cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
754
Views
0
Helpful
3
Replies
Highlighted
Beginner

Cannot ping inside ASA interface from inside

Not sure what I did wrong ... appreciate any help

here is the layout

laptop --> cisco 3750 switch --> ASA5505 firewall --> future VPN tunnel

Laptop, switch VLAN and Inside interface of the ASA are all in the same subnet

Switch and ASA have all interfaces in VLAN 52 (the subnet in question), except for the outside interface

-----------------

here is the problem

laptop get ip addressing and def GW through DHCP from the firewall

switch and FW can ping each other with no problem

FW cannot ping anything, yet gets the DHCP scope.

Thanks,

Dave

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

How do you have it setup?

The laptop is connected to an access port of the 3750 (VLAN 52).

The connection between the 3750 and the ASA is a trunk or a L3 link?

If the 3750 has an SVI belonging to VLAN52, you can PING that from the PC correct? As well as from the ASA?

Federico.

View solution in original post

3 REPLIES 3
Highlighted

Hi,

How do you have it setup?

The laptop is connected to an access port of the 3750 (VLAN 52).

The connection between the 3750 and the ASA is a trunk or a L3 link?

If the 3750 has an SVI belonging to VLAN52, you can PING that from the PC correct? As well as from the ASA?

Federico.

View solution in original post

Highlighted

Thanks for responding .. I had a bad switch.

Dave

Highlighted
Cisco Employee

This piece of advice is unrelated to your current problem, but for the future it will help you. For you to be able to ping the ASA inside IP over the future VPN tunnel you will need to add the command "management-access inside"

"This command allows you to connect to an interface other than the one  you entered the security appliance from when using a full tunnel IPSec  VPN or SSL VPN client (AnyConnect 2.x client, SVC 1.x) or across a  site-to-site IPSec tunnel. For example, if you enter the security  appliance from the outside interface, this command lets you connect to  the inside interface using Telnet; or you can ping the inside interface  when entering from the outside interface"

You can read more about it here:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1987122

Please remember to rate all posts and mark the issue as resolved if a suggestion from one of us addresses the question you posed.

Content for Community-Ad