Hi all. We have recently upgraded from PIX to ASA5540 and we have seen a rather strange thing going on. In a nutshell we can ping the inside interface of the ASA from any network range on our 6500(which is connected directly behind the ASA on the inside) except one in which our monitoring tools are placed. On the inside interface there is an ACL that permits everything from our core networks but it doesn't help which is really strange.
In the ASDM I can see messages like this:
IDS:2004 ICMP echo request from x.x.x.x to y.y.y.y on interface inside. I don't think that this is the problem but I could be wrong.
Here is also the configuration of the VLAN interface for the VLAN from which we cannot ping the inside interface altough we can ping to and from that VLAN and the machines without problem. The only problem is pinging the inside interface of the ASA.
ip address x.x.x.x 255.255.255.0
ip directed-broadcast 199
ip accounting output-packets
ip pim sparse-dense-mode
ip route-cache flow
Did anyone encounter problem like this before? Thanks in advance for any help.
You are not being consistant - you state above you can ping pc's and server in that network, but your initial post you state "In a nutshell we can ping the inside interface of the ASA from any network range on our 6500(which is connected directly behind the ASA on the inside) except one in which our monitoring tools are placed"
Which actually indicates the monitoring tools are in a seperate network?
That's right. The monitoring tools are in a separate network. From the ASA we can ping every server,PC etc. in the core LAN no matter in what network they are in.
From the core LAN we can ping the inside interface of the ASA from all networks except from the network in which the monitoring tools are located which is weird because I can ping the monitoring servers from the ASA.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...