I'm trying to set-up two networks on two separate ASA ports and make them communicate with each other. I'm using the same security level (100) for them and I've checked the option for same-security level communication in ASDM. The problem is that I can't make this scenario work. The ASA interfaces are reachable from their networks but I can't ping between them(across the ASA). ACLs are set on permit any and I've set up also nat exemptions. The packet tracer shows no problem but ping or traceroute doesn't work. I also enabled icmp inspection. It's driving me crazy. Anyone know what I'm missing here? There is also a third interface used for internet access with NAT and it works.
Can you post a sanitized version of your config? This will help us troubleshoot your issue.
Other than that, I would suggest setting up some packet captures to see exactly where the traffic is failing. This may give you a hint about where you should start your troubleshooting. Take a look at the 'capture' and 'show asp drop' commands:
I copied your config into my test ASA and was able to ping across without any issues.
I would suggest checking the routing tables of the clients that you are pinging between to make sure they are correct (in a simple topology they would probably have a default route of the appropriate ASA interface). You can check this with the 'route print' command on Windows or the 'route' command on Linux.
I would also set up a few captures on the ASA to see where the ping is actually failing. You might setup something like this:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :