Impossible to ping Host
Set address management
Unable to ping host on the same network segment
Checked firewall
Dear Madlabs
Please activate the correct network card as part of management network of DCUI
Tags: VMware
Similar Questions
-
PIX | SAA: can a ping host the outdoor iface inside?
Hello
I know how to configure a PIX / ASA in order to control the hosts on different interfaces to ping these interfaces or ping hosts in other segments through the firewall.
But I would like to know if it is possible to ping the external interface of a host segment inside. Or is it impossible?
Thank you
IXF
Hello
all I know is not possible not even if your acl allow icmp. You can only ping your connected to the interface.
Martin
DK
-
Cannot Ping hosts after you connect to ASA5500 using a client connection
I can ping hosts and gateways of the ASA5500, but after I connect I can't ping anything. The ASA5500 is connected to a layer 2 switch, this switch is shared resources for a layer 3. This 3 level switch is connected to another switch to level 3 where the gateways and hosts live. Again, I can ping hosts and gateways of the ASA5500 itself.
ASA Version 8.2 (5)
!
activate 8Ry2YjIyt7RRXU24 encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface GigabitEthernet0/0
nameif outside
security-level 0
IP address 208.19.xxx.xx 255.255.255.240
!
interface GigabitEthernet0/1
nameif inside
security-level 100
IP 10.47.146.199 255.255.255.0
!
interface GigabitEthernet0/2
Shutdown
No nameif
no level of security
no ip address
<--- more="" ---="">
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
No nameif
no level of security
no ip address
!
passive FTP mode
DNS server-group DefaultDNS
permit same-security-traffic inter-interface
IP 10.47.138.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.140.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.141.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.148.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.149.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.150.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.151.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.133.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.212.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.153.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.157.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.154.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
IP 10.47.146.0 allow Access - list extended SHEEP 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
Within 1500 MTU
Outside 1500 MTU
mask 172.16.1.10 - 172.16.1.200 255.255.255.0 IP local pool VPNpool
no failover
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 1 0.0.0.0 0.0.0.0
Route outside 0.0.0.0 0.0.0.0 208.19.xxx.xx 1
Route inside 10.47.133.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.138.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.140.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.141.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.148.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.149.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.150.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.151.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.153.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.154.0 255.255.255.0 10.47.146.1 1
Route inside 10.47.157.0 255.255.255.0 10.47.146.1 1
Route inside the 10.47.212.0 255.255.254.0 10.47.146.1 1
Route inside the 10.47.214.0 255.255.254.0 10.47.146.1 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
No snmp server location
No snmp Server contact
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Telnet timeout 5
SSH timeout 5
Console timeout 0
a basic threat threat detection
Statistics-list of access threat detection--->
no statistical threat detection tcp-interception
WebVPN
allow outside
SVC disk0:/anyconnect-win-3.1.04072-k9.pkg 1 image
enable SVC
tunnel-group-list activate
Anyconnect-policy group policy interns
Anyconnect-policy-strategy of group attributes
VPN - 100 simultaneous connections
VPN-idle-timeout no
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
WebVPN
SVC Dungeon-Installer installed
SVC request to enable default timeout 20 svc
username billuser1 password eS3lou7xhp / 8g 705 encrypted
username billuser1 attributes
type of remote access service
tunnel-group bill type remote access
tunnel-group invoice General attributes
address pool VPNpool
strategy-group-by default Anyconnect-policy
tunnel-group bill webvpn-attributes
activation of the Group billgroup_users alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/De destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:80003da27b3641b2123e30df5ef6b320
: end
cvpn #.Hello
You must ensure that networks l3 behind firewalls have itinerary for your "VPNpool" subnet and you need create the rule of no - NAT as shown below
NAT (inside) 0 access-list SHEEP
HTH
Averroès.
-
Hi all:
I have a strange problem of networking that VMware technical support has not been able to help.
Summary of the problem: comments cannot ping host unless the host is a ping command, while the guest is ping to the host
Details of the problem: I have intalled VMware Workstation 6.5.2 on the host Windows Vista Edition Home Premium (SP1). I installed several guests, including Ubuntu 8.04, openSUSE 11, Win XP and Win 2000. All guests use "bridged" network. The host has a static IP address. All guests have DHCP. All these people have the same problem - they cannot ping the host. It simply returns "Destination unreachable". However, if I run a ping from the host (it didn't ping the same customer, any ip address on the network) while the guest is ping to the host, and then will cross ping of the guest. For the next two minutes, the guest will be able to ping the host without any problem (without 'help' of the host). Then the guest will again be able ping on the host and you will have to repeat the same process. Quite strange, isn't? Another problem, I can access the internet from the hosts and guests can ping each other. (I can't access the printer connected to the host. However if the guest can ping on the host, then it can also access the printer as well.) I tried everything but still can't find the root cause of the problem. Here is a list of the things I've tried:
1. tried VMware Workstation 6.5.2 on a Windows XP computer on the same network (equipped with a wireless card intel) and did NOT have this problem.
2. firewalls, antivirus software, VPN clients, etc. were all off. It did not help.
3. the problem disappears if I use the wired Ethernet connection
4. the current wireless adapter is a D-Link, but I also tried with a Linksys Wireless card and had the same problem
5. the same problem exists also for VMware 6.5.1
6. I have installed the software VirtuaBox VM from Sun and installed the same comments from Ubuntu on the same host. The problem goes away!
7. I also tried the "NAT" networking and had the same problem.
8. I also tried DHCP for host and had the same problem.
I've tried everything I can think of and nothing seemed to help. I have filed a request for assistance with VMware tech and traded a few emails with the support guy but have not heard from him for a few days. I would really appreciate if someone can offer a few ideas to help solve this problem. I'm not a networking guru, but I'm a software engineer, so you can talk to me in technical terms.
Thank you in advance.
Yes! as noted above, it is the arp tables.
my router is assigned the same IP address for the host computer and the guest, so as soon as you ping from your host prompt, the mac and ip is back in the arp (invites) tables and from there he will communicate via newly assigned ARP table. You can check this scathing the hostname and it will be the same ip address as your guest (in my case)
I then googled arp vmware and discovered that it is familir with chipset broadcom and vmware behavior.
ARP - a displays the tables,
ARP s 00-00-00-00-00-00 192.168.x.xxx - assign the IP address to a MAC address.
I hope this helps.
-
Host Windows 7: Win XP Pro SP 3 comments: comments can ping hosts Internet but IE
Problem: The customer is impossible to browse Internet hosts. This virtual machine works great under Vista with the same version of VMWorkstation.
Attempts to debug: take mail.yahoo.com. I can ping. But accessing http://mail.yahoo.com/ fails according to the and he tries so a search MSN and of course breaks down, too.
C:\Documents and Settings\Administrateur & gt; ipconfig/all
Windows IP configuration
Name of the host...: squidney-cafdd0
Primary Dns suffix...:
Node... type: hybrid
Active... IP routing: No.
Active... proxy WINS: No.
... DNS suffix search list: localdomain
Ethernet connection to the Local network card:
The connection-specific DNS suffix. : localdomain
... Description: VMware accelerated AMD PCNet Adapter
Physical address.... : 00-0C-29-E8-C0-C8
DHCP active...: Yes
Autoconfiguration enabled...: Yes
... The IP address: 192.168.203.129
... Subnet mask: 255.255.255.0.
... Default gateway. : 192.168.203.2.
DHCP server...: 192.168.203.254
DNS servers...: 192.168.203.2.
Primary WINS server...: 192.168.203.2
Lease obtained...: Sunday, June 21, 2009 20:02:54
End of the lease...: Sunday, June 21, 2009 20:32:54
C:\Documents and Settings\Administrateur & gt;
Host: Windows 7 RC - Version 6.1.7100
Client: Windows XP Pro SP 3 - Version 5.1.2600
VMWorkstation version: 6.5 build - 156735
Guest network: NAT
Driver comments: VMware Accelerated AMD PCNet Adapter
VMX file is attached
vmsupport file is attached.
Try to change your guest of NAT network to bridged.
-
Impossible to ping by hostname
Original title: "network Bug.
I have a home network of 2 laptops and a desktop computer. They are all on the same network and the working group. I followed these steps.
1 ping the loopback address to verify that TCP/IP is installed and configured correctly on the local computer. To do this, type the following command:
Ping 127.0.0.1
If the loopback test fails, the IP stack is not responding. This problem may occur if one or more of the following conditions are true:
the o TCP drivers are corrupted.
o the network adapter does not work.
o another service is interfering with IP.
2. ping the IP address of the local computer to verify that the computer was successfully added to the network. If the routing table is correct, this procedure transfers just the packet to the loopback address 127.0.0.1. To do this, type the following command:
IP address of host local ping
If the loopback test succeeds but you cannot ping the local IP address, there may be a problem with the routing table or the network adapter driver.
3. ping the IP address of the default gateway to verify that the default gateway is functioning and that you can communicate with a local host on the local network. To do this, type the following command:
default gateway ping IP address
If the ping fails, you have a problem with the network adapter, the router device or gateway, cabling, or other connectivity equipment.
4. ping the IP address of a remote host to verify that you can communicate through a router. To do this, type the following command:
the IP address of the host remote ping
If the ping command fails, the remote host may not be responding, or there may be a problem with the hardware of network between computers. To exclude a host remote does not respond, use Ping again to a different remote host.
5. ping the host name of a remote host to verify that you can resolve a remote host name. To do this, type the following command:
Ping the host name of the remote host.
got it all except for the ping by host name. Help...
I had this same problem and finally resolved. In my router config page, I noticed that there is an entry "local domain name. That has been fixed to "Belkin" and the help text says that having a value is optional, but there is no reason to change this value, so I've always left alone.
I noticed that when I put in the host name, it adds ".» Belkin"for the name and then say he could not find the host. So I made this entry blank. Reboot the router. Immediately, my hostname looks worked.
As suspects, it also allowed me to access other computers in my workgroup. They appeared, but when I would try to use them, I received the error "network location is not found." Once I removed the Domain Local name, everything worked fine.
-
ASA - upgrade to 8.4, impossible to ping inside the interface via IPSec VPN
We have configured a site 5, site to site VPN scenario. Last week, we have upgraded 2 devices ASA 5505 to 8.4.2. Before the upgrade, our monitoring software would ping the inside interface from remote devices to confirm VPN tunnels were established, as well as the addresses of remote devices and the outside of the ASA. While we were on 8.2, remote equipment successfully ping the inside interface. After that we went to 8.4.2 we can do a ping to this interface. We looked at the newspapers and we see the ICMP traffic that is listed in the newspaper, but the remote equipment does not receive back icmp traffic. We can ping successfully from local hardware interface inside and the external interface of remote devices successfully. In addition, we can ping material behind the two devices in both directions successfully.
We are unable to remotely manage the device through the VPN tunnel
Net is:
ASA #1 inside 10.168.107.1 (running ASA 8.2)
ASA #2 inside 10.168.101.1 (running ASA 8,4)
Server 1 (behind the ASA #1) 10.168.107.34
Server 2 (behind the ASA #2) 10.168.101.14
Can ping server 1 Server 2
Can ping server 1 to 1 of the SAA
Can ping server 2-ASA 2
Can ping server 2 to server 1
Can ping server 2 ASA 1
Can ping ASA 2 ASA 1
can not ping ASA 1 and 2 of the ASA
can not ping server 1 and 2 of the ASA
cannot access the ASA 2 https for management interface, nor can the ASDM software
Here is the config on ASA (attached) 2.
Any thoughts would be appreciated.
Hey Joseph,.
Most likely, you hit this bug:
CSCtr16184 Details of bug
To-the-box traffic switches vpn hosts after upgrade to 8.4.2. Symptom:
After the upgrade of the ASA to 8.4.2 all management traffic to employment (including the)
ICMP/telnet/ssh/ASDM) hosts via the VPN (L2L or remote access VPN) can
fail the IP access address to the administration. Conditionsof :
1. the problem occurs if ASA is on 8.4.2. Not been seen on 8.4.1.
2. the user directly logged in the face of internal interfaces no problem with
ICMP/telnet/ssh/AMPS in their respective interfaces. Workaround:
The problem goes back to a Manual NAT statement that straddles the
address IP-access to the administration. The NAT must have both the
source areas and destination. Add the keyword "research route" at the end of
the statement by NAT solves the problem. Ex:
IP address access to the administration Interface of the ASA is 192.168.1.1. ! Statement by NAT overlapping:
NAT obj destination - 192.168.1.0 obj - 192.168.1.0 Shared source (indoor, outdoor)
VPN-vpn-obj static obj! New declaration:
NAT obj destination - 192.168.1.0 obj - 192.168.1.0 Shared source (indoor, outdoor)
public static obj - vpn vpn-obj-research routeHTH,
Raga
-
Cannot ping hosts on the same vlan on the 2 switches.
Hey guys so I create my own network in Packet Tracer 6.3. While the hosts can ping others on the same switch 2960 and VLAN, they are unable to ping a host on another switch in the same VLAN. For example. Josh PC on S1 (192.168.10.10) cannot ping PC Doge on S2 (192.168.10.13). I'm sure that they are on the same subnet, so I thing it is a problem of junction...
S1:
S1 #show ip int br
Interface IP-Address OK? Method State Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/2 unassigned YES manual up up
FastEthernet0/3 unassigned YES manual up up
FastEthernet0/4 unassigned YES manual up up
FastEthernet0/5 unassigned YES manual administratively down down
FastEthernet0/6 unassigned YES manual administratively down down
FastEthernet0/7 unassigned YES manual administratively down down
FastEthernet0/8 unassigned YES manual administratively down down
FastEthernet0/9 unassigned YES manual administratively down down
FastEthernet0/10 unassigned YES manual administratively down down
FastEthernet0/11 unassigned YES manual administratively down down
FastEthernet0/12 unassigned YES manual administratively down down
FastEthernet0/13 unassigned YES manual administratively down down
FastEthernet0/14 unassigned YES manual administratively down down
FastEthernet0/15 unassigned YES manual administratively down down
FastEthernet0/16 unassigned YES manual administratively down down
FastEthernet0/17 unassigned YES manual administratively down down
FastEthernet0/18 unassigned YES manual administratively down down
FastEthernet0/19 unassigned YES manual administratively down down
FastEthernet0/20 unassigned YES manual administratively down down
FastEthernet0/21 unassigned YES manual administratively down down
FastEthernet0/22 unassigned YES manual administratively down down
FastEthernet0/23 unassigned YES manual administratively down down
FastEthernet0/24 unassigned YES manual administratively down down
GigabitEthernet0/1 unassigned YES manual down down
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down
Vlan2 unassigned YES manual downwards upwards
Vlan10 unassigned YES manual up up
S1 #show interface f0/1 switchport
Name: Fa0/1
Switchport: enabled
Administrative mode: trunk
Operational mode: trunk
Encapsulation of administrative circuits: dot1q
Operational Trunking encapsulation: dot1q
Trunking negotiation: Off
The VIRTUAL LAN access mode: (default) 1
Native mode VLAN Trunking: 2 (native)
The voice of VLAN: no
Private-vlan host association Directors: no
Mapping of private - vlan management: no
Private-vlan trunk administration VLAN native: no
Private - vlan administration trunk encapsulation: dot1q
Private-vlan trunk administration VLAN normal: no
Private-vlan trunk administration private VLAN: no
Private-vlan operational: no
VLAN Trunking enabled: ALL
Pruning VLANS enabled: 2-1001
Capture Mode disabled
Capture VLAN allowed: ALL
Protected: false
The unit trust: no
S1 #show vlan br
Ports of status for the name of VLAN
---- -------------------------------- --------- -------------------------------
1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
FA0/13, Fa0/14, Fa0/15, Fa0/16
FA0/17, Fa0/18, Fa0/19, Fa0/20
FA0/21, Fa0/22, Fa0/23 and Fa0/24
Gig0/1, Gig0/2
2 active native
5 active
10 active VLAN0010 Fa0/2, Fa0/3, Fa0/4
active by default fddi 1002
assets of token-ring-default 1003
1004 fddinet - default active
1005 trnet - default active
Trunk interface #show S1
VLAN Mode Encapsulation native port State
FA0/1 on 802. 1 trunking q 2
Port VLAN allowed on trunk
5,10,20 FA0/1
Port VLAN authorized and active in the field of management
FA0/1 5,10
VLAN port extending on transmission State and no tree pruned
FA0/1 5,10
S1 #show mac-address-table
Mac address table
-------------------------------------------
VLAN Mac Address Type Ports
---- ----------- -------- -----
5 00d0.d37a.ed01 DYNAMICS Fa0/1
S2:
S2 #show ip int br
Interface IP-Address OK? Method State Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/2 unassigned YES manual up up
FastEthernet0/3 unassigned YES manual up up
FastEthernet0/4 unassigned YES manual up up
FastEthernet0/5 unassigned YES manual administratively down down
FastEthernet0/6 unassigned YES manual administratively down down
FastEthernet0/7 unassigned YES manual administratively down down
FastEthernet0/8 unassigned YES manual administratively down down
FastEthernet0/9 unassigned YES manual administratively down down
FastEthernet0/10 unassigned YES manual administratively down down
FastEthernet0/11 unassigned YES manual administratively down down
FastEthernet0/12 unassigned YES manual administratively down down
FastEthernet0/13 unassigned YES manual administratively down down
FastEthernet0/14 unassigned YES manual administratively down down
FastEthernet0/15 unassigned YES manual administratively down down
FastEthernet0/16 unassigned YES manual administratively down down
FastEthernet0/17 unassigned YES manual administratively down down
FastEthernet0/18 unassigned YES manual administratively down down
FastEthernet0/19 unassigned YES manual administratively down down
FastEthernet0/20 unassigned YES manual administratively down down
FastEthernet0/21 unassigned YES manual administratively down down
FastEthernet0/22 unassigned YES manual administratively down down
FastEthernet0/23 unassigned YES manual administratively down down
FastEthernet0/24 unassigned YES manual administratively down down
GigabitEthernet0/1 unassigned YES manual down down
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down
Vlan2 unassigned YES manual downwards upwards
Vlan5 unassigned YES manual up up
Vlan10 unassigned YES manual up up
Vlan20 unassigned YES manual up up
Vlan99 unassigned YES manual administratively down down
S2 #show interface f0/1 switchport
Name: Fa0/1
Switchport: enabled
Administrative mode: trunk
Operational mode: trunk
Encapsulation of administrative circuits: dot1q
Operational Trunking encapsulation: dot1q
Trunking negotiation: on
The VIRTUAL LAN access mode: (default) 1
Native mode VLAN Trunking: 2 (native)
The voice of VLAN: no
Private-vlan host association Directors: no
Mapping of private - vlan management: no
Private-vlan trunk administration VLAN native: no
Private - vlan administration trunk encapsulation: dot1q
Private-vlan trunk administration VLAN normal: no
Private-vlan trunk administration private VLAN: no
Private-vlan operational: no
VLAN Trunking enabled: ALL
Pruning VLANS enabled: 2-1001
Capture Mode disabled
Capture VLAN allowed: ALL
Protected: false
The unit trust: no
S2 #show vlan br
Ports of status for the name of VLAN
---- -------------------------------- --------- -------------------------------
1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
FA0/13, Fa0/14, Fa0/15, Fa0/16
FA0/17, Fa0/18, Fa0/19, Fa0/20
FA0/21, Fa0/22, Fa0/23 and Fa0/24
Gig0/1, Gig0/2
2 active native
5 active
10 VLAN0010 active Fa0/4
20 VLAN0020 active Fa0/2, Fa0/3
active by default fddi 1002
assets of token-ring-default 1003
1004 fddinet - default active
1005 trnet - default active
S2 #show mac-address-table
Mac address table
-------------------------------------------
VLAN Mac Address Type Ports
---- ----------- -------- -----
2 0030.f2c1.94e5 STATIC Fa0/1
2 0060.5c83.3401 STATIC Fa0/1
10 0002.4ae9.6964 STATIC Fa0/4
10 0060.5c83.3401 STATIC Fa0/1
20 0009.7c9a.a134 STATIC Fa0/2
----------------------------------------------------------------------------------
Let me know what I missed here. All connections are made with a straight through cable.
See you soon
Josh
Try to remove the S2 switchport port-security:
interface FastEthernet0/1 no switchport port-security
-
The VPN Clients cannot Ping hosts
I'll include a post my config. I have clients that connect through the VPN tunnel on the 180.0.0.0/24 network, 192.168.1.0/24 is the main network for the office.
I can connect to the VPN, and I received a correct address assignment. I belive tunneling can be configured correctly in the aspect that I can always connect to the internet then on the VPN, but I can't ping all hosts on the 192.168.1.0 network. In the journal of the ASDM debugging, I see pings to the ASA, but no response is received on the client.
6 February 21, 2013 21:54:26 180.0.0.1 53508 192.168.1.1 0 Built of ICMP incoming connections for faddr gaddr laddr 192.168.1.1/0 (christopher) 192.168.1.1/0 180.0.0.1/53508 Any help would be greatly appreciated, I'm currently presuring my CCNP so I would get a deeper understanding of how to resolve these issues.
-Chris
hostname RegencyRE - ASA
domain regencyrealestate.info
activate 2/VA7dRFkv6fjd1X of encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
name 180.0.0.0 Regency
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
link to the description of REGENCYSERVER
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
link to the description of RegencyRE-AP
!
interface Vlan1
nameif inside
security-level 100
192.168.1.120 IP address 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP x.x.x.x 255.255.255.248
!
passive FTP mode
clock timezone PST - 8
clock summer-time recurring PDT
DNS lookup field inside
DNS domain-lookup outside
DNS server-group DefaultDNS
Server name 208.67.220.220
name-server 208.67.222.222
domain regencyrealestate.info
inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 Regency 255.255.255.224
RegencyRE_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
outside_access_in list extended access permit icmp any one
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
mask Regency 180.0.0.1 - 180.0.0.20 255.255.255.0 IP local pool
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any inside
ICMP allow all outside
ASDM 255.255.255.0 inside Regency location
ASDM location 192.168.0.0 255.255.0.0 inside
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 12.186.110.2 1
Route inside 192.0.0.0 255.0.0.0 192.168.1.102 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
LOCAL AAA authentication serial console
http server enable 8443
http 0.0.0.0 0.0.0.0 outdoors
http 0.0.0.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 inside
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 15
SSH version 2
Console timeout 0
dhcprelay Server 192.168.1.102 inside
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
NTP server 69.25.96.13 prefer external source
NTP server 216.171.124.36 prefer external source
WebVPN
internal RegencyRE group strategy
attributes of Group Policy RegencyRE
value of server DNS 208.67.220.220 208.67.222.222
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list RegencyRE_splitTunnelAcl
username password encrypted adriana privilege 0
christopher encrypted privilege 15 password username
irene encrypted password privilege 0 username
type tunnel-group RegencyRE remote access
attributes global-tunnel-group RegencyRE
Regency address pool
Group Policy - by default-RegencyRE
IPSec-attributes tunnel-group RegencyRE
pre-shared key R3 & eNcY1.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:35bc3a41701f7f8e9dde5fa35532896d
: end
Hello
-be sure that the destination host 192.168.1.x has a route towards 180.0.0.0 by the ASA gateway.
-Configure the following figure:
capture capin interface inside match icmp 192.168.1.x host 180.0.0.x
capture ASP asp type - drop all
then make a continuous ping and get 'show capin cap' and 'asp cap.
-then check the ping, the 'encrypted' counter is increasing in the VPN client statistics
I would like to know about it, hope this helps
----
Mashal
-
Virtual MACHINE is unable to ping host and vice versa
It is a very strange problem. VMWare support tried to understand this output as Dell. So, I just throw it to the community to see if anyone else has experienced this problem and may have a solution. I have 3 identical Dell R720 servers. 2 work with no problem, but 1 (let's call it vm8) gave me problems since day 1. Reference verified Dell equipment today and has updated me the BIOS, firmware and drivers on vm8, which did not solve the problem. VMWare technicians checked each parameter network in recent weeks and currently, they are not the cause.
VM8 have ESXi installed 5.5.0. The Server 4 has 2 NICs with 4 ports each. Current configuration is vmnic 0-3 is connected to our LAN, 4-5 on our DMZ and 6-7 in our SAN (iSCSI). The AP will go up and down because VM8 loses connectivity to our isolation address (gateway).
VM8 (Mgmt IP network is 172.20.100.9) has only 1 VM (172.20.100.40). Same subnet (255.255.255.0). .9 happens to ping expiration.40 using vmkping. When I ping.9 de.40, the first package gets a quick response, then all following packets timeout. According to VMWare, when you ping in (VM to host) it does not go out through the card physical network to the physical switch. Everything is internal with vmnic and vSwitch. When I ping my gateway (172.20.100.1), the ping is successful. When I ping.9 from my workstation, the first packet times out, then answered the following packages. It is the exact opposite of ping the virtual computer.
Here's a better ventilation-
.9 VM8 host
.40 VM on the host VM8
.1 gateway
.122 workstation over LAN
.25 vRanger connection (physical server on LAN)
Ping
.9 40 (100% packet loss)
first package de.40 a.9 (75% packet loss) Gets the response, then 3 timeout
.9 a.122 good ping (0 packet loss)
.122 a.9 (0 packet loss) good ping
vmkping (75% loss).9 a.25 does not appear each packet that it is sent. But other results, can I assume first package times out.
first package de.25 a.9 (75% loss) has expired, the following 3 got a response
.40 a.122 good ping (0 packet loss)
. 122. 40 (100% packet loss)
The 3 can ping a.1 (every 20 minutes on VM8 I get a "vSphere HA agent on this host failed isolation address 172.20.100.1"
Also, throughout the day, I get the message - "vSphere HA agent on this host cannot reach some of the management of the addresses of network of other hosts, and HA is perhaps not able to restart the virtual computer if a failure of the host is displayed." I came to work in the morning, and all my VMS on VM8 migrated to my other 2 hosts. My backups don't work on VM on VM8. I use vRanger connection and when I ping connection vRanger VM8 (physical server), the first package expires and the following packages get a response. Then, when connection vRanger goes to back up my VM, runs aground due to loss of original packet.
These are things I've already tried. I tested individually each physical NETWORK adapter. I removed all the ports on the two NIC to try to isolate a specific port. All the 4 vmnic is active adapters in network properties NIC Teaming management and I moved each vmnic individually to unused to test each port. I replaced the Cat6 cables. I used different Dell switches and various ports of the switch. I even swapped the switch ports that host another employee, exclude a switch port configuration problem. In addition, port security is disabled on the ports. I upgraded ESXi 5.5.0 to a newer version. There is a known issue with the tg3 driver, which I've updated to the latest version without problem. I also used tg3 workaround by disabling NetQueue. And we do not use of VLAN. Dell technical support says that it is not a hardware problem and thinks it's a matter of layer 2, but does not know where. Basically, it's an internal problem (meaning strictly on VM8) with vSwitches or vmnic or it's a material gremlin in our Dell R720 box.
The final recommendation of Dell is to blow the ESXi server and install a clean copy. It's extremely frustrating and I'm out of ideas.
Thanks in advance.
Any luck that you have an IP address that is duplicated on your network?
-
Unable Ping Host ESX - very weird question...
Hello
I have a question not yet no willingness so far. Please please help me if you have this issue before or a similar question.
The question like this... 1 vm problem not pings from the ESX host. After reboot the VM, ESX able to ping back.
Measures taken
1 migrate this Virtual Machine to another host - done problem but always present
2 check the connection as ping then found before restarting the virtual machine: -.
On my side
============
2.1 - ping our surveillance to ESX - OK
2.2 - PIng ESX for VM - inaccessible Getting - not sure it's not main problem (previously ask our customer to reboot the virtual machine)
On the client side
=================
Before restarting the virtual machine
-------------------------
1 Ping ESX, surveillance and other VM - ok
After restart VM
-----------------------
1 Ping ESX, surveillance and other VM - ok
Now on the ESX host. This virtual machine in ESX 1 before that. So I decide to migrate this virtual ESX 2 machine but problem still not solved. Another VM in ESX2 do not have this problem at all.
Next action
=========
1. ask our customer to disable WGTA - not done by the customer (as our requirement can not remote for VM)
We using vSphere 4.1 and the best part, this issue does not happen every day or week. Sometimes occur each week one - (which I think that maybe our fixed calendar client) and sometimes occur each week 2. Sometimes the best part happens 2 times a week.
Thank you
Finally after our user turn off the LGTO_Sync the problem solved. We have more of this problem of "bizarre".
Thanks for this help.
-
Virtual machine is unable to ping host on vSphere5.1 fresh install
Hello
I did a new install of vSphere 5.1 (previously 4.1 installed that works well). No vCenter for now.
Running a virtual machine on LAN Paessler PRTG under Win 2 k 3 x 64.
This virtual machine has been moved from 4.1 to 5.1, nothing has changed.
This virtual machine can't ping the host. No monitoring WMI class too.
A physical computer on the LAN can ping on host vSphere with no problems.
What's wrong?
Thank you
Vincent
According to the screenshots, the subnet mask, you use in your local network is 255.255.0.0. As a first step, please run ipconfig / all in the virtual machine to verify that the virtual machine is configured with the same subnet mask. Secondly, run the ping command from the virtual machine, rattling of its own IP to see if it succeeds.
BTW. What type/model of virtual network adapter is configured for the virtual computer?
André
-
Comments can ping host, but host cannot ping the prompt.
Hello. I already asked this question in another discussion, but it has a different title, so I decided to ask my question in a new discussion.
Host: Windows 7, 192.168.186.1, no gateway IP
Client: Windows XP, 192.168.186.2, no gateway IP
If the ping of the comments reached the host. But when I try to ping the host's comments, I get '100% packet loss. How it could be explained?
I take a look at the Windows Firewall on computers and make sure that it is disabled.
-
Comments can not ping host in a guest only network
Hello
I have a Win XP SP2 guest OS running in VmWare Workstation 7.1.0 build 261024 on a Win XP SP3 host OS.
The virtual machine network is configured in the Config setting.
Problem: Can't ping guest operating system host OS, but the other way works, I ping guest operating system of the host.
Here are the details of config:
Host config:
IP address: 192.168.1.100
subnet mask: 255.255.255.0
default gateway: 192.168.1.1
Config of comments:
IP address: 192.168.117.128
network mask: 255.255.255.0
default gateway: it is empty
DHCP server: 192.168.117.254
Configuration of Vmnet1:
IP address: 192.168.117.1
NET Mask: 255.255.255.0
default gateway: white
When I ping 192.168.1.100 (Host IP) or 192.168.1.1 (Default Gateway) of the customer (192.168.117.128), I get a message from Destination unreachable in both cases. Please advise on this issue.
Kind regards
Neon
Welcome to the community,
Since it is a host-only network, you can test only the vmnet on the host (192.168.117.1) adapter.
If you want to be able to access the other IP addresses, you must configure the NAT is connected by a bridge.
André
-
Impossible to access host 4.0 U2 of the VI client to the DC operation
Hello
I have a single ESXi host 4.0U2. I have a virtual computer that acts as a domain controller. I can't see the host using the VI Client if the domain controller does not work, it says that the connection is refused, even though I can ping the host. I can't access the host viat its IP address in a browser too. This has happened since the upgrade of U2. Maybe the host should the domain controller, how can I remove that so I can access it with market no VM. This only occurs after a host reboot. I can stop the DC and not lose the connection, as long as the host is powered.
Tony
Try entering the host ESX information C:\Windows\System32\drivers\etc\hosts and try
This should solve, if the problem exists because of the resolution of host name problem
Thank you
Nithin
Maybe you are looking for
-
Not ' on' button pressed, then press on + or - keys to adjust the brightness of the screen on HP10BII +? Just got a new unit, and one of the first things after how to turn it on, in the getting started manual, it's that if we push the button 'On' and
-
import of work if he is absent in store
In previous editions of itunes, I could photograph LP sleeves and then import them into the library for my music if there was no work in the store, but this possibility seems to have or did I miss something? Help would be very appreciated.
-
The initialization of the project of error
Whenever I open a sample project, I get this error of initialization (screenshot attached). It could be the cause, or how can I solve this problem? Thanks in advance!
-
Control the event with two controls
Here's what I have. I have two separate loops of time. Inside of each timed loop, I have a structure of the event. Each structure is the trigger by pressing a button each. It works very well. However, I would like to add a third button that runs the
-
How can I stop getting files that no longer exist in the SEARCH
When I use the search I'm included in the list of the files/folders that no longer exist. Error message begins - the document name or path is not valid. How can I stop this? Thank you