Solved

Cisco ASA Routing Issues

Posted on 2012-03-28
1
1,675 Views
Last Modified: 2012-06-21
Hi,

I have a Cisco ASA device which I am using for webvpn.

Anyconnect works OK. Clients connect in and get an IP address of 172.28.15.10-172.28.15.100. When the router tries to ping anything outside of this network i.e. 172.28.1.1 I get the followign error:

6      Mar 28 2012      13:23:35      302021      172.28.15.10      1024      172.28.1.1      0      Teardown ICMP connection for faddr 172.28.15.10/1024 gaddr 172.28.1.1/0 laddr 172.28.1.1/0 (uk000296)

The explaination states: An ICMP session was established in the fast-path when stateful ICMP was enabled using the inspect icmp command.

I have ran route print, and the PC has a route of 172.28.10 to the interface of the VPN connection (172.28.15.10).

I believe my problem maybe my NAT rules. These have been setup as:

nat (Live,Live) source static 172.28.15.0 172.16.0.0
nat (Live,Live) source static 172.16.0.0 172.28.15.0

Any ideas why routing isn't working ?

Thanks,
0
Comment
Question by:AnritsuLTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
AnritsuLTD earned 0 total points
ID: 37777063
Problem solved

My ASA device obtains it's routing information from another core Cisco device which needed a static ip route placing on it in order for traffic to be replying back to the device.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question