I'm running into an issue where the IPS is not pingable from the gateway (switch) or internal network, but the IPS is able to ping other networks. For example:
I had the ASA configured according to the Cisco recommendation of configuring the management IP subnet, and also without configuring the management ip on the ASA.
ASA has it's management port connected to the switch on VLAN 50.
ASA has it's inside port connected to the switch on VLAN 10.
The IPS is configured with an IP in the VLAN50 subnet and has it's default gateway as VLAN50 interface on the switch. So while in the IPS session, I can ping the default gateway and also the inside interface on the ASA. However from the switch, I cannot ping the IPS even when sourcing from VLAN50.
Similarly, cannot ping from the ASA to the IPS (the ASA does have a static route to inside VLAN10 for IPS ip.
Any possible reasons why this may not be working? I also tried to https to the IPS ip from the inside network, but still no luck.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...