Hi

TECH-JEFF · ‎02-22-2017

Hi, I've been practicing on how to configure a Cisco ASA 5520 from scratch. I tried to restore factory settings one of our Cisco ASA 5520 firewall. Tried to connect a console, setup an IP address of 192.168.110.19/24. I(t is connecting to a Cisco 3750 L3 switch. The port setup where the ASA is connected is setup as switchport mode trunk.

Unfortunately I can't ping the device nor the 3750 can ping the device(ASA). Tried to set the port as switchport access vlan 110 and switchport mode access, still unable to connect.

AFAIK, it should be on switch mode trunk but I'm unable to connect.

Am I missing something? or Am I doing it incorrectly?

Thanks

Jeff

Jefferson Co

Julio E. Moisa · ‎02-22-2017

Hi

Usually the ICMP is disabled on the firewalls for security purposes, but you can try enabling it using:

conf t

icmp permit <IP address or subnet> <subnet mask> echo <name if where the switch is connected>
icmp permit <IP address or subnet> <subnet mask> echo-reply <name if where the switch is connected>

Please rate the comment if it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

TECH-JEFF · ‎02-23-2017

Hi guys, first of all thanks for all the inputs. First before we move further, I want to confess one of my own mistakes. I restored factory settings the Cisco ASA 5520 so knowing that as long as I setup an interface of INSIDE with private IP of i.e 192.168.110.0/24 and the other end which is the switch side a port with trunk or switchport access vlan 110, I thought it will work already but here's what I lack and I just discovered it this morning.

1. When I set the MGMT or management port, it was set to 192.168.110.55 (which didn't work for me) but when I set this to 10.0.0.5, it worked and I was able to ping from the laptop

2. I was trying to access asdm but I havent do 2 things:

-asdm enable history

-http 10.0.0.x (static IP of the laptop)

After this, I was able to connect to the Cisco ASA's asdm.

This is via peer to peer or laptop straight directly to the Cisco ASA.

Correct me if I'm wrong, I'm assuming that even I plug this Cisco ASA in our Core 3750 L3 switch which has a

switchport mode trunk

settings, I still wont be able to access the Cisco ASA because I need to create an

ip route , right?

FYI, I can't set an ip route going to the ASA since the Core/3750L3 switch is currently on production, might messed up with something.

Thanks

Jeff

Jefferson Co

Georg Pauwen · ‎02-22-2017

Hello,

is the 3750 configured as a Layer 2 or Layer 3 switch ? The config of the ASA and the switch could look something like this (obviously the IP addresses might differ:

3750

vlan 110

interface Vlan110
description ++ASA5520 Uplink++
ip address 10.10.110.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.10.110.1

interface GigabitEthernet0/1
description ++uplink to ASA5520++
switchport mode access
switchport access vlan 110
switchport nonegotiate
spanning-tree portfast

ASA5520

interface GigabitEthernet0/1
description ++downlink to 3750++
nameif inside
security-level 100
ip add 10.10.110.1 255.255.255.0
route inside x.x.x.x 255.255.255.0 10.10.110.2

x.x.x.x would be the LAN connected to your switch.

johnlloyd_13 · ‎02-22-2017

hi,

could you post a brief diagram and show run output on the 5520 and 3750?

you can try enabling ping/icmp from the ASA global policy.

policy-map global_policy
class inspection_default
inspect icmp
inspect icmp error

unable to connect Cisco ASA 5520