chekfu
asked on
Internet access denied on L2 switch
Hi Expert
Please help!
Unable to ping public IP or ASA inside IP on Catalyst 2950 switch as an access level
My network topology is very simple.
Internet == Cisco 877 == Cisco ASA 5505 == Cat3750 == Cat2950
In L3 switch Cat3750 using console, I can ASA 5505 inside IP. In L2 switch Cat2950 using console, I CANNOT ping it.
ASA running 192.168.10.2 with only default configuration and default access-list, no 1-to-1 NAT, no password is set. Already ICMP enabled in outside interface.
Cat3750 routed port is 192.168.10.1
Cat3750 trunk with Cat2950
Is anyone encounter? What is wrong?
Please help!
Unable to ping public IP or ASA inside IP on Catalyst 2950 switch as an access level
My network topology is very simple.
Internet == Cisco 877 == Cisco ASA 5505 == Cat3750 == Cat2950
In L3 switch Cat3750 using console, I can ASA 5505 inside IP. In L2 switch Cat2950 using console, I CANNOT ping it.
ASA running 192.168.10.2 with only default configuration and default access-list, no 1-to-1 NAT, no password is set. Already ICMP enabled in outside interface.
Cat3750 routed port is 192.168.10.1
Cat3750 trunk with Cat2950
Is anyone encounter? What is wrong?
ASKER
Cat3750 running IP 192.168.20.1 in vlan20 as a management vlan
Cat2950 running IP 192.168.20.2 in vlan20, default-gateway is 192.168.20.1.
I tried one WinXP machine conneccted to Cat2950's port 5 as vlan100. VLAN100 interface IP 192.168.100.1.
WinXP IP parameter I manually configured: IP-192.168.100.100, SM-255.255.255.0, GW-192.168.100.1, DNS-own ISP DNS. Using telnet in this machine, I can ping gateway which is 192.168.100.1. Ping management vlan IPs 192.168.20.1 or 192.168.20.2 OK. Ping routed port 192.168.10.1 OK. But ping 192.168.10.2 (ASA inside IP) failed.
What do you by Static route? What must I configure in my ASA? My ASA has only one static route which is 0.0.0.0 0.0.0.0 in outside interface.
Cat2950 running IP 192.168.20.2 in vlan20, default-gateway is 192.168.20.1.
I tried one WinXP machine conneccted to Cat2950's port 5 as vlan100. VLAN100 interface IP 192.168.100.1.
WinXP IP parameter I manually configured: IP-192.168.100.100, SM-255.255.255.0, GW-192.168.100.1, DNS-own ISP DNS. Using telnet in this machine, I can ping gateway which is 192.168.100.1. Ping management vlan IPs 192.168.20.1 or 192.168.20.2 OK. Ping routed port 192.168.10.1 OK. But ping 192.168.10.2 (ASA inside IP) failed.
What do you by Static route? What must I configure in my ASA? My ASA has only one static route which is 0.0.0.0 0.0.0.0 in outside interface.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
does asa has an ip route to 2950 (if 2950 is connected via a routed port, then asa should have a static route to 192.168.10.0/24 subnet)