Cisco ASA 5505 User Manual
Page 1871
82-15
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 82 Troubleshooting
Common Problems
Symptom
You cannot make a Telnet or SSH connection to the ASA interface.
Possible Cause
You did not enable Telnet or SSH to the ASA.
Recommended Action
Enable Telnet or SSH to the ASA according to the instructions in the
“Configuring ASA Access for ASDM, Telnet, or SSH” section on page 37-1
.
Symptom
You cannot ping the ASA interface.
Possible Cause
You disabled ICMP to the ASA.
Recommended Action
Enable ICMP to the ASA for your IP address using the icmp command.
Symptom
You cannot ping through the ASA, although the access list allows it.
Possible Cause
You did not enable the ICMP inspection engine or apply access lists on both the
ingress and egress interfaces.
Recommended Action
Because ICMP is a connectionless protocol, the ASA does not automatically
allow returning traffic through. In addition to an access list on the ingress interface, you either need
to apply an access list to the egress interface to allow replying traffic, or enable the ICMP inspection
engine, which treats ICMP connections as stateful connections.
Symptom
Traffic does not pass between two interfaces on the same security level.
Possible Cause
You did not enable the feature that allows traffic to pass between interfaces at the
same security level.
Recommended Action
Enable this feature according to the instructions in the
Security Level Communication” section on page 8-15
.
Symptom
IPsec tunnels do not duplicate during a failover to the standby device.
Possible Cause
The switch port that the ASA is plugged into is set to 10/100 instead of 1000.
Recommended Action
Set the switch port that the ASA is plugged into to 1000.