24-3
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 24 Troubleshooting Connections and Resources
Testing Your Configuration
Pinging ASA Interfaces
To test whether the ASA interfaces are up and running and that the ASA and connected routers are
operating correctly, you can ping the ASA interfaces.
To ping the ASA interfaces, perform the following steps:
Step 1 Draw a diagram of your single-mode ASA or security context that shows the interface names, security
levels, and IP addresses.
Note Although this procedure uses IP addresses, the ping command also supports DNS names and
names that are assigned to a local IP address with the name command.
The diagram should also include any directly connected routers and a host on the other side of the router
from which you will ping the ASA. You will use this information in this procedure and in the procedure
in the “Passing Traffic Through the ASA” section on page 24-5. (See Figure 24-1.)
Figure 24-1 Network Diagram with Interfaces, Routers, and Hosts
Step 2
Ping each ASA interface from the directly connected routers. For transparent mode, ping the
management IP address. This test ensures that the ASA interfaces are active and that the interface
configuration is correct.
A ping might fail if the ASA interface is not active, the interface configuration is incorrect, or if a switch
between the ASA and a router is down (see Figure 24-2). In this case, no debugging messages or syslog
messages appear, because the packet never reaches the ASA.
Routed ASA
10.1.1.56 10.1.3.6209.265.200.230
10.1.2.90 10.1.4.6710.1.0.34
209.165.201.24
10.1.1.5
Transp. ASA
10.1.0.3
Host
Host
dmz1
192.1
68.1.
outside
209.165.201.1
security0
inside
192.168.0.1
security100
outside
security0
inside
security100
dmz2
192.168.2.1
security40
dmz3
192.1
68.3.
dmz4
192.168.4.1
security80
330857
Host
Host
Host
Host
Host
Host
Router
Router Router
Router
Router Router
Router
Router