Solved: Re: Unable to ping from ASA to directly connected switch

mahesh18 · ‎12-14-2013

Hi Everyone,

I am working on new setup where switch is directly connected to ASA.

ASA int config

interface GigabitEthernet0/2

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/2.1

description Central_Visitor

vlan 360

nameif CentralVisitor

security-level 50

ip address 192.168.1.3 255.255.255.128

!

interface GigabitEthernet0/2.2

vlan 2

nameif MGMT

security-level 90

ip address 10.31.2.3 255.255.255.240

interface GigabitEthernet0/2

no nameif

no security-level

no ip address

!

Switch has vlan 2 as management vlan and has default gateway to ASA IP 10.31.2.3.

all inetrfaces are up up at both devices.

from switch i am unable to ping its default gateway which is ASA IP 10.31.2.3.

Regards

Mahesh

Julio Carvajal · ‎12-14-2013

Hello Mahesh,

Can you share the interface configuration from the SWITCH (SVI and Trunk to the ASA)?

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎12-16-2013

Hello Mahesh,

Excellent sometimes we just need to look twice to see those kind of things

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎12-14-2013

Hello Mahesh,

Can you share the interface configuration from the SWITCH (SVI and Trunk to the ASA)?

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎12-15-2013

Hi Julio,

Seems no switch port is configured as trunk.

h run int gigabitEthernet 0/1
Building configuration...

Current configuration : 110 bytes
!
interface GigabitEthernet0/1
switchport access vlan 2
switchport mode access

Regards

Mahesh

vishaw jasrotia · ‎12-15-2013

Had you creat the SVI on the swith for the VLAN 2 .. if not then do the follwoing steps :

int vlan 2

ip add 10.31.2.X X.X.X.X

then start the ping.

mahesh18 · ‎12-16-2013

Hi Julio,

Switch side was set to access port and thats the reason port was showing up up on both ends.

But switch port was not learning mac address from Firewall mode.

I changed switch port to trunk and ping works fine now.

Regards

Mahesh

Julio Carvajal · ‎12-16-2013

Hello Mahesh,

Excellent sometimes we just need to look twice to see those kind of things

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

grlsdmsugr · ‎01-22-2019

I have my port already set to trunk but still can't ping.

Sheraz.Salim · ‎01-22-2019

so your ASA is connected to switch port which is setup as trunk?

in that case here is the tamplete

!

ASA

!

interface gig1/0

no shut

!

interface gig1/0.5

vlan 5

name if inside

ip address x.x.x.x

!

SWITCH

!

vlan 5

!

interface vlan 5

ip address x.x.x.x.x 255.255.255.0

no shut

!

interface gig1/0/1

description link to firewall

switchport trun enq dot1q

switchport mode trunk

no shut

!

please do not forget to rate.