ASA 5510 routing problem...

Unanswered Question
Jan 27th, 2010

I have the following network as shown. I seem to have some problems configuring routes for the ASA 5510fw1.jpg.

I need hosts on network (HEADQUATER) to be able to ping the hosts on (BRANCH). But hosts on the headquater network can only ping the outside interface of the ASA firewall ( The hosts on HQ network are not able to ping the inside interface or the host on the branch network.

This is my firewall route configuration


network: next-hop:

network: next-hop:

How to fix this problem? Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
solpandor Wed, 01/27/2010 - 05:22


by design you cant ping the inside interface coming in from the outside.  

please post your config of the ASA - it could be your ACL's blocking echo-replies

the route on the ASA looks good but do need to the see the config of the ASA


sahamed127 Wed, 01/27/2010 - 19:56

kusankar wrote:

On the ASA try adding "inspect icmp" and see if that helps.


its not really a acl problem, i have allowed all incoming and outgoing IP traffic on both interfaces. Its more like routing problem

I have a route (to my HEADQUATER network) on my OUTSIDE interface. But i dont have this route on my INSIDE interface. Which is why the echo-reply packets cannot find a way back when i ping the inside interface.

But if i try adding a route to the inside interface....the asa says a route with the same gateway already exists

Why is this so?


This Discussion