Cisco ASA 5505 User Manual

82-15

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 82 Troubleshooting

Common Problems

Symptom

You cannot make a Telnet or SSH connection to the ASA interface.

Possible Cause

You did not enable Telnet or SSH to the ASA.

Recommended Action

Enable Telnet or SSH to the ASA according to the instructions in the

“Configuring ASA Access for ASDM, Telnet, or SSH” section on page 37-1

.

Symptom

You cannot ping the ASA interface.

Possible Cause

You disabled ICMP to the ASA.

Recommended Action

Enable ICMP to the ASA for your IP address using the icmp command.

Symptom

You cannot ping through the ASA, although the access list allows it.

Possible Cause

You did not enable the ICMP inspection engine or apply access lists on both the

ingress and egress interfaces.

Recommended Action

Because ICMP is a connectionless protocol, the ASA does not automatically

allow returning traffic through. In addition to an access list on the ingress interface, you either need
to apply an access list to the egress interface to allow replying traffic, or enable the ICMP inspection
engine, which treats ICMP connections as stateful connections.

Symptom

Traffic does not pass between two interfaces on the same security level.

Possible Cause

You did not enable the feature that allows traffic to pass between interfaces at the

same security level.

Recommended Action

Enable this feature according to the instructions in the

“Allowing Same

Security Level Communication” section on page 8-15

.

Symptom

IPsec tunnels do not duplicate during a failover to the standby device.

Possible Cause

The switch port that the ASA is plugged into is set to 10/100 instead of 1000.

Recommended Action

Set the switch port that the ASA is plugged into to 1000.