Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA firewall wont ping remote site

We have remote office which I can ping while at the main office, but when I am connected to VPN from office or home, I cant ping the remote office.

 

VPN gives me an ip 10.21.18.x

remote site's IP is: 172.29.x.x

i have the access-list information for the ASA firewall and router below:

below is the multilayer:

OFFICE-CORE-01#show ip access-lists
Extended IP access list verizon-INTERNET-TRAFFIC
    10 deny ip 10.21.0.0 0.0.255.255 10.0.0.0 0.255.255.255
    20 deny ip 10.21.0.0 0.0.255.255 172.16.0.0 0.15.255.255
    30 deny ip 10.21.0.0 0.0.255.255 192.168.0.0 0.0.255.255
    40 permit ip 10.23.20.0 0.0.0.255 any
    50 permit ip 10.23.21.0 0.0.0.255 any
    60 permit ip 10.23.22.0 0.0.0.255 any
    70 permit ip 10.23.23.0 0.0.0.255 any
    80 permit ip 10.23.24.0 0.0.0.255 any
    90 permit ip 10.23.25.0 0.0.0.255 any
    100 permit ip 10.23.26.0 0.0.0.255 any
Extended IP access list PAETEC-INTERNET-TRAFFIC
    10 deny ip 10.21.0.0 0.0.255.255 10.0.0.0 0.255.255.255
    20 deny ip 10.21.0.0 0.0.255.255 172.16.0.0 0.15.255.255
    30 deny ip 10.21.0.0 0.0.255.255 192.168.0.0 0.0.255.255
    40 permit ip 10.23.20.0 0.0.0.255 any
    50 permit ip 10.23.21.0 0.0.0.255 any
    60 permit ip 10.23.22.0 0.0.0.255 any
    70 permit ip 10.23.23.0 0.0.0.255 any
    80 permit ip 10.23.24.0 0.0.0.255 any
    90 permit ip 10.23.25.0 0.0.0.255 any
    100 permit ip 10.23.26.0 0.0.0.255 any
Extended IP access list system-cpp-all-routers-on-subnet
    10 permit ip any host 224.0.0.2
Extended IP access list system-cpp-all-systems-on-subnet
    10 permit ip any host 224.0.0.1
Extended IP access list system-cpp-dhcp-cs
    10 permit udp any eq bootpc any eq bootps
Extended IP access list system-cpp-dhcp-sc
    10 permit udp any eq bootps any eq bootpc
Extended IP access list system-cpp-dhcp-ss
    10 permit udp any eq bootps any eq bootps
Extended IP access list system-cpp-energywise-disc
    10 permit udp any eq any eq 0
Extended IP access list system-cpp-hsrpv2
    10 permit udp any host 224.0.0.102
Extended IP access list system-cpp-igmp
    10 permit igmp any 224.0.0.0 31.255.255.255
Extended IP access list system-cpp-ip-mcast-linklocal
    10 permit ip any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ospf
    10 permit ospf any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-pim
    10 permit pim any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ripv2
    10 permit ip any host 224.0.0.9

 

 

----------------------------------ASA ACCESS-LIST is below the brief version-------

access-list CompanyName-vpn-maint_splitTunnelAcl line 10 standard permit 172.29.0.0 255.255.0.0 (hitcnt=0) 0x52bc4d4c

 

-----------------------below is the ASA routes-----------------------

Gateway of last resort is 53.138.58.129 to network 0.0.0.0

S    192.168.10.0 255.255.255.0 [1/0] via 10.21.0.1, inside
C    172.17.21.0 255.255.255.0 is directly connected, dmz_tier2
S    172.16.142.0 255.255.254.0 [1/0] via 53.138.58.129, outside
C    172.16.21.0 255.255.255.0 is directly connected, dmz_tier1
C    172.19.21.0 255.255.255.0 is directly connected, dmz_tier4
S    172.23.181.0 255.255.255.0 [1/0] via 10.21.0.1, outside
S    172.25.181.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S    172.25.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S    172.24.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S    172.26.181.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S    172.26.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S    172.29.181.0 255.255.255.0 [1/0] via 10.21.0.1, outside
S    172.29.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S    172.28.181.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S    172.28.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S    192.168.20.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S    10.11.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S    10.13.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S    10.10.21.1 255.255.255.255 [1/0] via 10.21.0.1, inside
S    10.10.21.2 255.255.255.255 [1/0] via 10.21.0.1, inside
S    10.22.0.0 255.255.0.0 [1/0] via 53.138.58.129, outside
S    10.23.3.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S    10.23.2.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S    10.21.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S    10.10.21.10 255.255.255.255 [1/0] via 10.21.0.1, inside
C    10.21.0.0 255.255.255.0 is directly connected, inside
S    10.22.3.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S    10.10.41.0 255.255.255.0 [1/0] via 53.138.58.129, outside
C    53.138.58.128 255.255.255.128 is directly connected, outside
S    192.168.2.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S*   0.0.0.0 0.0.0.0 [1/0] via 53.138.58.129, outside
S    0.0.0.0 0.0.0.0 [255/0] via 10.21.0.1, inside tunneled

 

 

------------------------------------below is the router's routes----------

Gateway of last resort is 10.21.0.11 to network 0.0.0.0

 

     205.232.16.0/32 is subnetted, 1 subnets

S       205.232.16.25 [1/0] via 10.21.0.11

     62.0.0.0/32 is subnetted, 1 subnets

S       62.100.0.146 [1/0] via 10.21.0.12

     178.78.0.0/32 is subnetted, 1 subnets

S       178.78.147.193 [1/0] via 10.21.0.12

C    192.168.10.0/24 is directly connected, Vlan29

     172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks

S       172.16.141.0/24 [1/0] via 10.21.0.11

S       172.16.142.0/23 [1/0] via 10.21.0.11

S       172.16.40.1/32 [1/0] via 10.21.2.12

S       172.16.40.10/32 [1/0] via 10.21.2.12

S       172.16.21.0/24 [1/0] via 10.21.0.11

     172.19.0.0/24 is subnetted, 1 subnets

S       172.19.21.0 [1/0] via 10.21.0.11

     172.18.0.0/24 is subnetted, 1 subnets

S       172.18.21.0 [1/0] via 10.21.0.12

     172.23.0.0/24 is subnetted, 3 subnets

S       172.23.186.0 [1/0] via 10.21.0.6

S       172.23.184.0 [1/0] via 10.21.0.6

S       172.23.181.0 [1/0] via 10.21.0.6

S    172.25.0.0/16 [1/0] via 10.21.0.11

     172.24.0.0/24 is subnetted, 3 subnets

C       172.24.181.0 is directly connected, Vlan31

C       172.24.186.0 is directly connected, Vlan32

C       172.24.187.0 is directly connected, Vlan33

S    172.26.0.0/16 [1/0] via 10.21.0.11

     172.29.0.0/24 is subnetted, 3 subnets

S       172.29.181.0 [1/0] via 10.21.0.6

S       172.29.184.0 [1/0] via 10.21.0.6

S       172.29.190.0 [1/0] via 10.21.0.6

S    172.28.0.0/16 [1/0] via 10.21.0.11

C    192.168.20.0/24 is directly connected, Vlan30

     10.0.0.0/8 is variably subnetted, 35 subnets, 4 masks

S       10.11.0.0/16 [1/0] via 10.21.0.6

C       10.21.28.0/24 is directly connected, Vlan28

C       10.21.26.0/24 is directly connected, Vlan26

C       10.21.25.0/24 is directly connected, Vlan25

S       10.12.0.0/16 [1/0] via 10.21.0.6

C       10.21.24.0/24 is directly connected, Vlan24

S       10.13.0.0/16 [1/0] via 10.21.0.6

C       10.21.23.0/24 is directly connected, Vlan23

C       10.21.22.0/24 is directly connected, Vlan22

C       10.21.21.0/24 is directly connected, Vlan21

C       10.21.20.0/24 is directly connected, Vlan20

C       10.21.19.0/24 is directly connected, Vlan19

S       10.21.18.0/24 [1/0] via 10.21.0.12

S       10.21.17.0/24 [1/0] via 10.21.0.11

C       10.21.16.0/24 is directly connected, Vlan16

C       10.21.15.0/24 is directly connected, Vlan15

C       10.21.14.0/24 is directly connected, Vlan14

C       10.21.13.0/24 is directly connected, Vlan13

C       10.21.12.0/24 is directly connected, Vlan12

C       10.21.11.0/24 is directly connected, Vlan11

C       10.10.21.1/32 is directly connected, Loopback0

S       10.31.0.0/16 [1/0] via 10.21.0.6

D       10.10.21.2/32 [90/130816] via 10.21.252.10, 7w0d, Vlan999

C       10.21.5.0/24 is directly connected, Vlan5

C       10.21.4.0/24 is directly connected, Vlan4

S       10.22.0.0/16 [1/0] via 10.21.0.11

C       10.21.3.0/24 is directly connected, Vlan3

C       10.21.2.0/24 is directly connected, Vlan2

C       10.23.2.0/24 is directly connected, Vlan900

S       10.22.3.0/24 [1/0] via 10.21.0.11

C       10.21.0.0/24 is directly connected, Vlan1000

S       10.41.0.0/16 [1/0] via 10.21.0.11

S       10.10.41.0/24 [1/0] via 10.21.0.11

S       10.51.0.0/16 [1/0] via 10.21.0.6

C       10.21.252.8/30 is directly connected, Vlan999

     62.0.0.0/32 is subnetted, 1 subnets

S       62.138.58.129 [1/0] via 10.21.0.11

S    192.168.2.0/24 [1/0] via 10.21.0.12

S*   0.0.0.0/0 [1/0] via 10.21.0.11

47
Views
0
Helpful
0
Replies
CreatePlease to create content