Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CISCO ASA 5510 & CISCO ROUTER 2800

Status
Not open for further replies.
gcalpacket1

gcalpacket1

Technical User
Dec 8, 2009
1
GB
hELLO,
See the attchement of our network diagram.

As you can see we have ASA 5510(10.10.0.1) connceting our network to outside.In the inisde we have two site using different subnets 10.10.0.0/24 and 10.16.0.0/24 .

Router1 ip address :- 10.10.0.6

Router1# sh ip route
Gateway of last resort is 10.10.0.1 to network 0.0.0.0

10.0.0.0/24 is subnetted, 2 subnets
C 10.10.0.0 is directly connected, FastEthernet0/1
S 10.16.0.0 [1/0] via 192.168.255.2
C 192.168.255.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.10.0.1
------------------------------------------------------------
------------------------------------------------------------
Router2 ip address:-- 10.16.0.1

Router2#sh ip route

Gateway of last resort is 192.168.255.1 to network 0.0.0.0

10.0.0.0/24 is subnetted, 2 subnets
C 10.16.0.0 is directly connected, FastEthernet0/1
S 10.10.0.0 [1/0] via 192.168.255.1
C 192.168.255.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 192.168.255.1


All our PC on 10.10.0.0/24 network are configured with default gateway address=10.10.0.1


All our PC on 10.16.0.0/24 network are confidgured with default gateway address=10.16.0.1.

Question:--

I can only ping 10.10.0.1(ASA) ,10.10.0.6(Router 1) from 10.16.0.0/24 network.But I can not ping any other devices in 10.10.0.0 /24 network.

But if i change the default gateway from 10.10.0.1 to 10.10.0.6 of any PC or server then I can ping that device from 10.16.0.0 network and vice versa.

We have configured inside route for 10.16.0.0 network on ASA ,enabled the permit same security traffic intra interface.But still I cant ping any PC on 10.10.0.0 from 10.16.0.0.

Any thoughts?.If you need ASA config please ask.
mANY thanks
-GcalPacket1
 
Sort by date Sort by votes
enable logging on the ASA

logging buffered debugging

Get a continuous ping going from the problematic subnet.

Check the logs of the ASA - most of the time the logs will give you a clue.

sh log | i icmp
sh log | i (address you are pinging)
sh log | i (address you are pinging from)

I am sure you get the idea.

You might have to ensure that when the subnets are talking to each other they are not going through a nat process.

No natting needs to be performed when the 2 subnets talk.

Posting your firewall configuration would help.
 
Upvote 0 Downvote
You either need a routing protocol on the ASA or add
Route inside statements to the ASA defining the internal networks.

Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
222
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
577
nt8d09
nt8d09
CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
357
CPM86
CPM86
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
570
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
550
Jared R
Jared R

Part and Inventory Search

Sponsor

Back
Top