Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
5
Helpful
5
Replies

not able to ping or route internal ASA interface

Go to solution
jorgemneves
Level 1
Level 1

‎07-18-2016 06:16 AM - edited ‎03-12-2019 01:02 AM

Hi,

This asa have two portchannel sub-interfaces.

 admin interface and users interface

Not sure why but I am not able to ping users interface.

can you please advise

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP
In response to jorgemneves

‎07-19-2016 11:47 PM

management-access "interface" command is just used for management access over a VPN connection.

As for the RDP issue, sounds like you have asynchronous routing going on.  I suggest you remove the VLAN interfaces from the switch and let the ASA do all the routing...or configure the switch with VRFs and let the ASA do all inter VLAN routing.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

5 Replies 5

Go to solution
Marius Gunnerud
VIP
VIP

‎07-18-2016 10:05 AM

You would need to provide a full running configuration (please remove any passwords and public IPs) for us to have a better idea why it is not working.

Most common problem is for this is that icmp inspection is not enabled

policy-map global_policy
class inspection_default

  inspec icmp

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
jorgemneves
Level 1
Level 1
In response to Marius Gunnerud

‎07-18-2016 12:14 PM

Thank you Marius,  

I did tried that but it didn't work.

This has been fixed adding the following command "man interface"

But now I have another problem where when I try to rdp to a computer on that network  it doesn't work. Routing is all manage on our HSRP L3 switch, it is also dhcp.

Gateway for the computer is ASA.

I am allowing everything but when I check the logs on ASA it shows deny tcp (no connection) sync ack.

I have a static route on ASA to the L3 switch 0.0.0.0 0.0.0.0 10.37.1.1

Can you please advise.

Thank you again

J

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to jorgemneves

‎07-19-2016 11:47 PM

management-access "interface" command is just used for management access over a VPN connection.

As for the RDP issue, sounds like you have asynchronous routing going on.  I suggest you remove the VLAN interfaces from the switch and let the ASA do all the routing...or configure the switch with VRFs and let the ASA do all inter VLAN routing.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Go to solution
jorgemneves
Level 1
Level 1
In response to Marius Gunnerud

‎07-20-2016 07:06 AM

Hi Marius,

I was thinking in the same thing.

I have made the change and now I can remote to the PC. 

I have removed the management access but I am still unable to ping or route ASA interface from other subnets.

I have attached the configuration

Thanks

J

Preview file
30 KB
0 Helpful

Go to solution
procopius1980
Level 1
Level 1
In response to Marius Gunnerud

‎07-20-2016 09:13 AM

Forgive me for hijacking this discussion, but do you have any suggestions for my issue?  They are at least somewhat similar in nature.

https://supportforums.cisco.com/discussion/13076661/cant-connect-radius-server-or-anything-inside-interface

Thanks,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card