Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

switch to firewall cannot ping

Hi,

I havijng problems with cisco asa 5520. here is the setup. The asa has an inside, outside and dmz interface (dmz has sub interface and trunked to a dmz swtch- cisco 3750 - layer 2 only ) connected to the dmz firewall. the dmz has a mgmt address of 10.10.40.250. the dmz switch has two wireless controllers. one of them have a mgmt address of 10.10.50.250 and DG of 10.10.50.254 on the cisco asa. the other one has has a mgmt add of 10.10.60.250 with a DG of 10.10.60.254 on the cisco asa.  now i can get to wlc 1 (10.10.50.250)  from the asa (10.10.50.254) and vice versa without any problems. but access to asa (10.10.60.254) from 10.10.60.250 is intermittetnt and the other way around is fine. so i created a subinterface on the dmz swtch with 10.10.60.251.. however i cant ping 10.10.60.254 from the l2 switch (dmz switch) even with a source of 10.10.60.251. (this is directly connected to the firewall with trunk and subinterface)

ip default gateway of the switch is 10.10.40.254

so

ping 10.10.60.254 from 10.10.60.250 is intermittent

ping 10.10.60.254 from 10.10.60.251 - cannot ping (sometimes intermittent)

however

ping 10.10.60.250 from 10.10.60.254 is fine

ping 10.10.60.251 from 10.10.60.254 is fine

i can see the counters on the asa subinterface increase (allowed icmp on the whole dmz interface)

any ideas on this ?

OUTSIDE ----------------ASA-------------------INSIDE

                                 |

                               (DMZ)

                                 | (10.10.40.254)

                                 | (10.10.50.254)

                                 | (10.10.60.254)

                                 |

           WLC1 ------L2 Switch (10.10.40.250) mgmt address

     (10.10.50.250)       |    (10.10.60.251)

                                 |    (10.10.50.251)

                                 |

                                 |

                               WLC 2 (10.10.60.250)      

523
Views
0
Helpful
0
Replies