Cisco Systems ASA 5585-X Manual De Usuario

24-3

Cisco ASA Series Firewall CLI Configuration Guide

Chapter 24 Troubleshooting Connections and Resources

Testing Your Configuration

Pinging ASA Interfaces

To test whether the ASA interfaces are up and running and that the ASA and connected routers are
operating correctly, you can ping the ASA interfaces.

To ping the ASA interfaces, perform the following steps:

Step 1

Draw a diagram of your single-mode ASA or security context that shows the interface names, security
levels, and IP addresses.

Note

Although this procedure uses IP addresses, the ping command also supports DNS names and
names that are assigned to a local IP address with the name command.

The diagram should also include any directly connected routers and a host on the other side of the router
from which you will ping the ASA. You will use this information in this procedure and in the procedure
in the

“Passing Traffic Through the ASA” section on page 24-5

. (See

Figure 24-1

Figure 24-1

Network Diagram with Interfaces, Routers, and Hosts

Step 2

Ping each ASA interface from the directly connected routers. For transparent mode, ping the
management IP address. This test ensures that the ASA interfaces are active and that the interface
configuration is correct.

A ping might fail if the ASA interface is not active, the interface configuration is incorrect, or if a switch
between the ASA and a router is down (see

Figure 24-2

). In this case, no debugging messages or syslog

messages appear, because the packet never reaches the ASA.

Routed ASA

10.1.1.56

10.1.3.6

209.265.200.230

10.1.2.90

10.1.4.67

10.1.0.34

209.165.201.24

10.1.1.5

Transp. ASA
10.1.0.3

Host

dmz1

192.1

68.1.

outside

209.165.201.1

security0

inside

192.168.0.1

security100

outside

security0

inside

security100

dmz2

192.168.2.1

security40

dmz3
192.1
68.3.

dmz4
192.168.4.1
security80

Host

Router