cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
726
Views
0
Helpful
3
Replies

Two directly connected subnets on ASA unable to communicate

steve2like
Level 1
Level 1

Hello All, 

I am currently having an issue where two directly connected networks on an ASA are unable to communicate. 

ASA Ethernet 1 - 172.10.0.1 255.255.255.0 - Security level 100

ASA Ethernet 2 - 10.10.0.1 255.255.0.0 - Security level 50

Switch 1 - 172.10.0.2

Host 1 - 172.10.0.3

Host 2 - 10.10.0.10

Host 1 is unable to ping or access Host 2.  Host 1 is also unable to ping the Ethernet 2 - 10.10.0.1 interface. 

Should I have to enter a route or NAT command? Any other thoughts?

 

 

3 Replies 3

By default ASA will block traffic from a lower security interface to a higher secuirt interface. You need to create a firewall rule for the traffic coming from lower security interface and also need to enable the ICMP inspect on the service policy

Thanks Kannan but Host 1 is security level 100 and host 2 is security level 50.  I am able to ping host 2 from the firewall though. 

first test if you can ping from the firewall both hosts. check the rules and do you have nat-control on the firewall?

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: