Showing results for 
Search instead for 
Did you mean: 

Host unable to access remote Host from behind ASA / Router



I have a Mikrotik hAP ac³ router configured in parallel to a Cisco ASA 5525. The Mikrotik has a VPN tunnel up and passing traffic. It was installed to alleviate traffic off of the ASA. Only if I source the ping from the bridge (LAN side) interface of the Mikrotik can I get a response. Hosts on the same LAN subnet as the router/ASA cannot get a response to a ping from the hosts that are only available across the VPN tunnel on the Mikrotik. The Mikrotik has an IP of from the same subnet as the "inside" interface of a Cisco ASA with IP Hosts on the inside network have a default route to the ASA and the ASA has a route to the Mikrotik. The Host's can ping both the Mikrotik and the ASA. If I do a trace from a host, the ASA routes the traffic out it's outside interface. When I do a trace from the ASA itself, it routes to Mikrotik router. See attached images for proof of successful ping across tunnel from Mikrotik, but incorrect routing of traffic on ASA. What am I missing? Is there something that needs to be done on ASA to fix this routing?

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers