Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
0
Replies

(LAB) Cannot ping from internal LANs to WAN interface on Nexus 9k

jnetworx
Level 1
Level 1

‎03-29-2023 02:23 PM

Hello All,

I'm currently labbing in EVE-NG with a Nexus 9k and some ASAs

I'm able to ping from within each LAN behind the 9k to the external WAN interface on the same 9k, however I cannot get traffic to forward to the next hop whilst having a route to the next hop configured

On the same note, I'm unable to ping from an external IP to within the internal LAN

Nexus 9k config (DGFW for LAN via sub-interfaces) as follows:

interface Ethernet1/1
no switchport
no shutdown

interface Ethernet1/1.10
encapsulation dot1q 10
ip address 192.168.10.1/24
no shutdown

interface Ethernet1/1.20
encapsulation dot1q 20
ip address 192.168.20.1/24
no shutdown

interface Ethernet1/1.30
encapsulation dot1q 30
ip address 192.168.30.1/24
no shutdown

interface Ethernet1/2
no switchport
ip address 10.0.0.2/30
no shutdown

0.0.0.0/0, ubest/mbest: 1/0
*via 10.0.0.1, [1/0], 00:36:38, static
10.0.0.0/30, ubest/mbest: 1/0, attached
*via 10.0.0.2, Eth1/2, [0/0], 00:48:37, direct
10.0.0.2/32, ubest/mbest: 1/0, attached
*via 10.0.0.2, Eth1/2, [0/0], 00:48:37, local
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Eth1/1.10, [0/0], 00:51:02, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Eth1/1.10, [0/0], 00:51:02, local
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Eth1/1.20, [0/0], 00:50:38, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Eth1/1.20, [0/0], 00:50:38, local
192.168.30.0/24, ubest/mbest: 1/0, attached
*via 192.168.30.1, Eth1/1.30, [0/0], 00:50:24, direct
192.168.30.1/32, ubest/mbest: 1/0, attached
*via 192.168.30.1, Eth1/1.30, [0/0], 00:50:24, local

Next hop router (ASA) config: (current licensing I have access to does not allow OSPF to be enabled, hence the correlating networks not being added to the OSPF table)

interface GigabitEthernet1
ip address 10.0.0.1 255.255.255.252
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet2
ip address 10.0.0.13 255.255.255.252
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet3
ip address 10.0.0.5 255.255.255.252
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet4
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
router ospf 10
router-id 1.1.1.1
network 10.0.0.0 0.0.0.3 area 0
network 10.0.0.4 0.0.0.3 area 0
network 10.0.0.12 0.0.0.3 area 0

10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 10.0.0.0/30 is directly connected, GigabitEthernet1
L 10.0.0.1/32 is directly connected, GigabitEthernet1
C 10.0.0.4/30 is directly connected, GigabitEthernet3
L 10.0.0.5/32 is directly connected, GigabitEthernet3
O 10.0.0.8/30 [110/2] via 10.0.0.14, 01:13:52, GigabitEthernet2
[110/2] via 10.0.0.6, 01:13:44, GigabitEthernet3
C 10.0.0.12/30 is directly connected, GigabitEthernet2
L 10.0.0.13/32 is directly connected, GigabitEthernet2
O 10.0.0.16/30 [110/2] via 10.0.0.14, 01:13:52, GigabitEthernet2
O 172.16.0.0/16 [110/2] via 10.0.0.6, 01:13:44, GigabitEthernet3
S 192.168.10.0/24 is directly connected, GigabitEthernet1

I have a static route pointing from the ASA to one of the internal sub-interfaces and vice-versa, however pings continue to fail

Any help would be greatly appreciated

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card