Cannot ping hostname IB gateway
Hello
I installed virtual PeopleSoft HCM Image 9.2.012 on my laptop, with PeopleTools 8.54.08.
I IB Gateway URL as http://hcmdmo.ps.com:8000/PSIGW/PeopleSoftListeningConnector , because I created this hostname during the configuration of the Virtual Machine.
Now when I ping the gateway, a new popup window with the message "server not found".
But if I change the URL to http://192.168.56.101:8000/PSIGW/PeopleSoftListeningConnector, then it shows as active gateway.
Please help me solve the problem. How I can ping the gateway with the host name?
Thank you and best regards!
Add the name to your hosts file. On windows, which would be in C:\Windows\System32\drivers\etc\hosts
you add:
192.168.56.101 hcmdmo.ps.com
Tags: Oracle Applications
Similar Questions
-
Nested Hyper-V VM cannot ping the default gateway
Hello
At first, I have to say that I don't consider myself an expert produced a VMware.
I've been struggling with my test environment nested for a while and finally decided to get help (I hope) of pros.
Environment looks like this:
- Physical VMware ESXi 5.1.0 ("Promiscuous" mode enabled for the vSwitch)
- Couple of virtual machines, one of them being Hyper-V (Windows Server 2012 R2) server that is configured for nested virtualization - 10.106.5.27
- On the Hyper-V server, I have a VM in Windows Server 2012 R2 - 10.106.5.28
- Couple of virtual machines, one of them being Hyper-V (Windows Server 2012 R2) server that is configured for nested virtualization - 10.106.5.27
Hyper-V server has a NETWORK card and full network connectivity (internal and external: Internet) and in the Hyper-V Manager, a virtual switch is configured in external mode.
VM is connected to this virtual switch via a virtual network adapter. It has public static IP assigned with mask subnet, default gateway, and DNS even as a Hyper-V host. I ping times by IP and DNS name of the host of VM and vice versa. I cannot ping other resources of the virtual machine as the default gateway and DNS ("request timed") servers out. State of the network in the network and sharing Center is VM:
- unidentified network
- Public network
- type of access: no internet access
When I run the tool for troubleshooting problems on VM, he says "the default gateway is not available". As I said I can not ping.
I think that all my connectivity problems are caused by the unavailability of the gateway by default on the virtual machine, but I have no idea how to solve this problem. When you change the settings of the VM card from static to DHCP I can't even ping on the Hyper-V host.
All servers are joined to the same domain (VM has been migrated to ESXi, so he joined to the domain before, but I can't connect to using domain accounts, probably due to network issue).
I hope I described the problem enough, but please let me know if you need more information.
Try to activate forged passes also on the vSphere vSwitch as you do for the Promiscuous Mode.
- Physical VMware ESXi 5.1.0 ("Promiscuous" mode enabled for the vSwitch)
-
I have a XPS 12 with an Intel Centrino Advanced-N 6235 wireless card. I can't ping the default gateway with the wireless card. When I use a USB network adapter, I can ping the default gateway for the wired connection. I can connect to the Internet and the internal network with the wireless card and can ping other computers on the network. I am trying to run a program to connect wireless to a projector. I have two different programs for the two different projectors. I can connect by cable but not wireless. I think that the problem is anything that does not make me a ping of the default gateway or something on the wireless card. I have a 10 latitude with a Broadcom wireless card that is connected to the same access point and can ping the default gateway and can connect wirelessly to two projectors. They all have two windows 8 Pro.
I downloaded the new drivers from Dell, uninstalled, reinstalled, tried to update Windows install the drivers, all with no success. Any ideas?
The solution of the problem by chance. I was connected to the computer with a different network than what has been used to authenticate user account on the wireless. When I switched the user account for the user account that was logged on to the computer was the same who authenticate to the wireless, it worked. Go figure!
-
VMmachine cannot ping to the gateway
VMWare Workstation 7.1.3 build-324285
Host: win7 64-bit
Guests: 3 x Red Hat Linux 32-bit, network: filled
VMMachines (VMM) can connect to each other with success, but non of them can ping the gateway, then they have no connection to the host, or other physical machines, neither the army nor other physical machines can connect to the VMMs.
Any idea what to do?
you have disabled auto fill in the virtual network Editor?
If this is not the case-how nowthe new can begin troubleshooting
-
ESX host cannot ping the default gateway.
Hi Experts,
I have connected ESX hosts to switch cisco as well by the ILO and other ports.
Cisco switch configuration;
int gig 1/0/21 and 1/0/13 gig and gig 1/0/14 are configured as access ports because they are carriers/tagging vLan as a 306.
Cisco switch, I can ping the ip address of the ILO, but I can't ping the IP address management and vice versa.
IP Managment
10.197.204.10
255.255.255.0
10.197.204.1
VLAN 306
Attached the screenshot shown in the diagram.
your help will be appreciated.
Concerning
Don't know what it is, but there must be something simple that you miss
Let's go through each step of configuration for both ESXi network connections (ILO work already, so we do not touch).
Check the configuration of switch port physical interface GigabitEthernet1/0/13 and 1/0/14.
switchport access vlan 306
switchport mode access
spanning tree portfast
Only connect the cable network for vmnic0 to host and make sure what vmnic0 presents itself as 'connected' in the DCUI
Make sure the VLAN ID is empty.
Make sure you then the IP settings are correct (IE without typos,...) and restart the management network from the main menu.
André
-
Cannot ping a virtual machine, except on the host computer.
I have a host of SuSE, built on a chassis of IBM. It has a link for the failover interface. It has an IP of 10.10.138.196. SM 255.255.255.128. DG 10.10.138.129. I can ping this machine without problem. On that note, I have a virtual machine of SuSE. It has the same mask and gateway with an IP address of 10.10.138.197. It can ping the host (196) and the host can it ping. However, he cannot ping to the gateway by defaut.129. He receives a message Impossible to its own virtual interface. I have installation bridged networking early with no luck.
I tried to change the DG on the guest a.196. I have installation routes by default, and specific directions to 10.10.138.129 on the host and the guest without success. I talked to a few colleagues and they are not of course either. I need this available, so it can be used for a variety of applications.
You will not see a virtual NETWORK adapter for bridged interface, only for NAT and the host-only networking. There will be a device/dev/vmnet0, but that is not actually used to fill itself.
Your problem is that your bridged interface is bound to the wrong card on the host: it must be related to "bond0" not "eth0". You will need to re - run /usr/bin/vmware-config.pl to address which forces all running VMs to be stopped.
---
If you have found this device or any other answer useful please consider the use of buttons useful or Correct to award points.
-
ESXi cannot ping uplink gateway
I have ESXi that connect to 2 and Cisco 3750 port1.
3750 port47 connect to WAN1, 48 connected to WAN2
WAN1 gateway 10.0.10.1
WAN2 gateway 192.168.88.1
PROBLEMS:
1. I have WIN7 with vnic WAN1 subnet, but cannot ping gateway WAN1
QUESTIONS RELATING TO THE:
1. where is my mistake
INFO
3750:
#sh run
version 12.2
POC VTP domain
VTP transparent mode
IP routing
IP - poc.com domain name
VLAN 10
name WAN1
!
VLAN 15
name DMZ
!
VLAN 20
name SVR
!
VLAN 30
name USR
!
VLAN 40
name HA
!
VLAN 50
name STR
!
VLAN 88
name WAN2
!
VLAN 100
name of MGMT
!
Interface Port - Channel 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,15,20,30,40,50,88,100
switchport mode trunk
switchport nonegotiate
spanning tree portfast trunk
!
FastEthernet2/0/1 interface
switchport trunk encapsulation dot1q
switchport mode trunk
Speed 100
full duplex
!
interface FastEthernet2/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
Speed 100
full duplex
!
interface FastEthernet2/0/47
No switchport
IP 10.0.10.251 255.255.255.0
!
interface FastEthernet2/0/48
No switchport
IP 192.168.88.251 255.255.255.0
!
interface Vlan10
no ip address
!
interface Vlan15
IP 10.0.15.1 255.255.255.0
!
interface Vlan20
IP 10.0.20.1 255.255.255.0
!
Vlan30 interface
IP 10.0.30.1 255.255.255.0
!
interface Vlan40
IP 10.0.40.1 255.255.255.0
!
interface Vlan50
IP 10.0.50.1 255.255.255.0
!
interface Vlan88
no ip address
!
interface Vlan100
10.0.100.1 IP address 255.255.255.0
!
IP classless
IP route 0.0.0.0 0.0.0.0 10.0.10.1
IP route 0.0.0.0 0.0.0.0 192.168.88.1
ESXi 6.0
#esxcfg - vswitch - l
Switch name Num used Ports configured Ports MTU rising ports
vSwitch0 3072 10 128 1500 vmnic0, vmnic1
Name PortGroup VLAN ID used rising Ports
MGMT 100 0 vmnic0, vmnic1
STR 50 0 vmnic0, vmnic1
40 0 vmnic0, vmnic1 HA
USR 30 0 vmnic0, vmnic1
DMZ 15 0 vmnic0, vmnic1
WAN1 10 2 vmnic0, vmnic1
SVR 20 1 vmnic0, vmnic1
WAN2 88 1 vmnic0, vmnic1
Management network 100 1 vmnic0, vmnic1
If you set the IP 10.0.10.251 255.255.255.0 on interface Vlan10 instead of the interface FastEthernet2/0/47 you can ping?
-
VM management host cannot ping gateway or switch
Hello
We have a server Esx 5.0 with 3 vm on it. When I try to ping the management network of vm for my pc that I do not get an answer too trying to ping from the vmn console I can not ping to the gateway, but I can ping dns. However, I can rdp in vm servers and the ping to the gateway of each server, as well as newspapers in vsphere. We have a system with 2 voip VLAN, the other data and another for voice. Hosts and servers are all on the same cisco switch.VM management network
IP - 192.168.1.6
Sub - 255.255.255.0
GW - 192.168.1.1
DNS - 192.168.1.10
Cisco switch - 192.168.1.3
Data Vlan - 192.168.1.1
Firewall - 192.168.1.2
PC
-cannot ping 192.168.1.6
-can ping everything else
From the console network management
-cannot ping 192.168.1.1 a.3 or any pc
-can ping 192.168.1.10
It sounds like a switch problem but do not know how to fix it. The switch is a switch of cisco small business pro 8 ports
Make sure that your routing has L3 to a defined network to get traffic to your host (192.168.1.0/24) network to any network it seeks to achieve. You did not show what the subnet for the PCs are so I'm not sure that the network is.
Regarding the gateway ping, make sure that the echo ICMP message is enabled by the firewall so that ping responses can go to the host. If you still cannot ping the gateway with that on, there may be a larger problem with your connectivity.
-
Comments of the ESXi5 cannot ping gateway
Hello
Structure of the environment
Router (192.168.6.1)
-Linux
Virtual machine workstation - 8
-ESXi5 (192.168.6.220)
-srv01 ((Win2008r2) (192.168.6.221)(static pi))
-srv02 (WIn2008r2) (192.168.6.111) (DHCP)Srv01 can ping srv02
Srv01 can ping ESXi5
Srv01 cannot pingSRV02 can get the ip address of the server DHCP (192.168.6.1)
SRV02 can ping srv01
SRV02 can ping ESXi5
SRV02 cannot ping routerRouter cannot ping srv01, srv02
Router can ping ESXi5Question:
What should I do:
to get srv01 ping router
to get the router to ping srv01?See http://kb.vmware.com/kb/287 for instructions on enabling virtual for your ethernet adapters promiscuous mode.
-
Cannot ping Lan devices in Vlan
Hello
I looked for a solution to this for the week without success. I came across a Cisco C3560, which is used because of its ability of poe to power some Deskphones Voip. While the works of great poe, machines connected to the switch can only communicate with each other and don't can't ping or otherwise access any device connected directly to the router of the network.
The Cisco switch is configured with a vlan and a default gateway, but nothing comes out by behind the switch. On connected devices can ping by default gateway (192.168.0.1 - a tp-link router), receive a lease dhcp from the router said successfully and can connect to the internet, but on the local network, nothing works. (unable to connect to the printer connetced directly to the router or other computers connected directly to the router.
Any advice? I am new to cisco switches, don't know what I'm doing here. I'm just trying to get devices that are connected directly to the switch to communicate with devices connected directly to the router.
Switch#show runBuilding configuration...
Current configuration : 1528 bytes!version 12.2service configno service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Switch!enable secret 5 {}{}{}{}{}{}{}{}{}{}{}{}!no aaa new-modelclock timezone UTC 2system mtu routing 1500ip subnet-zero!!!!no file verify autospanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!interface FastEthernet0/1!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24 switchport mode access!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1 ip address 192.168.0.26 255.255.255.0 no ip route-cache!ip default-gateway 192.168.0.1ip classlessip default-network 192.168.0.0ip http server!access-list 1 permit any log!control-plane!!line con 0line vty 0 4 password XXXXXXXXX login length 0line vty 5 15 password XXXXXXXX login length 0!end
Switch#show interface
Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 001e.bd27.c4c0 (bia 001e.bd27.c4c0) Internet address is 192.168.0.26/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 3 packets/sec 138534 packets input, 9472693 bytes, 0 no buffer Received 0 broadcasts (68 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 30296 packets output, 2248820 bytes, 0 underruns 0 output errors, 1 interface resets 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c484 (bia 001e.bd27.c484) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:56, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 46000 bits/sec, 37 packets/sec 5 minute output rate 582000 bits/sec, 71 packets/sec 1941044 packets input, 327622438 bytes, 0 no buffer Received 38375 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 30699 multicast, 0 pause input 0 input packets with dribble condition detected 3224783 packets output, 2069682884 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out FastEthernet0/4 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c486 (bia 001e.bd27.c486) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 129069 packets input, 64947010 bytes, 0 no buffer Received 9953 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9759 multicast, 0 pause input 0 input packets with dribble condition detected 600269 packets output, 45540585 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/6 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c488 (bia 001e.bd27.c488) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:50, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 32693 packets input, 4244428 bytes, 0 no buffer Received 9942 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9759 multicast, 0 pause input 0 input packets with dribble condition detected 588460 packets output, 45003331 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/8 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48a (bia 001e.bd27.c48a) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:30, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 32694 packets input, 4243413 bytes, 0 no buffer Received 9934 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9757 multicast, 0 pause input 0 input packets with dribble condition detected 588485 packets output, 45009466 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/12 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48e (bia 001e.bd27.c48e) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:28, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 32742 packets input, 4252075 bytes, 0 no buffer Received 9947 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9763 multicast, 0 pause input 0 input packets with dribble condition detected 588497 packets output, 45019272 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/13 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48f (bia 001e.bd27.c48f) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:13, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 148160 packets input, 73818106 bytes, 0 no buffer Received 9973 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9760 multicast, 0 pause input 0 input packets with dribble condition detected 599666 packets output, 49045070 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/14 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c490 (bia 001e.bd27.c490) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:05, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 129165 packets input, 68409495 bytes, 0 no buffer Received 9982 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9773 multicast, 0 pause input 0 input packets with dribble condition detected 600283 packets output, 45551497 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/18 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c494 (bia 001e.bd27.c494) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:49, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 21000 bits/sec, 18 packets/sec 5 minute output rate 13000 bits/sec, 16 packets/sec 606386 packets input, 88151136 bytes, 0 no buffer Received 159883 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 55198 multicast, 0 pause input 0 input packets with dribble condition detected 941617 packets output, 308269004 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/20 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c496 (bia 001e.bd27.c496) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:54, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 1000 bits/sec, 2 packets/sec 515813 packets input, 87006769 bytes, 0 no buffer Received 21466 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 19952 multicast, 0 pause input 0 input packets with dribble condition detected 1858112 packets output, 1700009146 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/24 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c49a (bia 001e.bd27.c49a) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 546556 packets output, 41182636 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
GigabitEthernet0/1 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 001e.bd27.c481 (bia 001e.bd27.c481) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not set Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX SFP input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 556000 bits/sec, 83 packets/sec 5 minute output rate 76000 bits/sec, 63 packets/sec 4457827 packets input, 3961330567 bytes, 0 no buffer Received 15028 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 11213 multicast, 0 pause input 0 input packets with dribble condition detected 3822373 packets output, 728132696 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
Switch#show vlan
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/21002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 0 01002 fddi 101002 1500 - - - - - 0 01003 tr 101003 1500 - - - - - 0 01004 fdnet 101004 1500 - - - ieee - 0 01005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs------------------------------------------------------------------------------
Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------
Hello
first thing, please edit your post and remove your remote vty lines access password
never send passwords on a public forum for the just in case production equipment
line vty 0 4
password xxxxxx***********************
Your question
What is the configuration of the router as a switch which seems to work correctly you're saying and I configured its doing its job, don't forget you said that you cannot route no between the router and the router switch should take care of this, whats the vlan ports on the router are on is - what the same subnet do they get an ip address in the same subnet off dhcp as devices of switching, if they do, and you cannot ping them to the same subnet theres something upward on the side of the router it would treat for layer 3 routing ip traffic
the ping to the router devices connected to the cisco switch and can the device on the router cannot ping devices switches
If you move a device out of the router and attach it to the doe sit switch still work ok, reach the talk of the internet to other devices on the switch?
As there is a layer 2 switch you don't need this command you have your entry door you can remove it.. .IP default-network 192.168.0.0
-
Router and Switch cannot ping each other
Hello
I just build a lab at home.
In my current lab, I have 2 SW and 3 the router.
I have a problem, I do not know what Miss me in my config. My router cannot ping my SW.
and I also want to change my LAN from VLAN 1 interface connection at 30 of VLAN... but when I configure the VLAN 30 he show me line is in PLACE but the Protocol is DOWN.
Another question, if I want to create a VLAN with a different address, what should I do?
for example
VLAN 10 > 10.10.10.1
VLAN 20 > 20.20.20.1
etc...interface Vlan1 description LAN ip address 10.10.10.1 255.255.255.0 secondary ip address 30.30.30.1 255.255.255.0 secondary ip address 40.40.40.1 255.255.255.0 secondary ip address 20.20.20.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly dot1q tunneling ethertype 0x9100 hold-queue 100 out!
Here's the conf for my RT. ROUTER > 877SW > 2950 24 WSCISCO_877#sh runBuilding configuration... Current configuration : 3468 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname CISCO_877!boot-start-markerboot-end-marker!enable secret 5 $1$.ISW$71jzJ0Or0nenXZd/8D8.x/!no aaa new-model!!dot11 syslogip cefno ip dhcp use vrf connectedip dhcp excluded-address 20.20.20.0 20.20.20.30!ip dhcp pool LAN network 20.20.20.0 255.255.255.0 domain-name SYS.local default-router 20.20.20.1 dns-server 202.123.2.6 202.123.2.11 lease 0 4!!!!!username admin privilege 15 secret 5 $1$A1V4$GR9sPtPVXDRoOiDKRtC1M1! ! archive log config hidekeys!!!!!interface ATM0 description (OUTSIDE)ADSL_WAN no ip address no ip redirects no ip unreachables no ip proxy-arp no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto !interface FastEthernet0!interface FastEthernet1 dot1q tunneling ethertype 0x9100!interface FastEthernet2!interface FastEthernet3!interface Vlan1 description LAN ip address 20.20.20.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly dot1q tunneling ethertype 0x9100 hold-queue 100 out!interface Vlan30 description LAN no ip address no ip redirects no ip unreachables no ip proxy-arp shutdown hold-queue 100 out!interface Dialer0 description WAN_OUTSIDE ip address negotiated ip mtu 1498 ip nat outside ip virtual-reassembly max-reassemblies 1024 encapsulation ppp ip tcp adjust-mss 1400 dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname [email protected]/* */ ppp chap password 7 071C385F5C001D0403 ppp pap sent-username [email protected]/* */ password 7 120A1C04000208053E ppp ipcp mask request ppp ipcp route default ppp ipcp address accept!ip default-gateway 20.20.20.1ip forward-protocol ndip route 0.0.0.0 0.0.0.0 Dialer0ip route 10.10.10.0 255.255.255.0 Vlan1!no ip http serverno ip http secure-serverip nat inside source list 110 interface Dialer0 overload!access-list 110 permit ip 20.20.20.0 0.0.0.255 anyaccess-list 110 permit ip 10.10.10.0 0.0.0.255 anyaccess-list 110 permit ip 30.30.30.0 0.0.0.255 anyaccess-list 110 permit ip 40.40.40.0 0.0.0.255 anyaccess-list 110 permit ip 50.50.50.0 0.0.0.255 anyaccess-list 110 permit ip 60.60.60.0 0.0.0.255 any!!!control-plane!banner motd ^C :'######::'##::::'##:'########::'######::'##::::'##:'##... ##: ##:::: ##: ##.....::'##... ##: ##:::: ##: ##:::..:: ##:::: ##: ##::::::: ##:::..:: ##:::: ##:. ######:: #########: ######:::. ######:: #########::..... ##: ##.... ##: ##...:::::..... ##: ##.... ##:'##::: ##: ##:::: ##: ##:::::::'##::: ##: ##:::: ##:. ######:: ##:::: ##: ########:. ######:: ##:::: ##::......:::..:::::..::........:::......:::..:::::..:: ^C!line con 0 no modem enableline aux 0line vty 0 4 password 7 xxxx login!scheduler max-task-time 5000end CISCO_877#
And this is for my SWCATALYST_2960_01#sh runBuilding configuration... Current configuration : 5166 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname CATALYST_2960_01!enable secret 5 $1$MGrN$PtHgL3KfH0vy7Mr1Fo0hF.!ip subnet-zero!ip ssh time-out 120ip ssh authentication-retries 3vtp mode transparent!!spanning-tree mode rapid-pvstno spanning-tree optimize bpdu transmissionspanning-tree extend system-idspanning-tree vlan 1-4093 priority 16384!!!!vlan 10 name ADSL!vlan 20 name GUEST!vlan 30 name MANAGEMENT!interface Port-channel1 switchport trunk allowed vlan 1,10,20,30 switchport mode trunk switchport nonegotiate spanning-tree cost 1!interface FastEthernet0/1 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/2 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/3 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/4 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/5 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/6 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/7 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/8 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/9 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/10 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/11 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/12 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/13 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/14 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/15 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/16 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/17 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/18 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/19 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/20 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/21 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/22 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/23 switchport trunk allowed vlan 1,10,20,30 switchport mode trunk switchport nonegotiate channel-group 1 mode active!interface FastEthernet0/24 switchport trunk allowed vlan 1,10,20,30 switchport mode trunk switchport nonegotiate channel-group 1 mode active!interface Vlan1 ip address 20.20.20.2 255.255.255.0 no ip route-cache!interface Vlan10 no ip address no ip route-cache shutdown!interface Vlan30 no ip address no ip route-cache shutdown!ip default-gateway 20.20.20.1ip http server!line con 0line vty 0 4 password 7 xxxx loginline vty 5 15 login!!end
Thanks in advance.Eliane,
Please remove the etherchannel port f0/24 of the switch configuration and store it in the trunk.
interface FastEthernet0/24 switchport trunk allowed vlan 1,10,20,30 switchport mode trunk switchport nonegotiate channel-group 1 mode active <<< Remove this
Configure f0 on the router as trunk I think has 877, a switchport which fe interfaces are a part of. To display the corresponding Lass on the router, that you need to configure the VLANS corresponding on the router, then only the Lass will be in a State of going / up otherwise it will be in a down state. See if that helps. Thank you, hyacinth -
Cannot Ping hosts after you connect to ASA5500 using a client connection
I can ping hosts and gateways of the ASA5500, but after I connect I can't ping anything. The ASA5500 is connected to a layer 2 switch, this switch is shared resources for a layer 3. This 3 level switch is connected to another switch to level 3 where the gateways and hosts live. Again, I can ping hosts and gateways of the ASA5500 itself.
ASA Version 8.2 (5)
!
activate 8Ry2YjIyt7RRXU24 encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface GigabitEthernet0/0
nameif outside
security-level 0
IP address 208.19.xxx.xx 255.255.255.240
!
interface GigabitEthernet0/1
nameif inside
security-level 100
IP 10.47.146.199 255.255.255.0
!
interface GigabitEthernet0/2
Shutdown
No nameif
no level of security
no ip address
<--- more="" ---="">
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
No nameif
no level of security
no ip address
!
passive FTP mode
DNS server-group DefaultDNS
permit same-security-traffic inter-interface
IP 10.47.138.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.140.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.141.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.148.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.149.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.150.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.151.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.133.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.212.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.153.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.157.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.154.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.146.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
Within 1500 MTU
Outside 1500 MTU
mask 172.16.1.10 - 172.16.1.200 255.255.255.0 IP local pool VPNpool
no failover
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 1 0.0.0.0 0.0.0.0
Route outside 0.0.0.0 0.0.0.0 208.19.xxx.xx 1
Route inside 10.47.133.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.138.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.140.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.141.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.148.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.149.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.150.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.151.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.153.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.154.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.157.0 255.255.255.0 10.47.146.1 1
Route inside the 10.47.212.0 255.255.254.0 10.47.146.1 1
Route inside the 10.47.214.0 255.255.254.0 10.47.146.1 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
No snmp server location
No snmp Server contact
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Telnet timeout 5
SSH timeout 5
Console timeout 0
a basic threat threat detection
Statistics-list of access threat detection--->
no statistical threat detection tcp-interception
WebVPN
allow outside
SVC disk0:/anyconnect-win-3.1.04072-k9.pkg 1 image
enable SVC
tunnel-group-list activate
Anyconnect-policy group policy interns
Anyconnect-policy-strategy of group attributes
VPN - 100 simultaneous connections
VPN-idle-timeout no
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
WebVPN
SVC Dungeon-Installer installed
SVC request to enable default timeout 20 svc
username billuser1 password eS3lou7xhp / 8g 705 encrypted
username billuser1 attributes
type of remote access service
tunnel-group bill type remote access
tunnel-group invoice General attributes
address pool VPNpool
strategy-group-by default Anyconnect-policy
tunnel-group bill webvpn-attributes
activation of the Group billgroup_users alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/De destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:80003da27b3641b2123e30df5ef6b320
: end
cvpn #.Hello
You must ensure that networks l3 behind firewalls have itinerary for your "VPNpool" subnet and you need create the rule of no - NAT as shown below
NAT (inside) 0 access-list SHEEP
HTH
Averroès.
-
Peer AnyConnect VPN cannot ping, RDP each other
I have an ASA5505 running ASA 8.3 (1) and ASDM 7.1 (1). I have a remote access VPN set up and remote access users are able to connect and access to network resources. I can ping the VPN peers between the Remote LAN. My problem counterparts VPN cannot ping (RDP, CDR) between them. Ping a VPN peer of reveals another the following error in the log of the SAA.
Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp outside CBC: 10.10.10.8 outside dst: 10.10.10.9 (type 8, code 0) rejected due to the failure of reverse NAT.
Here's my ASA running-config:
ASA Version 8.3 (1)
!
ciscoasa hostname
domain dental.local
activate 9ddwXcOYB3k84G8Q encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
clock timezone CST - 6
clock to summer time recurring CDT
DNS lookup field inside
DNS server-group DefaultDNS
192.168.1.128 server name
domain dental.local
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
network obj_any object
subnet 0.0.0.0 0.0.0.0
network of the RAVPN object
10.10.10.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.10.10.0_28 object
subnet 10.10.10.0 255.255.255.240
network of the NETWORK_OBJ_192.168.1.0_24 object
subnet 192.168.1.0 255.255.255.0
access-list Local_LAN_Access note VPN Customer local LAN access
Local_LAN_Access list standard access allowed host 0.0.0.0
DefaultRAGroup_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
Note VpnPeers access list allow peer vpn ping on the other
permit access list extended ip object NETWORK_OBJ_10.10.10.0_28 object NETWORK_OBJ_10.10.10.0_28 VpnPeers
pager lines 24
Enable logging
asdm of logging of information
logging of information letter
address record [email protected] / * /
exploitation forest-address recipient [email protected] / * / level of information
record level of 1 600 6 rate-limit
Outside 1500 MTU
Within 1500 MTU
mask 10.10.10.5 - 10.10.10.10 255.255.255.0 IP local pool VPNPool
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 711.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside, all) static source all electricity static destination RAVPN RAVPN
NAT (inside, outside) static static source NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28
NAT (inside, outside) static source all all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination
!
network obj_any object
NAT dynamic interface (indoor, outdoor)
network of the RAVPN object
dynamic NAT (all, outside) interface
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Community SNMP-server
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transit
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP ESP-AES-128-SHA ESP - AES - 192 - SHA ESP - AES - 256 - SHA ESP - 3DES - SHA - OF - SHA ESP - AES - 128 - SHA - TRANS ESP - AES - 192 - SHA - TRANS ESP - AES - 256 - SHA - ESP ESP - 3DES - SHA - TRANS TRANS-DES - SHA - TRANS
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
trustpoint crypto ca-CA-SERVER ROOM
LOCAL-CA-SERVER key pair
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN = ciscoasa
billvpnkey key pair
Proxy-loc-transmitter
Configure CRL
crypto ca server
CDP - url http://ciscoasa/+CSCOCA+/asa_ca.crl
name of the issuer CN = ciscoasa
SMTP address [email protected] / * /
crypto certificate chain ca-CA-SERVER ROOM
certificate ca 01
* hidden *.
quit smoking
string encryption ca ASDM_TrustPoint0 certificates
certificate 10bdec50
* hidden *.
quit smoking
crypto ISAKMP allow outside
crypto ISAKMP policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
enable client-implementation to date
Telnet 192.168.1.1 255.255.255.255 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
management-access inside
dhcpd outside auto_config
!
dhcpd address 192.168.1.50 - 192.168.1.99 inside
dhcpd allow inside
!
a basic threat threat detection
threat detection statistics
a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
SSL-trust outside ASDM_TrustPoint0 point
WebVPN
allow outside
SVC disk0:/anyconnect-win-3.1.04072-k9.pkg 1 image
SVC profiles DellStudioClientProfile disk0: / dellstudioclientprofile.xml
enable SVC
tunnel-group-list activate
internal-password enable
chip-tunnel list SmartTunnelList RDP mstsc.exe windows platform
internal DefaultRAGroup group strategy
attributes of Group Policy DefaultRAGroup
Server DNS 192.168.1.128 value
Protocol-tunnel-VPN l2tp ipsec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list DefaultRAGroup_splitTunnelAcl
Dental.local value by default-field
WebVPN
SVC value vpngina modules
internal DefaultRAGroup_1 group strategy
attributes of Group Policy DefaultRAGroup_1
Server DNS 192.168.1.128 value
Protocol-tunnel-VPN l2tp ipsec
Dental.local value by default-field
attributes of Group Policy DfltGrpPolicy
Server DNS 192.168.1.128 value
VPN - 4 concurrent connections
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
value of group-lock RAVPN
value of Split-tunnel-network-list Local_LAN_Access
Dental.local value by default-field
WebVPN
the value of the URL - list DentalMarks
SVC value vpngina modules
SVC value dellstudio type user profiles
SVC request to enable default webvpn
chip-tunnel enable SmartTunnelList
wketchel1 5c5OoeNtCiX6lGih encrypted password username
username wketchel1 attributes
VPN-group-policy DfltGrpPolicy
WebVPN
SVC value DellStudioClientProfile type user profiles
username privilege 15 encrypted password 5c5OoeNtCiX6lGih wketchel
username wketchel attributes
VPN-group-policy DfltGrpPolicy
WebVPN
modules of SVC no
SVC value DellStudioClientProfile type user profiles
jenniferk 5.TcqIFN/4yw0Vq1 of encrypted password privilege 0 username
jenniferk username attributes
VPN-group-policy DfltGrpPolicy
WebVPN
SVC value DellStudioClientProfile type user profiles
attributes global-tunnel-group DefaultRAGroup
address pool VPNPool
LOCAL authority-server-group
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared key *.
tunnel-group DefaultRAGroup ppp-attributes
PAP Authentication
ms-chap-v2 authentication
eap-proxy authentication
type tunnel-group RAVPN remote access
attributes global-tunnel-group RAVPN
address pool VPNPool
LOCAL authority-server-group
tunnel-group RAVPN webvpn-attributes
enable RAVPN group-alias
IPSec-attributes tunnel-group RAVPN
pre-shared key *.
tunnel-group RAVPN ppp-attributes
PAP Authentication
ms-chap-v2 authentication
eap-proxy authentication
type tunnel-group WebSSLVPN remote access
tunnel-group WebSSLVPN webvpn-attributes
enable WebSSLVPN group-alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
173.194.64.108 SMTP server
context of prompt hostname
HPM topN enable
Cryptochecksum:3304bf6dcf6af5804a21e9024da3a6f8
: end
Hello
Seems to me that you can clean the current NAT configuration a bit and make it a little clearer.
I suggest the following changes
network of the VPN-POOL object
10.10.10.0 subnet 255.255.255.0
the object of the LAN network
subnet 192.168.1.0 255.255.255.0
PAT-SOURCE network object-group
object-network 192.168.1.0 255.255.255.0
object-network 10.10.10.0 255.255.255.0
NAT static destination LAN LAN (indoor, outdoor) static source VPN-VPN-POOL
destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL
NAT interface (it is, outside) the after-service automatic PAT-SOURCE dynamic source
The above should allow
- Dynamic PAT for LAN and VPN users
- NAT0 for traffic between the VPN and LAN
- NAT0 for traffic between the VPN users
You can then delete the previous NAT configurations. Naturally, please save the configuration before you make the change, if you want to revert to the original configuration.
no static source nat (inside, everything) all electricity static destination RAVPN RAVPN
No source (indoor, outdoor) nat static static NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28
No source (indoor, outdoor) nat static everything all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination
No network obj_any object
No network object RAVPN
In case you do not want to change the settings a lot you might be right by adding this
network of the VPN-POOL object
10.10.10.0 subnet 255.255.255.0
destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL
But the other above configurations changes would make NAT configurations currently simpler and clearer to see every goal of "nat" configurations.
-Jouni
-
VPN - cannot ping the next hop
Then some advice... I have configured a server VPN - pptp on my router, create a vpn for the customer at the site. For the moment, the client computer can connect and a connection to the router. I can ping from client to the router (192.168.5.1) but cannot ping 192.168.5.2 (switch) or 192.168.10.X (workstations)
What I try to achieve is to access the internal network (192.168.10.X), which is the end of the layer 3 switch. Any help/extra eyes would be good.
Here is my design of the network and the config below:
Client computer---> Internet---> (1.1.1.1) Cisco router (192.168.5.1) 881---> switch Dell Powerconnect 6248 (192.168.5.2)--> Workstation (192.168.10.x)
Router Cisco 881
AAA new-model
!
AAA of authentication ppp default local
!
VPDN enable
!
!
VPDN-group VPDN PPTP
!
accept-dialin
Pptp Protocol
virtual-model 1
!
interface FastEthernet0
Description link to switch
switchport access vlan 5
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 70
no ip address
!
interface FastEthernet4
Description INTERNET WAN PORT
IP [IP EXTERNAL address]
NAT outside IP
IP virtual-reassembly in
full duplex
Speed 100
card crypto VPN1
!
interface Vlan1
no ip address
!
interface Vlan5
Description $ES_LAN$
IP 192.168.5.1 255.255.255.248
no ip redirection
no ip unreachable
IP nat inside
IP virtual-reassembly in
!
interface Vlan70
IP [IP EXTERNAL address]
IP virtual-reassembly in
IP tcp adjust-mss 1452
!
!
!
interface virtual-Template1
IP unnumbered FastEthernet4
encapsulation ppp
peer default ip address pool defaultpool
Ms-chap PPP chap authentication protocol
!
IP local pool defaultpool 192.168.10.200 192.168.10.210
IP forward-Protocol ND
IP http server
23 class IP http access
local IP http authentication
IP http secure server
IP http timeout policy inactive 600 life 86400 request 10000
!
overload of IP nat inside source list no. - NAT interface FastEthernet4
IP route 0.0.0.0 0.0.0.0 [address IP EXTERNAL]
Route IP 192.168.0.0 255.255.0.0 192.168.5.2
!
No. - NAT extended IP access list
deny ip 192.168.0.0 0.0.255.255 10.1.0.0 0.0.255.255
IP 192.168.0.0 allow 0.0.255.255 everything
VLAN70 extended IP access list
ip [IP EXTERNAL] 0.0.0.15 permit 192.168.10.0 0.0.1.255
permit tcp [IP EXTERNAL] 0.0.0.15 any eq smtp
permit tcp [IP EXTERNAL] 0.0.0.15 any eq www
permit any eq 443 tcp [IP EXTERNAL] 0.0.0.15
permit tcp [IP EXTERNAL] 0.0.0.15 any eq field
permits any udp [IP EXTERNAL] 0.0.0.15 eq field
list of IP - VPN access scope
IP 192.168.10.0 allow 0.0.1.255 10.1.0.0 0.0.1.255
Licensing ip [IP EXTERNAL] 0.0.0.15 10.1.0.0 0.0.1.255
WAN extended IP access list
!
Layer 3 switch - Dell Powerconnect 6224
!
IP routing
IP route 0.0.0.0 0.0.0.0 192.168.5.1
interface vlan 5
name "to connect to the Cisco router.
Routing
IP 192.168.5.2 255.255.255.248
output
!
interface vlan 10
"internal network" name
Routing
IP 192.168.10.1 255.255.255.0
output
!
interface ethernet 1/g12
switchport mode acesss vlan 5
output
!
interface ethernet 1/g29
switchport mode access vlan 10
output
!
Hi Samuel,.
I went through your configuration and picked up a few problematic lines...
First of all, you can't have your vpn-pool to be in the range of 192.168.10.x/24, because you already have this subnet used behind the switch (this would be possible if you had 192.168.10.x range connected directly to the router). In addition, you may not link your virtual model to the WAN ip address, it must be bound to an interface with a subnet that includes your IP vpn-pool range.
The cleaner for this is,
Create a new interface of back of loop with a new subnet
!
loopback interface 0
192.168.99.1 IP address 255.255.255.0
!
New vpn set up, pool
!
IP local pool defaultpool 192.168.99.200 192.168.99.210
!
Change your template to point the new loopback interface,
!
interface virtual-Template1
IP unnumbered loopback0
encapsulation ppp
peer default ip address pool defaultpool
Ms-chap PPP chap authentication protocol
!
All vpn clients will get an IP address of 192.168.99.200 192.168.99.210 range. And they will be able to get the router and up to the desired range 192.168.10.x/24 behind the router. Packages get the switch, then to the host. Host will respond through the gateway (switch)-> router-> Client.
PS: Sooner, even if your packages arrive at the host, the host will never try to send the response back through the gateway (switch) packets because STI (hosts) point of view, the package came from the same local network, so the host will simply try to "arp" for shippers MAC and eventually will expire)
I hope this helps.
Please don't forget to rate/brand of useful messages
Shamal
-
DLR Uplink and GSS internal transit same VXLAN cannot ping each other.
Start with, I run NSX 6.2.2 firewall rules on 'allow all' to 'all' to 'all' "all protocols", in other words disabled...
I have a VXLAN 5000 transit, with an uplink DLR interface attached to it, and an internal interface GSS in the appendix in which neither of the parties can ping to another. So for troubleshooting, I added 2 VM Windows attached to the same transit VXLAN 5000, a virtual machine is on ESXi host 1 and the other is on host ESXi 4. They can fine ping each other, and two virtual machines can ping both the uplink of DLR and internal interfaces of the GSS.
This question has puzzled me because it makes no sense, why the DLR and the GSS cannot ping each other but 2 virtual machines that VXLAN can ping all adjacent devices. I can even put bridges on those virtual machines with a rule NAT on the GSS and those virtual machines can get internet through the GSS, but no matter what I try, the DLR cannot ping the GSS, and the GSS cannot ping DLR...
I need to define a static route between the GSS DLR <>- but if I can't even answer ping interfaces I'm dead in the water.
If I install virtual machines in a network LAN DLR interface such as WebApp and test for example database, I can ping throughout the DLR together until the IP DLR Uplink, but then he cannot ping the GSS internal.
Does anyone have suggestions for troubleshooting? Test commands that I can run? I tried many things and then lots of websites with the troubleshooting steps. Everything seems fine, all green checks in the installation steps... All roads, MACs, ARP tables appear as expected when I run test on host computers commands and controllers. I don't know what is the cause except for a bug in the code...
All ideas are welcome... Thank you
UPDATE:
Yes, so it has need of a static NAT rule on the GSS...
In my environment, I added a SNAT rule on adapter: ESG_Uplink with 0.0.0.0/24 CBC-translation dst: 1.1.1.101 (my lab ESG IP Uplink).
It works now... VM tenant box connected to WebApp portgroup (192.168.13.115) can now ping gateway DLR, through routing OSPF to the GSS and ping on physical bridge of...
I learned a lot on this one... I'm not going to worry about why the static route, I tried first post didn't work, since I was the OSPF running instead (which is more appropriate for my laboratory for realistic scenario anyway), and the Foundation will now suffice to build the rest of this POC vRA / vRO lab...
Thank you in any case, sometimes it's just nice to have someone to listen.
Maybe you are looking for
-
Libretto W100-D10 - change OS language from Italian to English
Hello I have a Toshiba Libretto W100-D10, who have an Italian version and wants to set up initially inEnglish. Any help or info appreciated, thanks.
-
Phishing scam address added to my BCC
When I send email to myself using XP and Windows Live Mail to test CCI, there is an additional address which comes outside to withhold Receipents, after the semi-colin. The address to which is added the mine is @CDS066.dcs.int.inet. I switched from O
-
Restarted automatically during playback of video file.
While playing a playback of a video file of 700 MB iam or over some files, my pc will be automatically restarted.Card Intel (R) Celeron (R) CPU - mother2.40 GHz with 1 GB of RAM. OS - Windows XP Professional Version 2002 Service pack 3
-
I have a laptop, ran a software antivirus and then he says to Windows Vista is to install the updates, phase 1 of 3, then 2/3, then he is stuck on the phase 3/3 for 24 hours, if I turn the computer market and unplug it and try to turn back still evok
-
Success through Javascript function message
HelloI have an Ajax call to call a process like thisvar ajaxRequest = new htmldb_Get (null, & APP_ID., 'APPLICATION_PROCESS is ProcessName', 10);ajaxResult = ajaxRequest.get ();If (ajaxResult is 'Success'){Redirect ('f? p = & APP_ID.:88: & SESSION. :