cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3502
Views
0
Helpful
7
Replies

Unable to ping from ASA to directly connected switch

mahesh18
Frequent Contributor
Frequent Contributor

Hi Everyone,

I am working on new setup where switch is directly connected to ASA.

ASA int config

interface GigabitEthernet0/2

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/2.1

description Central_Visitor

vlan 360

nameif CentralVisitor

security-level 50

ip address 192.168.1.3 255.255.255.128

!

interface GigabitEthernet0/2.2

vlan 2

nameif MGMT

security-level 90

ip address 10.31.2.3 255.255.255.240

interface GigabitEthernet0/2

no nameif

no security-level

no ip address

!

Switch has vlan 2 as management vlan and has default gateway to ASA  IP 10.31.2.3.

all inetrfaces are up up at both devices.

from switch i am unable to ping its default gateway which is ASA  IP 10.31.2.3.

Regards

Mahesh

2 Accepted Solutions

Accepted Solutions

Julio Carvajal
Advisor
Advisor

Hello Mahesh,

Can you share the interface configuration from the SWITCH (SVI and Trunk to the ASA)?

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Hello Mahesh,

Excellent sometimes we just need to look twice to see those kind of things

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

7 Replies 7

Julio Carvajal
Advisor
Advisor

Hello Mahesh,

Can you share the interface configuration from the SWITCH (SVI and Trunk to the ASA)?

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi Julio,

Seems no switch port is configured as trunk.

h run int gigabitEthernet 0/1
Building configuration...

Current configuration : 110 bytes
!
interface GigabitEthernet0/1
  switchport access vlan 2
switchport mode access

Regards

Mahesh

Had you creat the SVI on the swith for the VLAN 2 .. if not then do the follwoing steps :

int vlan 2

ip add 10.31.2.X  X.X.X.X

then start the ping.

Hi Julio,

Switch side was set to access port and thats the reason port was showing up up on both ends.

But switch port was not learning mac address from Firewall mode.

I changed switch port to trunk and ping works fine now.

Regards

Mahesh

Hello Mahesh,

Excellent sometimes we just need to look twice to see those kind of things

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

I have my port already set to trunk but still can't ping.

so your ASA is connected to switch port which is setup as trunk?

 

in that case here is the tamplete

!

ASA

!

interface gig1/0

 no shut

!

interface gig1/0.5

 vlan 5

 name if inside

 ip address x.x.x.x

!

SWITCH

!

vlan 5

!

interface vlan 5

 ip address x.x.x.x.x 255.255.255.0

 no shut

!

interface gig1/0/1

 description link to firewall

 switchport trun enq dot1q

 switchport mode trunk

 no shut

!

 

 

please do not forget to rate.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers