[c-nsp] ASA 5505 doesn't like itself

[Matthew Huff]

Cisco PIX/ASA are not routers. For example, you cannot ping from the inside network to the outside interface, or any other simular type of test.

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tom
> Sutherland
> Sent: Friday, February 25, 2011 4:01 PM
> To: Michael Loether
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ASA 5505 doesn't like itself
> 
> as a test, you might try:
> 
> icmp permit any inside
> icmp permit any outside
> 
> from cisco command reference:
> 
> "To configure access rules for ICMP traffic that terminates at a
> adaptive security appliance interface, use the icmp command."
> 
> 
> On Thu, 2011-02-17 at 16:53 -0500, Michael Loether wrote:
> 
> > I have a ASA 5505 I am setting up at a small branch office.  Working towards a site to site VPN but
> first I need to get it to talk to itself.  Traffic is not passing from inside to outside.
> >
> > interface Vlan1
> >  nameif inside
> >  security-level 100
> >  ip address 172.19.1.1 255.255.255.0
> > !
> > interface Vlan2
> >  nameif outside
> >  security-level 0
> >  ip address 64.183.175.22 255.255.255.252
> > !
> > interface Ethernet0/0
> >  switchport access vlan 2
> > !
> > interface Ethernet0/1
> > !
> > nat (inside,outside) after-auto source dynamic any interface
> >
> > DHCPd is running on VL 1 and it is handing out IPs as expected.
> >
> > ping inside 64.183.175.21
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 64.183.175.21, timeout is 2 seconds:
> > ?????
> > Success rate is 0 percent (0/5)
> >
> > ACLs are any any ip on both inside and outside.
> >
> > Any suggestion would be appreciated.
> >
> > Mike
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/