Unable to Ping Default Gateway on one ASA

We have two ASA5510s, each with outside interfaces to the same two ISPs (different IP addresses within the same subnet, of course). Both ASAs allow ICMP on all (inside and outside) interfaces. One ASA's default route is to ISP-1 and the other is to ISP-2. We can ping the default gateways for both ISPs from only one ASA. From the other ASA, we can only ping the default gateway for the default route but not the other. The pings originate from an inside client, first configured with the default gateway for ASA-1, then for ASA-2. Why does this happen, how do I troubleshoot something like this and how do I fix it? Thanx!

Shrikant Sundaresh
Cisco Employee
Cisco Employee

Hi Wolf,

I think you might need to clear the ARP table on the switch and PC.

You can check if the ping request for the non-pingable ip is even reaching the ASA (current def g/w) by running captures on that interface, or running the "debug icmp trace 1" command ("un all" to stop).

If the ping request is not reaching the correct ASA, i would suggest checking ARP values.

Also, if you could elaborate a bit more on the topology, with ip subnets and all, it would give more insight into where the problem may lie.


