Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1042
Views
0
Helpful
2
Replies

Odd issue - can't ping within LAN

Effortless15
Level 1
Level 1

‎04-28-2011 03:36 AM - edited ‎03-04-2019 12:12 PM

Hi all,

I haven't come across this before and have been scratching my head about it for the last few hours and need a second (or third or fourth!) pair of eyes here.

I have an ASA5510 at the network edge, an inside interface of 10.1.0.x, a dmz interface of 192.168.1.x

                                                  Internet

                                                      |

                                                  ASA

                                                   |

                        DMZ  ------------------|-------------Inside--------------------------------------------------------Private WAN Links

                           |                                   |

                         Server1---------------------------LAN

Server1 has 2 interface. One outward facing is 192.168.1.2. One internal interface is 10.1.0.2

There is an additional complexity here where there is a managed service (private network, not VPN) on 10.1.0.254 which takes care of traffic from other sites.

LAN clients behind the inside interface of 10.1.0.1 can ping 10.1.0.254. Server1(TMG server) cannot ping 10.1.0.254 at all.

The error I receive is "regular translation creation failed for icmp src inside:10.1.0.254 dst inside:10.1.0.2 (type 0, code 0)"

There is a NAT exempt for 10.1.0.x so unless I am missing something simple I'm dumbfounded.

Happy to provide config where needed.

Edit: I have also tried changing the IP address on Server1 just to make sure there was no NAT rule or ACL that I was missing.

E.

Labels:
0 Helpful
2 Replies 2

John Blakley
VIP Alumni
VIP Alumni

‎05-02-2011 02:02 PM

Can you post your global (publics changed) and nat configs, including any acls that are applied?

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Effortless15
Level 1
Level 1
In response to John Blakley

‎05-04-2011 03:21 AM

Hi John,

Turned out to be a false alarm.

The upstream provider had to reset the router for the private network due to routing changes not taking effect. Considering when they were trying to trace/ping it wasn't even hitting the 5510!

Thanks anyway!

0 Helpful
Customers Also Viewed These Support Documents
li.common.scroll-to.top