Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
81-2
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 81 Troubleshooting
Testing Your Configuration
The diagram should also include any directly connected routers and a host on the other side of the router
from which you will ping the ASA. You will use this information in this procedure and in the procedure
in the “Passing Traffic Through the ASA” section on page 81-3. (See Figure 81-1.)
Figure 81-1 Network Diagram with Interfaces, Routers, and Hosts
Step 2
Ping each ASA interface from the directly connected routers. For transparent mode, ping the
management IP address. This test ensures that the ASA interfaces are active and that the interface
configuration is correct.
A ping might fail if the ASA interface is not active, the interface configuration is incorrect, or if a switch
between the ASA and a router is down (see Figure 81-2). In this case, no debug messages or syslog
messages appear, because the packet never reaches the ASA.
Figure 81-2 Ping Failure at the ASA Interface
If the ping reaches the ASA, and it responds, debugging messages similar to the following appear:
ICMP echo reply (len 32 id 1 seq 256) 209.165.201.1 > 209.165.201.2
ICMP echo request (len 32 id 1 seq 512) 209.165.201.2 > 209.165.201.1
If the ping reply does not return to the router, then a switch loop or redundant IP addresses may exist
(see Figure 81-3).
Routed Security
Appliance
10.1.1.56 10.1.3.6209.265.200.230
10.1.2.90 10.1.4.6710.1.0.34
209.165.201.24
10.1.1.5
Transp. Security
Appliance 10.1.0.3
Host
Host
10.1.1.2
192.168.1.2
209.265.200.226
209.165.201.2
10.1.3.2
192.168.3.2
192.168.2.2
10.1.2.2
192.168.0.2
10.1.0.2
192.168.4.2
10.1.4.2
dmz1
192.1
68.1.
outside
209.165.201.1
security0
inside
192.168.0.1
security100
209.165.201.1
10.1.0.1
10.1.0.2
10.1.1.1
outside
security0
inside
security100
dmz2
192.168.2.1
security40
dmz3
192.1
68.3.
dmz4
192.168.4.1
security80
126692
Host
Host
Host
Host
Host
Host
Router
Router Router
Router
Router Router
Router
Router
Ping
Security
Appliance
Router
126695