

giovannipetroselli · ‎03-31-2016

Hi Karsten,

thanks for your reply! So you mean that is by design this behaviour?

From your perpesctive is there any reason about this behaviour?

Thanks

Karsten Iwen · ‎03-31-2016

Yes it's by design. But I'm not aware of the reason that it was implemented that way.

rgbatucan · ‎09-28-2016

Have you tried to permit the icmp in sub-interface?

icmp permit any (if_name)