Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cannot ssh or ping ASA 5510 from the inside interface.

The ASA is configured in very simple transparent mode. As desired, traffic can flow in each direction between inside and outside. I can manage the ASA via console and direct connection to the management interface. The problem is that I cannot ping or ssh to the ASA via the inside interface. I need to be able to manage the ASA from any PC on the inside LAN. I suspect I am missing some easy aspect of the configuration but after a lot of hours I'm about at the end of my patience with it. Here is what I believe to be the relevant parts of the config.  Any assistance will be greatly appreciated.

ASA Version 8.2(1)


firewall transparent

hostname issr1

enable password 2alej83t5cqT0FWd encrypted

passwd 4kleUY438I93.4ljdh encrypted


name xxx.125.144.0 myLAN


interface Ethernet0/0

nameif Outside

security-level 0


interface Ethernet0/1

nameif inside

security-level 100


interface Ethernet0/2


no nameif

no security-level


interface Ethernet0/3


no nameif

no security-level


interface Management0/0

nameif management

security-level 100

ip address xxx.125.145.173



dns server-group DefaultDNS

domain-name myLAN.circ6.dcn

object-group protocol TCPUDP

protocol-object tcp

access-list inside_access_in_2 extended permit ip any any

access-list Outside_access_in_1 extended permit ip myLAN any

mtu Outside 1500

mtu inside 1500

mtu management 1500

ip address xxx.125.145.175

icmp unreachable rate-limit 1 burst-size 1

icmp permit host xxx.125.145.175 inside

asdm history enable

access-group Outside_access_in_1 in interface Outside

access-group inside_access_in_2 in interface inside control-plane

route inside myLAN xxx.125.144.240 1

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http xxx.125.144.0 management

http myLAN inside

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

ssh xxx.125.144.14 inside

ssh xxx.125.145.174 management

ssh timeout 60

console timeout 0



Super Bronze

Cannot ssh or ping ASA 5510 from the inside interface.


I have never actually configured a transparent ASA firewall so I am just guessing.

What I am wondering is that if you have a transparent firewall acting as a L2 device in the network. Shouldnt you just have a default route pointing to the networks only L3 interfaces IP address.

Have you tried giving the management interface a totally different IP address? Something like so it doesnt have anything to do with the actual network you have your ASA connected to?

Can you ping the IP address mentioned in the global configuration line "ip address" from your computer connected to the L2 network?

Community Member

Cannot ssh or ping ASA 5510 from the inside interface.

Thanks for the reply.

I had an error in a netmask. After fixing that I can ping and connect with ASDM from the inside to the global IP address. I still cannot SSH from the inside but I should be able to figure that out.

Thanks for the help. Although your suggestion wasn't exactly the solution, it did prompt me to review all of my network settings and find the immediate problem.

Thanks again.

Super Bronze

Cannot ssh or ping ASA 5510 from the inside interface.


When you say that you have been able to manage the ASA directly from Management interface, does that mean also with SSH?

I was just wondering if you've issued the "crypto key generate rsa modules 1024" from the console CLI? Or same from the ASDM tools -> Command Line Interface (or something similiar)

Atleast thats the most common mistake I sometimes make when starting configuraitons with ASA on console (forget to create the keys)

- Jouni

Community Member

Cannot ssh or ping ASA 5510 from the inside interface.

From the management interface I can use SSH and ASDM.

I had already done the 'crypto..." command.

After tweaking another netmask I can now do SSH and ASDM from the inside interface. So my immediate problems are all resolved.

Thanks again,

CreatePlease to create content