Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2645
Views
0
Helpful
4
Replies

Unable to ping gateway from ASA instance

malhotra_suneet
Level 1
Level 1

‎01-24-2020 08:34 AM - edited ‎02-21-2020 09:51 AM

HI have a ASA instance on a Firepower 4420 device.

I have defined Eth1/1 as the management interface with ip address 10.80.80.5 255.255.255.0 and default gateway as 10.80.80.1 

 

config

 

!
interface Ethernet1/1
management-only
nameif management
security-level 0
ip address 10.80.80.5 255.255.255.0
!

route management 0.0.0.0 0.0.0.0 10.80.80.1 1

 

 

========================================

 

Now I connect a PC with IP Address 10.80.80.1 /24 and unable to ping both ways, 

I can see amber light on the port LED on firepower, 

 

although the interface status is up 

 

asa# show int ethernet 1/1
Interface Ethernet1/1 "management", is up, line protocol is up
Hardware is EtherSVI, BW 10000 Mbps, DLY 1000 usec
MAC address 00fd.2270.b67e, MTU 1500
IP address 10.80.80.5, subnet mask 255.255.255.0
Traffic Statistics for "management":
0 packets input, 0 bytes
91 packets output, 2548 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 3 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 3 bytes/sec
5 minute drop rate, 0 pkts/sec
Management-only interface. Blocked 0 through-the-device packets

asa#

 

 

 

Any lead will be great. 

 

 

0 Helpful
4 Replies 4

malhotra_suneet
Level 1
Level 1

‎01-24-2020 08:44 AM

If I remove the cable I still see ASA eth1/1 as up up and that is because it is a logical instance of ASA on physical Firepower box, and interface mapping is being done. The problem still remains,
0 Helpful

malhotra_suneet
Level 1
Level 1
In response to malhotra_suneet

‎01-24-2020 10:47 AM

dug a little bit and found that the fxos is showing interface eth1/1 as down, not sure why


Firepower-4120-Lab-A(fxos)# show interface
Ethernet1/1 is down (Link not connected)
Dedicated Interface
Hardware: 1000/10000 Ethernet, address: 00fd.2270.b65c (bia 00fd.2270.b65c)
Description: U: Uplink
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to malhotra_suneet

‎01-24-2020 11:36 AM

in that case, we need to more information, how is your Cabling connected to switch?

 

post switch config and tell us what port it was connected 

is this port-channel connected Firepower chassis to switch?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-24-2020 08:46 AM

have you configured below lines  to permit ICMP,

 

if not add them and try

 

icmp unreachable rate-limit 1 burst-size 1
icmp permit any management

 

if you required inside interface ping add below line

 

icmp permit any inside

 

test and advise.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card