Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
329
Views
0
Helpful
2
Replies

Unable to Ping across L2L

Go to solution
mahesh18
Level 6
Level 6

‎01-07-2014 02:10 PM - edited ‎03-11-2019 08:26 PM

Hi everyone,

Network

PC---------------Switch1 ---ASA  5505 -----------L2L----------------------   ASA5520 -----------Switch 2-----PC

PC connected to Switch 1 can ping the PC IP connected to Switch 2.

PC connected to Switch 2 can not ping the PC IP connected to Switch 1

Also From ASA 5505 i can not ping the IP of PC connected to Switch 2.

There is L2L tunnel betweem two ASA.

Regards

Mahesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-07-2014 02:15 PM

Hi,

You say that PC1 can ping PC2 but not the other way around. This tells us that there is connectivity between the 2 PCs. The ICMP not working the other way might simply mean that the other PCs software firewall is blocking the ICMP

With regards to the ICMP directly from the ASA. I am not sure if this will work. ASA is not a good place to test connectivity through the L2L VPN

If your ASA5505 has an interface called "inside" then you could try this command

ping inside

In other words I want you to send ICMP from the ASA5505 to the host behind the ASA5520.

Without seeing any configurations its hard to tell if there are any configuration related problems.

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-07-2014 02:15 PM

Hi,

You say that PC1 can ping PC2 but not the other way around. This tells us that there is connectivity between the 2 PCs. The ICMP not working the other way might simply mean that the other PCs software firewall is blocking the ICMP

With regards to the ICMP directly from the ASA. I am not sure if this will work. ASA is not a good place to test connectivity through the L2L VPN

If your ASA5505 has an interface called "inside" then you could try this command

ping inside

In other words I want you to send ICMP from the ASA5505 to the host behind the ASA5520.

Without seeing any configurations its hard to tell if there are any configuration related problems.

- Jouni

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Jouni Forss

‎01-07-2014 02:34 PM

Hi Jouni,

Happy New Year Sir

You were spot on.

PC  had firewall enabled by default.

I put another PC and ping worked fine.

Best Regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card