Cisco Firewall :: Unable To Ping Default Gateway On ASA 5510
Mar 31, 2011
We have two ASA5510s, each with outside interfaces to the same two ISPs (different IP addresses within the same subnet, of course). Both ASAs allow ICMP on all (inside and outside) interfaces. One ASA's default route is to ISP-1 and the other is to ISP-2. We can ping the default gateways for both ISPs from only one ASA. From the other ASA, we can only ping the default gateway for the default route but not the other. The pings originate from an inside client, first configured with the default gateway for ASA-1, then for ASA-2. Why does this happen, how do I troubleshoot something like this and how do I fix it?
View 1 Replies
ADVERTISEMENT
Oct 24, 2011
about two days ago my main PC lost the ability to connect to the internet. I'm useing a trendnet tew-687ga adapter and a netgear n600 router. I can't ping the default gatway 192.168.1.1
View 2 Replies
View Related
Nov 1, 2012
We have a 3560 switch behind a ASA 5510 at a site that we are trying to access via telnet over the internet, we find out the switch does not have a default gateway configured. So I configure the following rule on the 5510: [code] Try accessing the switch, and all is good. One of our change control steps is to identify any others are connected to the device via: [code] I see the connection and show users command return 172.16.30.15, as expected. How is it possible that address can connect to that switch.
View 7 Replies
View Related
Jul 25, 2012
Switching out a 5510 as our primary firewall with a 5520. I've essentially copied the working config from the 5510, and put it on to the 5520, making small changes where necessary. Plug everything. I cannot get out to the internet.
Facts:
-All interfaces have no shut on them
-No machine can ping out to the internet gateway
-All machines can ping out to the inside interface of the firewall
-It's not a problem with the internet because I can take a laptop, enter in our outside interface information, plug it into the internet gateway, and I can get out to the internet just fine.
View 14 Replies
View Related
Sep 10, 2012
I have a VM server, whose IP is in customer VLAN600 ( 172.60.60.10/24 ) and Peer end is switch then Firewall.Switch is configured with same VLAN600 and learning mac-address of Server on VLAN 600, Firewall is also having VLAN600 and IP is 172.60.60.1/24.Server is not able to Ping/reach Firewall and vice versa.
View 1 Replies
View Related
Feb 13, 2013
i'm having problem to ping succesfully default gateway on Router1 from Router2. Basically i can: - ping from R1 the serial interface on R2 and default gateway on R2 - telnet from R1 to R2 - ping from R2 to serial link on R1, BUT I CANNOT ping default gateway from R2 to R1 Below is the photo showing topology and running configuration on both routers
View 2 Replies
View Related
Nov 27, 2012
One of my client has BSNL leased line with LAN IP POOL we configured those on ASA 5510 nad Internet working fine but from cloud we are not getting any response for ping requiest please find running configuration below:
ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(1)
[Code]....
View 4 Replies
View Related
Jun 9, 2012
I'm trying to get a 2811 router with a NM-AIR-WLC6 Wireless Controller Module to work with an c1200 series access point. The LWAP is connected to a 2690 switch which has a trunk connected to the router. My configuration looks very similar to example 2 on this page: [URL] . The LWAP does get an IP from the DHCP pool on the router. I can also connect to the GUI of the controller from a PC on VLAN 250 (which also is connected to the switch).
[URL]
The moment I join my Wireless network I get no IP and when I enter a valid static IP, I still can't ping the gateway. I also noticed that the controller could ping the gateway before I configured the interface. After configuring an interface with that gateway, the controller loses the ability to ping to it. I can't seem to figure out why. I've been working all week on getting this controller and LWAP to broadcast a fully working network.
View 3 Replies
View Related
May 3, 2012
This would probably sound like a stupid question but it took at least 2 hours of my time so far. I have a 3750 switch where a router and a server is connected. From the switch I can ping the router and server with no issue (directely connected). But from the server I am not able to ping the router. The router and the server are in the same subnet. The router is configured as the default router for the server. I am not able to ping the server from the router either. Here's the output of the ip route from the router. The server IP address is 10.1.200.21 and the router IP address is 10.10.200.1
10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
C 10.1.30.0/24 is directly connected, FastEthernet0/0.30
C 10.1.20.0/24 is directly connected, FastEthernet0/0.20
[Code].....
View 14 Replies
View Related
Nov 23, 2012
I used the Cisco Configuration Professional to add an Easy VPN Server to my 3825. I'm able to connect when remote but I can't ping the default gateway of 192.168.1.1 which is in the same network as the VPN DHCP pool. I can access every single other device on the VLAN segments but not the default gateway which means when i connect I can't look at my router. And there's more, I cannot ping anything offnet (ie 75.75.75.75).
Attached are some images which show some details from the client during the VPN connect and a few from the router (i had to use the lan switch as a jump host). If you can figure this out before I go back to the coffee shop to test this tomorrow I will send you a cake.
[code]...
View 6 Replies
View Related
Oct 15, 2012
I have created two vlans, vlan 1 data and vlan 200 voice. the issue is that when an on one vlan i cannot ping the default gateway of the othe vlan from my PC. An using sge 2010p switches.
below is my configuration
p route 0.0.0.0 0.0.0.0 192.168.0.1
ip dhcp relay address 192.168.0.100
ip dhcp relay enable
ip dhcp information option
interface vlan 1
ip dhcp relay enable(code )
View 3 Replies
View Related
Jun 19, 2011
We have an ASA 5510, with two internet connections. One inteded for VPN l2l and the other for general users inet access.
On asa 8.04, I configured the crypto map on inteface "VPNAccess" and a static route to the L2L remote peer through VPN internet access, the default rotue was pointing the general inet router.
We bought a new firewall with 8.4.1, and now asa only tries to initiate traffic if remote peer is on the default gateway.
It ignores more specific routes (i mean longer masks) and always tries to use default gateway, but only for VPN, if I make a trace route for that peers it uses correctly the routing table.
View 12 Replies
View Related
Apr 11, 2012
I have a 3560G and an ASA FW, for which I am trying to use PBR to append the next hop. The gateway is the switch VLAN address and the amended net hop is the same VLAN interface on the ASA. Trouble is, I can ping the FW from a client, but not the switch. If I remove the route map, I can ping both. Even more strange is this is the case for some VLANs, but not all!
Config:
HOST ON VLAN 96
IP 10.11.120.99
S/M 255.255.255.240
[Code].....
View 2 Replies
View Related
Oct 12, 2011
Loss connection every day for several hours and just comes back. Reset router than works fine. Only about six months old. Found several forums staing the same problem. I have a RV016 16 port VPN router. What can I do?
View 1 Replies
View Related
May 21, 2013
My controller is vWLC installed in ESXi which has to vNet Cards configured with all vlans(4095), then it is connected to a 3560 switch with trunk. The configuration of the switch interface is as belows: The SSID is BYOD and I can connect the SSID and get the IP address such as 10.10.10.118/24, but for now, i cannot ping 10.10.10.1, but i can ping 10.10.10.90.
View 3 Replies
View Related
Jul 11, 2012
I am having connection issues with my laptop involving my wireless adapter (I assume), since I am able to connect to the internet via a different laptop, Xbox and phones in the household. It is a Dell M5010 and the problem has only recently occurred.
View 9 Replies
View Related
Jun 8, 2012
I'm trying to connect to connect to OpenVPN server from my Ubuntu 11.10 machine. I use the following command to do it (under root user):
openvpn --config /home/vladimir/client.ovpn
Everything seems to be OK, it connects normally without any warnings and errors, but when I try to browse the internet I see that I still use my own IP address, so VPN connection doesn't work. When I run openvpn command, it displays the following message among others:
NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Below is full output of openvpn command:
[code]....
View 1 Replies
View Related
Jul 14, 2011
I'm unable to connect to the internet from my laptop. When I do a diagnostic test it tells me that the default gateway is not available. I've tried resetting it, resetting my IP address via command prompt, restarting the router, etc.
View 10 Replies
View Related
Nov 15, 2012
We have a WLC 4410 management IP Address configured as 10.40.124.59.and configured VLAN1 on WLC with IP address 10.40.126.250. we are unable to ping the VLAN1 ip address from the switch. even unable to ping 10.40.126.252 (Gateway). Is there any limitation that we can not configured ip address from secondary scope...Switch vlan 1 configuration is ......interface GigabitEthernet0/0.1description Business VLANencapsulation dot1Q 1 nativeip address 100.93.50.2 255.255.0.0 secondaryip address 10.40.126.252 255.255.255.0 secondaryip address 10.40.124.61 255.255.255.192 secondaryip address100.43.94.252 255.255.255.0.
View 3 Replies
View Related
Mar 11, 2013
Currently a network consists of two subnets, one subnet is behind a ASA and the other behind a PIX, both connecting to the ISP's routers. If the PIX is retired, is it possible to create/consolidate the two networks protected by the ASA5510 with the default gateway being the ISP?
How can two private networks be protected by the ASA5510? One conceptual way is to create the VLANS on a layer 3 switch, on the "inside" interface of the ASA. In this senario what would the "inside" network's IP address? If the above is possible, how would natting occur?
Is there an efficient configuration to protect two networks protected by the 5510, other than creating a DMZ?
Is it possible to create two private networks with same level of security, 100 on a three network interface connections?
View 12 Replies
View Related
Feb 27, 2012
A customer got a new VoIP PBX, and now I have to forward port 443 on the ASA to the PBX for remote administration purposes. The LAN-interface of the PBX is in the same subnet as the ASA but has an external VoIP-router as default gateway and not our ASA. Is it even possible to forward the port to the PBX when there is no route of any sort to our ASA on it?
View 2 Replies
View Related
Nov 24, 2011
I've configured a VPN IPSEC on my ASA5510. It Assigned IP/NETMASK/Gateway via a DHCP Server on the LAN.The problem is that when a client is connected to the VPN , it takes the right IP and NETMASK. ( 192.168.1.109 / 255.255.255.0) but the Default Gateway is wrong ( 192.168.1.1). It should be the default Gateway of my LAN router ( 192.168.1.229).
View 7 Replies
View Related
Jun 28, 2011
ASA 8.3(2) 5505
I've configured a number of remote access vpns on ASAs, but I don't recall having a default gateway setting assigned after logging in.
Is there a way to disable the assignment of a default gateway upon login?
The value assigned is meaningless. It's just the next available address in the local pool.
View 2 Replies
View Related
May 30, 2012
I am just setting up a simple scenario with a 1841. Server @ 172.31.1.1 cannot ping 172.31.0.254 or 172.31.0.105. It can ping 172.31.1.250. The router can, on the other hand, ping devices on both networks. This is just for testing routing theory so I don't know why hosts on either side of the network cannot ping each other.
I am only using the FastEthernet interfaces on Router 1841.
View 3 Replies
View Related
Jun 25, 2012
We have had a successful site to site vpn working for several months now. It is an ASA 5510 at HQ to a ASA 5505 at a branch office in another state. We just added a second site to site vpn in another state this time from HQ to a Sonicwall TZ100. After plugging in the Sonicwall to the Qwest modem in bridge mode the tunnel came right up. I was unable to to ping any off the private IPs at HQ from the new branch, but was able to use remote desktop into the servers and workstations at HQ. Also all the computers show up when browsing the network from the new branch.
At the first branch we are able to ping both ways and use remote desktop both ways.When using packet tracer in ASDM on the HQ ASA and pinging from one of the IPs in the HQ protected network to an IP in the new branch network NAT-EXEMPT looks good, but when it hits the first NAT it matches on the "dynamic translation to pool 10 (10.1.255.254) [Interface PAT]" (which is the default route for all the vlans to get to the Internet.)The next NAT (subtype - host-limits) looks better and this one going to the IP address of the outside interface of the HQ ASA 5510, but then the third NAT (Subtype - rpf-check) reverts back to the "10 (10.1.255.254) Interface PAT]" and the packet is DROPPED. Also there is no VPN step in Packet Tracer after NAT.[code]
Is the problem possibly due to the fact that my 2 new ACLs for "encrypt_acl-30" fall after "access-list global_mpc extended permit tcp any any" in the config and it is running into the implicit deny all?
View 8 Replies
View Related
Jan 31, 2011
I have to sites connected togather using 4 MBps Link over the tunnel terminated on asa 5510,the call manager in site 1 and the other users on the site 2 unable to register with call mamager on site while i have a suceesull ping goes from site 2 to site 1 (call manager ip) so why this phone its not registered ,so in term of network no problems coz the ping gets through and am rely on ping to confirm that no network problem
----is there any udp traffic problem that prevent the phone registration
View 20 Replies
View Related
Jun 13, 2011
I have a a firewall policy on a Cisco 2911 - the zone policy from OutZone>InZone basically drops everything apart from inspected traffic on the opposite direction and a few essential traffic generated externally (such as Outlook web access and E-mail exchanging). However, I seem to be getting a lot of firewall drops coming from the immediate gateway of the ADSL WAN address to the internal IP range on port 3. I get about 10 hits every 5 seconds.
Policy:
policy-map type inspect FWPol_Out-In
class type inspect CCP_PPTP
pass
class type inspect FCMAP_In-Email
pass
class type inspect FCMAP_In-OutlookWebAccess
inspect(code)
%FW-6-LOG_SUMMARY: 1 packet were dropped from IMMEDIATE WAN GATEWAY:0 => INTERNAL IP ADDRESS:3 (target:class)-(FWPair_Out-In:class-default), the immediate gateway would ping an internal IP address? Keepalive? Could this be stemming from another problem? The traffic wasn't generated internally as all InZone>OutZone is inspected.
View 1 Replies
View Related
Jan 22, 2012
I have newly deployed network. I have two ASA5520-AIP20-k9. both connected to ISP and configured as Active/standby failover. the ASAs were working fine at first but later on, the internet connection becomes very slow. the ping reply i am getting from my next hop(ISP router) varies during the peak hour is some times in 2000 msec or above but during off hours, the ping reply time is 1 and 2 msec. when I directly connect my laptop to the link that comes from the ISP its ping reply is 1msec and 2msec. I thought the ping reply of the ASA5520 to the ISP gateway should be constant and should be 1 and 2 msec regardsless of the traffic passing through the firewall.
View 1 Replies
View Related
Jul 26, 2012
We have a VPN setup between two Cisco RV082 routers, the VPN status shows as connected however I can't ping the other network. I am unable to ping between routers, let alone ping computers behind those routers.
We have 2 branches, branch 1 is on a static IP and branch 2 is Dynamic. I am able to connect via QuickVPN from Branch 2 to Branch 1 and remote desktop to computers, however have yet to VPN/remote desktop in the opposite direction.
To me it seems like a firewall issue at branch 2, but what's causing this. Also they are currently running 2 differnet firmware version not sure if this would cause a problem.
View 1 Replies
View Related
Jun 23, 2011
I have an ASA-5510 in a location that loses connectivity to the wan gateway after anywhere from five to fifteen minutes. At first I thought that the unit might be defective, but I replaced it with an ASA-5505 with similar results. A reload of the ASA-5510 will restore connectivity for the next quarter hour.
Here's the version information on the 5510:
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
[Code].....
View 1 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
Jan 9, 2013
Internet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2 -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
1. Internet is connected to Juniper Ge0/0/0 via /30 IP.
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.
From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
Issue:
1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
Troubleshooting Done so far.
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3. Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **
View 2 Replies
View Related
Dec 12, 2011
I set this up and I can ping all the gateways but never the hosts. I was hoping I could make these links between 6500's a mix of L2 and L3. Check it out. They are connected in a linear fashion R1--->R2--->R3. I can ping from R1 to R3's SVI4 gateway but I can never ping a host on that SVI4. I was hoping that I could use the port-channels between 6500's as routed links or as trunk links depending on the type of traffic....thought it would ease the migration. I suppose I could always get rid of the port-channels and just make separate L2 and L3 links between the 6500's.
View 3 Replies
View Related
