ASA 5520 Firewall configuration Problem

Unanswered Question
Apr 19th, 2007
User Badges:

I have an ASA 5520 placed between two different networks and have to provide interconnectivity between them. The ASA is placed between two Layer 3 switches. I had configured ASA as below:



interface GigabitEthernet0/0 //(Outside)

nameif Network-2

security-level 0

ip address 10.66.88.100 255.255.255.0

!

interface GigabitEthernet0/1 //(Inside)

nameif Network-1

security-level 100

ip address 10.68.1.7 255.255.255.0


global (Network-2) 1 10.66.0.0 netmask 255.255.0.0

nat (Network-1) 1 10.68.1.0 255.255.255.0 0 0


route Network-2 10.66.1.0 255.255.255.0 10.66.88.200 1


Note:

1.) Say the two different networks are 10.68.1.0 (network A) and 10.66.1.0 (network B)

2.) 10.66.88.200 is the next hop ip address of the layer3 switch at Network-B


I am able to ping all the systems in the two networks from the ASA.


I am unable to ping interface 10.66.88.100 from Network-A and Network B. How to resolve the problem?? Please guide?.


All helpful posts will be rated


Thanks in Advance

Sridhar


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 04/19/2007 - 04:06
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


To allow network B to ping the outside interface try adding this to config


asa(config)# icmp permit 10.66.1.0 255.255.255.0 outside


I don't believe that the ASA device allows you to ping an interface that is remote ie.


from the inside you can only ping the inside interface of the ASA,, you cannot ping the outside interface and vice-versa.


HTH


Jon

Actions

This Discussion