Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5510 routing problem...

I have the following network as shown. I seem to have some problems configuring routes for the ASA 5510fw1.jpg.

I need hosts on 194.1.10.0/24 network (HEADQUATER) to be able to ping the hosts on 194.1.20.0/24 (BRANCH). But hosts on the headquater network can only ping the outside interface of the ASA firewall (200.200.200.2). The hosts on HQ network are not able to ping the inside interface or the host on the branch network.

This is my firewall route configuration

Outside:

network: 194.1.10.0 next-hop: 200.200.200.1

network: 194.1.30.0 next-hop: 200.200.200.1

How to fix this problem? Thanks in advance

3 REPLIES
Community Member

Re: ASA 5510 routing problem...

Hi

by design you cant ping the inside interface coming in from the outside.  

please post your config of the ASA - it could be your ACL's blocking echo-replies

the route on the ASA looks good but do need to the see the config of the ASA

thanks

Cisco Employee

Re: ASA 5510 routing problem...

On the ASA try adding "inspect icmp" and see if that helps.

-KS

Community Member

Re: ASA 5510 routing problem...

kusankar wrote:

On the ASA try adding "inspect icmp" and see if that helps.

-KS

its not really a acl problem, i have allowed all incoming and outgoing IP traffic on both interfaces. Its more like routing problem

I have a route (to my HEADQUATER network) on my OUTSIDE interface. But i dont have this route on my INSIDE interface. Which is why the echo-reply packets cannot find a way back when i ping the inside interface.

But if i try adding a route to the inside interface....the asa says a route with the same gateway already exists

Why is this so?

297
Views
0
Helpful
3
Replies
CreatePlease to create content