Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA 5505 Cannot Ping Secondary Internal Network....

Please Remove Mods...Thanks

9 REPLIES
Purple

Cisco ASA 5505 Cannot Ping Secondary Internal Network....

hI?

Can you post a topology diagram where the subnets locations are marked.

Bu here:

router rip

network 192.168.1.0     

version 1

where is this subnet connected because i don't see any address in this range and you should have a network command for directed link where the other device is doing RIP

Can you post sh route output, there shouldn't be any 192.168.1.0 entry

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Re: Cisco ASA 5505 Cannot Ping Secondary Internal Network....

Hello Alain,

Sorry, I just got this....here is the result:

Gateway of last resort is 75.x.x.x to network 0.0.0.0

C    10.125.1.0 255.255.255.0 is directly connected, inside
C    75.x.x.x 255.255.255.248 is directly connected, outside
S*   0.0.0.0 0.0.0.0 [1/0] via 75.x.x.x, outside

Thank you....I will try to disable RIP while I am waiting to hear back just in case that is the culprit....Thanks

Also, if this helps......I am getting "Deny IP Spoof from 10.125.1.1 to 192.168.1.1 on interface inside" Messages in the ASDM...I think this is a big clue. Thank you

Purple

Re: Cisco ASA 5505 Cannot Ping Secondary Internal Network....

Hi,

this 192.168.1.0 network where is it located? Post a topology if it is beyond a directly connected L3 device   on the inside then you must modify the RIP settings or do just a static route.

For the RIP, try this:

router rip

network 10.0.0.0

no auto-summary

version 2

But before to make sure you have a RIPv2 enabled neighbour just do ping 224.0.0.9 and you'll get the IP from the neighbour

device otherwise try with version 1

Let us know.

Regards.

Alain.

Don't forget to rate helpful posts.
New Member

Re: Cisco ASA 5505 Cannot Ping Secondary Internal Network....

Hi,

I tried that and I didn't work....I think I should try without using RIP. So here is the basic topology:

The Cisco ASA connects to the inside 10. Network.....the 192. Network is behind a Netgear Firewall with a 192. adress and to a Switch which is connected to all 192. Devices........I also have 2 Terminal servers Multi-Honed with 192. and 10. addresses which can ping all the 192 devices just fine. Thank you so much....

Purple

Cisco ASA 5505 Cannot Ping Secondary Internal Network....

Hi,

what didn't work ? the RIP v2 ? then can you configure a static route like this:

route inside 192.168.1.0 255.255.255.0 10.125.1.1 x  where this is the address of the Netgear device.

You should also verify the config of the Netgear.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Re: Cisco ASA 5505 Cannot Ping Secondary Internal Network....

Sorry,

The RIP connection worked but only on the Multi-Honed 10. address..sh roun said the 192. address was probably down.

The problem is still that the ASA will not see the 192. network but my Servers with Mult-Honed addresses do see the 192. network......

Trying your static route soluion now

BRB

Thank You

Update - The Static route didn't work....I get the following error after using this:

route inside 192.168.1.0 255.255.255.0 10.125.1.1 192.168.1.50

I get invalid input detected at marker                          ^   (the ^ is supposed to be under the dot after the last 192)

So error is where the X is here:   route inside 192.168.1.0 255.255.255.0 10.125.1.1 192X

Please help.....getting down to the wire here......Thank you

New Member

Re: Cisco ASA 5505 Cannot Ping Secondary Internal Network....

OK, so here's where I stand.....

The Cisco can ping everything on and behind the 192. Network.....it was the Netgear, good call!!!

The only thing I need now is to allow the VPN users to access the 192. Network as well.....when I do a test connect, I can ping everything on 10. and I have the Internet with the Split Tunnel.....but nothing......of course...... on the 192. Network.

Any final help would be greatly appreciated! Thanks!!!!

Bob

New Member

Re: Cisco ASA 5505 Cannot Ping Secondary Internal Network....

I finally got it by building a new VPN profile.....Thank you for your help, I appreciate it!!!

Bob

New Member

Re: Cisco ASA 5505 Cannot Ping Secondary Internal Network....

This Topic is Answered

966
Views
0
Helpful
9
Replies
CreatePlease to create content