Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to ping 2 remote office connected by MPLS & Site-to-site VPN

Hi SME,

I am trying to get 2 remote office to ping to one another. 1 remote office(172.28.52.0) is connected to my office (172.28.4.0) via site to site VPN (ASA) while the remote office 2(172.28.8.0) is connected to my office via MPLS.

In the MPLS router, a route has been pointed 172.28.52.0 go to my office core switch (172.28.4.10). From the core switch, 172.28.52.0 has been route to firewall (172.28.4.3)

Static route from remote office 1(172.28.52.0) has been place in the ASA to point 172.28.8.0 traffic to 172.28.4.10.

I have also input NAT exempt in my firewall (172.28.4.3) but still unable to get remote office 1 to ping to remote office 2. See attached simple diagram.

Greatly apprecaite any adivce and help.

4 REPLIES

Unable to ping 2 remote office connected by MPLS & Site-to-site

From the ASA can you ping a device in the MPLS connected site?

Can you post the results of a packet-tracer (on the ASA) using a source address in the MPLS connectd site and the destination across the VPN tunnel?

New Member

Re: Unable to ping 2 remote office connected by MPLS & Site-to-s

Hi Collin,

I am unable to ping the device from ASA in remote office 2 which is connected via MPLS.

I have attached the packet tracert result from remote office 1 ASA and my office ASA. the IP on the source & destination are servers of 2 remote office.

Re: Unable to ping 2 remote office connected by MPLS & Site-to-s

Hi,

Can you post the output of your sh route on the firewall along with sh policy-map. Also in your packet-tracer you are not running icmp. Do you have "inspect icmp" configured under the default policy-map that is being used in the global service-policy? Look there first before we dig deeper.

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

Re: Unable to ping 2 remote office connected by MPLS & Site-to-s

From 172.28.4.3 can you ping a 172.28.8.x address? Can you post a show route from 172.28.4.3?

181
Views
0
Helpful
4
Replies