Cisco Firewall :: 5520 - Cannot Ping Through Outside Interface

Feb 3, 2013

I cannot seem to ping from the outside of my 5520 firewall to an inside network. I have a single physical outside interface connected to a Layer 2 switch, with a laptop connected to it. This is on network 10.11.131.0/28. From there, I cannot ping to the inside interface (which is a sub interface on G0/0) with network 10.11.130.0/24/ For some reason, it doesnt work.
 
Now. I had access-lists in place, but have removed them for testing and it still doesnt work. I have set the security level of inside and outside to 100, and entered the same-security-traffic permit inter-interface command - still no joy. Below is the relevant configuration.
 
Inside Interface
interface GigabitEthernet0/0.96
description L3 Interface - Informational Zone
vlan 96

[Code].....

View 4 Replies


ADVERTISEMENT

Cisco Firewall :: Unable To Ping Inter Interface (inside To Outside) Of ASA 5520

Jul 26, 2011

I am unable to ping inside interface (Rin) to outside interface (Rout) of my Cisco ASA 5520 runing on ASA Version 8.4(1). 
 
ASA Version 8.4(1)
!
hostname FW5520

[Code].....

View 10 Replies View Related

Cisco Firewall :: ASA5505 Can't Ping New Firewall On Inside Interface

Jul 14, 2011

I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail. I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config. Secondly, the server I have on there ("Sar") can't connect out to the internet.I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on. Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.

View 32 Replies View Related

Cisco Firewall :: ASA 5520 - Routed Management Interface On Transparent Firewall?

May 5, 2013

I have an asa 5520.  How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - PING From Outside Into Inside Host

May 13, 2013

I have ASA 5520. I cannot ping the host(192.168.1.20) which is inside firewall from outside hosts. Inside host (192.168.1.20) is translated into (198.24.210.226) using static NAT.From outside host, I used "PING 198.24.210.226".  Is it because I used dynamic PAT for inside hosts?

interface GigabitEthernet0/0nameif outsidesecurity-level 0ip address 198.24.210.230 255.255.255.248!interface GigabitEthernet0/1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0

[Code].....

View 3 Replies View Related

Cisco Firewall :: 5520 - Cannot Ping / Telnet Standby ASA

Dec 8, 2009

I got 2 x 5520 ASAs configured in active/standby mode and they are connected to 2 x 4500 switches in which too configured for failover.Telnet to ASAs is allowed only via subnet 172.18.0.0./24
 
I can only ping and telnet to the active ASA from subnet 172.18.0.0./24 but not the standby But i can ping and telnet to both the active and standby ASAs within the 4500 switches.

View 20 Replies View Related

Cisco Firewall :: Add Second IP To Outside Interface Of ASA 5520?

Nov 15, 2011

We have a block of addresses assigned to us by our ISP.  We need to assign one of these addresses to a vendor we use for traffic to one of their internal devices.  Lets say the address we gave them out of that block of addresses is 1.2.3.4
 
How do I add that address to the outside interface so that when traffic s sent to it that the traffic actually gets to the ASA as right now when we send traffic to that address it doean't make it to the ASA.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Cannot Ping Outside NAT Interface

Nov 14, 2011

I have a Cisco ASA 5505, the problem is I am not able to ping to outside natted interface (ip: 172.88.188.123 and 124 and 125) from inside network I have looked for ASA documentation through the internet and still got nothing.

the config are:
  
: Saved
:
ASA Version 8.2(1)
!

[Code].....

View 2 Replies View Related

Cisco Firewall :: ASA 5520 Can't Ping Bigger Than 1000 Byte

Sep 28, 2011

I have a cisco asa 5520 version 8.2.
 
I found big problem with ping. I can't ping any internet ip with packet size bigger than 990.
 
I checked runing again. I see config every thing fine. I can't ping bigger than 990 byte.
 
C:Usersuaydinli>ping 172.17.97.2 -l 1000
Pinging 172.17.97.2 with 1000 bytes of data:
Request timed out.
Request timed out.

[Code]......

View 5 Replies View Related

Cisco Firewall :: New ASA 5505 / Can't Ping Inside Interface

May 10, 2011

I have a new ASA 5505 and all is working fine, I can CLI and ASDM into it, but just can't ping the inside interface, do I need to enable a feature to make this work somehow?

View 1 Replies View Related

Cisco Firewall :: ASA5510 Impossible To Ping Outside Interface

Aug 4, 2011

I'm currently configuring an ASA5510.I connected a laptop (IP 192.168.96.18/255.255.255.0) to port 0/2 and tried to ping 192.168.100.2 ... impossible to ping outside interface.I resetted the config of the ASA to retest more simple. [code]

View 1 Replies View Related

Cisco Firewall :: Can't Ping ASA 5510 Inside Interface

Apr 13, 2013

I  ran into a very strange icmp ping issue. The network has been working fine other than the issue listed below, L2L VPN works fine and all three data centers can access each other via L2L VPN.I have three ASA5510. [code]

View 5 Replies View Related

Cisco Firewall :: 5505 - Can't Ping ASA Inside Interface

Dec 12, 2011

I have an ASA 5505 that I'm trying to set up a guest network on.  I've configured an interface as a trunk and allowed the 2 vlans but I'm not getting any layer 3 to it.  The switch connected to it is a 3560 and port is configured as a trunk with the same vlans.
 
I can't ping the ASA inside interface but I see its MAC address in the swtich's table.
 
[code]....

View 4 Replies View Related

Cisco Firewall :: Cannot Ssh Or Ping ASA 5510 From Inside Interface

Apr 4, 2012

The ASA is configured in very simple transparent mode. As desired, traffic can flow in each direction between inside and outside. I can manage the ASA via console and direct connection to the management interface. The problem is that I cannot ping or ssh to the ASA via the inside interface. I need to be able to manage the ASA from any PC on the inside LAN. I suspect I am missing some easy aspect of the configuration but after a lot of hours I'm about at the end of my patience with it. Here is what I believe to be the relevant parts of the config. 
 
ASA Version 8.2(1)
!
firewall transparent
hostname issr1
enable password 2alej83t5cqT0FWd encrypted
passwd 4kleUY438I93.4ljdh encrypted
names

[code]....

View 4 Replies View Related

Cisco Firewall :: Can Ping ASA5520 Outside Interface But Cannot Connect To Other

Nov 5, 2012

So I have a client with an ASA 5520 running version 9.0 (was on 8.4) that I am trying to get either IPSec or SSL VPN configured on.  I got everything setup and tried to connect.  However, I couldn't connect to either.  I fired up the real time monitoring and didn't see any syslog messages referring to a VPN build up.  I also enabled SSH/Telnet on the outside interface and cannot connect to the ASA outside interface.  I can ping the outside interface and can ping the internet from the ASA.  I did set up a test ACL on the ASA and ran packet tracer on it and the results came back fine.
 
There is an IPS in the ASA as well, but I disabled the ACL for that and still am having these issues.  Part of me wonders if the ISP has something set up to block inbound traffic.  This should be a business class connection.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 Interface Overrun?

Feb 23, 2011

Recently our network experience a Internal DoS attack. One internal server ( the network/security team doesnt have any access to the adninistration of these server) starts to send a lot of DNS bogus request to some DNS servers on the Internet. With sh conn detail we saw the IP of these server and blocked it with an ACL in the Internal ASA 5520 interface. After that, the server team disconnect the server, and made their job cleaning these infected device.  Everything goes normal again....
 
 Today, the same server starts again with the same problem. But a lot  worst thant the first time. The ASA starts to drops packets in the internal interface, the overruns was increasing dramatically ( like 10000 per second), the asp-drop table shows the same amount of traffic than interface overruns in the ACL-Drop line , and the CNT blocks for  16xxx with sh blocks was in zero. The sh acess-list INSIDE shows near 9 million hints in the line that deny the DNS request from the server to the Internet. Again, we disconnect the server and the problem was solved by the server team.
 
 It seems that our ASA cant handle in their internal interface the amount of traffic that these server send outbound. IS there anyway to raise the blocks in the firewall?  What is the best way to deny the servers connections ( ACL, or MPF or threat detection maybe), and avoid the ASA interface overruns even when the server sends these large amount of request.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - SNMP Outside Interface

Mar 16, 2013

i have a Problem with SNMP on the ASA Outside Interface. I want to monitor the Interface via SNMP (linkup, link down). I have a Active/Passive Cluster running on 8.4.2 and configured SNMP (v1) for Test on the Outside Interface. It's not that hard but when i try to test my Configuration with (peerless) SNMP Tester the Interface doesn't respond. Did i forget to configure something? Searched the forum but didn't find anything useful.

View 4 Replies View Related

Cisco Firewall :: ASA 5520 - Syslog And Tacacs Generate Ping Response?

Mar 20, 2012

I'm trying to configure an ASA firewall (FW2) for syslog and tacacs and am experiencing strange behavior.  Both the syslog and ACS server are on the inside of another firewall (CoreFW).  Whenever a log message is generated on FW2 the request is dropped by CoreFW and message '%ASA-4-313004: Denied ICMP type=0, from laddr FW2 on interface outside-b2b to syslog01: no matching session' is displayed.  The same thing occurs for tacacs.
 
It appears that the syslog and ACS requests are generating ICMP echo replies, which the core firewall drops since no session exists on a lower security interface.  I have access lists configured on CoreFW to allow the syslog and tacacs requests.
 
FW2 is running asa825-k8.bin, CoreFW is asa824-k8.bin

View 1 Replies View Related

Cisco Firewall :: ASA 5520 / Cannot Ping External Servers Like Yahoo Or Sony

Jun 14, 2011

I have installed quite recently a cisco ASA 5520 replacing a linux based firewall I have only 2 zones ..one is internal netowrk and other external the internal network has web servers, dns and mail server all having public IPs Every thing is OK but i have seen that if I try to ping an external server for example [URL] i cannot ping says
 
[sylvan@kmdns1 ~]$ ping www.yahoo.com
PING eu-fp.wa1.b.yahoo.com (87.248.112.181) 56(84) bytes of data. 
--- eu-fp.wa1.b.yahoo.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5010ms
 
but I can ping  from systems which are outside my firewall perfectly with the linux firewall i had before i could ping perfectly to yahoo from any of my internal servers?

View 5 Replies View Related

Cisco Firewall :: ASA 5510 Unable To Ping From Outside Interface Or Cloud

Nov 27, 2012

One of my client has BSNL leased line with LAN IP POOL we configured those on ASA 5510 nad Internet working fine but from cloud we are not getting any response for ping requiest please find running configuration below:
 
ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(1)

[Code]....

View 4 Replies View Related

Cisco Firewall :: 4710 - Unable To Ping From MZ To Virtual Interface Of ASA

May 3, 2012

one of my SNMP server 10.242.103.42 sits in MZ zone,and ACE 4710 is connected to core switch,coreswitch is connected to firewall asa.
 
Now iam trying to ping from MZ zone SNMP server to loadbalancer ip 10.242.105.1,iam unable to ping my LB interface to discover SLB on my SNMP server.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 / Same Security Level Interface ACL?

Nov 10, 2011

On a Cisco ASA 5520.  I have 2 interfaces that are the same security level. I need hosts on 1 of these interfaces to be able to get to a specific IP and port on the other but I DON'T want to blanket enable 'same-security-traffic permit inter-interface"  I have added an ACL inbound on the interface allowing the desired traffic and inbound on the other for return traffic and it simply doesn't work.  
 
interface GigabitEthernet0/3.175
 vlan 175    
 nameif Test175
 security-level 30
 ip address 172.30.175.1 255.255.255.0

[code]....

View 13 Replies View Related

Cisco Firewall :: Move ASA 5520 Fail Over Interface

Jun 21, 2011

I am currently using g0/3 for failover between my two ASA5520's.  I would like to move that to the management interface to free up g0/3 for a second DMZ segment.  are there any implications to doing this live other than i would only have a single ASA during the move?

View 1 Replies View Related

Cisco Firewall :: 5520 - Configuring ASA Management On Sub-interface

Jul 27, 2010

I have two ASA 5520 with 4 Giga interfaces and 1 management interface.
 
I need to use 4 interfaces four data traffic
 
1- Inside
2- Outside
3- dmz-1
4- dmz-2
 
The remaining will be the management interface only.How can I configure the Statefull failover and Management?
 
1- I used the management0/0 for The stateful failover.
 
2- I used gig 0 for outside
 
3- I used gig 1 for inside
 
4- I used gig 2 for dmz-1
 
5- I divided the gig 3 to two sub interfaces
a- gig0/3.1 for dmz-2
b- gig0/3.2 for Management and I defined it as a management-only

View 6 Replies View Related

Cisco Firewall ::5520 - NAT SIP Registration From Outside To Inside Interface On ASA?

Mar 7, 2012

I'm trying to NAT SIP registration from OUTSIDE interface to Inside interface on ASA

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Check Which IPs Hitting On Particular Interface

Sep 23, 2012

I have a cisco asa 5520 and suddendley in my Network Monitor tool,(using SNMP)  asa's DMZ interface traffic is showing arround 90000 Kbit/s .
 
i want to check which traffic is flowing throgh this interface.(Ip address details)
  
Note : There is no impact on asa CPU usage.

View 4 Replies View Related

Cisco Firewall :: ASA 5520 8.4 Failover Interface Testing?

Jan 3, 2012

From ASA 5520 we tested the interface failover it not working even the interface are getting monitor . 
 
primary is active.
 
Manually we shut the outside interface of the primary device configuration is getting reflecting in secondary as outside interface shut. Interface failover not happen.
 
ii All the interface are getting monitor when we gave command sh failover. even though when we shut outside interface failove not happening.
  
how to do the interface failover in ASA 8.4 version.

View 3 Replies View Related

Cisco Firewall :: ASA 5520 - Flags SYN ACK On Interface Dmz1

Jul 12, 2012

I know this issue probably has been beat to death, but I have yet to find the answer to my situation. We recently upgraded from a PIX515e to ASA5520. Shortly after the install I noticed a problem with the servers on our DMZ. This problem was NOT present with our old 515e. The problem is that there seems to be a communication problem between servers on the DMZ, specifically when I try to open the web server homepage from my mail server, I get time-outs. When I ping between the two in either direction, I get time-outs. This might seem trivial, but I have other data servers on the DMZ that need to communicate between themselves.

When we question the tech that performed the install, his answer was that there might be a problem with the switch the servers are connected to, or the servers might have a virus. He stated the process of ping should never involve the DMZ interface. And yes, our DMZ interface IP is the gateway for the servers. Now, if the DMZ (ASA) should never come into play with a ping, why when I turned on logging did I receive the error below? It sounds to me that the ping is going through the interface. Here are a few of the errors on the DMZ with the specific server IPs.
 
july 13 2012 12:50:04 106014 10.10.0.10 10.10.0.5 Deny inbound icmp src dmz1 10.10.0.10 dst dmz1 10.10.0.5 type 8, code 0
 
The ping problem was only used as an example the demonstrate that there is a comm problem on the DMZ. ASA is running in router mode.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 / Cannot Access Internet Or Ping From Inside Interface?

Jul 26, 2011

I am having a problem configuring my ASA 5505 for NAT.

View 3 Replies View Related

Cisco Firewall :: Unable To Ping Host From Inside Interface From PIX525

Feb 3, 2012

When I tried to upgrading PIX525  6.3 to  7.0 , Not able to Ping the host from the PIX 525 Inside interface  which is on the same subnet,  Also from the host to Inside Interface ,  Tried with Directly connected  laptop with Cross cable and using Straight cable via switch, But the  results end with fail.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - Static Route To Inside Interface

Mar 29, 2011

I have inherited an ASA 5520.  In doing some auditing of the setup, I have noticed a Static Route that has the inside interface of the ASA as the Gateway IP.  I am trying to understand the purpose of this route or why a route would be setup this way.

Example Static Route:
Inside 10.xx.31.0 255.255.255.0 10.xx.xx.10 (10.xx.xx.10 is the inside interface of ASA)

View 2 Replies View Related

Cisco Firewall :: Edge Router Connection For Outside Interface Of ASA 5520

May 1, 2013

We have ASA 5520 firewall.For broadband Internet access, we have T1 Router(edge router provided by ISP) which provides public IP's 198.24.210.224 / 29. We have usable public IP's 198.24.210.226 - 198.24.210.230 with default gateway 198.24.210.225. We assigned 198.24.210.230 255.255.255.0 to the outside interface.
 
If we connect the ASA 5520 outside interface directly to T1 router, can all packets with destination addresses 198.24.210.224/29 reach the outside interface without using other device like another router or switches?I just assume that only packets with destination address 198.24.210.230(outside interface ip) can reach the outside interface from the edge router.Is it wrong assumption?  If it is correct, then is there any way to route all packets with destination address 198.24.210.224/29 to the outside interface?

View 3 Replies View Related

Cisco Firewall :: Configure Secondary IP On Inside Interface Of ASA 5520?

Nov 24, 2012

We already have a subnet defined to inside interface and is in produciton. the default gateway is this interface ip. In that setup now I have to add one more subnet and as the first subnet is been defined in ASA indside interface, I have to assign secondary Ip to the inside interface so that new subnet users can easily reach here and go outside.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved