Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1299
Views
5
Helpful
3
Replies

Configuring ASAv to send and receive ICMP

Go to solution
Anwar Diedericks
Level 1
Level 1

‎08-14-2017 01:12 PM - edited ‎03-08-2019 11:44 AM

This is my first time configuring a virtualized ASA (9.8.1) in GNS3 for use in CCNAS class. The configuration is as follows:

ASAv g0/0 - 10.10.10.2   >  HUB   >  Loopback 10.10.10.1 (Local PC)

I'm trying to ping the Loopback address from the ASAv and vice versa. I know the loopback is in working order because I was able to ping it from a virtualized C7200 router.

I'd like to know the configurations in order to get the ASA ping and be ping-able 



Hub is used instead of switch because GNS3 ethernet switch is buggy 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Anwar Diedericks
Level 1
Level 1
In response to paul driver

‎08-15-2017 12:52 AM

Thanks for the speedily reply. The Cloud in the topology represents the loopback address.
10.10.10.1 is the Loopback interface's configuration on the Windows side of the topology. I've used a router in place of the ASA prior to testing it with an ASA and it was reachable from both directions.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
paul driver
VIP
VIP

‎08-14-2017 03:50 PM

Hello
I am assuming from you topology that the lan address is 10.10.10.1 and the loopback is another address?

Please try the below example:

interface GigabitEthernet0
nameif Inside
security-level 100
ip address 10.10.10.2 255.255.255.0

object network LAN1
subnet 10.10.10.0.255.255.255.0

object network LAN2
subnet (loopback address) 255.255.255.255

object-group network ICMP-ECHO
network-object object LAN1
network-object object LAN2

access-list 100 extended permit icmp any object-group ICMP-ECHO echo-reply

route Inside (loopback address) 255.255.255.255 10.10.10.1

res
paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Anwar Diedericks
Level 1
Level 1
In response to paul driver

‎08-15-2017 12:52 AM

Thanks for the speedily reply. The Cloud in the topology represents the loopback address.
10.10.10.1 is the Loopback interface's configuration on the Windows side of the topology. I've used a router in place of the ASA prior to testing it with an ASA and it was reachable from both directions.

0 Helpful

Go to solution
Anwar Diedericks
Level 1
Level 1
In response to Anwar Diedericks

‎08-15-2017 01:16 AM

[UPDATE]

After using the configurations mentioned above with the necessary adjustments pinging to and from the ASA was unsuccessful



Once again I'd like to clarify that my Windows-side firewall is allowing ICMPs both to and from itself (host) this is a matter of the ASA requiring necessary configurations to allow ICMP both out and in from within the local network.
Both networks Windows-side and in the virtualized environment are within the same subnet.

Thanks in advance

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card