Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

new ASA - basic connections

Maybe it's because it's so late, but I'm confused.  I've got an out of the box ASA 5520 with just a basic config on it - the default mostly, except the Gi0/0 and 0/1 ports are not in shutdown mode.  I've got connection lights, and both the ASA and the switch it's connected to show the links as being up, but I just can't communicate with it.  I can connect to the management port and get into the ASDM.  It is configured for Gi0/1 as the Inside, and it has an IP address assigned.  The switch sees the mac address of the inside interface briefly when the ASA first boots up, but then it ages out and won't show again.  I'm not even worried about the outside connection yet - I haven't assigned an address to it yet as I wanted to just get it hooked up on the inside and start configuring from there.  Any ideas?  I'm at a loss at the moment.

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Green

It is most probably that one

It is most probably that one of the trunks between the layer 2 switch and the core switch is not configured to carry VLAN 255.

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
6 REPLIES
VIP Green

Out of curiosity, is this a

Out of curiosity, is this a layer 2 or layer 3 switch?  My guess is that the switch does not have a configured IP that it can source the ping from.  It needs an IP within the range that is configured on the ASA.  Have you tried to configure another port in VLAN10 and connect a PC to it and ping from it?

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
New Member

The switch itself is layer 2.

The switch itself is layer 2.  Layer 3 stuff is done further upstream.  That has an IP on the same VLAN and I can see MAC addresses on the VLAN coming from the upstream switch.

VIP Green

From your post it looks like

From your post it looks like you are trying to ping the ASA from the switch...this will not work as it does not have an IP within the subnet that is configured on the ASA.  Configure an interface in VLAN 255 on the switch, connect a PC to the port and configure that PC with an IP 10.255.255.2 255.255.255.0, for example.  Then try to ping the ASA from the PC.

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
New Member

I tried from the L3 switch

I tried from the L3 switch that has an IP address on that subnet, but it didn't work either.  I will try with a PC in the local switch, but it should have worked from the L3 switch.  All the links between the switches are trunks and have the VLAN allowed.

 

Edit:  Ok, I just tried the workstation thing.  I can put a workstation on the same switch in the same VLAN/Subnet and can ping the inside interface of the router, but can't ping the core switch that's doing all the layer 3 routing.  So it seems the problem is between the switches someplace.

VIP Green

It is most probably that one

It is most probably that one of the trunks between the layer 2 switch and the core switch is not configured to carry VLAN 255.

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
New Member

Yep.  I just found it between

Yep.  I just found it between the L3 core switch and the intermediate switch before the one the ASA is connected to.  I knew it was something stupid.  I just couldn't see it.  Thanks for pointing me in the right direction.  Time to get some sleep, I think.

97
Views
4
Helpful
6
Replies