Re: Unable to ping 2 remote office connected by MPLS & Site-to-s

hokokshun · ‎12-25-2013

Hi SME,

I am trying to get 2 remote office to ping to one another. 1 remote office(172.28.52.0) is connected to my office (172.28.4.0) via site to site VPN (ASA) while the remote office 2(172.28.8.0) is connected to my office via MPLS.

In the MPLS router, a route has been pointed 172.28.52.0 go to my office core switch (172.28.4.10). From the core switch, 172.28.52.0 has been route to firewall (172.28.4.3)

Static route from remote office 1(172.28.52.0) has been place in the ASA to point 172.28.8.0 traffic to 172.28.4.10.

I have also input NAT exempt in my firewall (172.28.4.3) but still unable to get remote office 1 to ping to remote office 2. See attached simple diagram.

Greatly apprecaite any adivce and help.

Collin Clark · ‎12-26-2013

From the ASA can you ping a device in the MPLS connected site?

Can you post the results of a packet-tracer (on the ASA) using a source address in the MPLS connectd site and the destination across the VPN tunnel?

hokokshun · ‎12-26-2013

Hi Collin,

I am unable to ping the device from ASA in remote office 2 which is connected via MPLS.

I have attached the packet tracert result from remote office 1 ASA and my office ASA. the IP on the source & destination are servers of 2 remote office.

Tarik Admani · ‎12-26-2013

Hi,

Can you post the output of your sh route on the firewall along with sh policy-map. Also in your packet-tracer you are not running icmp. Do you have "inspect icmp" configured under the default policy-map that is being used in the global service-policy? Look there first before we dig deeper.

Tarik Admani
*Please rate helpful posts*

Collin Clark · ‎12-27-2013

From 172.28.4.3 can you ping a 172.28.8.x address? Can you post a show route from 172.28.4.3?

Unable to ping 2 remote office connected by MPLS & Site-to-site VPN