Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco ASA Routing Issues

Posted on 2012-03-28
1
Medium Priority
?
1,684 Views
Last Modified: 2012-06-21
Hi,

I have a Cisco ASA device which I am using for webvpn.

Anyconnect works OK. Clients connect in and get an IP address of 172.28.15.10-172.28.15.100. When the router tries to ping anything outside of this network i.e. 172.28.1.1 I get the followign error:

6      Mar 28 2012      13:23:35      302021      172.28.15.10      1024      172.28.1.1      0      Teardown ICMP connection for faddr 172.28.15.10/1024 gaddr 172.28.1.1/0 laddr 172.28.1.1/0 (uk000296)

The explaination states: An ICMP session was established in the fast-path when stateful ICMP was enabled using the inspect icmp command.

I have ran route print, and the PC has a route of 172.28.10 to the interface of the VPN connection (172.28.15.10).

I believe my problem maybe my NAT rules. These have been setup as:

nat (Live,Live) source static 172.28.15.0 172.16.0.0
nat (Live,Live) source static 172.16.0.0 172.28.15.0

Any ideas why routing isn't working ?

Thanks,
0
Comment
Question by:AnritsuLTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
AnritsuLTD earned 0 total points
ID: 37777063
Problem solved

My ASA device obtains it's routing information from another core Cisco device which needed a static ip route placing on it in order for traffic to be replying back to the device.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question