04-01-2014 01:19 AM - edited 02-21-2020 05:08 AM
Hello All,
I am currently having an issue where two directly connected networks on an ASA are unable to communicate.
ASA Ethernet 1 - 172.10.0.1 255.255.255.0 - Security level 100
ASA Ethernet 2 - 10.10.0.1 255.255.0.0 - Security level 50
Switch 1 - 172.10.0.2
Host 1 - 172.10.0.3
Host 2 - 10.10.0.10
Host 1 is unable to ping or access Host 2. Host 1 is also unable to ping the Ethernet 2 - 10.10.0.1 interface.
Should I have to enter a route or NAT command? Any other thoughts?
04-01-2014 03:07 AM
By default ASA will block traffic from a lower security interface to a higher secuirt interface. You need to create a firewall rule for the traffic coming from lower security interface and also need to enable the ICMP inspect on the service policy
04-01-2014 03:16 AM
Thanks Kannan but Host 1 is security level 100 and host 2 is security level 50. I am able to ping host 2 from the firewall though.
04-02-2014 01:51 PM
first test if you can ping from the firewall both hosts. check the rules and do you have nat-control on the firewall?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: