Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
867
Views
1
Helpful
4
Replies

Unable to ping LAN IPs from Firewall

Go to solution
CSCO11866384
Level 1
Level 1

‎05-15-2013 10:03 AM - edited ‎03-11-2019 06:43 PM

Hi,

We have Cisco 5510 firewall cluster. And recently upgrade the IOS from 8.2(1) -> 8.4(2).

After the upgrade we are unable to ping any IP in DMZ zone from the firewall.

Meantime We are able to ping firewall IPs from DMZ devices.

Only firewall sourced egress traffic is not working after upgrade.

Any suggestion??

Thanks,

Chakkaravarthy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
CSCO11866384
Level 1
Level 1
In response to Julio Carvajal

‎05-27-2013 07:25 AM

Hello Julio,

This is a bug with IOS 8.4(2). Bug ID CSCtq35045.

It has been resolved after upgrading to 8.4(6).

Thank you for your concern.

Regards,

Chakkaravarthy

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-15-2013 11:19 AM

Hello,

Can you share the configuration of one of the ASAs,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
CSCO11866384
Level 1
Level 1
In response to Julio Carvajal

‎05-15-2013 02:33 PM

Hello Julio,

I could not post my entire configuration here. I am posting my partial failover status here.

From the output, the DMZ interface is in waiting state. Even unable to ping peer DMZ IP.

If I ping from DMZ server, both Active/Standby IPs (10.150.5.10, 10.150.5.10) are pingable.

Facing issue only when pinging from Firewall.

ASA/act# sh failover

Failover On

Failover unit Primary

Failover LAN Interface: LAN_Failover Ethernet0/3 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 4 of 110 maximum

failover replication http

Version: Ours 8.4(2), Mate 8.4(2)

Last Failover at: 04:32:00 UTC May 15 2013

        This host: Primary - Active

                Active time: 60707 (sec)

                slot 0: ASA5510 hw/sw rev (1.1/8.4(2)) status (Up Sys)

                  Interface inside (10.50.150.230): Normal (Monitored)

                  Interface outside (x.x.x.x): Normal (Monitored)

                  Interface DMZ (10.150.5.10): Normal (Waiting)

                  Interface VPN_Extranet (10.151.5.1): Normal (Monitored)

                slot 1: empty

        Other host: Secondary - Standby Ready

                Active time: 1264 (sec)

                slot 0: ASA5510 hw/sw rev (1.1/8.4(2)) status (Up Sys)

                  Interface inside (10.50.150.231): Normal (Monitored)

                  Interface outside (x.x.x.x): Normal (Monitored)

                  Interface DMZ (10.150.5.11): Normal (Waiting)

                  Interface VPN_Extranet (10.151.5.2): Normal (Monitored)

                slot 1: empty

Regs,

Chakkaravarthy

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to CSCO11866384

‎05-15-2013 03:43 PM

Hello,

With just that information I will not be able to determine the issue,

Sorry

Julio Carvajal

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
CSCO11866384
Level 1
Level 1
In response to Julio Carvajal

‎05-27-2013 07:25 AM

Hello Julio,

This is a bug with IOS 8.4(2). Bug ID CSCtq35045.

It has been resolved after upgrading to 8.4(6).

Thank you for your concern.

Regards,

Chakkaravarthy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card