Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
793
Views
0
Helpful
6
Replies

Pinging across 2 ASA 5510's

Go to solution
gamercoar
Level 1
Level 1

‎12-17-2012 08:09 AM - edited ‎03-11-2019 05:38 PM

Hi,

I've tried to read up on Google, etc., about this, but I haven't found a solution. Here's my basic setup:

Computer A:

     IP- 192.168.0.3

     Mask- 255.255.252.0

     Gateway- 192.168.0.2

Computer B:

     IP- 192.168.4.3

     Mask- 255.255.252.0

     Gateway- 192.168.4.1

ASA 5510 #1:

     int e0/0:

          IP- 192.168.0.2

          Mask- 255.255.252.0

     int e0/2:

          IP- 10.0.0.6

          Mask- 255.255.255.252

ASA 5510 #2:

     int e0/1:

          IP- 192.168.4.1

          Mask- 255.255.252.0

     int e0/2:

          IP- 10.0.0.5

          Mask- 255.255.255.252

Now here's my problem.

Computer A can ping Firewall 1 and Firewall 2, but not Computer B.

Computer B can ping Firewall 1 and Firewall 2, but not Computer A.

Firewall 1 can ping Firewall 2, Computer A, and Computer B.

Firewall 2 can ping Firewall 1, Computer A, and Computer B.

Why can't the computers ping each other, but their default gateways can? I've specifically allowed ICMP any any on all the affected interfaces.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to gamercoar

‎12-17-2012 09:14 AM

Hi,

Any TCP service running on the hosts that you could test from each LAN?

Have you checked the "packet-tracer" command output on both firewalls for the attempted connection and seen anything special?

- Jouni

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Muhammed Safwan
Level 1
Level 1

‎12-17-2012 08:18 AM

Can you please post the routes added on both firewall.

With Regards,

Safwan

0 Helpful

Go to solution
gamercoar
Level 1
Level 1
In response to Muhammed Safwan

‎12-17-2012 08:34 AM

ASA 5510 #1

C     10.0.0.4 255.255.255.252 is directly connected, int e0/2

D     192.168.4.0 255.255.252.0 [90/28416] via 10.0.0.5, int e0/2

C     192.168.0.0 255.255.252.0 is directly connected, int e0/0

ASA 5510 #2

C     10.0.0.4 255.255.255.252 is directly connected, int e0/2

C     192.168.4.0 255.255.252.0 is directly connected, int e0/1

D     192.168.0.0 255.255.252.0 [90/30720] via 10.0.0.6, int e0/2

0 Helpful

Go to solution
Muhammed Safwan
Level 1
Level 1
In response to gamercoar

‎12-17-2012 08:49 AM

routes are perfect, better if you can post the show run .

With Regards,

Safwan

0 Helpful

Go to solution
gamercoar
Level 1
Level 1
In response to Muhammed Safwan

‎12-17-2012 09:04 AM

The current loads on the ASAs do not permit me to load them at the moment. They were modeled around our company's current single firewall configuration (ACLs, VPNs, and Certificates), and I don't have time to mask all the private company info right now. For testing, of course, I'm building them in a lab environment and ensuring that services that need to work, well, work.

I should be able to do it by tonight, Central Time US.

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to gamercoar

‎12-17-2012 09:14 AM

Hi,

Any TCP service running on the hosts that you could test from each LAN?

Have you checked the "packet-tracer" command output on both firewalls for the attempted connection and seen anything special?

- Jouni

0 Helpful

Go to solution
gamercoar
Level 1
Level 1
In response to Jouni Forss

‎12-17-2012 10:44 PM

Thanks. This helped me identify missing NAT exemption rules on my interfaces between the firewalls.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card