Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CISCO ASA 5510 & CISCO ROUTER 2800

Status
Not open for further replies.
gcalpacket1

gcalpacket1

Technical User
Joined
Dec 8, 2009
Messages
1
Location
GB
hELLO,
See the attchement of our network diagram.

As you can see we have ASA 5510(10.10.0.1) connceting our network to outside.In the inisde we have two site using different subnets 10.10.0.0/24 and 10.16.0.0/24 .

Router1 ip address :- 10.10.0.6

Router1# sh ip route
Gateway of last resort is 10.10.0.1 to network 0.0.0.0

10.0.0.0/24 is subnetted, 2 subnets
C 10.10.0.0 is directly connected, FastEthernet0/1
S 10.16.0.0 [1/0] via 192.168.255.2
C 192.168.255.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.10.0.1
------------------------------------------------------------
------------------------------------------------------------
Router2 ip address:-- 10.16.0.1

Router2#sh ip route

Gateway of last resort is 192.168.255.1 to network 0.0.0.0

10.0.0.0/24 is subnetted, 2 subnets
C 10.16.0.0 is directly connected, FastEthernet0/1
S 10.10.0.0 [1/0] via 192.168.255.1
C 192.168.255.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 192.168.255.1


All our PC on 10.10.0.0/24 network are configured with default gateway address=10.10.0.1


All our PC on 10.16.0.0/24 network are confidgured with default gateway address=10.16.0.1.

Question:--

I can only ping 10.10.0.1(ASA) ,10.10.0.6(Router 1) from 10.16.0.0/24 network.But I can not ping any other devices in 10.10.0.0 /24 network.

But if i change the default gateway from 10.10.0.1 to 10.10.0.6 of any PC or server then I can ping that device from 10.16.0.0 network and vice versa.

We have configured inside route for 10.16.0.0 network on ASA ,enabled the permit same security traffic intra interface.But still I cant ping any PC on 10.10.0.0 from 10.16.0.0.

Any thoughts?.If you need ASA config please ask.
mANY thanks
-GcalPacket1
 
Sort by date Sort by votes
enable logging on the ASA

logging buffered debugging

Get a continuous ping going from the problematic subnet.

Check the logs of the ASA - most of the time the logs will give you a clue.

sh log | i icmp
sh log | i (address you are pinging)
sh log | i (address you are pinging from)

I am sure you get the idea.

You might have to ensure that when the subnets are talking to each other they are not going through a nat process.

No natting needs to be performed when the 2 subnets talk.

Posting your firewall configuration would help.
 
Upvote 0 Downvote
You either need a routing protocol on the ASA or add
Route inside statements to the ASA defining the internal networks.

Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blackybear
  • Locked
  • Question Question
Cisco RV042G router
Replies
0
Views
351
Blackybear
Blackybear
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
419
badwolf1686
B
pbxcomm
  • Locked
  • Question Question
CISCO VG450
Replies
1
Views
851
nt8d09
nt8d09
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
579
CPM86
CPM86
Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
812
madwok
madwok

Part and Inventory Search

Sponsor

Back
Top