cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Unable to ping internet and outside interface from my inside network using ASAv

Amiel
Beginner
Beginner

I am having a problem pinging the outside interface from my inside network. I have already performed the static routing from which all routes will be able to access the internet, from ASAv I am able to ping the outside network but from my inside network, I was not able to ping and access the web but I am able to ping the inside interface of the ASAv. I am not really sure where the problem is.

ASAv

ciscoasa(config)# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 30/34/40 ms

Core switch

CoreSwitch#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CoreSwitch#ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

 

CoreSwitch#ping 10.10.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
CoreSwitch#

 

I have attached the topology, the running config of the ASAv and the routing table for reference

1 ACCEPTED SOLUTION

Accepted Solutions

you must be missing a default route on the core swithcn

please do not forget to rate.

View solution in original post

6 REPLIES 6

Rob Ingram
VIP Expert VIP Expert
VIP Expert
Hi,
You won't be able to ping the ASA's outside interface (10.10.10.10) when you are connected to a device on the inside interface of the ASA. That is by design.

You will need a NAT rule, to NAT traffic sourced from the inside interface destined to the outside interface. Remove your existing NAT rule. Try this:-

no nat (outside,inside) source dynamic any interface
nat (inside,outside) after-auto source dynamic any interface

HTH

Thanks for the reply, I tried this one out but unfortunately, I am still not able to ping to the outside network

CoreSwitch#ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CoreSwitch#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CoreSwitch#

As already stated you cannot ping the ASA's outside interface (10.10.10.10) when you are connect to network on the inside interface.

Provide the output of "show nat detail" to confirm whether the NAT rules are being hit.
Run packet-tracer from the CLI and provide the output