Cisco Firewall :: ASA5505 Can't Ping Device
May 22, 2012
I have interited an ASA5505 problem. We're trying to manage the ASA remotely - we can connect to the device remotely via IPSec, we can ping other devices on the LAN network, but cannot ping the inside interface of the ASA - nor can we telnet/ssh/http to it. We can, however, connect to another router that's on the LAN and then SSH into the ASA's inside interface.
My IP via VPN: 10.133.20.8
The ASA interface we're trying to connect to via SSH or ASDM: 10.4.209.254
A router on the LAN we can connect to 10.4.209.250
We can ping other LAN devices such as 10.4.209.75, .90, .150 - so it's not a NAT/Route/Split Tunnel issue.I've attached the ASA config.
hostname ASA5505
enable password XXXXXXXXXXX encrypted
passwd XXXXXXXXXX encrypted
names
name 10.4.209.248 rpm_router
[code]....
View 2 Replies
ADVERTISEMENT
Jul 14, 2011
I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail. I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config. Secondly, the server I have on there ("Sar") can't connect out to the internet.I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on. Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.
View 32 Replies
View Related
Jan 9, 2013
Internet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2 -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
1. Internet is connected to Juniper Ge0/0/0 via /30 IP.
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.
From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
Issue:
1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
Troubleshooting Done so far.
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3. Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **
View 2 Replies
View Related
Sep 4, 2012
I have Vlan 100 (inside) and Vlan 65 (Outside)I'm trying to configure RDP and ping traffic from Vlan 100 to Vlan 65 One way.If I connect 2 PCs on E0/0 and E0/1 they can happily ping the their own VLAN ip add 192.168.100.3 and 172.16.65.1I've copied my config,
ASA Version 8.4(4)1
!
names
!
object-group network A_Network
network-object 172.16.65.0 255.255.255.0
[code]....
View 9 Replies
View Related
Feb 26, 2013
I'm a CIsco ISR, Setting up my first ASA, which seems to be going well.I've setup an IPSEC VPN to a non Cisco device. And have connectivity between devices in each subnet.
-Subnet A - non Cisco - 10.10.13.0/24
-Subnet B - ASA 5505 - 192.168.2.0/24 (ASA is .254)
From Subnet A I can ping every device except the ASA on .254.
Edited Config attached, IP's changed for privacy, passwords removed.Let me know if I've removed too much of the config.
View 3 Replies
View Related
Apr 20, 2011
I am ordering ASA5505-UL-BUN-K9. By default device comes with which IOS version?
View 3 Replies
View Related
Sep 29, 2012
I just try to ping a internal Host but it want to go.
Laptop<===>ASA5505
Connected is the Laptop at Ethernet 0/2 Inside
My running-config is a clear config, only VLAN 1 has a IP and Ethernet 0/2 is up.
But If I try to ping to the Laptop I get the followed:
asa5505# ping 192.168.1.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
asa5505#
From the Laptop to the ASA5505 I can Ping successfully.
View 6 Replies
View Related
Aug 2, 2011
I have Cisco ASA 5505 installed and use as default gateway. I go to Internet through the ASA5505 Here is my Problem.I can not ping from ASA prompt(ASA#) to my Laptop connected to the ASA, but i can ping the ASA inside interface from laptop i can not use ASDM and the VPN Tunnel is not working between the sie
ASA# ping 10.10.10.12
???????????
100% lost
Laptop c
C:/ping 10.10.10.1
!!!!!!!!!!!!!!!!
Here is the Topology
INTERNET .<=========================>ASA<===============================> LAPTOP
I disabled window firewall on the Laptop , but no goof result.
View 3 Replies
View Related
Jul 19, 2007
I have an ASA5505 running ver 8.0(2). I have configured the ssh timeout, ssh host commands and did the crypt o key gen. I am unable to access the device from the host I am allowing. Is there like ca save all command required? I am trying to use the default pix and telnet password. Do those still work?
View 3 Replies
View Related
Dec 21, 2012
I installed a CISCO ASA5505 with 50 user license to my network as the gateway firewall. So ASA is acting as the gaeway router which is connected to a fibre circuit and also it gives DHCP to the network. The strange thing is that except for two computers rest does not have internet. I also have an asterisk phone system which works fine..
I tried everything.... static IP's DHCP, DNS nothing worked. But strange enough two computers works fine and have internet.. but are no special computers. One is Win XP and the other one is Win7. When I troubleshoot the problem in win 7 on one of the computers it says
"The remote device or resource won't accept the connection"
View 3 Replies
View Related
Sep 13, 2012
I am trying to access and ping the inside interface of a ASA5505 from a remote network. From the remote network, I am able to access anything on the local network, but the ASA5505 inside interface.The 2 networks linked by a fiber link which have a transport network on another interface. From the remote network, I am able to ping the transport network interface IP, but I would like to be able to ping the inside interface IP. When I do a packet tracer, I get a deny from an implicit rule.How can I achieve that?
Here are the subnets involved and the ASA5505 config.
Remote network : 10.10.2.0/24
Local network : 10.10.1.0/24
Transport network : 10.10.99.0/24
[code]....
View 1 Replies
View Related
Jun 26, 2012
I was trying to add an Access Rule then Nat rule, they applied ok then i lost connection to my ASA 5510.I cant ping device ip, i cant connect via console , only can acess via Management port, i have pasted Running config. [code]
View 4 Replies
View Related
Jan 19, 2012
am not sure if it is different on the 8.2 or if I am missing something. I can connect to the vpn but cannot get to the inside computers. I can ping them from the ASA but not from the vpn client.
View 17 Replies
View Related
May 13, 2013
One of our ASA5505 can not ping the gateway today. But when I use a notepad , using the same IPs, it can ping the gateway !!!
It is so strange, the ASA5505 was working ok before until today.
Is there anyting I can do to check whether the ASA is ok ?
View 2 Replies
View Related
Jul 28, 2011
I have a ASA 5505.|I configured it for remote access VPN from cisco VPN client.the ASA receives a public ip address on outside interface via PPPoE.I can connect to public ip of outside interface and address 10.1.1.2 is assigned to my Cisco vpn client.the problem is that I Cannot ping or reach ASA internal IP address 172.16.29.1 in any way when I am in VPN from outside,while I Can ping other hosts on 172.16.29.0/24 when connected in VPN.this is a problem brcause when I am connected in VPN to ASA I Cannot configure it..Then I Wanted to ask if it is possible a configuration which gives addresses from network 172.16.29.0/24 (the same as inside network) to VPN clients instead of another network (10.1.1.0/24) [code]
View 1 Replies
View Related
Mar 23, 2013
I have setup a remote access VPN to an ASA5505
I have a directly connected server behind the ASA and I can ping the server without a problem.
The VPN client reports packets being encrypted and decrypted
However when I try to RDP to the server the encyrpted packets keep incrementing but the decrypted packets do not.
I am also not seeing any RDP traffic hit the server (verified by ethereal)
I have done a packet tracer and it suceeds but ends with an IP spoof which I believe is correct as it is vpn traffic and not actually being encrypted.
This is the debug from the RDP session, I am confused by a Denied ICMP on line 2 as I am able to ping the server?
%ASA-6-302013: Built inbound TCP connection 88193 for external:172.16.24.4/50984 (172.16.24.4/50984) to internal:192.168.100.146/3389 (192.168.100.146/3389) (roger_ssl)
%ASA-4-313004: Denied ICMP type=0, from laddr 172.16.24.4 on interface external to 192.168.100.146: no matching session
[Code].....
The only logical bit to this is flow closed by inspection? Does this mean the server has not responded?
And the decrypt packets not increasing when trying to RDP Does this mean that I have reached the end of my ASA knowledge on this one!
View 6 Replies
View Related
Jul 9, 2012
resetting the disable password on an ASA5505 device
View 9 Replies
View Related
Jul 21, 2011
I have a new 5505 that im trying to upgrade the IOS on. The 5505 and the laptop are connected via a 5 port switch.From the laptop i can ping the inside interface of the 5505, but i cannot ping the laptop from the 5505. As a result, my TFTP is failing.
View 5 Replies
View Related
Jun 27, 2012
I have a spare Cisco 857w that I am playing around with to learn.I managed to reset it to default, upgrade the ios to 12.4 However for the llife of me I cannot ping this device.
View 1 Replies
View Related
Feb 6, 2011
I'm new to this cisco 5505 and I want to carry out a task as simple as a remote access VPN, in my case I did the wizard, with time on my test, I could connect to the VPN, but I can not ping any device internal network. [code]
View 6 Replies
View Related
Sep 20, 2012
I cannot ping and end node on my system from my Cisco 2911. I've tried to configure my computer to ping the device and I am able to. It seems the difference between using my computer and the 2911 is that with my computer I am able to set the default gateway as the end node's ip.
View 1 Replies
View Related
Aug 6, 2012
When I ping google from my computer I get 0% packet loss and average ping time is 35ms. But when I ping any device on my network the time is 147ms and 25% loss. Shouldn't it ping my devices faster?
View 3 Replies
View Related
May 1, 2013
i have a device connected to 2960 switch. It is an access port and i could ping the device from other switches , also from outside the lan. But i am not able to ping the device from 2960 switch alone. I suspected and checked the arp table and it was showing as incomplete. I created the manual arp entry and tried pinging but no luck.
View 14 Replies
View Related
Feb 16, 2011
I have the above mentioned switch. I assisgned an IP address to the switch some time ago, but never had cause to use it (as it was purhcased as a spare).The problem I have now is that I cannot ping the device or browse to it via IE. Using hyperterminal and the CLI i have attempted to assign the same IP address, but i get a warning along the line of already assigned.I have set IP's to other 3COM model switches without problems. why I cannot ping this device or assist in connecting to it via IE?
View 6 Replies
View Related
Jun 29, 2012
I have a E2000 router/access point. I am able to connect 3 laptops, 1 smartphone and 1 printer wirelessly to the access point. All computers and smartphone can access the Internet. The problem is that none of the devices can connect with each other and thus cannot print. I can ping the router, no problem. Get "request timed out" message when trying to ping from one device to the other. Router firmware is 1.04
View 4 Replies
View Related
Jul 10, 2012
I have 2 ASA5505's connected through a site-to-site using IKEv1 and IKEv2.Recently, I ran through the wizard to configure the AnyConnect software. [code]Now, my site-to-site connection will only come up using IKEv1.Is there a way to have both the Site-to-Site and the AnyConnect VPN connections use IKEv2?
View 1 Replies
View Related
Jun 3, 2012
I'm attempting to configure an for both site-to-site and remote access VPNs. The site-to-site is working fine, however when I connect using the Cisco client, after initial connection and password prompt I get a "not connected" status. The log states that a policy map match could not be found. I have successfully set the unit up for remote access with no site-to-site and ran into another host of issues when adding the site-to-site to the working remote access config, so I started over setting up site-to-site first. I've attempted this through ADSM (hate it) - the current configuration is via CLI. I'm certain I'm just missing a piece or two.
View 2 Replies
View Related
Feb 20, 2013
I currently have 2 e4200 wireless routers. The first router is connected to 3 devices via ethernet, and the 4th port is connected to my other e4200v2 which is set as bridge mode. The main router is at one end of the house, the second bridge mode router is at the other end.My wireless devices are connected to the main e4200v2, along with all the wired clients.
When wirelessly connected to the 2nd e4200 (the bridged one) I cannot connect to or ping any wireless clients that are connected to the main router. (For example, in my bedroom I am connected with my computer to the 2nd bridged router, and I am trying to ping my other computer that is wireless connected to the main router. I am unable to ping to this computer. When I am conected wirelessIy to the mian router, than I am able to ping the other wireless computer on the same router. Note:I am able to access any hard wired devices to the main router, regardless of which router I am connected to. The issue only appears to be when trying to connect to a wireless device that is connected to a different router than the device I am connecting from.Both routers are setup on the same subnet mask with firmware Ver.2.1.39.145204
View 9 Replies
View Related
Feb 24, 2011
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
View 2 Replies
View Related
Oct 1, 2012
I just get it that I can make a VPN Site-to-Site IPSec. But if I try to send a ping from one PC (network 1) to the other PC (network 2) it failed.
PC (Network 1) <ASA5505> Switch <ASA5510> PC (Network 2)
between the two ASA I have a funkctional VPN IPSec tunnel, but I can`t get access from one to theother network.
That are the access-list on the ASA5505:
asa5505#
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
alert-interval 300
access-list Inside_ICMP; 4 elements
[Code].....
View 19 Replies
View Related
May 17, 2011
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies
View Related
Apr 1, 2013
I'm trying to troubleshoot an ASA5505.
The original goal was to block "Mumble/Murmur" (a voip app) traffic, which runs on TCP/UDP 64738, both inbound and outbound, except to a certain host (63.223.117.170).
However, when nothing I tried seemed to make a difference, just to troubleshoot, I decided to try blocking all inbound traffic. I first disconnected ethernet port 0/0 to ensure that it was cabled correctly and the outside interface went down when I did. That worked as expected, so I confirmed I had the right interface and it was cabled correctly.
I then applied a "any any deny ip" rule as the first element in the outside interface access_list, as you can see below. However, it appears to have had no real effect and the hit count is very low (it should be astronomical).
show ver
Cisco Adaptive Security Appliance Software Version 9.0(2)
Device Manager Version 7.1(2)
Compiled on Thu 21-Feb-13 13:10 by builders
System image file is "disk0:/asa902-k8.bin"
[Code].....
View 4 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related