03-13-2014 12:39 PM - edited 03-11-2019 08:56 PM
I have an ASA5510 w/ Security+ that's giving me issues with some static routes. The inside network is 192.168.1.0/24, the inside interface is 192.168.1.3. There is a second router in the network that exists at 192.168.1.180. I need any traffic destined for the subnet 192.168.20.0/24 to go to the 180 gateway. All machines use the asa(192.168.1.3) as their gateway. I have a few routes in the asa:
route inside 10.1.1.0 255.255.255.0 192.168.1.15 1 route inside 10.1.10.0 255.255.255.0 192.168.1.15 1 route inside 192.168.3.0 255.255.255.0 192.168.1.3 1 route inside 192.168.20.0 255.255.255.0 192.168.1.180 1
All machines are able to get on the internet, but none can reach the 20.x network. When I try to ping the 20.x network I get the following error in the logs of the ASA:
Deny inbound icmp src inside:192.X.X.X dst inside:10.X.X.X (type 8, code 0)
I know my routes are programmed into the 192.168.1.180 router correctly, becuase if i set a machine's gateway to be 1.180, i can ping and get to the 20.x network fine. But the ASA is preventing the routes from completing. Any ideas?
03-14-2014 01:20 AM
First off, are you able to reach your hosts on the 20.x network using different protocols, such as RDP, WWW, FTP....etc?
Could you run a packet-tracer, this will give us an idea of what setting on the ASA is dropping the traffic.
packet-tracer input inside tcp <source address> 12345 <destination address> 80 detail
Please remember to rate and select a correct answer
03-14-2014 07:42 AM
03-16-2014 10:02 AM
03-14-2014 02:32 AM
According to you, all machines in your inside network is not able to ping 20.x network when the ASA is the default gateway and works fine if you use the router as the default gateway. Just like Marius said, are you able to reach 20.x using different protocol? If yes and only ICMP that is not working, then it is high likely that your ICMP policy is the cause.
I see that you have a policy map configured for inspecting icmp, but it is applied on the outside interface.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: