2 Replies

  • With traffic able to pass and endpoints reachable, why do you think it's routing? 

    Did ICMP work before? ASA's have ICMP denied by default.

    Have you tried the packet trace utility in the GUI? That can be a big help in locating an issue in an ASA that is dropping traffic.

    Was this post helpful? thumb_up thumb_down
  • As Mark says try the packet tracer, from CLI try specifying source interface/address when you ping e.g. "ping inside 10.20.a.b"
    A word of warning is that pinging from the firewall often has specific limitations or requires specific ACLs - it is better to ping through it from a host.

    Was this post helpful? thumb_up thumb_down

Read these next...