cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

921
Views
5
Helpful
6
Replies
Highlighted
Beginner

Unable to ping internet and outside interface from my inside network using ASAv

I am having a problem pinging the outside interface from my inside network. I have already performed the static routing from which all routes will be able to access the internet, from ASAv I am able to ping the outside network but from my inside network, I was not able to ping and access the web but I am able to ping the inside interface of the ASAv. I am not really sure where the problem is.

ASAv

ciscoasa(config)# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 30/34/40 ms

Core switch

CoreSwitch#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CoreSwitch#ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

 

CoreSwitch#ping 10.10.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
CoreSwitch#

 

I have attached the topology, the running config of the ASAv and the routing table for reference

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

you must be missing a default route on the core swithcn

please do not forget to rate.

View solution in original post

6 REPLIES 6
Highlighted
VIP Mentor

Hi,
You won't be able to ping the ASA's outside interface (10.10.10.10) when you are connected to a device on the inside interface of the ASA. That is by design.

You will need a NAT rule, to NAT traffic sourced from the inside interface destined to the outside interface. Remove your existing NAT rule. Try this:-

no nat (outside,inside) source dynamic any interface
nat (inside,outside) after-auto source dynamic any interface

HTH
Highlighted

Thanks for the reply, I tried this one out but unfortunately, I am still not able to ping to the outside network

CoreSwitch#ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CoreSwitch#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CoreSwitch#
Highlighted

As already stated you cannot ping the ASA's outside interface (10.10.10.10) when you are connect to network on the inside interface.

Provide the output of "show nat detail" to confirm whether the NAT rules are being hit.
Run packet-tracer from the CLI and provide the output
Highlighted

you must be missing a default route on the core swithcn

please do not forget to rate.

View solution in original post

Highlighted

Thanks for this one Salim!
Highlighted
VIP Advocate

In order for core switch to reach google address you need NAT in place.

!

object network INSIDE

 subnet 10.10.200.0 255.255.255.0

 nat (inside,outside) interface dynamic

!

 

now why you trying to ping the outside interface of ASA (10.10.10.10) from the core. the ASA by default will not going to respond this ping.

why dont you ping 10.10.10.x

please do not forget to rate.
Content for Community-Ad