Re: what Am I missing?

From: Luan Nguyen (luan.m.nguyen@gmail.com)
Date: Mon Jun 16 2008 - 01:37:55 ART

• Next message: David Lonnie: "eigrp problem"
• Previous message: Joseph Brunner: "RE: Default OSPF redistribution behavior"
• Maybe in reply to: Dane Newman: "what Am I missing?"
• Next in thread: Hashiru Aminu: "RE: what Am I missing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Do you have something behind the ASA to ping to? instead of the interface
itself?
Logging console debugging doesn't show anything without logging enable.
try to do: packet-tracer input outside icmp 132.1.137.7 8 0
204.12.6.13detail and then packet-tracer input outside icmp
132.1.137.7 8 0 132.1.137.113 <http://204.12.6.13/> detail and see what's
going on.
Also turn on debug icmp trace.
then change back to single mode and do the same thing.
Maybe you just can't ping the inside interface like that.

-Luan

On Sun, Jun 15, 2008 at 4:11 PM, Dane Newman <dane.newman@gmail.com> wrote:

> I have ASA2 configured with two contexts. ContextA and B both share the
> outside interface of ASA2. I made sure to put in the system context
> mac-address auto command. ASA2 is directly connected to switch1 on fa0/15.
> I am able to ping the outside interface of contextA from switch 1 but not
> able to ping the inside interface of contextA as shown in the output below.
> Could someone suggest what I am missing?
>
>
> Rack1SW1#ping 204.12.6.13
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.6.13, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
>
> Rack1ASA2/ContextA# show run
> : Saved
> :
> ASA Version 7.2(3) <context>
> !
> hostname ContextA
> domain-name internetworkexpert.com
> enable password 8Ry2YjIyt7RRXU24 encrypted
> names
> !
> interface outsideA
> nameif outside
> security-level 0
> ip address 132.1.137.113 255.255.255.0
> !
> interface insideA
> nameif Inside
> security-level 100
> ip address 204.12.6.13 255.255.255.0
> !
> passwd 2KFQnbNIdI.2KYOU encrypted
> dns server-group DefaultDNS
> domain-name internetworkexpert.com
> access-list OUTSIDE_IN extended permit icmp any any log
> access-list OUTSIDE_IN extended permit icmp any any echo
> access-list OUTSIDE_IN extended permit icmp any any echo-reply
> access-list OUTSIDE_IN extended permit tcp any any eq bgp
> access-list OUTSIDE_IN extended permit tcp any eq bgp any
> logging console debugging
> mtu outside 1500
> mtu Inside 1500
> icmp unreachable rate-limit 1 burst-size 1
> no asdm history enable
> arp timeout 14400
> access-group OUTSIDE_IN in interface outside
> route outside 0.0.0.0 0.0.0.0 132.1.137.7 1
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
> 0:05:00
> timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
> 0:02:00
> timeout uauth 0:05:00 absolute
> aaa authentication ssh console LOCAL
> no snmp-server location
> no snmp-server contact
> telnet timeout 5
> ssh 132.1.170.0 255.255.255.0 outside
> ssh timeout 5
> !
> class-map inspection_default
> match default-inspection-traffic
> !
> !
> policy-map type inspect dns preset_dns_map
> parameters
> message-length maximum 512
> policy-map global_policy
> class inspection_default
> inspect dns preset_dns_map
> inspect ftp
> inspect h323 h225
> inspect h323 ras
> inspect netbios
> inspect rsh
> inspect rtsp
> inspect skinny
> inspect esmtp
> inspect sqlnet
> inspect sunrpc
> inspect tftp
> inspect sip
> inspect xdmcp
> inspect icmp
> !
> service-policy global_policy global
> username ADMIN password 0Fiyt7Ojpuvbkp7l encrypted
> Cryptochecksum:4818558e3f200ea02f7b6b397155d9fd
> : end
> Rack1ASA2/ContextA#
>
>
> Rack1SW1#show run
> Building configuration...
> Current configuration : 3297 bytes
> !
> version 12.2
> no service pad
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname Rack1SW1
> !
> enable password cisco
> !
> no aaa new-model
> ip subnet-zero
> ip routing
> !
> no ip domain-lookup
> !
> !
> !
> no file verify auto
> spanning-tree mode pvst
> spanning-tree extend system-id
> !
> !
> !
> vlan internal allocation policy ascending
> !
> !
> interface Loopback0
> ip address 150.1.7.7 255.255.255.0
> !
> interface FastEthernet0/1
> switchport access vlan 170
> switchport mode access
> !
> interface FastEthernet0/2
> switchport access vlan 29
> switchport mode access
> !
> interface FastEthernet0/3
> switchport access vlan 3
> switchport mode access
> !
> interface FastEthernet0/4
> switchport access vlan 4
> switchport mode access
> !
> interface FastEthernet0/5
> switchport access vlan 115
> switchport mode access
> !
> interface FastEthernet0/6
> switchport access vlan 69
> switchport mode access
> !
> interface FastEthernet0/7
> switchport mode dynamic desirable
> !
> interface FastEthernet0/8
> switchport mode dynamic desirable
> !
> interface FastEthernet0/9
> switchport access vlan 29
> switchport mode access
> !
> interface FastEthernet0/10
> switchport access vlan 170
> switchport mode access
> !
> interface FastEthernet0/11
> switchport access vlan 112
> switchport mode access
> !
> interface FastEthernet0/12
> switchport mode dynamic desirable
> !
> interface FastEthernet0/13
> switchport access vlan 9
> switchport mode access
> !
> interface FastEthernet0/14
> switchport mode dynamic desirable
> !
> interface FastEthernet0/15
> switchport access vlan 133
> switchport mode access
> !
> interface FastEthernet0/16
> switchport mode dynamic desirable
> !
> interface FastEthernet0/17
> switchport mode dynamic desirable
> !
> interface FastEthernet0/18
> switchport mode dynamic desirable
> !
> interface FastEthernet0/19
> switchport mode dynamic desirable
> !
> interface FastEthernet0/20
> switchport access vlan 9
> switchport mode access
> !
> interface FastEthernet0/21
> switchport mode dynamic desirable
> !
> interface FastEthernet0/22
> switchport mode dynamic desirable
> !
> interface FastEthernet0/23
> switchport trunk encapsulation isl
> switchport mode trunk
> !
> interface FastEthernet0/24
> switchport access vlan 133
> switchport mode access
> !
> interface GigabitEthernet0/1
> switchport mode dynamic desirable
> !
> interface GigabitEthernet0/2
> switchport mode dynamic desirable
> !
> interface Vlan1
> no ip address
> shutdown
> !
> interface Vlan137
> ip address 132.1.137.7 255.255.255.0
> !
> interface Vlan170
> ip address 132.1.170.7 255.255.255.0
> !
> router ospf 1
> router-id 150.1.7.7
> log-adjacency-changes
> redistribute connected subnets
> redistribute static subnets
> network 132.1.137.7 0.0.0.0 area 170
> network 132.1.170.7 0.0.0.0 area 170
> network 150.1.7.7 0.0.0.0 area 170
> !
> router bgp 100
> no synchronization
> bgp router-id 150.1.7.7
> bgp log-neighbor-changes
> neighbor 150.1.2.2 remote-as 100
> neighbor 150.1.2.2 update-source Loopback0
> neighbor 204.12.6.254 remote-as 54
> neighbor 204.12.6.254 ebgp-multihop 255
> no auto-summary
> !
> ip classless
> ip route 132.1.138.0 255.255.255.0 132.1.137.213
> ip route 204.12.6.0 255.255.255.0 132.1.137.113
> ip http server
> ip http secure-server
> !
> !
> !
> !
> !
> control-plane
> !
> !
> line con 0
> exec-timeout 0 0
> privilege level 15
> logging synchronous
> line vty 0 4
> password cisco
> login
> line vty 5 15
> password cisco
> login
> !
> !
> end
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: David Lonnie: "eigrp problem"
• Previous message: Joseph Brunner: "RE: Default OSPF redistribution behavior"
• Maybe in reply to: Dane Newman: "what Am I missing?"
• Next in thread: Hashiru Aminu: "RE: what Am I missing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART