1-4
Cisco ASA Series CLI Configuration Guide
Chapter 1 Troubleshooting Connections and Resources
Testing Your Configuration
Figure 1-2 Ping Failure at the ASA Interface
If the ping reaches the ASA, and it responds, debugging messages similar to the following appear:
ICMP echo reply (len 32 id 1 seq 256) 209.165.201.1 > 209.165.201.2
ICMP echo request (len 32 id 1 seq 512) 209.165.201.2 > 209.165.201.1
If the ping reply does not return to the router, then a switch loop or redundant IP addresses may exist
(see Figure 1-3).
Figure 1-3 Ping Failure Because of IP Addressing Problems
Step 3
Ping each ASA interface from a remote host. For transparent mode, ping the management IP address.
This test checks whether the directly connected router can route the packet between the host and the
ASA, and whether the ASA can correctly route the packet back to the host.
A ping might fail if the ASA does not have a return route to the host through the intermediate router (see
Figure 1-4). In this case, the debugging messages show that the ping was successful, but syslog message
110001 appears, indicating a routing failure has occurred.
Figure 1-4 Ping Failure Because the ASA Has No Return Route
Ping
Router
Host
ASA
30858
192.168.1.1192.168.1.2
192.168.1.2
Ping
Router
Security
Appliance
Host
126696
To Next Page
Loading...
Need help?
General
