Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA lab enviroment question


I've tested this setup on both live network and my lab and I still don't understand the reason for this not working. If anyone can provide the reason why, because I find this extremely frustrating. I'm more than happy to provide config that I'm using if any can help out.

Thanks, -Fred

There are 3 devices in an internal network.

-1 Router, 1 ASA, 1 PC


-Router (inside network) has 2 Loopback interfaces on differenet networks and an ethernet interface on same network as ASA and PC. Router is running EIGRP. Router is advertising networks belonging to all configured interfaces.

-ASA has default GW pointing to outside, PAT'ing inside network to outside interface. Running EIGRP and advertising its inside network only. ASA can successfully ping loopback interfaces on router.

-PC on same network as ASA (inside) and router. Gateway IP is set as the ASA's inside IP.


Now, from the PC cannot ping loopback interfaces on router, but can go to the internet. (GW IP is ASA)

If you create a nonat statement on ASA to reach the loopback networks the PC can ping the loopback IP address.

If you try to do anything other than send icmp packets to the loopback IP's from the PC they do not respond.

Why is this???

I know if I change the PC's GW ip address to the router, and make the router's default GW point to the ASA everything will work. I just don't understand why I can't make the ASA my PC's gw and have everything work.

Hall of Fame Super Blue

Re: ASA lab enviroment question

Can you post configs



Re: ASA lab enviroment question

This is a hair-pinning issue. You will need to

add "permit intra security" or something on the

ASA to make it work.

Easy right?

New Member

Re: ASA lab enviroment question

I've attached config's.

Just need to copy/paste.

CreatePlease to create content