cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
145
Views
0
Helpful
5
Replies
Highlighted
Beginner

Cannot ping internet from switch VLANs

I have a pretty basic network setup in one office, we have an ASA at the edge with 3650G switch acting as the core.  The ASA and switch have vlan 100 between them acting as a transit network of 10.1.100.x/24 and the switch has a handful of VLANS.  From devices connected to the switch I can ping out to the internet, from the switch itself (and other switches on the network) I cannot source ping and get successful replies on any VLAN other than VLAN 100.  The switch and ASA are running OSPF, both in area 0, I can successfully ping the inside of the ASA from every other VLAN but trying to ping 8.8.8.8 from any other switch I don't get replies.Switching, source ping

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: Cannot ping internet from switch VLANs

I believe I have solved the problem, the ASA was limited to 10 inside users so I think we were hitting that device limite...that's why everything had valid IP's, routes were valid and nothing seemed to work.  I replaced it with an ASA that had unlimited users and so far the problem is resolved.

5 REPLIES 5
VIP Advisor

Re: Cannot ping internet from switch VLANs

Hi there,

Can you confirm the routing table on the ASA:

 

sh route

 

...can you also confirm that the object-group used  for NAT on the ASA includes all of the other (non-VLAN100) subnets?

 

cheers,

Seb.

Beginner

Re: Cannot ping internet from switch VLANs

The route table has all routes for subnets we currently have active.  The object nat is on a group that is 10.1.0.0 255.255.0.0, that covers all our inside networks.  

VIP Advisor

Re: Cannot ping internet from switch VLANs

I'm guessing 10.1.101.128 exists in your network....on the ASA what is the output of:

 

packet-tracer input inside tcp 10.1.101.128 50000 8.8.8.8 http det

Hall of Fame Expert

Re: Cannot ping internet from switch VLANs

Hello Tyler,

what about the upstream path , the routing table on internal switches?

If they are L3 are they speaking OSPF with the core switch ?

There is a default route in OSPF generated by the ASA or the core switch?

check with

show ip ospf database external 0.0.0.0

If the internal switches are L3 but they do not speak OSPF, have you configured a static default route pointing to the core switch IP address in an internal Vlan (the management vlan is a good candidate)?

If the internal switches are L2 only with ip routing disabled have you configured ip default-gateway <core-switch-IP-address-mgmt-vlan> ?

 

Hope to help

Giuseppe

 

Beginner

Re: Cannot ping internet from switch VLANs

I believe I have solved the problem, the ASA was limited to 10 inside users so I think we were hitting that device limite...that's why everything had valid IP's, routes were valid and nothing seemed to work.  I replaced it with an ASA that had unlimited users and so far the problem is resolved.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards