Filter
Top Products
81-3
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 81 Troubleshooting
Testing Your Configuration
Figure 81-3 Ping Failure Because of IP Addressing Problems
Step 3
Ping each ASA interface from a remote host. For transparent mode, ping the management IP address.
This test checks whether the directly connected router can route the packet between the host and the
ASA, and whether the ASA can correctly route the packet back to the host.
A ping might fail if the ASA does not have a return route to the host through the intermediate router (see
Figure 81-4). In this case, the debugging messages show that the ping was successful, but syslog
message 110001 appears, indicating a routing failure.
Figure 81-4 Ping Failure Because the Security Appliance has No Return Route
Passing Traffic Through the ASA
After you successfully ping the ASA interfaces, make sure that traffic can pass successfully through the
ASA. For routed mode, this test shows that NAT is operating correctly, if configured. For transparent
mode, which does not use NAT, this test confirms that the ASA is operating correctly. If the ping fails in
transparent mode, contact the Cisco TAC.
Verifying ASA Configuration and Operation, and Testing Interfaces Using Ping
The Ping tool is useful for verifying the configuration and operation of the ASA and surrounding
communications links, as well as for testing other network devices.
This section includes the following topics:
• Pinging From an ASA Interface, page 81-4
• Pinging to an ASA Interface, page 81-4
• Pinging Through the ASA Interface, page 81-4
• Troubleshooting the Ping Tool, page 81-5
• Using the Ping Tool, page 81-5
A ping is sent to an IP address and it returns a reply. This process enables network devices to discover,
identify, and test each other.
192.168.1.1192.168.1.2
192.168.1.2
Ping
Router
Security
Appliance
Host
126696
Ping
Router
Host
?
Security
Appliance
126693