While working at a customer site today, we opened up another interface on our ASA here and named the interface WAN. The WAN interface has a security level of 30.
Currently we have a 3750 switch connected to the WAN interface with a management address of 192.168.36.5. The IP address of the WAN interface on the ASA is 192.168.36.1. I can ping from the ASA to the Cisco 3750 successfully.
EIGRP is running on both the 3750 switch and on the ASA.
I have another Switch on the inside interface of the ASA. I know that this switch knows about the 192.168.36.0 network because when I perform a "sho ip route 192.168.36.0" i get the following output:
Routing entry for 192.168.36.0/24 Known via "eigrp 13", distance 90, metric 3072, type internal Redistributing via eigrp 13 Last update from 172.16.132.1 on Vlan99, 03:11:21 ago Routing Descriptor Blocks: * 172.16.132.1, from 172.16.132.1, 03:11:21 ago, via Vlan99 Route metric is 3072, traffic share count is 1 Total delay is 20 microseconds, minimum bandwidth is 1000000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 So we know that the inside interface of the ASA is sending updates for 192.168.36.0 to the Switch on the inside.
I set up a packet capture looking for ICMP packets on the inside interface of the ASA and tried the ping to the switch @ 192.168..36.5 off the WAN interface. I see the echo request go out but do not see replies.
I moved the packet capture to the WAN interface, but I do not see any ping packets when pinging here.
Seems that for some reason, the ASA allows the ICMP in on the Inside Interface, but does not send them across the WAN interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...