Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

no route to host shown in packet tracer - unable to ping gateway

Hi,

Following is the setup. We are unable to ping the gateway(192.168.100.1) for hosts which is configured on the ASA interface.

ASA Connects to a  Core Switch

ASA configuration:-

---------------------------

int tengig0/9
security-level 50
nameif apps
ip addr 192.168.100.1 255.255.255.0

int Po40
desc Connection to Core
nameif local
security-level 100
ip addr 192.168.5.1 255.255.255.248

Core configuration:-

---------------------------

int Po40
desc Connection to ASA
no switchport
ip addr 192.168.5.2 255.255.255.248

interface gig0/23
des Connection to ASA for apps interface (ASA- tengig0/9 )
switchport access vlan 70

ip route 0.0.0.0 0.0.0.0  192.168.5.1 ( route on Core )

int gig0/15

desc apps user

switchpo access vlan 70

from the core , we can't ping 192.168.100.1 which is the gateway for all the users connected to this segment apps.


We tried one of the workstations connected on access vlan 70 on the core & with ip in the range of
192.168.100.x 255.255.255.0 , its gateway being 192.168.100.1 on the ASA.
But we were unable to reach the gateway on ASA from the workstation.

Please help with this.Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

no route to host shown in packet tracer - unable to ping gateway

Hello,

Remember that you cannot access a far-end interface. This means that if you sit on the DMZ interface you will be able to ping the ASA DMZ interface IP address but no the Inside interface IP address.

This is by design and cannot be changed.

That being said if you are pinging from a host on the same subnet than the ASA and the packet is reaching the correct interface this should work.

Do

capture capin interface inside match icmp host x..x.x.x (192.168.100.x host) 192.168.100.1

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
2 REPLIES

no route to host shown in packet tracer - unable to ping gateway

Hello,

Remember that you cannot access a far-end interface. This means that if you sit on the DMZ interface you will be able to ping the ASA DMZ interface IP address but no the Inside interface IP address.

This is by design and cannot be changed.

That being said if you are pinging from a host on the same subnet than the ASA and the packet is reaching the correct interface this should work.

Do

capture capin interface inside match icmp host x..x.x.x (192.168.100.x host) 192.168.100.1

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

no route to host shown in packet tracer - unable to ping gateway

Thanks Jcarvaja.

It just started working after a while, not sure what transpired but yeah its working now!

774
Views
0
Helpful
2
Replies