I am trying to troubleshoot an ASA5505 connectivity issue. My initial tests are to ping the Internet router from the ASA This is failing and also a sh arp only shows internal addresses.
I have to go to site to check this out to confirm the following.
1: Should I be able to ping the Internet router from the ASA?
2: Do I need to permit any icmp to do this?
3: Should a sh arp show the address of the internet router?
I tried entering the command permit icmp any outside
However I got the error route already exists 0.0.0.0/0.0.0.0
We want to use an ASA as a pure routing device. Our network has several internal subnets (10.1.x.0/24), and we want to be able to reach them from outside and to allow access between them.
We have a defined a VLAN for each subnet range with the same security-level, added it to an Ethernet port and made the Ethernet that acts as outside as a trunk, and defined it as the global routing.
We cannot ping any of the subnet IPs defined in the ASA from outside nor we can ping it from the internal IP addresses.
I am trying to configure Nat on a clean ASA 5505, but can't get it to work. I ran the commands below. On the ASA I can ping the internet and inside vlan ip. On my laptop I can ping the ASA inside vlan ip, but I can't ping the outside vlan ip. From another network I can ping the ASA outside public ip. Is there an access-list that denies inside from accessing outside?
I am running version 8.4(3) and I erased the existing configuration.
I have 2 ASA and would like to build a Side-to-Side VPN between these ASA. So I can learn something about configure a ASA for different thinks. But now I don`t can Ping from a Client to the Internet-Router.My Configuration is:
I have been tasked with replacing our company eSoft router with a Cisco ASA 5505 with the upgraded security license. I have been working on the configuration for a couple of weeks now, after reading hundreds of forum posts, watching youtube videos, and endless google searching, and despite my best efforts I am still having an issue I can’t figure out.
I have a couple of subnets, that when the ASA is connected, I cannot ping, nor can they get to the internet or our Exchange server. At this point I’m not sure if it’s an access rule issue, NAT issue, or DNS issue.
Here is the network layout:
ASA: 192.168.0.2 (Primary Gateway) 192.168.0.0 (Primary facility, ASA is the gateway) 192.168.2.0 (Second facility, connected via Verizon point-to-point) 192.168.3.0 (Third facility, connected via Verizon point-to-point)
I have a Cisco ASA 5505, the problem is I am not able to ping to outside natted interface (ip: 172.88.188.123 and 124 and 125) from inside network I have looked for ASA documentation through the internet and still got nothing.
I have a new ASA 5505 and all is working fine, I can CLI and ASDM into it, but just can't ping the inside interface, do I need to enable a feature to make this work somehow?
I have setup 5505 ASA for Testing purposes. It has static route to layer 3 switch on outside interface that goes to the internet.
ciscoasa# sh route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
I've configured a 5505 but internal clients can't ping external ip. To test I've connect a pc with the ip of the default router on the Outside int the ASA can ping the PC and the PC can ping the ASA, but internal clients can't ping the PC
PC config 195.12.23.241/28
Here's the ASA config, so far I've wiped the ASA and started with a blank sonfig and built it up but still not working.
I configured a new Asa 5505 with Ios 8.44-1-k8.bin and when I installed the Asa the client's after about 1 hour were unable to ping or map drives to the Asa. I got the following error,%ASA-2-106007: Deny inbound UDP from XXXX to XXXX due to DNS Query. I added the command same-security-traffic permit intra-interface they were then able to ping the server and connect to the Internet, but still unable to map drives i could see the connections from the Pc's to the server in a show conn with was tcp port 445 with Saa? I reverted back to Ios 8.25 and everything works.
I have an ASA 5505 that I'm trying to set up a guest network on. I've configured an interface as a trunk and allowed the 2 vlans but I'm not getting any layer 3 to it. The switch connected to it is a 3560 and port is configured as a trunk with the same vlans.
I can't ping the ASA inside interface but I see its MAC address in the swtich's table.
I have a ASA 5505. I want to be able to ping from my workstation to some address, lets say [URL]. My workstation is connected to Ethernet 0/2. I have tried playing around with the ACL but am not able to accomplish this.
Result of the command: "show running-config" : Saved:ASA Version 8.2(1) !hostname ciscoasadomain-name home.7vnmotorsports.com
Before upgrading to 8.4(4)1 I was able to ping our inside interface accross the VPN. Now I cannot. Because ping is not working, my SNMP server thinks that the device is offline however I know the VPN tunnel is still up and the remote branch office is working fine. Here is the config of the branch office ASA 5505 in question. How to get icmp working again?
ASA Version 8.4(4)1 ! hostname BranchASA5505 domain-name houston.deh
I have, what I believe to be, a simple issue - I must be missing something. Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209). There is a PC (10.51.253.210) plugged into e0/1.
I know the PC is configured correctly with Windows firewall tuned off. The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.
I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue. Basically, the VPN is up and running but PC 10.51.253.210 cannot get out
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
I have simple setup lab in a GNS3. I having a problem pinging from the ASA to the outside world. If I'm in the rotuer, I can ping fine(ping 4.2.2.2), I'm getting reply back. But no luck on the ASA itself. For now I just wanted to get the ASA to ping outside the cloud. Then later I play around with the host pc. ASA Version 8.4(2) [code]
I have two Cisco ASA routers and I have a site to site vpn set up between the two. The VPN link works but Site A can't ping anything on Site B. Site B can ping Site A. Site B can ping other pcs on it's own network. Site A has been in place for a while and has other site to site VPNs that work fine, so I think the problem is with Site B. Here is the config for Site B:
I have a Cisco router 2900 with firewall, i need to know how can i allow the ping from self zone to outside zone, i trried to create policy from self to outside but i still didn't allow ping or tracert, i get that message when i try to ping from cisco router: "Unrecognized host or address, or protocol not running"
I am trying to set up a lan to lan vpn access with 2 asa5505's but I cannot ping, traceroute or connect from either side. I can connect to both ASA 5505's from the internet, and connect to the internet FROM both 5505's, just not one to the other. I can ping the network GATEWAYS to the routers, just not the routers themselves.
Both of these machines have been configured for previous VPNs but that configuration has been removed.
I've been called upon to fix the SSL VPN issues in our ASA5505. The issue I am having is that I am able to log into the vpn, access the internet, but I'm unable to access anything on the LAN. I can't use ping or use DNS.
I'm using ASDM v. 6.2(1) and ASA verison 8.2(1). I'm not comfortable using the CLI and prefer the GUI.
I have a new 5505 that im trying to upgrade the IOS on. The 5505 and the laptop are connected via a 5 port switch.From the laptop i can ping the inside interface of the 5505, but i cannot ping the laptop from the 5505. As a result, my TFTP is failing.
configuring ASA 5505 to be able to ping remote host.Setup - We have a site-to-site (192.168.1.0/24 - 192.168.2.0/24) VPN setup with client VPN access (IP Pool, 172.16.50.0/24) on 192.168.1.0 ASA 5505.Issue - Not able to ping host on 192.168.2.0 from VPN client 172.16.50.0 but able to ping 192.168.1.0 host.
We have ciso asa 5505 and we are using one public ip of 155.155.155.9 , so i wanna disable to ping from outside this ip , but not effect our site to site and remote vpn connections ,the only thing i need is to disable the public ip to ping from outside.
If I ping a NAT'ed IP address configured on an ASA 5505, is it handled at the firewall (as far as priority) as if I were pinging the firewall interface itself, or the end device? The reason I ask is I am seeing waves of ping latency that I can relate to data transfers, but the nothing is even close to being maxed out as far as CPU, memory, or bandwidth. My guess is this is being handled by the ASA in software instead of in hardware.
I have set up site-site VPN on 5505s on 2 sites. I can ping outside interfaces from both sites but cannot get replies when I ping clients behind the 5505 from the ASA itself. I have also tried to ping from 10.x.x.x to 217.41.x.x and to 192.168..x.x but do not get a response.
I was expecting the configuration to be enough but there might be something I am missing.
I'm trying to set up a Guest VLAN for wireless at a client site, and I feel like I'm missing something small in the configuration, since I can't ping any of the VLAN interfaces from my laptop when the address is statically set to something in the 172.20.100.x range.
I've pasted the configs for the ASA 5505 and the 6 switches below for convenience. Near as I can tell, all should be well. The ports are in trunking mode, the "show cdp neighbors" command returns the proper information, VLAN 100 exists on all the switches, etc.
I have setup this firewall with a NAT, everything seem fine. I try pinging from my external translate IP to the internal IP address, on the ASDM Log i can see the traffic built and teardown but on the PC i used to execute the ping it will show timeout. My configuration as belows:
I setup and SSL anyconnect VPN on my Cisco ASA 5505. It works well and connects with out a problem. However, I can't ping any internal clients, but I can RDP to them. Most of the time people end up posting their config so I will as well.
