Cannot ping across the firewall
I'll put up the asa in GNS3 lab, but I can't do a ping through the firewall to the inside of the interface for the external interface. Here's my running-config... I don't know that miss me some I don't know what. If anyone can find out what it is, that would be nice.
See the race
: Saved
:
ASA Version 8.4 (2)
!
ciscoasa hostname
activate 8Ry2YjIyt7RRXU24 encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface GigabitEthernet0
nameif inside
security-level 100
the IP 10.0.0.2 255.255.255.0
!
interface GigabitEthernet1
nameif outside
security-level 0
4.2.2.2 IP address 255.255.255.0
!
interface GigabitEthernet2
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet3
Shutdown
No nameif
no level of security
no ip address
!
passive FTP mode
pager lines 24
Enable logging
timestamp of the record
logging buffered information
logging trap information
Within 1500 MTU
Outside 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Route outside 0.0.0.0 0.0.0.0 10.0.1.2 1
Route inside 172.16.0.0 255.255.254.0 10.0.0.1 1
outdoor 172.16.2.0 255.255.254.0 10.0.1.2 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Telnet timeout 5
SSH timeout 5
Console timeout 0
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
crashinfo record disable
Cryptochecksum:d6838a5cc1c3620ba830e7d745eaf9a1
: end
After having thought about it twice, it's clear. I wrote to change because it is a good practice, but with the ASA on the other side, it is necessary.
If you use the output as the destination of a route interface, the router must be able to arp for the IP of destination (for each that is used) L2 address of next hop. The other side (the ASA in your scenario) must have a proxy-arp enabled for this because demand is not a configured address.
If you configure an IP address as the next hop, the router must only address L2 a jump next-address IP used in the static route.
Tags: Cisco Security
Similar Questions
-
Cannot Ping across the VPN remote access
Hello world
I hope I posted this in the right place!
I'm a bit new to Cisco IOS, so please forgive me if I ask a stupid question!
We have a firewall of 515E PIX 6.3 (4) on which I used the VPN Wizard to set up a remote access VPN the Cisco VPN client on the external interface.
When I connect to home on my laptop Windows XP Pro SP2 running Cisco VPN Client 4.0.5(C) I seem to be able to connect to most of the network resources (IE file shares, I can RDP into servers, etc.) but I can't seem to be able to ping anything : I just request times out.
I'm sure it's something stupid I've done (or not done).
I have attached my config and would be grateful if someone could take a look and point me in the right direction.
Thanks in advance for your help,
Peter.
Hi Peter,.
You must add a line to the inside_access_in access list:
Enable
conf t
access-list inside_access_in allow icmp a whole
output
write members
Kind regards
Cathy
-
ASA 5540 - cannot ping inside the interface
Hi all. We have recently upgraded PIX to ASA5540 and we saw a strange thing going. In a Word, we can ping the inside interface of the ASA from any beach on our 6500 network (which is connected directly behind the ASA on the inside), but one where our monitoring tools are placed. Inside there is an ACL that allows all of our core networks, but it does not help that the interface is really strange.
In the ASDM, I see messages like this:
ID ICMP echo request: 2004 x.x.x.x y.y.y.y on the inside interface to. I don't think that's the problem, but I could be wrong.
This is also the configuration of the interface VLAN VIRTUAL local area network from which we cannot ping inside the interface we can ping to and since this VLAN and machines without problem. The only problem is ping the inside interface of the ASA.
interface Vlanx
IP x.x.x.x 255.255.255.0
IP broadcast directed to 199
IP accounting output-packets
IP pim sparse - dense mode
route IP cache flow
load-interval 30
Has anyone experiences the problem like this before? Thanks in advance for any help.
Can you post the output of the following on the ASA:-
display the route
And the output of your base layer diverter: -.
show ip route<>
HTH >
-
cannot turn on the firewall in windows vista
I went to the control panel to turn on the firewall, but a screen will appear that says: "due to a problem not identified, windows cannot display the firewall settings." When I click on parameter update now a screen said, "firewall Windows was unable to make the requested updates". Any ideas on how to proceed from here?
Hello
You can run this fix:Diagnose and automatically fix problems of Windows Firewall service -
Cannot ping via the VPN client host when static NAT translations are used
Hello, I have a SRI 3825 configured for Cisco VPN client access.
There are also several hosts on the internal network of the static NAT translations have a services facing outwards.
Everything works as expected with the exception that I cannot ping hosts on the internal network once connected via VPN client that is internal IP addresses have the static NAT translations in external public addresses, I ping any host that does not have static NAT translation.
For example, in the example below, I cannot ping 192.168.1.1 and 192.168.1.2, but I can ping to the internal interface of the router, and any other host on the LAN, I can ping all hosts in the router itself.
Any help would be appreciated.
Concerning
!
session of crypto consignment
!
crypto ISAKMP policy 10
BA 3des
preshared authentication
Group 2
!
ISAKMP crypto client configuration group vpnclient
key S3Cu4Ke!
DNS 192.168.1.1 192.168.1.2
domain domain.com
pool dhcppool
ACL 198
Save-password
PFS
netmask 255.255.255.0
!
!
Crypto ipsec transform-set-SECURE 3DES esp-3des esp-sha-hmac
!
Crypto-map dynamic dynmap 10
86400 seconds, life of security association set
game of transformation-3DES-SECURE
market arriere-route
!
card crypto client cryptomap of authentication list drauthen
card crypto isakmp authorization list drauthor cryptomap
client configuration address card crypto cryptomap answer
map cryptomap 65535-isakmp ipsec crypto dynamic dynmap
!
interface GigabitEthernet0/0
NAT outside IP
IP 1.2.3.4 255.255.255.240
cryptomap card crypto
!
interface GigabitEthernet0/1
IP 192.168.1.254 255.255.255.0
IP nat inside
!
IP local pool dhcppool 192.168.2.50 192.168.2.100
!
Note access-list 198 * Split Tunnel encrypted traffic *.
access-list 198 allow ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255!
Note access-list 199 * NAT0 ACL *.
access-list 199 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 199 permit ip 192.168.1.0 0.0.0.255 any!
Sheep allowed 10 route map
corresponds to the IP 199!
IP nat inside source map route sheep interface GigabitEthernet0/0 overload!
IP nat inside source static 192.168.1.1 1.2.3.5
IP nat inside source static 192.168.1.2 1.2.3.6The problem seems to be that static NAT take your nat exemption.
The solution would be:
IP nat inside source static 192.168.1.1 1.2.3.5 sheep map route
IP nat inside source static 192.168.1.2 1.2.3.6 sheep map routeHTH
Herbert
-
Cannot ping inside the ASA from the inside interface
Don't know what I did wrong... appreciate any help
Here is the page layout
laptop--> cisco 3750 switch--> ASA5505 firewall--> future VPN tunnel
Laptop, switch interface VLAN and inside the ASA are all in the same subnet
Switch and ASA have all interfaces local network VIRTUAL 52 (the subnet in question), except for the external interface
-----------------
This is the problem
laptop getting ip addressing and def GW via DHCP from the firewall
switch and FW can ping each other without problem
FW can't ping, still gets the DHCP scope.
Thank you
Dave
Hello
How did you setup?
The laptop is connected to a port of the 3750 (VLAN 52).
The connection between the 3750 and the SAA is a chest or a link L3?
If the 3750 has a SVI belonging to VLAN52, you can ping from the correct PC? As well as the ASA?
Federico.
-
Cannot turn on the firewall of windows 7
I just got a new Dell computer. For some reason, I can't turn on windows firewall 7. The option is not grayed out, but when I click on 'recommended use of parameters' nothing happens. I did a full scan with Windows Security Essentials and there is no virus.
Hello
To resolve this problem, you will need to follow these methods provided below.
Method 1: Please run "services.msc", "Event controller Windows" stop first and then make sure that "Base filtering engine" service is started.
On the Start Menu, type devmgmt.msc, and then open Device Manager. On the view tab, select "Devices by connection" and put a check next to "Show hidden devices". Search for the Windows Firewall authorization driver (there will be a gear icon gold). Double-click on that and on the driver tab, make sure that the startup type is set to "Application".
Then start the service "Windows Firewall" and see if the problem is resolved.
Method 2: The driver of the authorization (mdsdrv.sys) firewall is a system protected Windows file. You can run the tool File Checker system and if the file is found to be damaged, it will be replaced.
Proceed with caution.
Go to start / all programs / accessories.
Right-click on the element "Command Prompt" and select the "Run as Administrator" option.
Click on 'Continue' in the UAC prompt.
In the command window, type the following command.
SFC/SCANNOW
Press ENTER.
This will take a few minutes to complete. Try not to use the computer during execution of SFC.
When the tool is finished, restart the computer and review the firewall options.
Let me know the results.Also follow the Microsoft Windows Help article below.
http://Windows.Microsoft.com/en-us/Windows-Vista/turn-Windows-Firewall-on-or-off
Thank you, and in what concerns:
I. Suuresh Kumar-Microsoft Support.
Visit our Microsoft answers feedback Forumand let us know what you think.
-
What Miss me? I have a 5540 which has a static route to 192.168.157.0 255.255.255.0 and I am able to ping network addresses:
ping 192.168.157.190
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 192.168.157.190, wait time is 2 seconds:
!!!!!
Success rate is 100 per cent (5/5), round-trip min/avg/max = 1/1/1 ms
My 5540 has a tunnel L2L a 5505 and everything works. But I can't ping address the same 192.168.157.190, it just times out.
Where should I start looking?
Thank you...
Hello
The only thing I can think of is including the "outside" of the SAA IP remote in the field of encryption of the connection VPN L2L between the ASAs.
Then the source ICMP directly from the ASA remote would probably encrypted/encapsulated on the L2L VPN and reach the local site server.
On the ASA local, you will need to make adding even the public IP address ASA remote for the domain of the L2L VPN encryption. You also need to configure NAT0 between the LAN and the public IP address of destination.
Of course, depending on where you make the connections to the ASA remote, this could be a problem. If you make the connections of management from OUTSIDE both of these networks, then you should not have problems, but if you manage the ASA remote from the local network then naturally these connections began through the L2L VPN over the Internet without a VPN.
-Jouni
-
Hello
I don't know what could be held, vpn users can ping to the outside and inside of the Cisco ASA interface but can not connect to servers or servers within the LAN ping.
is hell config please kindly and I would like to know what might happen.
hostname horse
domain evergreen.com
activate 2KFQnbNIdI.2KYOU encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
ins-guard
!
interface GigabitEthernet0/0
LAN description
nameif inside
security-level 100
192.168.200.1 IP address 255.255.255.0
!
interface GigabitEthernet0/1
Description CONNECTION_TO_FREEMAN
nameif outside
security-level 0
IP 196.1.1.1 255.255.255.248
!
interface GigabitEthernet0/2
Description CONNECTION_TO_TIGHTMAN
nameif backup
security-level 0
IP 197.1.1.1 255.255.255.248
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
No nameif
no level of security
no ip address
management only
!
boot system Disk0: / asa844-1 - k8.bin
boot system Disk0: / asa707 - k8.bin
passive FTP mode
clock timezone WAT 1
DNS server-group DefaultDNS
domain green.com
network of the NETWORK_OBJ_192.168.2.0_25 object
Subnet 192.168.2.0 255.255.255.128
network of the NETWORK_OBJ_192.168.202.0_24 object
192.168.202.0 subnet 255.255.255.0
network obj_any object
subnet 0.0.0.0 0.0.0.0
the DM_INLINE_NETWORK_1 object-group network
object-network 192.168.200.0 255.255.255.0
object-network 192.168.202.0 255.255.255.0
the DM_INLINE_NETWORK_2 object-group network
object-network 192.168.200.0 255.255.255.0
object-network 192.168.202.0 255.255.255.0
access-list extended INSIDE_OUT allow ip 192.168.202.0 255.255.255.0 any
access-list extended INSIDE_OUT allow ip 192.168.200.0 255.255.255.0 any
Access extensive list permits all ip a OUTSIDE_IN
gbnlvpntunnel_splitTunnelAcl standard access list allow 192.168.200.0 255.255.255.0
standard access list gbnlvpntunnel_splitTunnelAcl allow 192.168.202.0 255.255.255.0
gbnlvpntunnell_splitTunnelAcl standard access list allow 192.168.200.0 255.255.255.0
standard access list gbnlvpntunnell_splitTunnelAcl allow 192.168.202.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
backup of MTU 1500
mask of local pool VPNPOOL 192.168.2.0 - 192.168.2.100 IP 255.255.255.0
no failover
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm-645 - 206.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside, outside) static source NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination
NAT (inside, backup) static source NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.202.0_24 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination
NAT (inside, outside) static source DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination
NAT (inside, backup) static source DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 NETWORK_OBJ_192.168.2.0_25 NETWORK_OBJ_192.168.2.0_25 non-proxy-arp-search of route static destination
!
network obj_any object
dynamic NAT interface (inside, backup)
Access-group interface inside INSIDE_OUT
Access-group OUTSIDE_IN in interface outside
Route outside 0.0.0.0 0.0.0.0 196.1.1.2 1 track 10
Route outside 0.0.0.0 0.0.0.0 197.1.1.2 254
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
Enable http server
http 192.168.200.0 255.255.255.0 inside
http 192.168.202.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
monitor SLA 100
type echo protocol ipIcmpEcho 212.58.244.71 interface outside
Timeout 3000
frequency 5
monitor als 100 calendar life never start-time now
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
backup_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
backup of crypto backup_map interface card
Crypto ikev1 allow outside
Crypto ikev1 enable backup
IKEv1 crypto policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
!
track 10 rtr 100 accessibility
Telnet 192.168.200.0 255.255.255.0 inside
Telnet 192.168.202.0 255.255.255.0 inside
Telnet timeout 5
SSH 192.168.202.0 255.255.255.0 inside
SSH 192.168.200.0 255.255.255.0 inside
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 15
SSH group dh-Group1-sha1 key exchange
Console timeout 0
management-access inside
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal group vpntunnel strategy
Group vpntunnel policy attributes
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list vpntunnel_splitTunnelAcl
field default value green.com
internal vpntunnell group policy
attributes of the strategy of group vpntunnell
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list gbnlvpntunnell_splitTunnelAcl
field default value green.com
Green user name encrypted BoEFKkDtbnX5Uy1Q privilege 15 password
attributes of user name THE
VPN-group-policy gbnlvpn
tunnel-group vpntunnel type remote access
tunnel-group vpntunnel General attributes
address VPNPOOL pool
strategy-group-by default vpntunnel
tunnel-group vpntunnel ipsec-attributes
IKEv1 pre-shared-key *.
type tunnel-group vpntunnell remote access
tunnel-group vpntunnell General-attributes
address VPNPOOL2 pool
Group Policy - by default-vpntunnell
vpntunnell group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:7c1b1373bf2e2c56289b51b8dccaa565
Hello
1 - Please run these commands:
"crypto isakmp nat-traversal 30.
"crypto than dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 Road opposite value.
The main issue here is that you have two roads floating and outside it has a better than backup metric, that's why I added the command 'reverse-road '.
Please let me know.
Thank you.
-
cannot ping within the host only vmnet0
I created my own guest only (vmnet0) network without DHCP (192.168.1.0/255.255.255.0). I run several linux guests in this network. One of them, that I call the "headnode", assigns a static IP 192.168.1.1 and runs a DHCP server. The other guests, now referred to as "nodes", use DHCP to obtain their IP addresses of the headnode. During the process of starting the backend nodes, they communicate correctly with the DHCP server on the headnode and receive an IP address. After their NIC is however in place, the main nodes cannot exceed the headnode. A ping from a backend node is unable to reach the headnode. If I ping a backend of the headnode else node hand, it takes about 6 ping probes before the ping starts to work and after that, I can also ping the headnode leave this backend node. It seems that my network setup, i.e. firewall, routing, etc., in the guest linux is correct, but that the vmnet0 switch is not working properly. Is this a known issue with a guest only network?
Thanks already,
Nick
I'm not sure on a Linux host, but on Windows the XXX1 IP address is assigned to the virtual host adapter, if this option is checked! You may have a problem with an IP address in this case duplicate. Also, make sure that the IP address range does not correspond to the physical network.
Anyway, as mentioned by continuum, you can't redefine vmnet0 (filled by default), but use instead an additional vmnet for a virtual network additional.
André
-
Cannot turn on the firewall and can not install Security Essentials
I tried to uninstall, I have tried everything that has been posted and nothing works. I use AVG now because I can't get it to load MS Security Essentials, can it be fixed?
Hi Teddy.
· What steps you have tried to solve the problem?
· What happens when you try to activate Windows Firewall?
· Did you receive an error message when you tried to install Microsoft Security Essentials?
You can follow this link & check if it helps.
I can't install Microsoft Security Essentials
Hope the helps of information. Please post back and we do know.
Concerning
Joel S
Microsoft Answers Support Engineer
Visit our Microsoft answers feedback Forum and let us know what you think. -
I use McAfee Firewall as my firewall. Now when I try to turn it on, it continues for less than a second, then turns off. Firewall Windows also not be.
My computer rebooting in itself guard so I can't complete a virus scan. In one place, he suggested I have try in Safe Mode, but it didn't work (and he told me that it did not work because I couldn't connect to the internet). I tried "Safe Mode with networking" and he would not even let me scan.
Another thing, the last time that I tried to scan it got stuck on "Internet C:\Windows\SysWOW64A\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary / / Desktop.ini. This makes me think that this could be the problem, so I tried to get him to put the file in "VirusTotal. I was able to get to him before that I got the idea to put it in "VirusTotal" but now it won't let me and he says:
"You don't have currently not allowed to access this folder."
"Click Conitnue to have permanent access to this folder."
When I try to click on "Continue", it only ever through.
I tried to change the 'Owner' under 'Security' tab but it still doesn't work, so I can't check to see if the file is a virus.
Should I try to download a new antivirus program to scan my computer?
Sorry if this is in the wrong category. I have so many problems, it is not easy to categorize.
Uninstalling McAfee completely.
Do not use any product that claims to make your computer run better. Almost all of them are either false, themselves, an infection, or put your computer at risk. Delete everything that claims to be there to prevent the infections or pretends to make your computer work better, except for the singular than an antivirus product.
It is a controversial topic, but your choice of AV software may be something you want to take a 2nd look. I suggest you visit this website to get an idea of what AV software made the best work, depending on what type of user you are: http://www.av-comparatives.org/ is a non-profit that has been around for a long time and I hope that their results.
When you interpret these results, remember the difference between a product that detects 95% and the other 99% of infections, it is actually 5 times more likely to allow an infection.
I pick up after about 150 Windows PCs and I have more than 13 years. Until last September, the only AV software that I would allow my clients to use was Norton Antivirus. Note that this is not the same as any other product, Norton 360 or Internet Security. My clients rarely know infections.
Last September, Symantec (Norton owner) decided to no longer sell such a product. After much research, I decided on Bitdefender Antivirus 2015 +. I installed it on most of these PCs to date and has never been a problem, and it has been on a course of about 11 months now... It is a better product than Norton. It is also cheap. One of the things I love the most about it, is the silence and discretion. Especially if silenced you its function "portfolio".
My customers know that if they install any product of 'Internet Security', I won't work on their computers until it is deleted. Very well, I learned the hard way that other components of these products (other than the AV itself) IS causing more problems than any profit that they bring and work mainly by stopping the Windows component that does a very good job of this particular task still. The problem is that when I started to work on a computer with an IS on it, I could spend hours trying to diagnose the problem, only to find out that by taking the product of the IS, the problems have become much clearer and easier to solve. I think that the product of the IS actually hides the problem.
As I said, this is a controversial topic and you will find many different very strong opinions. I know that mine is based on a fairly large sample over a long period, and are consumers of consumer type Windows.
Please note. You should never have more than one protection software installed. Always make sure that you completely remove the firmware all protection before installing a new one. That contains software that may have come preinstalled on your computer when it's new
Totally impossible to delete most of all AV software simply by using the standard uninstallation tool Windows 7. Most of the majors also publishes a "removal tool" that gets the rest. If you do not completely remove it, it will cause very hard to understand and diagnose problems.
-
Hello!
I have a 5515 ASA with the configuration below. I have configure the ASA as remote access with anyconnect VPN server, now my problem is that I can connect but I can not ping.
ASA Version 9.1 (1)
!
ASA host name
domain xxx.xx
names of
local pool VPN_CLIENT_POOL 192.168.12.1 - 192.168.12.254 255.255.255.0 IP mask
!
interface GigabitEthernet0/0
nameif inside
security-level 100
192.168.11.1 IP address 255.255.255.0
!
interface GigabitEthernet0/1
Description Interface_to_VPN
nameif outside
security-level 0
IP 111.222.333.444 255.255.255.240
!
interface GigabitEthernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/4
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/5
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
management only
nameif management
security-level 100
192.168.5.1 IP address 255.255.255.0
!
passive FTP mode
DNS server-group DefaultDNS
www.ww domain name
permit same-security-traffic intra-interface
the object of the LAN network
subnet 192.168.11.0 255.255.255.0
LAN description
network of the SSLVPN_POOL object
255.255.255.0 subnet 192.168.12.0
VPN_CLIENT_ACL list standard access allowed 192.168.11.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
management of MTU 1500
no failover
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 711.bin
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
NAT (exterior, Interior) static source SSLVPN_POOL SSLVPN_POOL static destination LAN LAN
Route outside 0.0.0.0 0.0.0.0 111.222.333.443 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
WebVPN
list of URLS no
identity of the user by default-domain LOCAL
the ssh LOCAL console AAA authentication
AAA authentication http LOCAL console
LOCAL AAA authorization exec
Enable http server
http 192.168.5.0 255.255.255.0 management
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec pmtu aging infinite - the security association
Crypto ca trustpoint ASDM_TrustPoint5
Terminal registration
E-mail [email protected] / * /
name of the object CN = ASA
address-IP 111.222.333.444
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint6
Terminal registration
domain name full vpn.domain.com
E-mail [email protected] / * /
name of the object CN = vpn.domain.com
address-IP 111.222.333.444
pair of keys sslvpn
Configure CRL
trustpool crypto ca policy
string encryption ca ASDM_TrustPoint6 certificates
Telnet timeout 5
SSH 192.168.11.0 255.255.255.0 inside
SSH timeout 30
Console timeout 0
No ipv6-vpn-addr-assign aaa
no local ipv6-vpn-addr-assign
192.168.5.2 management - dhcpd addresses 192.168.5.254
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
SSL-trust outside ASDM_TrustPoint6 point
WebVPN
allow outside
CSD image disk0:/csd_3.5.2008-k9.pkg
AnyConnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1
AnyConnect enable
tunnel-group-list activate
attributes of Group Policy DfltGrpPolicy
Ikev1 VPN-tunnel-Protocol l2tp ipsec without ssl-client
internal VPN_CLIENT_POLICY group policy
VPN_CLIENT_POLICY group policy attributes
WINS server no
value of server DNS 192.168.11.198
VPN - 5 concurrent connections
VPN-session-timeout 480
client ssl-VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list VPN_CLIENT_ACL
myComp.local value by default-field
the address value VPN_CLIENT_POOL pools
WebVPN
activate AnyConnect ssl dtls
AnyConnect Dungeon-Installer installed
AnyConnect ssl keepalive 20
time to generate a new key 30 AnyConnect ssl
AnyConnect ssl generate a new method ssl key
AnyConnect client of dpd-interval 30
dpd-interval gateway AnyConnect 30
AnyConnect dtls lzs compression
AnyConnect modules value vpngina
value of customization DfltCustomization
internal IT_POLICY group policy
IT_POLICY group policy attributes
WINS server no
value of server DNS 192.168.11.198
VPN - connections 3
VPN-session-timeout 120
Protocol-tunnel-VPN-client ssl clientless ssl
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list VPN_CLIENT_ACL
field default value societe.com
the address value VPN_CLIENT_POOL pools
WebVPN
activate AnyConnect ssl dtls
AnyConnect Dungeon-Installer installed
AnyConnect ssl keepalive 20
AnyConnect dtls lzs compression
value of customization DfltCustomization
username vpnuser password PA$ encrypted $WORD
vpnuser username attributes
VPN-group-policy VPN_CLIENT_POLICY
type of remote access service
Username vpnuser2 password PA$ encrypted $W
username vpnuser2 attributes
type of remote access service
username admin password ADMINPA$ $ encrypted privilege 15
VPN Tunnel-group type remote access
General-attributes of VPN Tunnel-group
address VPN_CLIENT_POOL pool
Group Policy - by default-VPN_CLIENT_POLICY
VPN Tunnel-group webvpn-attributes
the aaa authentication certificate
enable VPN_to_R group-alias
type tunnel-group IT_PROFILE remote access
attributes global-tunnel-group IT_PROFILE
address VPN_CLIENT_POOL pool
Group Policy - by default-IT_POLICY
tunnel-group IT_PROFILE webvpn-attributes
the aaa authentication certificate
enable IT Group-alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
: end
Help me please! Thank you!
Hello
Please set ACLs to allow ICMP between these two subnets (192.168.11.0 and 192.168.12.0) and check. It should ping. Let me know if it does not work.
Thank you
swap
-
Router cannot ping off the grid
The situation:
Router (ip 192.168.16.1) is the default gateway for the whole of the company
Anyone in the company is able to go on the internet and ping 8.8.8.8 (google DNS) of the PC it is
I have myself my laptop have IP 192.168.16.170 and I can ping 8.8.8.8 my default gw is 192.168.16.1
I set up a lab with router B 1841 with NAT router
On the router B FastEth 0/0 is faced with A router
On the router B FastEth 0/1 is in the front of my lab
The problem:
Router B, the two interfaces can ping 192.168.16.1 (router, the default gateway)
Router B, I am unable to ping 8.8.8.8 or any other address outside the 192.168.16.0 network
I do not understand how I am able to ping my default gateway and yet not be able to ping outside my network.
Keep in mind, it works on my laptop or any other PC in the building.
Thanks for the idea
**********************************************************************************
Router #sh ip int br
Interface IP-Address OK? Method State Protocol
FastEthernet0/0 192.168.16.137 YES DHCP upward upwards
FastEthernet0/1 192.168.55.11 YES manual up up
NVI0 unassigned don't unset upward upwards
Router #.
***********************************************************************************
Router #sh run
Building configuration...
Current configuration: 712 bytes
!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
router host name
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
IP cef
!
!
!
!
!
!
!
-More-
!
interface FastEthernet0/0
DHCP IP address
NAT outside IP
automatic duplex
automatic speed
!
interface FastEthernet0/1
IP 192.168.55.11 255.255.255.0
IP nat inside
automatic duplex
automatic speed
!
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
no ip address of the http server
IP nat inside source static 192.168.55.170 192.168.16.10
IP nat inside source static 192.168.55.11 192.168.16.11
!
!
control plan
!
!
Line con 0
line to 0
line vty 0 4
opening of session
!
Scheduler allocate 20000 1000
end
Router #.
*************************************************************************
Router #sh worm
Cisco IOS Software, 1841 (C1841-IPBASE-M), Version 12.4(17a), VERSION of the SOFTWARE (fc2)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Updated Thursday, November 7 07 11:21 by prod_rel_team
ROM: System Bootstrap, Version 12.4 (13r) T, RELEASE SOFTWARE (fc1)
The availability of router is 4 hours, 34 minutes
System to regain the power ROM
System image file is "flash: c1841-ipbase - mz.124 - 17A .bin.
Cisco 1841 (revision 7.0) with 114688K / 16384K bytes of memory.
Card processor ID FTX1153W03K
2 FastEthernet interfaces
Configuration of DRAM is 64 bits wide with disabled parity.
191K bytes of NVRAM memory.
31360K bytes of ATA CompactFlash (read/write)
Configuration register is 0 x 2142
Router #.
***********************************************************************
Router #ping 192.168.16.1
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 192.168.16.1, time-out is 2 seconds:
!!!!!
Success rate is 100 per cent (5/5), round-trip min/avg/max = 1/1/4 ms
*******************************************************************
Router #ping 8.8.8.8
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 8.8.8.8, time-out is 2 seconds:
.....
Success rate is 0% (0/5)
Try to change your route by default of ' 0.0.0.0 0.0.0.0 fa0/0 "to" 0.0.0.0 0.0.0.0 192.168.16.1.
Can you ping 192.168.16.1 to RouterB?
HTH,
JohnPlease note all useful messages *.
-
VMmachine cannot ping to the gateway
VMWare Workstation 7.1.3 build-324285
Host: win7 64-bit
Guests: 3 x Red Hat Linux 32-bit, network: filled
VMMachines (VMM) can connect to each other with success, but non of them can ping the gateway, then they have no connection to the host, or other physical machines, neither the army nor other physical machines can connect to the VMMs.
Any idea what to do?
you have disabled auto fill in the virtual network Editor?
If this is not the case-how nowthe new can begin troubleshooting
Maybe you are looking for
-
Remove the newly opened tab tiles
When I open a new tab, it was always empty in the past. With FF 13 the new page is full of thumbnails of the latest web pages. How can I get rid of them. My home page is empty and I want to also empty tabs.
-
My HP Pavillion wife has a problem, Windows Vista seems unable to repair. Diagnosis HP running I got the following error code on memory: BIOME-1, og videre: please contact HP support. Can someone tell me what this error code means. Is this a problem
-
Hello...I have problems to install the driver for my satellite m50 - 180 huemenos, I downloaded the old of ati catalyst driver, but he always says that I have to install the vga standard first driver, I removed the map huemenos materiel Manager a rei
-
I found the documentation on how to record my C20 in CUCM 8.6 but nothing about CUCM 8.5. http://www.Cisco.com/en/us/docs/Telepresence/endpoint/codec-c-series/TC5/administration_guide/administering_endpoints_running_tc5_on_cucm8-6.PDF I wonder if it
-
How to check my internet speed in windows 7? can you tell me the steps?
How to check my internet speed in windows 7? can you tell me the steps?