Comments cannot ping host
Hi all:
I have a strange problem of networking that VMware technical support has not been able to help.
Summary of the problem: comments cannot ping host unless the host is a ping command, while the guest is ping to the host
Details of the problem: I have intalled VMware Workstation 6.5.2 on the host Windows Vista Edition Home Premium (SP1). I installed several guests, including Ubuntu 8.04, openSUSE 11, Win XP and Win 2000. All guests use "bridged" network. The host has a static IP address. All guests have DHCP. All these people have the same problem - they cannot ping the host. It simply returns "Destination unreachable". However, if I run a ping from the host (it didn't ping the same customer, any ip address on the network) while the guest is ping to the host, and then will cross ping of the guest. For the next two minutes, the guest will be able to ping the host without any problem (without 'help' of the host). Then the guest will again be able ping on the host and you will have to repeat the same process. Quite strange, isn't? Another problem, I can access the internet from the hosts and guests can ping each other. (I can't access the printer connected to the host. However if the guest can ping on the host, then it can also access the printer as well.) I tried everything but still can't find the root cause of the problem. Here is a list of the things I've tried:
1. tried VMware Workstation 6.5.2 on a Windows XP computer on the same network (equipped with a wireless card intel) and did NOT have this problem.
2. firewalls, antivirus software, VPN clients, etc. were all off. It did not help.
3. the problem disappears if I use the wired Ethernet connection
4. the current wireless adapter is a D-Link, but I also tried with a Linksys Wireless card and had the same problem
5. the same problem exists also for VMware 6.5.1
6. I have installed the software VirtuaBox VM from Sun and installed the same comments from Ubuntu on the same host. The problem goes away!
7. I also tried the "NAT" networking and had the same problem.
8. I also tried DHCP for host and had the same problem.
I've tried everything I can think of and nothing seemed to help. I have filed a request for assistance with VMware tech and traded a few emails with the support guy but have not heard from him for a few days. I would really appreciate if someone can offer a few ideas to help solve this problem. I'm not a networking guru, but I'm a software engineer, so you can talk to me in technical terms.
Thank you in advance.
Yes! as noted above, it is the arp tables.
my router is assigned the same IP address for the host computer and the guest, so as soon as you ping from your host prompt, the mac and ip is back in the arp (invites) tables and from there he will communicate via newly assigned ARP table. You can check this scathing the hostname and it will be the same ip address as your guest (in my case)
I then googled arp vmware and discovered that it is familir with chipset broadcom and vmware behavior.
ARP - a displays the tables,
ARP s 00-00-00-00-00-00 192.168.x.xxx - assign the IP address to a MAC address.
I hope this helps.
Tags: VMware
Similar Questions
-
Comments can ping host, but host cannot ping the prompt.
Hello. I already asked this question in another discussion, but it has a different title, so I decided to ask my question in a new discussion.
Host: Windows 7, 192.168.186.1, no gateway IP
Client: Windows XP, 192.168.186.2, no gateway IP
If the ping of the comments reached the host. But when I try to ping the host's comments, I get '100% packet loss. How it could be explained?
I take a look at the Windows Firewall on computers and make sure that it is disabled.
-
Cannot ping hosts on the same vlan on the 2 switches.
Hey guys so I create my own network in Packet Tracer 6.3. While the hosts can ping others on the same switch 2960 and VLAN, they are unable to ping a host on another switch in the same VLAN. For example. Josh PC on S1 (192.168.10.10) cannot ping PC Doge on S2 (192.168.10.13). I'm sure that they are on the same subnet, so I thing it is a problem of junction...
S1:
S1 #show ip int br
Interface IP-Address OK? Method State Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/2 unassigned YES manual up up
FastEthernet0/3 unassigned YES manual up up
FastEthernet0/4 unassigned YES manual up up
FastEthernet0/5 unassigned YES manual administratively down down
FastEthernet0/6 unassigned YES manual administratively down down
FastEthernet0/7 unassigned YES manual administratively down down
FastEthernet0/8 unassigned YES manual administratively down down
FastEthernet0/9 unassigned YES manual administratively down down
FastEthernet0/10 unassigned YES manual administratively down down
FastEthernet0/11 unassigned YES manual administratively down down
FastEthernet0/12 unassigned YES manual administratively down down
FastEthernet0/13 unassigned YES manual administratively down down
FastEthernet0/14 unassigned YES manual administratively down down
FastEthernet0/15 unassigned YES manual administratively down down
FastEthernet0/16 unassigned YES manual administratively down down
FastEthernet0/17 unassigned YES manual administratively down down
FastEthernet0/18 unassigned YES manual administratively down down
FastEthernet0/19 unassigned YES manual administratively down down
FastEthernet0/20 unassigned YES manual administratively down down
FastEthernet0/21 unassigned YES manual administratively down down
FastEthernet0/22 unassigned YES manual administratively down down
FastEthernet0/23 unassigned YES manual administratively down down
FastEthernet0/24 unassigned YES manual administratively down down
GigabitEthernet0/1 unassigned YES manual down down
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down
Vlan2 unassigned YES manual downwards upwards
Vlan10 unassigned YES manual up up
S1 #show interface f0/1 switchport
Name: Fa0/1
Switchport: enabled
Administrative mode: trunk
Operational mode: trunk
Encapsulation of administrative circuits: dot1q
Operational Trunking encapsulation: dot1q
Trunking negotiation: Off
The VIRTUAL LAN access mode: (default) 1
Native mode VLAN Trunking: 2 (native)
The voice of VLAN: no
Private-vlan host association Directors: no
Mapping of private - vlan management: no
Private-vlan trunk administration VLAN native: no
Private - vlan administration trunk encapsulation: dot1q
Private-vlan trunk administration VLAN normal: no
Private-vlan trunk administration private VLAN: no
Private-vlan operational: no
VLAN Trunking enabled: ALL
Pruning VLANS enabled: 2-1001
Capture Mode disabled
Capture VLAN allowed: ALL
Protected: false
The unit trust: no
S1 #show vlan br
Ports of status for the name of VLAN
---- -------------------------------- --------- -------------------------------
1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
FA0/13, Fa0/14, Fa0/15, Fa0/16
FA0/17, Fa0/18, Fa0/19, Fa0/20
FA0/21, Fa0/22, Fa0/23 and Fa0/24
Gig0/1, Gig0/2
2 active native
5 active
10 active VLAN0010 Fa0/2, Fa0/3, Fa0/4
active by default fddi 1002
assets of token-ring-default 1003
1004 fddinet - default active
1005 trnet - default active
Trunk interface #show S1
VLAN Mode Encapsulation native port State
FA0/1 on 802. 1 trunking q 2
Port VLAN allowed on trunk
5,10,20 FA0/1
Port VLAN authorized and active in the field of management
FA0/1 5,10
VLAN port extending on transmission State and no tree pruned
FA0/1 5,10
S1 #show mac-address-table
Mac address table
-------------------------------------------
VLAN Mac Address Type Ports
---- ----------- -------- -----
5 00d0.d37a.ed01 DYNAMICS Fa0/1
S2:
S2 #show ip int br
Interface IP-Address OK? Method State Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/2 unassigned YES manual up up
FastEthernet0/3 unassigned YES manual up up
FastEthernet0/4 unassigned YES manual up up
FastEthernet0/5 unassigned YES manual administratively down down
FastEthernet0/6 unassigned YES manual administratively down down
FastEthernet0/7 unassigned YES manual administratively down down
FastEthernet0/8 unassigned YES manual administratively down down
FastEthernet0/9 unassigned YES manual administratively down down
FastEthernet0/10 unassigned YES manual administratively down down
FastEthernet0/11 unassigned YES manual administratively down down
FastEthernet0/12 unassigned YES manual administratively down down
FastEthernet0/13 unassigned YES manual administratively down down
FastEthernet0/14 unassigned YES manual administratively down down
FastEthernet0/15 unassigned YES manual administratively down down
FastEthernet0/16 unassigned YES manual administratively down down
FastEthernet0/17 unassigned YES manual administratively down down
FastEthernet0/18 unassigned YES manual administratively down down
FastEthernet0/19 unassigned YES manual administratively down down
FastEthernet0/20 unassigned YES manual administratively down down
FastEthernet0/21 unassigned YES manual administratively down down
FastEthernet0/22 unassigned YES manual administratively down down
FastEthernet0/23 unassigned YES manual administratively down down
FastEthernet0/24 unassigned YES manual administratively down down
GigabitEthernet0/1 unassigned YES manual down down
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down
Vlan2 unassigned YES manual downwards upwards
Vlan5 unassigned YES manual up up
Vlan10 unassigned YES manual up up
Vlan20 unassigned YES manual up up
Vlan99 unassigned YES manual administratively down down
S2 #show interface f0/1 switchport
Name: Fa0/1
Switchport: enabled
Administrative mode: trunk
Operational mode: trunk
Encapsulation of administrative circuits: dot1q
Operational Trunking encapsulation: dot1q
Trunking negotiation: on
The VIRTUAL LAN access mode: (default) 1
Native mode VLAN Trunking: 2 (native)
The voice of VLAN: no
Private-vlan host association Directors: no
Mapping of private - vlan management: no
Private-vlan trunk administration VLAN native: no
Private - vlan administration trunk encapsulation: dot1q
Private-vlan trunk administration VLAN normal: no
Private-vlan trunk administration private VLAN: no
Private-vlan operational: no
VLAN Trunking enabled: ALL
Pruning VLANS enabled: 2-1001
Capture Mode disabled
Capture VLAN allowed: ALL
Protected: false
The unit trust: no
S2 #show vlan br
Ports of status for the name of VLAN
---- -------------------------------- --------- -------------------------------
1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
FA0/13, Fa0/14, Fa0/15, Fa0/16
FA0/17, Fa0/18, Fa0/19, Fa0/20
FA0/21, Fa0/22, Fa0/23 and Fa0/24
Gig0/1, Gig0/2
2 active native
5 active
10 VLAN0010 active Fa0/4
20 VLAN0020 active Fa0/2, Fa0/3
active by default fddi 1002
assets of token-ring-default 1003
1004 fddinet - default active
1005 trnet - default active
S2 #show mac-address-table
Mac address table
-------------------------------------------
VLAN Mac Address Type Ports
---- ----------- -------- -----
2 0030.f2c1.94e5 STATIC Fa0/1
2 0060.5c83.3401 STATIC Fa0/1
10 0002.4ae9.6964 STATIC Fa0/4
10 0060.5c83.3401 STATIC Fa0/1
20 0009.7c9a.a134 STATIC Fa0/2
----------------------------------------------------------------------------------
Let me know what I missed here. All connections are made with a straight through cable.
See you soon
Josh
Try to remove the S2 switchport port-security:
interface FastEthernet0/1 no switchport port-security
-
Cannot Ping hosts after you connect to ASA5500 using a client connection
I can ping hosts and gateways of the ASA5500, but after I connect I can't ping anything. The ASA5500 is connected to a layer 2 switch, this switch is shared resources for a layer 3. This 3 level switch is connected to another switch to level 3 where the gateways and hosts live. Again, I can ping hosts and gateways of the ASA5500 itself.
ASA Version 8.2 (5)
!
activate 8Ry2YjIyt7RRXU24 encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface GigabitEthernet0/0
nameif outside
security-level 0
IP address 208.19.xxx.xx 255.255.255.240
!
interface GigabitEthernet0/1
nameif inside
security-level 100
IP 10.47.146.199 255.255.255.0
!
interface GigabitEthernet0/2
Shutdown
No nameif
no level of security
no ip address
<--- more="" ---="">
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
No nameif
no level of security
no ip address
!
passive FTP mode
DNS server-group DefaultDNS
permit same-security-traffic inter-interface
IP 10.47.138.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.140.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.141.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.148.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.149.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.150.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.151.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.133.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.212.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.153.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.157.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.154.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.146.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
Within 1500 MTU
Outside 1500 MTU
mask 172.16.1.10 - 172.16.1.200 255.255.255.0 IP local pool VPNpool
no failover
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 1 0.0.0.0 0.0.0.0
Route outside 0.0.0.0 0.0.0.0 208.19.xxx.xx 1
Route inside 10.47.133.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.138.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.140.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.141.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.148.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.149.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.150.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.151.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.153.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.154.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.157.0 255.255.255.0 10.47.146.1 1
Route inside the 10.47.212.0 255.255.254.0 10.47.146.1 1
Route inside the 10.47.214.0 255.255.254.0 10.47.146.1 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
No snmp server location
No snmp Server contact
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Telnet timeout 5
SSH timeout 5
Console timeout 0
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
allow outside
SVC disk0:/anyconnect-win-3.1.04072-k9.pkg 1 image
enable SVC
tunnel-group-list activate
Anyconnect-policy group policy interns
Anyconnect-policy-strategy of group attributes
VPN - 100 simultaneous connections
VPN-idle-timeout no
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
WebVPN
SVC Dungeon-Installer installed
SVC request to enable default timeout 20 svc
username billuser1 password eS3lou7xhp / 8g 705 encrypted
username billuser1 attributes
type of remote access service
tunnel-group bill type remote access
tunnel-group invoice General attributes
address pool VPNpool
strategy-group-by default Anyconnect-policy
tunnel-group bill webvpn-attributes
activation of the Group billgroup_users alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/De destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:80003da27b3641b2123e30df5ef6b320
: end
cvpn #.Hello
You must ensure that networks l3 behind firewalls have itinerary for your "VPNpool" subnet and you need create the rule of no - NAT as shown below
NAT (inside) 0 access-list SHEEP
HTH
Averroès.
-
Host Windows 7: Win XP Pro SP 3 comments: comments can ping hosts Internet but IE
Problem: The customer is impossible to browse Internet hosts. This virtual machine works great under Vista with the same version of VMWorkstation.
Attempts to debug: take mail.yahoo.com. I can ping. But accessing http://mail.yahoo.com/ fails according to the and he tries so a search MSN and of course breaks down, too.
C:\Documents and Settings\Administrateur & gt; ipconfig/all
Windows IP configuration
Name of the host...: squidney-cafdd0
Primary Dns suffix...:
Node... type: hybrid
Active... IP routing: No.
Active... proxy WINS: No.
... DNS suffix search list: localdomain
Ethernet connection to the Local network card:
The connection-specific DNS suffix. : localdomain
... Description: VMware accelerated AMD PCNet Adapter
Physical address.... : 00-0C-29-E8-C0-C8
DHCP active...: Yes
Autoconfiguration enabled...: Yes
... The IP address: 192.168.203.129
... Subnet mask: 255.255.255.0.
... Default gateway. : 192.168.203.2.
DHCP server...: 192.168.203.254
DNS servers...: 192.168.203.2.
Primary WINS server...: 192.168.203.2
Lease obtained...: Sunday, June 21, 2009 20:02:54
End of the lease...: Sunday, June 21, 2009 20:32:54
C:\Documents and Settings\Administrateur & gt;
Host: Windows 7 RC - Version 6.1.7100
Client: Windows XP Pro SP 3 - Version 5.1.2600
VMWorkstation version: 6.5 build - 156735
Guest network: NAT
Driver comments: VMware Accelerated AMD PCNet Adapter
VMX file is attached
vmsupport file is attached.
Try to change your guest of NAT network to bridged.
-
The VPN Clients cannot Ping hosts
I'll include a post my config. I have clients that connect through the VPN tunnel on the 180.0.0.0/24 network, 192.168.1.0/24 is the main network for the office.
I can connect to the VPN, and I received a correct address assignment. I belive tunneling can be configured correctly in the aspect that I can always connect to the internet then on the VPN, but I can't ping all hosts on the 192.168.1.0 network. In the journal of the ASDM debugging, I see pings to the ASA, but no response is received on the client.
6 February 21, 2013 21:54:26 180.0.0.1 53508 192.168.1.1 0 Built of ICMP incoming connections for faddr gaddr laddr 192.168.1.1/0 (christopher) 192.168.1.1/0 180.0.0.1/53508 Any help would be greatly appreciated, I'm currently presuring my CCNP so I would get a deeper understanding of how to resolve these issues.
-Chris
hostname RegencyRE - ASA
domain regencyrealestate.info
activate 2/VA7dRFkv6fjd1X of encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
name 180.0.0.0 Regency
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
link to the description of REGENCYSERVER
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
link to the description of RegencyRE-AP
!
interface Vlan1
nameif inside
security-level 100
192.168.1.120 IP address 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP x.x.x.x 255.255.255.248
!
passive FTP mode
clock timezone PST - 8
clock summer-time recurring PDT
DNS lookup field inside
DNS domain-lookup outside
DNS server-group DefaultDNS
Server name 208.67.220.220
name-server 208.67.222.222
domain regencyrealestate.info
inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 Regency 255.255.255.224
RegencyRE_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
outside_access_in list extended access permit icmp any one
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
mask Regency 180.0.0.1 - 180.0.0.20 255.255.255.0 IP local pool
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any inside
ICMP allow all outside
ASDM 255.255.255.0 inside Regency location
ASDM location 192.168.0.0 255.255.0.0 inside
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 12.186.110.2 1
Route inside 192.0.0.0 255.0.0.0 192.168.1.102 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
LOCAL AAA authentication serial console
http server enable 8443
http 0.0.0.0 0.0.0.0 outdoors
http 0.0.0.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 inside
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 15
SSH version 2
Console timeout 0
dhcprelay Server 192.168.1.102 inside
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
NTP server 69.25.96.13 prefer external source
NTP server 216.171.124.36 prefer external source
WebVPN
internal RegencyRE group strategy
attributes of Group Policy RegencyRE
value of server DNS 208.67.220.220 208.67.222.222
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list RegencyRE_splitTunnelAcl
username password encrypted adriana privilege 0
christopher encrypted privilege 15 password username
irene encrypted password privilege 0 username
type tunnel-group RegencyRE remote access
attributes global-tunnel-group RegencyRE
Regency address pool
Group Policy - by default-RegencyRE
IPSec-attributes tunnel-group RegencyRE
pre-shared key R3 & eNcY1.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:35bc3a41701f7f8e9dde5fa35532896d
: end
Hello
-be sure that the destination host 192.168.1.x has a route towards 180.0.0.0 by the ASA gateway.
-Configure the following figure:
capture capin interface inside match icmp 192.168.1.x host 180.0.0.x
capture ASP asp type - drop all
then make a continuous ping and get 'show capin cap' and 'asp cap.
-then check the ping, the 'encrypted' counter is increasing in the VPN client statistics
I would like to know about it, hope this helps
----
Mashal
-
Cannot ping host or guest using VM Workstation 5.5
Local host Machine Windows XP
VMWare Network Adpater VMNet1 (host)
IP 192.168.189.1
Adpater Ethernet Local machine
Suffix connection specific DNS: ISP
IP address: 192.168.1.101
VM guest computer
Ethernet adapter PB PVT:
Suffix connection specific DNS: white
IP address: 161.228.210.176
The network of the virtual computer is configured to use "Home" only
When I ping the host computer I get "Request timed out".
When I ping the Guest Machine (VM) I get "Request timed out".
Logon at the prompt, right click on 'My network places', choose 'Properties', right click on the connection to the local network and choose "Properties". Open the properties of "Internet (TCP/IP) Protocol". Select "Obtain an IP address automatically" and "Obtain DNS server address automatically". Let him.
If this does not work, provide "ipconfig/all" host AND guest, but also some screenshots of the tabs in the VMware virtual network Editor!
If you found this information useful, please consider awarding points to 'Correct' or 'Useful' responses Thank you!!
AWo
VCP / vEXPERT 2009
-
If lost the connection to one of my VMware vCenter servers.
I can still do the following...
- use the vSphere client to go directly to it.
- Ping the servers running on it.
I think I broke one of the VMKernel ports or its delivery. This would be the case?
What should I change to get this working? I know it's a gateway or a routing problem but can not see what is wrong.
In my view, the line I marked / highlighted must really point to 192.168.101.1. Is it possible to change this gateway "Local subnet" or have I got it all wrong.
Any guidance would be greatly appreciated.
Problem was with the vswitch for her ip and gateway.
-
Hello
I can't reach my host. What could be the problem?
I am using Vmware Server 2.0.1 Build 156745
Host: Windows XP Professional sp2
IP:192.168.146.1 host (vmnet1)
Hardware: Computer laptop Dell 630
Comments: Linux
CentOS 2.16.0
GuestIP:192.168.146.120
Comments cannot ping the host
Host cannot ping the prompt
I tried to configure the nat and the host only to connect. Nat could also be able to reach the external pages.
I appreciate any ideas
Is the fixed prompt on DHCP or IP?
What network cards do you have on the host and bridged (vmnetcfg.exe run as administrator)?
Is the physical card on the guest living/connected - sometimes to the life of a card NETWORK disconnected will no connectivity in the guest?
Have you recently changed the VMware network in the host? If so, you will need to restart the VMware services or reboot the host.
Is there a firewall clutter it?
Is the card NETWORK connected to the prompt - it shouldn't be a red cross on the network icon in the list of the material in the center of the console pane when the virtual machine is selected in the left pane?
The MAC address or virtual and physical adapters in the host and the single guest, that is not duplicated?
If all this pans, can be helpful to remove the NETWORK card in the prompt and add a. Also, what type of NETWORK adapter is it in the guest - 'flexible' or 'e1000 '? Should be 'flexible' for Linux - post (tie) the .vmx doubt customers.
--
If you have found this device or any other answer useful please consider the use of buttons useful or Correct to award points.
-
Cannot ping via the VPN client host when static NAT translations are used
Hello, I have a SRI 3825 configured for Cisco VPN client access.
There are also several hosts on the internal network of the static NAT translations have a services facing outwards.
Everything works as expected with the exception that I cannot ping hosts on the internal network once connected via VPN client that is internal IP addresses have the static NAT translations in external public addresses, I ping any host that does not have static NAT translation.
For example, in the example below, I cannot ping 192.168.1.1 and 192.168.1.2, but I can ping to the internal interface of the router, and any other host on the LAN, I can ping all hosts in the router itself.
Any help would be appreciated.
Concerning
!
session of crypto consignment
!
crypto ISAKMP policy 10
BA 3des
preshared authentication
Group 2
!
ISAKMP crypto client configuration group vpnclient
key S3Cu4Ke!
DNS 192.168.1.1 192.168.1.2
domain domain.com
pool dhcppool
ACL 198
Save-password
PFS
netmask 255.255.255.0
!
!
Crypto ipsec transform-set-SECURE 3DES esp-3des esp-sha-hmac
!
Crypto-map dynamic dynmap 10
86400 seconds, life of security association set
game of transformation-3DES-SECURE
market arriere-route
!
card crypto client cryptomap of authentication list drauthen
card crypto isakmp authorization list drauthor cryptomap
client configuration address card crypto cryptomap answer
map cryptomap 65535-isakmp ipsec crypto dynamic dynmap
!
interface GigabitEthernet0/0
NAT outside IP
IP 1.2.3.4 255.255.255.240
cryptomap card crypto
!
interface GigabitEthernet0/1
IP 192.168.1.254 255.255.255.0
IP nat inside
!
IP local pool dhcppool 192.168.2.50 192.168.2.100
!
Note access-list 198 * Split Tunnel encrypted traffic *.
access-list 198 allow ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255!
Note access-list 199 * NAT0 ACL *.
access-list 199 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 199 permit ip 192.168.1.0 0.0.0.255 any!
Sheep allowed 10 route map
corresponds to the IP 199!
IP nat inside source map route sheep interface GigabitEthernet0/0 overload!
IP nat inside source static 192.168.1.1 1.2.3.5
IP nat inside source static 192.168.1.2 1.2.3.6The problem seems to be that static NAT take your nat exemption.
The solution would be:
IP nat inside source static 192.168.1.1 1.2.3.5 sheep map route
IP nat inside source static 192.168.1.2 1.2.3.6 sheep map routeHTH
Herbert
-
I have a group of the same EPG and VLAN statically mapped ports on my fabric of ACI. One port connects to a port on a stack of 3750 x uplink. Hosts on the fabric, I cannot ping hosts on the 3750 until I have initiated traffic from hosts on the 3750 in the fabric. Once it done on each host of 3750, they can talk to each other. Why is this happening?
Thank you!
When traffic is a failure, the destination will probably not learned as an EP in the fabric. You can check by looking at the operational tab of the EPG.
Once you ping the 3750, we learn the EP and traffic works from the original source. When the BD "Equipment Proxy" mode, the destination must be learned.
If you change the mode of the 'Flood' comic, then inundate us and learn as a normal switch.
Joey
-
VPN inside comments - can ping Web servers; cannot browse Internet sites
When connecting through my VPN Client, I ping "google.com", but cannot display Web sites in browsers (Proxy not necessary).
There is no error message in browsers, just an attempt without end to load websites that I go.
I use NAT and without VPN, everything works fine.
This problem does not occur if I use the network bridged - but is not option,
because it doesn't work for me at home and does not work with the University network - this laptop is also connected to.
Cisco VPN Client 5.0.04.0300 inside XP32-comments
The host also XP32
VMware Workstation 6.5.2
I don't know if this makes any difference, but it's a wireless connection (laptop)
That means THAT DNS is working. What is a proxy? Do you need to configure a proxy or one is configured, but you don't need one?
If you found this information useful, please consider awarding points to 'Correct' or 'Useful' responses Thank you!!
AWo
VCP / vEXPERT 2009
-
Cannot ping between virtual servers on the same host
I have a 5 ESXi host with 3 virtual copies of Windows Server 2008R2 running on them. The ESXi host is connected to my switch, which has the Windows 2008 R2 DC to my test network and my laptop management with VSphere branch above as well. I can ping host, mobile and ad server of each of the individual virtual servers and can ping and RDP for all 3 from other devices not on that host, but I cannot communicate between the three. I have Windows Firewall disabled on all three. I have no firewall, and all machines have an IP address in the 10.0.0.X range I deleted then recreated the only virtual switch on the host on which appear all 3. I've been VERY frustrated for the last 3 days on it. Why my virtual machine cannot talk to each other?
When you have registered virtual machines in ESX you selected moved VM or Coiped VM? Go to editing parameters and watch the MAC addresses. My guess is that if you copied power (including the vmx files) then the MAC address is the same for all virtual machines. You can stop the machine and change for a MAC address mac address. You can also remove the network adapters, one of each, and then add the new network cards. Remember to reconfigure the IP addresses on the box and remove the ghost network maps after doing this.
Check this KB to change the mac address.
http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalID=507
Also, can you connect to the switch and look at the ARP table and see if the system VMs register here.
-
VM management host cannot ping gateway or switch
Hello
We have a server Esx 5.0 with 3 vm on it. When I try to ping the management network of vm for my pc that I do not get an answer too trying to ping from the vmn console I can not ping to the gateway, but I can ping dns. However, I can rdp in vm servers and the ping to the gateway of each server, as well as newspapers in vsphere. We have a system with 2 voip VLAN, the other data and another for voice. Hosts and servers are all on the same cisco switch.VM management network
IP - 192.168.1.6
Sub - 255.255.255.0
GW - 192.168.1.1
DNS - 192.168.1.10
Cisco switch - 192.168.1.3
Data Vlan - 192.168.1.1
Firewall - 192.168.1.2
PC
-cannot ping 192.168.1.6
-can ping everything else
From the console network management
-cannot ping 192.168.1.1 a.3 or any pc
-can ping 192.168.1.10
It sounds like a switch problem but do not know how to fix it. The switch is a switch of cisco small business pro 8 ports
Make sure that your routing has L3 to a defined network to get traffic to your host (192.168.1.0/24) network to any network it seeks to achieve. You did not show what the subnet for the PCs are so I'm not sure that the network is.
Regarding the gateway ping, make sure that the echo ICMP message is enabled by the firewall so that ping responses can go to the host. If you still cannot ping the gateway with that on, there may be a larger problem with your connectivity.
-
VMs that newly set up cannot ping the host
A few days ago vSphere VMs worked well on nested host A that was vSphere, too. Then, install a vDS and place all hosts. He because of problem that guests could not ping each other. But, other virtual machines (I mean windows OS above) can always ping the host. So, moved the hosts of the vDS and removed the vDS, the problem is there. And implemented a few new virtual machines, what operating system are vSphere, too on the nested host a. They can only ping itself, but cannot ping on nested host A, too. Then, remove the data center and set up a new. the probel is still here.
The problem should be soon after vDS, how can I solve this problem?
the configuration of these new virtual machines are inpicture.
my thought here, you forgot to activate rear promicious (security) on vSwitch0 & 1 after the migration, both of vNDS
Maybe you are looking for
-
I'm not able to see the title bar. I have Firefox 16.01. I have Android 4.03. This is a new installation. Is hardly visible since its installation. I can't find an option to turn off this active or disabled in settings.
-
Pavilion DV4000: Forgotten Bios password. Disabled system 6961
I forgot the bios password of my laptop after 3 attempts the error msg is 'disabled system [06961} '. I put a lot of codes found on the internet but no solution. Can anyone help?
-
Where are the drivers for Windows 8?
I have a HP Pavilion dv7-6178us Entertainment Notebook PC. I can't find drivers for this laptop for Windows 8. Anyone know where I can find them? This machine is less than a year, so an upgrade path should be available. Thank you SteveMST
-
DVD Rom drive does not open when I try to eject a disc
Original title: dvd rom HI.i can open rom.i push to eject dvd but dvd rom not the open.can help me.
-
transfer songs from itune to sony walkman using Windows Media Player 11
you are trying to transfer songs from iTunes to itunes library for sony walkman with windows media player 11 on xp sp3 version. error when syncing... says the file is not supported and I can't sync songs to the walkman. I can get songs off the list