ASA 5505 router-as-a-stick, cant ping between VLANs
Important thing for you to know:
1- In order to allow ICMP packets to traverse the ASA you need to statefully inspect the ICMP protocol.
2- You cannot ping a distant interface , what does this mean? R/ if you are behind the inside interface you will be able to ping it but you will not be able to ping the outside interface Ip add or the DMZ interface Ip add. This is a built-in security meassure.
3- ASA 5505 with a Base license ( Traffic will only be allow ( unrestricted) from 2 vlans, the 3 one will be restricted, This means the 3 vlan will only be able to talk to one other interface not to both of them.
In order to change the behavior of the traffic that will be allow by the 3rd vlan you need the following command:
- no forward interface vlan #
To solve this you will need a plus license.
Do rate all the helpful posts
Looking for some Networking Assistance?
Contact me directly at email@example.com
I will fix your problem ASAP.
Julio Carvajal Segura
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...