Cannot ping ASA inside interface
I have ASA firewall, as well as the host(virtualbox) on GNS3 as shown in the topology below. I also have windows7 installed on virtual box.
Windows 7 in virtualbox picked IP address 192168.56.101 and Virtualbox adapter on my laptop(Windows8) picked IP address 192.168.56.1. So I can ping from WIndows7 to my Laptop and Vice-versa.
I configured ASA interface that is connected to Virtualbox via ethernetswitch as follows:
However I cannot ping from ASA to neither Windows7(inside the virtualbox) nor to my Laptop(windows8).
Any help will be very much appreciated.
Thanks
Windows 7 in virtualbox picked IP address 192168.56.101 and Virtualbox adapter on my laptop(Windows8) picked IP address 192.168.56.1. So I can ping from WIndows7 to my Laptop and Vice-versa.
I configured ASA interface that is connected to Virtualbox via ethernetswitch as follows:
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.56.200 255.255.255.0
!However I cannot ping from ASA to neither Windows7(inside the virtualbox) nor to my Laptop(windows8).
Any help will be very much appreciated.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Firewall is disabled on windows7 as well as on the Laptop
If you attempt to ping the ASA from the virtual machine, what goes into the ARP table on that machine?
arp -a
Pete
arp -a
Pete
ASKER
PeteLong,
Below is the output of pinging Inside interface of ASA from Guest VM and the Arp table
Below is the output of pinging Inside interface of ASA from Guest VM and the Arp table
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and then you apply it to the inside interface.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jan Springer
I have added the following commands to ASA.
icmp permit any echo inside
icmp permit any echo-reply inside
How do I apply then to the inside interface ?
I have added the following commands to ASA.
icmp permit any echo inside
icmp permit any echo-reply inside
How do I apply then to the inside interface ?
config t
access-group ACCESS_LIST_NAME in interface NAMEIF_OF_INSIDE_INTERFACE
end
access-group ACCESS_LIST_NAME in interface NAMEIF_OF_INSIDE_INTERFACE
end
ASKER
Jan Springer:
I have not created an Access list with Access list name. I just put the following couple of lines:
icmp permit any echo inside
icmp permit any echo-reply inside
So can you post the whole ACL code along with 2 lines above and : access-group ACCESS_LIST_NAME in interface NAMEIF_OF_INSIDE_INTERFACE
I have not created an Access list with Access list name. I just put the following couple of lines:
icmp permit any echo inside
icmp permit any echo-reply inside
So can you post the whole ACL code along with 2 lines above and : access-group ACCESS_LIST_NAME in interface NAMEIF_OF_INSIDE_INTERFACE
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
even with the access list below , I still cannot get the VM nor the Laptop to ping ASA or the other way around
access-list inside_in extended permit ip any any
access-list inside_in extended permit icmp any any
access-group inside_in in interface inside
can you ping the vm from the ASA?
ping inside <IP of VM>
are the entries in the arp cache?
show arp
ping inside <IP of VM>
are the entries in the arp cache?
show arp
ASKER
I guess it is not ASA that is preventing the Ping to go through.
I put a router in between, and still cannot ping fom VM and laptop to the router interface (Though ip in the same subnet as the laptopn and VM).
I can ping from ASA to the router and back.
I put a router in between, and still cannot ping fom VM and laptop to the router interface (Though ip in the same subnet as the laptopn and VM).
I can ping from ASA to the router and back.
ASKER
something unusual...
I can ping from VM and the laptop to router g0/0 interface now, but it drops packets
From Laptop to router g0/0:
from VM to router interface g0/0
I can ping from VM and the laptop to router g0/0 interface now, but it drops packets
From Laptop to router g0/0:
C:\Users\user>ping 192.168.61.4
Pinging 192.168.61.4 with 32 bytes of data:
Reply from 192.168.61.4: bytes=32 time=25ms TTL=255
Request timed out.
Reply from 192.168.61.4: bytes=32 time=25ms TTL=255
Request timed out.
Ping statistics for 192.168.61.4:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 25ms, Average = 25msfrom VM to router interface g0/0
C:\Users\user>ping 192.168.61.4
Pinging 192.168.61.4 with 32 bytes of data:
Reply from 192.168.61.4: bytes=32 time=25ms TTL=255
Request timed out.
Reply from 192.168.61.4: bytes=32 time=25ms TTL=255
Request timed out.
Ping statistics for 192.168.61.4:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 25ms, Average = 25msSOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
**Load balancing between what ?
If I understand the VM goes through the host(laptop which is its Default Gateway), then reaches the interface g0/0 of the router.
** this is one thing, the other thing on which I need help is how to configure the router to route the traffic coming from VM to the network out on router g1/0 interface. If I manage to ping from VM to g1/0 interface of the router , I might be able to isolate the problem just to ASA
If I understand the VM goes through the host(laptop which is its Default Gateway), then reaches the interface g0/0 of the router.
** this is one thing, the other thing on which I need help is how to configure the router to route the traffic coming from VM to the network out on router g1/0 interface. If I manage to ping from VM to g1/0 interface of the router , I might be able to isolate the problem just to ASA
ASKER
Regarding the last diagram I posted and the issue related to ping reply success then ping reply timout, I fixed that by uninstalling AVG anti-virus...I know it is not safe, but just to get my Lab working...
I still want to know how to reach the network between the router and the ASA firewall from my Laptop and my VM. What kind of IP route command should I issue.??
I still want to know how to reach the network between the router and the ASA firewall from my Laptop and my VM. What kind of IP route command should I issue.??
ASKER
Thank you Guys!...
I believe the issue is between laptop and the router on GNS3
I believe the issue is between laptop and the router on GNS3
ASKER
when I created Windows 7 in Virtualbox , a network adapter has been created on my Laptop and assigned IP address automatically (Virtualbox host-only Network) 192.168.61.1
I manually assigned windows 7 IP address 192.168.61.2 with default gateway 192.168.61.1
so I can ping from 192.168.61.2(windows7) to 192.168.61.1(Virtualbox host-only Network adapter on my Laptop )
I configured ASA as follows:
ciscoasa(config)# interface gigabitEthernet 0
ciscoasa(config-if)# ip address 192.168.61.3
ciscoasa(config-if)# no shut
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
however when I cannot ping neither from Windows 7(VM) nor from my Laptop to ASA inside interface .
I cannot ping from ASA neither to my Laptop nor to Windows7