Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
945
Views
0
Helpful
3
Replies

Cannot ping inside ASA interface from inside

Go to solution
prakkdangc
Level 1
Level 1

ā€Ž12-14-2010 09:08 AM

Not sure what I did wrong ... appreciate any help

here is the layout

laptop --> cisco 3750 switch --> ASA5505 firewall --> future VPN tunnel

Laptop, switch VLAN and Inside interface of the ASA are all in the same subnet

Switch and ASA have all interfaces in VLAN 52 (the subnet in question), except for the outside interface

-----------------

here is the problem

laptop get ip addressing and def GW through DHCP from the firewall

switch and FW can ping each other with no problem

FW cannot ping anything, yet gets the DHCP scope.

Thanks,

Dave

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

ā€Ž12-14-2010 09:43 AM

Hi,

How do you have it setup?

The laptop is connected to an access port of the 3750 (VLAN 52).

The connection between the 3750 and the ASA is a trunk or a L3 link?

If the 3750 has an SVI belonging to VLAN52, you can PING that from the PC correct? As well as from the ASA?

Federico.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

ā€Ž12-14-2010 09:43 AM

Hi,

How do you have it setup?

The laptop is connected to an access port of the 3750 (VLAN 52).

The connection between the 3750 and the ASA is a trunk or a L3 link?

If the 3750 has an SVI belonging to VLAN52, you can PING that from the PC correct? As well as from the ASA?

Federico.

0 Helpful

Go to solution
prakkdangc
Level 1
Level 1
In response to Federico Coto Fajardo

ā€Ž12-14-2010 05:46 PM

Thanks for responding .. I had a bad switch.

Dave

0 Helpful

Go to solution
hdashnau
Cisco Employee
Cisco Employee

ā€Ž12-14-2010 10:57 AM

This piece of advice is unrelated to your current problem, but for the future it will help you. For you to be able to ping the ASA inside IP over the future VPN tunnel you will need to add the command "management-access inside"

"This command allows you to connect to an interface other than the one  you entered the security appliance from when using a full tunnel IPSec  VPN or SSL VPN client (AnyConnect 2.x client, SVC 1.x) or across a  site-to-site IPSec tunnel. For example, if you enter the security  appliance from the outside interface, this command lets you connect to  the inside interface using Telnet; or you can ping the inside interface  when entering from the outside interface"

You can read more about it here:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1987122

Please remember to rate all posts and mark the issue as resolved if a suggestion from one of us addresses the question you posed.

0 Helpful
Customers Also Viewed These Support Documents