Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1505
Views
0
Helpful
2
Replies

Simple LAB ASA Setup

wstanley
Level 1
Level 1

‎04-18-2019 01:13 PM

Hi - I haven't worked with an ASA in a while, thought I'd clear away the cobwebs. I have a simple lab setup, and I'm sure once someone points it out I'll have to smack myself in the head.

 

The lab is virtual (workstation player), consisting of

workstation_1 (local),  asa_1 (local),  wan router, asa_2 (remote) and workstation_2 (remote)

 

The ASA's have a default config, inside being defined as 100, outside as 0, with their default route pointing to the wan router.

 

Test1 - From the asa_1 I can ping both workstation_1, and the WAN router (both sides).

 

Test 2 - However from workstation_1 I can only ping asa_1, I cannot ping the wan router.

 

I've not added any ACL's, just thought that the implied rules based on the security level would be enough. I have a static route on the WAN router pointing to the ASA for workstation_1's  segment.

 

Labels:
Preview file
8 KB
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎04-18-2019 01:37 PM

Hi,
As you are pinging through the ASA the icmp reply is pinging dropped. Use the command "fixup protocol icmp" to inspect icmp or alternatively you could create an ACL inbound on the outside interface permitting icmp echo-reply.

HTH
0 Helpful

wstanley
Level 1
Level 1
In response to Rob Ingram

‎04-18-2019 02:31 PM

Thanks, that fixed the ping issue. I had gone down a weird path, as SSH won't work from workstation_1 to the wan router either, although it works from workstations handing directly off a router segment. And telnet works from workstation_1 to the WAN router, so that's weird as well.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card