Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
0
Replies

Host unable to access remote Host from behind ASA / Router

jroy777
Beginner
Beginner

‎01-25-2023 10:33 PM - edited ‎01-25-2023 10:36 PM

Hello,

I have a Mikrotik hAP ac³ router configured in parallel to a Cisco ASA 5525. The Mikrotik has a VPN tunnel up and passing traffic. It was installed to alleviate traffic off of the ASA. Only if I source the ping from the bridge (LAN side) interface of the Mikrotik can I get a response. Hosts on the same LAN subnet as the router/ASA cannot get a response to a ping from the hosts that are only available across the VPN tunnel on the Mikrotik. The Mikrotik has an IP of 192.168.50.4/23 from the same subnet as the "inside" interface of a Cisco ASA with IP 192.168.50.2/23. Hosts on the inside network have a default route to the ASA and the ASA has a route to the Mikrotik. The Host's can ping both the Mikrotik and the ASA. If I do a trace from a host, the ASA routes the traffic out it's outside interface. When I do a trace from the ASA itself, it routes to Mikrotik router. See attached images for proof of successful ping across tunnel from Mikrotik, but incorrect routing of traffic on ASA. What am I missing? Is there something that needs to be done on ASA to fix this routing?

Preview file
56 KB
Preview file
17 KB
Preview file
122 KB
Preview file
164 KB
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents