Instances of VMware cannot ping between them somehow...
This is the environment for my experience:
Host: My Windows XP sp3
Products VMware: Vmware Workstation 6.0.3
Instances of VMware: one is installed Win2k3 with SP2 and a domain controller/DNS/Exchange server role, another is installed Win XP sp3 and play as a customer...
IP of the domain controller configuration:
Windows IP configuration
Name of the host...: dc
Suffix main Dns...: ge.com
Node... type: hybrid
Active... IP routing: No.
Active... proxy WINS: No.
... DNS suffix search list: ge.com
Ethernet connection to the Local card:
The connection-specific DNS suffix. :
... Description: VMware accelerated AMD PCNet Adapter
Physical address.... : 00-0C-29-56-FD-24
DHCP active...: No.
... The IP address: 192.168.238.3
... Subnet mask: 255.255.255.0.
... Default gateway. :
DNS servers...: 192.168.238.3.
Configuration of the client IP as below:
*********************************************************
Windows IP configuration
Name of the host...: client1
Suffix main Dns...: ge.com
... Node type: unknown
Active... IP routing: No.
Active... proxy WINS: No.
... DNS suffix search list: ge.com
Ethernet connection to the Local card:
The connection-specific DNS suffix. :
... Description: VMware accelerated AMD PCNet Adapter
Physical address.... : 00-0C-29-54-9D-B4
DHCP active...: No.
... The IP address: 192.168.238.4
... Subnet mask: 255.255.255.0.
... Default gateway. :
DNS servers...: 192.168.238.3.
And here are the parameters of the DC on Vmware:
And here's the VMware client settings:
And settings of network virtual as below:
My problem is:
Today, two Merethe cannot ping each other all at ONCE, even if they worked very well without any problems.
I tried to change the other IPs/remove and add maps network/restart on two instances but still no luck
Please kindly help me friends :)
Hmm so there is no problem with the NAT adapter, problem looks to with Bridge mode... Check if proceeding under in the cardiac control panels network connections is enabled for all vmware... cards try to disable and enable them
If its possible to restart the virtual machine... try this
-Remove the network card
-Turn on the virtual computer.
-Turning off the virtual computer.
-Add the network adapter
-Start the virtual machine. See if that helps.
Concerning
Anil
Save the planet, go for green
If you have found my reply to be useful, feel free to mark it as useful or Correct.
Tags: VMware
Similar Questions
-
cannot ping between remote vpn site?
vpn l2l site A, site B is extension vpn network, connect to the same vpn device 5510 to the central office and work well. I can ping from central office for two remote sites, but I cannot ping between these two vpn sites? Tried to debug icmp, I can see the icmp side did reach central office but then disappeared! do not send B next? Help, please...
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
!
object-group network SITE-a.
object-network 192.168.42.0 255.255.255.0
!
object-group network SITE-B
object-network 192.168.46.0 255.255.255.0
!
extended OUTSIDE allowed a whole icmp access list
HOLT-VPN-ACL extended access-list allow ip object-CBO-NET object group SITE-a.
!
destination SITE-a NAT (outside, outside) static source SITE - a static SITE to SITE-B-B
!
address for correspondence card crypto VPN-card 50 HOLT-VPN-ACL
card crypto VPN-card 50 peers set *. *.56.250
card crypto VPN-card 50 set transform-set AES-256-SHA ikev1
VPN-card interface card crypto outside
!
internal strategy group to DISTANCE-NETEXTENSION
Remote CONTROL-NETEXTENSION group policy attributes
value of DNS server *. *. *. *
VPN-idle-timeout no
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value REMOTE-NET2
value by default-field *.org
allow to NEM
!
remote access of type tunnel-group to DISTANCE-NETEXTENSION
Global DISTANCE-NETEXTENSION-attributes tunnel-group
authentication-server-group (inside) LOCAL
Group Policy - by default-remote CONTROL-NETEXTENSION
IPSec-attributes tunnel-group to DISTANCE-NETEXTENSION
IKEv1 pre-shared-key *.
tunnel-group *. *.56.250 type ipsec-l2l
tunnel-group *. *.56.250 ipsec-attributes
IKEv1 pre-shared-key *.
!!
ASA - 5510 # display route. include the 192.168.42
S 192.168.42.0 255.255.255.0 [1/0] via *. *. 80.1, outside
ASA - 5510 # display route. include the 192.168.46
S 192.168.46.0 255.255.255.0 [1/0] via *. *. 80.1, outside
ASA-5510.!
Username: Laporte-don't Index: 10
Assigned IP: 192.168.46.0 public IP address: *. *.65.201
Protocol: IKEv1 IPsecOverNatT
License: Another VPN
Encryption: 3DES hash: SHA1
TX Bytes: bytes 11667685 Rx: 1604235
Group Policy: Group remote CONTROL-NETEXTENSION Tunnel: remote CONTROL-NETEXTENSION
Opening time: 08:19:12 IS Thursday, February 12, 2015
Duration: 6 h: 53 m: 29 s
Inactivity: 0 h: 00 m: 00s
Result of the NAC: unknown
Map VLANS: VLAN n/a: no
!
ASA - 5510 # display l2l vpn-sessiondbSession type: LAN-to-LAN
Connection: *. *.56.250
Index: 6 IP Addr: *. *.56.250
Protocol: IPsec IKEv1
Encryption: AES256 3DES hash: SHA1
TX Bytes: bytes 2931026707 Rx: 256715895
Connect time: 02:00:41 GMT Thursday, February 12, 2015
Duration: 13: 00: 10:00Hi Rico,
You need dynamic nat (for available IP addresses) for the two side to every subset of remote access to the other side remote subnet and so they can access every other subnet as if both from the traffic from your central location.
example:
Say, this IP (10.10.10.254) is unused IP to the central office, allowed to access remote tunnel 'A' and 'B' of the site.
object-group network SITE-a.
object-network 192.168.42.0 255.255.255.0
!
object-group network SITE-B
object-network 192.168.46.0 255.255.255.0dynamic source destination SITE-a. 10.10.10.254 NAT (outdoors, outdoor)
public static SITE SITE-B-Bdestination NAT (outdoors, outdoor) SITE-B 10.10.10.254 dynamic source
SITE static-SITE aHope this helps
Thank you
Rizwan James
-
Cannot ping between virtual servers on the same host
I have a 5 ESXi host with 3 virtual copies of Windows Server 2008R2 running on them. The ESXi host is connected to my switch, which has the Windows 2008 R2 DC to my test network and my laptop management with VSphere branch above as well. I can ping host, mobile and ad server of each of the individual virtual servers and can ping and RDP for all 3 from other devices not on that host, but I cannot communicate between the three. I have Windows Firewall disabled on all three. I have no firewall, and all machines have an IP address in the 10.0.0.X range I deleted then recreated the only virtual switch on the host on which appear all 3. I've been VERY frustrated for the last 3 days on it. Why my virtual machine cannot talk to each other?
When you have registered virtual machines in ESX you selected moved VM or Coiped VM? Go to editing parameters and watch the MAC addresses. My guess is that if you copied power (including the vmx files) then the MAC address is the same for all virtual machines. You can stop the machine and change for a MAC address mac address. You can also remove the network adapters, one of each, and then add the new network cards. Remember to reconfigure the IP addresses on the box and remove the ghost network maps after doing this.
Check this KB to change the mac address.
http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalID=507
Also, can you connect to the switch and look at the ARP table and see if the system VMs register here.
-
Reference Dell powerconnect 5524 cannot ping between coelio and trunk port
Hello...
We set up a new switch of 5524 I untagged on vlan 20 and access ports where vlan 20 I allowed. I created a computer on the access port on the same trunk port ip net... cant ping beween them. I'm no expert of switch, so I wonder what I missed. I did the same thing on a dell old 3524 and it works directly...
Here's the port config I tried to do a ping beween is 6 and 10 ports
(Another thing, how how to remove):
switchport mode trunk
switchport access vlan none)Any help would be greatly appreciated!
interface vlan 1
IP 88.131.90.252 255.255.255.240
!
interface vlan 5
the name 'SCE CJA'
!
interface vlan 6
the name "out of Tele2.
!
interface vlan 7
name "Outside Telenor"
!
interface vlan 8
name "TDC Multivrf"
!
interface vlan 20
TDC-CISCO-LAN name
!
[0mMore:, quit: q or CTRL + Z, one line: interface vlan 21]
the name "FW inside."
!
interface vlan 99
name «FW sync»
!
gigabitethernet1/0/1 interface
Description CPE1
switchport access vlan 5
!
interface gigabitethernet1/0/2
Description CPE2
switchport access vlan 5
!
interface gigabitethernet1/0/3
Df description
spanning tree portfast
switchport mode trunk
switchport access vlan no
!
interface gigabitethernet1/0/4
Description Oupps-cb2
[0mMore:, quit: q or CTRL + Z, a single line: spanning tree portfast]
switchport mode trunk
switchport access vlan no
!
interface gigabitethernet1/0/5
Upp-ccm1 description
spanning tree portfast
switchport access vlan 20
!
interface gigabitethernet1/0/6
Oupps-ccm2 description
spanning tree portfast
switchport access vlan 20
!
interface gigabitethernet1/0/7
Tdc-multivrf1 description
switchport access vlan 8
!
interface gigabitethernet1/0/8
TDC-multivrf2 description
switchport access vlan 8
!
[0mMore:, quit: q or CTRL + Z, one line: interface gigabitethernet1/0/9]
Description Oupps-cb-tq03
spanning tree portfast
switchport mode trunk
!
interface gigabitethernet1/0/10
Description Oupps-cb-tq04
spanning tree portfast
switchport mode trunk
!
interface gigabitethernet1/0/11
Tele2-outside description
switchport access vlan 6
!
interface gigabitethernet1/0/12
Tele2-outside description
switchport access vlan 6
!
interface gigabitethernet1/0/13
Telenor-outside description
switchport access vlan 7
!
[0mMore:, quit: q or CTRL + Z, one line: interface gigabitethernet1/0/14]
Telenor-outside description
switchport access vlan 7
!
interface gigabitethernet1/0/15
Description Word-Oupps-fw-tq01-inside
switchport mode trunk
!
interface gigabitethernet1/0/16
Description Word-Oupps-fw-tq02-inside
switchport mode trunk
!
interface gigabitethernet1/0/17
FW-sync description
switchport access vlan 99
!
interface gigabitethernet1/0/18
FW-sync description
switchport access vlan 99
!
interface gigabitethernet1/0/19
Description Word-Oupps-fw-tq01-outside
[0mMore:, quit: q or CTRL + Z, a single line: switchport mode trunk]
!
interface gigabitethernet1/0/20
Description Word-Oupps-fw-tq02-outside
switchport mode trunk
!
interface gigabitethernet1/0/22
FW-Sync description
switchport access vlan 99
!
interface gigabitethernet1/0/23
Description Word-Oupps-FW-tq01-outside
192.168.11.1 IP address 255.255.255.0
switchport mode trunk
!
interface gigabitethernet1/0/24
Description Word-AIN-LAN-SW
switchport access vlan 20
!
IP route 0.0.0.0 0.0.0.0 88.131.90.241[0mMore:
, quit: q or CTRL + Z, a single line:] Information of VLAN
The name of the VLAN Tag Ports Ports unmarked Type permission
---- ------------ ------------------ ------------------ --------- -------------
1 1 article gi1/0/3-4, default required
Article gi1/0/9-10
item in gi1/0/15-16,
item in gi1/0/19-21,
item in gi1/0/23,
item in gi1/0/25-48,
TE1/0/1-2.
GI2/0/1-48.
TE2/0/1-2.
IG3/0/1-48.
TE3/0/1-2.
IG4/0/1-48.
TE4/0/1-2.
IG5/0/1-48.
TE5/0/1-2.
GI6/0/1-48.
TE6/0/1-2.
gi7/0/1-48.
TE7/0/1-2.
gi8/0/1-48.
TE8/0/1-2, m 1-32
5 CPE TDC article gi1/0/3-4, item in gi1/0/1-2 permanent required
[0mMore:, quit: q or CTRL + Z, one line: article gi1/0/9-10]
item in gi1/0/15-16,
item in gi1/0/19-20,
item in gi1/0/23
6 outside section gi1/0/3-4, item in gi1/0/11-12 permanent required
Tele2 item in gi1/0/9-10,
item in gi1/0/15-16,
item in gi1/0/19-20,
item in gi1/0/23
7 outside article gi1/0/3-4, item in gi1/0/13-14 required permanent
Telenor item in gi1/0/9-10,
item in gi1/0/15-16,
item in gi1/0/19-20,
item in gi1/0/23
8 TDC Multivrf item in gi1/0/3-4, item in gi1/0/7-8 permanent required
Article gi1/0/9-10
item in gi1/0/15-16,
item in gi1/0/19-20,
item in gi1/0/23
TDC-CISCO-LA 20, article gi1/0/3-4, item in gi1/0/5-6, item in gi1/0/24 required permanent
N item in gi1/0/9-10,
item in gi1/0/15-16,
[0mMore:, quit: q or CTRL + Z, one line: item in gi1/0/19-20,]
item in gi1/0/23In safe mode the PVID is 1 VLAN by default. You can do this by entering the command #switchport trunk vlan native {number of vlan}. If Cisco is configured to accept and send the marked packets and has an IP address in the subnet of VLAN 20, it should be able to communicate with other devices in VLAN 20.
-
Cisco ASA 5520 cannot ping between VPN Tunnels
I have the main site and sites A and B. A to connect to the hand and B connects to the main. I can ping from A hand and has for main. I can ping from main to B and B to main. However, I can not ping from A to B. A and B are sonicwall 2040 and main is a 5520. The question should not be with the 5520 none allowing traffic between the two VPN Tunnels, but I can't understand why it does not work. Can someone give an idea on that? Thanks in advance.
Hello
I see that you use ASDM. Always makes my eyes bleed when I need to look at the DM_INLINE of named objects and try to make sense the CLI format
Seems to me that there are problems with the NAT.
If you don't mind a small break between the main Site and remote locations, I'd say changing some follows the NAT configuration
Remove old
no nat source (indoor, outdoor) public static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_10 DM_INLINE_NETWORK_10 non-proxy-arp-search of route static destination
no nat source (indoor, outdoor) public static DM_INLINE_NETWORK_11 DM_INLINE_NETWORK_11 DM_INLINE_NETWORK_12 DM_INLINE_NETWORK_12 non-proxy-arp-search of route static destination
Add a new
object-group network NETWORK-2790
object-network 10.217.0.0 255.255.255.0
object-network 10.217.1.0 255.255.255.0
object-group network NETWORK-3820
object-network 10.216.0.0 255.255.255.0
object-network 10.216.1.0 255.255.255.0
object-group network NETWORK-COLO
object-net 10.8.0.0 255.255.255.0
destination of NETWORK of NETWORK-2790-2790 static NAT (outside, outside) static source NETWORK - 3820 - 3820
NAT static destination of NETWORK of NETWORK-COLO-COLO (indoor, outdoor) static source NETWORK - 2790 - 2790
NAT static destination of NETWORK of NETWORK-COLO-COLO (indoor, outdoor) static source NETWORK - 3820 - 3820
The first new line of configuring NAT manages the NAT0 configuration for traffic between SiteA and SiteB. The following configurations of NAT 2 manage the NAT0 for traffic between the main Site - hand Site SiteA - SiteB
-Jouni
-
Hosts distributed Virtual Switch cannot ping each other
host of vSphere 4.0, introduced 2 vSphpere B and C hosts and all put in a switch of distruduted to VMkernal network. Only the host can vmkping has a virtual machine that was put into the same switch and the VM also ping on host A. But, 3 hosts cannot vmkping between them, and B and C cannot vmkpng the virtual machine.
What is the problem and how can I solve this problem?
Thank you.
George
No, this is not typical of a vDS. Try starting here:
http://www.VMware.com/files/PDF/vSphere-vNetwork-DS-migration-configuration-WP.PDF
http://www.VMware.com/files/PDF/vSphere-vNetwork-deployment-WP.PDF
If you have found this helpful at all prices please points using the correct or useful! Thank you!
-
My HP laptop has installed Win7 Ult, the Fujitus Win7 Pro.
Both computers were sharing the files back, outside a residential group, for a period of time. One day, they are stopped. No changes have been made to computers. I tried a restore of the system on each of them, and it did not help. I re windows loaded on the HP and that did not help. I don't think that it is only a permission of the questions that I used a windows machine 7 third to map actions to each of the individual laptops using their respective IDs. I can transfer files from one of them the "machine in the middle", then the action of the other, or as a copy/paste between them directly.
WSD and NetBT will not solve one machine for others, but all other computers on the network will dispay on each machine. Only, they refuse to see each other. I have disabled the firewall. Password protected sharing, ensured that all netbios in the registry settings are correct. Pings between them are inaccessible returnded.
Any help would be appreciated.
Thank you!
Hi Jonathan,.
I see that you two computers on the network cannot see each other. I'll help you with this problem.
1. don't you make changes to the computers?
2 are computers on a domain network?
3. do you have a router connected to these computers?
Method 1:
Open the HomeGroup troubleshooter
http://Windows.Microsoft.com/en-us/Windows7/open-the-HomeGroup-Troubleshooter
Method 2.
Make sure that the following services are enabled on the computer.
(a) click Start, type "services.msc" in the search and click on services. Verify that these services are enabled:
-TCP/IP NetBIOS Helper service
-DNS Client
-Function Discovery Resource Publication
-SSDP Discovery
-UPnP device host
To start the service and set it to automatic, follow these steps:
(b) right click on each of the services listed above and click Properties.
(c) click the general tab, and then, next to startup type, select automatic.
(d) click on apply and then click Start.
Method 3.
I suggest you follow the steps in this article.
Enable or disable network discovery: http://windows.microsoft.com/en-US/windows7/Enable-or-disable-network-discovery
Method 4:
Why can't I connect to other computers?
http://Windows.Microsoft.com/en-us/Windows7/why-can-t-I-connect-to-other-computers
Refer.
Homegroup:
http://Windows.Microsoft.com/en-CA/Windows7/products/features/HomeGroup
Let us know if you need assistance with any windows problem. We will be happy to help you.
-
Site to site between ASA 8.2 VPN, cannot ping
Two 8.2 ASA is configured with a VPN tunnel from site to site, as shown in the diagram:
Clients on the inside network to the ASA cannot ping inside, network clients, else the ASA. Why not?
When the rattling from inside network SALMONARM inside network of KAMLOOPS, the following debug logs can be seen on SALMONARM:
%ASA-7-609001: Built local-host outside:10.30.7.2
%ASA-6-302020: Built outbound ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
%ASA-6-302021: Teardown ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
%ASA-7-609002: Teardown local-host outside:10.30.7.2 duration 0:00:02
%ASA-7-609001: Built local-host outside:10.30.7.2
%ASA-6-302020: Built outbound ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
%ASA-6-302021: Teardown ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
%ASA-7-609002: Teardown local-host outside:10.30.7.2 duration 0:00:02
%ASA-7-609001: Built local-host outside:10.30.7.2
%ASA-6-302020: Built outbound ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
...
Each attempt to ping responds with "Request timed out" on the computer of ping.
Why clients cannot mutually ping on the VPN tunnel?
Hello
Create a NAT0 ACL at both ends.
ex: 10.30.0.0 ip access-list extended SHEEP 255.255.0.0 allow 10.45.0.0 255.255.0.0
NAT (inside) 0 access-list SHEEP
THX
MS
Edit: at the beginning, I mentioned ACL #, it may not work.
-
Cannot ping the Virtual Machine by host
Hi all,
Please help, I use VMWare Workstation 6.5 and I have a physical operating system which is Windows XP SP2, I have a network card, but not connected to a physical switch, the IP address is 192.168.0.1. I installed a Virtual Machine using Microsoft Windows 2003 server as the operating system, promote as domain controller, install the DHCP, DNS service and assign an IP 192.168.0.2, no default gateway.
My VMnet1 on physical operating system has an IP 192.168.204.1 and VMNet8 has an IP 192.168.126.1.
The host, I cannot ping the 192.168.0.2 which is the IP address of the Virtual Machine. Even in the Virtual Machine, I can not ping 192.168.0.1 is the IP address of the host. From what I read, the physical and the virtual machine were connected with a virtual switch. Am I wrong?
Any advice?
Thanks in advance.
They SEEM to be in different networks, you need search routing between them,... since they differnet networks...
on the other
they do host and the virtual machine on the same subnet / network for EXAMPLE: class C class network 192.168.200.0/24
granting of points if my answer was helpful... Thank you > > > > > > > >
concerning
Joe
-
Cannot ping Lan devices in Vlan
Hello
I looked for a solution to this for the week without success. I came across a Cisco C3560, which is used because of its ability of poe to power some Deskphones Voip. While the works of great poe, machines connected to the switch can only communicate with each other and don't can't ping or otherwise access any device connected directly to the router of the network.
The Cisco switch is configured with a vlan and a default gateway, but nothing comes out by behind the switch. On connected devices can ping by default gateway (192.168.0.1 - a tp-link router), receive a lease dhcp from the router said successfully and can connect to the internet, but on the local network, nothing works. (unable to connect to the printer connetced directly to the router or other computers connected directly to the router.
Any advice? I am new to cisco switches, don't know what I'm doing here. I'm just trying to get devices that are connected directly to the switch to communicate with devices connected directly to the router.
Switch#show runBuilding configuration...
Current configuration : 1528 bytes!version 12.2service configno service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Switch!enable secret 5 {}{}{}{}{}{}{}{}{}{}{}{}!no aaa new-modelclock timezone UTC 2system mtu routing 1500ip subnet-zero!!!!no file verify autospanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!interface FastEthernet0/1!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24 switchport mode access!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1 ip address 192.168.0.26 255.255.255.0 no ip route-cache!ip default-gateway 192.168.0.1ip classlessip default-network 192.168.0.0ip http server!access-list 1 permit any log!control-plane!!line con 0line vty 0 4 password XXXXXXXXX login length 0line vty 5 15 password XXXXXXXX login length 0!end
Switch#show interface
Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 001e.bd27.c4c0 (bia 001e.bd27.c4c0) Internet address is 192.168.0.26/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 3 packets/sec 138534 packets input, 9472693 bytes, 0 no buffer Received 0 broadcasts (68 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 30296 packets output, 2248820 bytes, 0 underruns 0 output errors, 1 interface resets 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c484 (bia 001e.bd27.c484) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:56, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 46000 bits/sec, 37 packets/sec 5 minute output rate 582000 bits/sec, 71 packets/sec 1941044 packets input, 327622438 bytes, 0 no buffer Received 38375 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 30699 multicast, 0 pause input 0 input packets with dribble condition detected 3224783 packets output, 2069682884 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out FastEthernet0/4 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c486 (bia 001e.bd27.c486) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 129069 packets input, 64947010 bytes, 0 no buffer Received 9953 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9759 multicast, 0 pause input 0 input packets with dribble condition detected 600269 packets output, 45540585 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/6 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c488 (bia 001e.bd27.c488) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:50, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 32693 packets input, 4244428 bytes, 0 no buffer Received 9942 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9759 multicast, 0 pause input 0 input packets with dribble condition detected 588460 packets output, 45003331 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/8 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48a (bia 001e.bd27.c48a) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:30, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 32694 packets input, 4243413 bytes, 0 no buffer Received 9934 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9757 multicast, 0 pause input 0 input packets with dribble condition detected 588485 packets output, 45009466 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/12 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48e (bia 001e.bd27.c48e) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:28, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 32742 packets input, 4252075 bytes, 0 no buffer Received 9947 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9763 multicast, 0 pause input 0 input packets with dribble condition detected 588497 packets output, 45019272 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/13 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48f (bia 001e.bd27.c48f) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:13, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 148160 packets input, 73818106 bytes, 0 no buffer Received 9973 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9760 multicast, 0 pause input 0 input packets with dribble condition detected 599666 packets output, 49045070 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/14 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c490 (bia 001e.bd27.c490) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:05, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 129165 packets input, 68409495 bytes, 0 no buffer Received 9982 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9773 multicast, 0 pause input 0 input packets with dribble condition detected 600283 packets output, 45551497 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/18 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c494 (bia 001e.bd27.c494) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:49, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 21000 bits/sec, 18 packets/sec 5 minute output rate 13000 bits/sec, 16 packets/sec 606386 packets input, 88151136 bytes, 0 no buffer Received 159883 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 55198 multicast, 0 pause input 0 input packets with dribble condition detected 941617 packets output, 308269004 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/20 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c496 (bia 001e.bd27.c496) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:54, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 1000 bits/sec, 2 packets/sec 515813 packets input, 87006769 bytes, 0 no buffer Received 21466 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 19952 multicast, 0 pause input 0 input packets with dribble condition detected 1858112 packets output, 1700009146 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/24 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c49a (bia 001e.bd27.c49a) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 546556 packets output, 41182636 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
GigabitEthernet0/1 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 001e.bd27.c481 (bia 001e.bd27.c481) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not set Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX SFP input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 556000 bits/sec, 83 packets/sec 5 minute output rate 76000 bits/sec, 63 packets/sec 4457827 packets input, 3961330567 bytes, 0 no buffer Received 15028 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 11213 multicast, 0 pause input 0 input packets with dribble condition detected 3822373 packets output, 728132696 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
Switch#show vlan
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/21002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 0 01002 fddi 101002 1500 - - - - - 0 01003 tr 101003 1500 - - - - - 0 01004 fdnet 101004 1500 - - - ieee - 0 01005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs------------------------------------------------------------------------------
Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------
Hello
first thing, please edit your post and remove your remote vty lines access password
never send passwords on a public forum for the just in case production equipment
line vty 0 4
password xxxxxx***********************
Your question
What is the configuration of the router as a switch which seems to work correctly you're saying and I configured its doing its job, don't forget you said that you cannot route no between the router and the router switch should take care of this, whats the vlan ports on the router are on is - what the same subnet do they get an ip address in the same subnet off dhcp as devices of switching, if they do, and you cannot ping them to the same subnet theres something upward on the side of the router it would treat for layer 3 routing ip traffic
the ping to the router devices connected to the cisco switch and can the device on the router cannot ping devices switches
If you move a device out of the router and attach it to the doe sit switch still work ok, reach the talk of the internet to other devices on the switch?
As there is a layer 2 switch you don't need this command you have your entry door you can remove it.. .IP default-network 192.168.0.0
-
Peer AnyConnect VPN cannot ping, RDP each other
I have an ASA5505 running ASA 8.3 (1) and ASDM 7.1 (1). I have a remote access VPN set up and remote access users are able to connect and access to network resources. I can ping the VPN peers between the Remote LAN. My problem counterparts VPN cannot ping (RDP, CDR) between them. Ping a VPN peer of reveals another the following error in the log of the SAA.
Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp outside CBC: 10.10.10.8 outside dst: 10.10.10.9 (type 8, code 0) rejected due to the failure of reverse NAT.
Here's my ASA running-config:
ASA Version 8.3 (1)
!
ciscoasa hostname
domain dental.local
activate 9ddwXcOYB3k84G8Q encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
clock timezone CST - 6
clock to summer time recurring CDT
DNS lookup field inside
DNS server-group DefaultDNS
192.168.1.128 server name
domain dental.local
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
network obj_any object
subnet 0.0.0.0 0.0.0.0
network of the RAVPN object
10.10.10.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.10.10.0_28 object
subnet 10.10.10.0 255.255.255.240
network of the NETWORK_OBJ_192.168.1.0_24 object
subnet 192.168.1.0 255.255.255.0
access-list Local_LAN_Access note VPN Customer local LAN access
Local_LAN_Access list standard access allowed host 0.0.0.0
DefaultRAGroup_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
Note VpnPeers access list allow peer vpn ping on the other
permit access list extended ip object NETWORK_OBJ_10.10.10.0_28 object NETWORK_OBJ_10.10.10.0_28 VpnPeers
pager lines 24
Enable logging
asdm of logging of information
logging of information letter
address record [email protected] / * /
exploitation forest-address recipient [email protected] / * / level of information
record level of 1 600 6 rate-limit
Outside 1500 MTU
Within 1500 MTU
mask 10.10.10.5 - 10.10.10.10 255.255.255.0 IP local pool VPNPool
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 711.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside, all) static source all electricity static destination RAVPN RAVPN
NAT (inside, outside) static static source NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28
NAT (inside, outside) static source all all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination
!
network obj_any object
NAT dynamic interface (indoor, outdoor)
network of the RAVPN object
dynamic NAT (all, outside) interface
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Community SNMP-server
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transit
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP ESP-AES-128-SHA ESP - AES - 192 - SHA ESP - AES - 256 - SHA ESP - 3DES - SHA - OF - SHA ESP - AES - 128 - SHA - TRANS ESP - AES - 192 - SHA - TRANS ESP - AES - 256 - SHA - ESP ESP - 3DES - SHA - TRANS TRANS-DES - SHA - TRANS
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
trustpoint crypto ca-CA-SERVER ROOM
LOCAL-CA-SERVER key pair
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN = ciscoasa
billvpnkey key pair
Proxy-loc-transmitter
Configure CRL
crypto ca server
CDP - url http://ciscoasa/+CSCOCA+/asa_ca.crl
name of the issuer CN = ciscoasa
SMTP address [email protected] / * /
crypto certificate chain ca-CA-SERVER ROOM
certificate ca 01
* hidden *.
quit smoking
string encryption ca ASDM_TrustPoint0 certificates
certificate 10bdec50
* hidden *.
quit smoking
crypto ISAKMP allow outside
crypto ISAKMP policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
enable client-implementation to date
Telnet 192.168.1.1 255.255.255.255 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
management-access inside
dhcpd outside auto_config
!
dhcpd address 192.168.1.50 - 192.168.1.99 inside
dhcpd allow inside
!
a basic threat threat detection
threat detection statistics
a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
SSL-trust outside ASDM_TrustPoint0 point
WebVPN
allow outside
SVC disk0:/anyconnect-win-3.1.04072-k9.pkg 1 image
SVC profiles DellStudioClientProfile disk0: / dellstudioclientprofile.xml
enable SVC
tunnel-group-list activate
internal-password enable
chip-tunnel list SmartTunnelList RDP mstsc.exe windows platform
internal DefaultRAGroup group strategy
attributes of Group Policy DefaultRAGroup
Server DNS 192.168.1.128 value
Protocol-tunnel-VPN l2tp ipsec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list DefaultRAGroup_splitTunnelAcl
Dental.local value by default-field
WebVPN
SVC value vpngina modules
internal DefaultRAGroup_1 group strategy
attributes of Group Policy DefaultRAGroup_1
Server DNS 192.168.1.128 value
Protocol-tunnel-VPN l2tp ipsec
Dental.local value by default-field
attributes of Group Policy DfltGrpPolicy
Server DNS 192.168.1.128 value
VPN - 4 concurrent connections
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
value of group-lock RAVPN
value of Split-tunnel-network-list Local_LAN_Access
Dental.local value by default-field
WebVPN
the value of the URL - list DentalMarks
SVC value vpngina modules
SVC value dellstudio type user profiles
SVC request to enable default webvpn
chip-tunnel enable SmartTunnelList
wketchel1 5c5OoeNtCiX6lGih encrypted password username
username wketchel1 attributes
VPN-group-policy DfltGrpPolicy
WebVPN
SVC value DellStudioClientProfile type user profiles
username privilege 15 encrypted password 5c5OoeNtCiX6lGih wketchel
username wketchel attributes
VPN-group-policy DfltGrpPolicy
WebVPN
modules of SVC no
SVC value DellStudioClientProfile type user profiles
jenniferk 5.TcqIFN/4yw0Vq1 of encrypted password privilege 0 username
jenniferk username attributes
VPN-group-policy DfltGrpPolicy
WebVPN
SVC value DellStudioClientProfile type user profiles
attributes global-tunnel-group DefaultRAGroup
address pool VPNPool
LOCAL authority-server-group
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared key *.
tunnel-group DefaultRAGroup ppp-attributes
PAP Authentication
ms-chap-v2 authentication
eap-proxy authentication
type tunnel-group RAVPN remote access
attributes global-tunnel-group RAVPN
address pool VPNPool
LOCAL authority-server-group
tunnel-group RAVPN webvpn-attributes
enable RAVPN group-alias
IPSec-attributes tunnel-group RAVPN
pre-shared key *.
tunnel-group RAVPN ppp-attributes
PAP Authentication
ms-chap-v2 authentication
eap-proxy authentication
type tunnel-group WebSSLVPN remote access
tunnel-group WebSSLVPN webvpn-attributes
enable WebSSLVPN group-alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
173.194.64.108 SMTP server
context of prompt hostname
HPM topN enable
Cryptochecksum:3304bf6dcf6af5804a21e9024da3a6f8
: end
Hello
Seems to me that you can clean the current NAT configuration a bit and make it a little clearer.
I suggest the following changes
network of the VPN-POOL object
10.10.10.0 subnet 255.255.255.0
the object of the LAN network
subnet 192.168.1.0 255.255.255.0
PAT-SOURCE network object-group
object-network 192.168.1.0 255.255.255.0
object-network 10.10.10.0 255.255.255.0
NAT static destination LAN LAN (indoor, outdoor) static source VPN-VPN-POOL
destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL
NAT interface (it is, outside) the after-service automatic PAT-SOURCE dynamic source
The above should allow
- Dynamic PAT for LAN and VPN users
- NAT0 for traffic between the VPN and LAN
- NAT0 for traffic between the VPN users
You can then delete the previous NAT configurations. Naturally, please save the configuration before you make the change, if you want to revert to the original configuration.
no static source nat (inside, everything) all electricity static destination RAVPN RAVPN
No source (indoor, outdoor) nat static static NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28
No source (indoor, outdoor) nat static everything all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination
No network obj_any object
No network object RAVPN
In case you do not want to change the settings a lot you might be right by adding this
network of the VPN-POOL object
10.10.10.0 subnet 255.255.255.0
destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL
But the other above configurations changes would make NAT configurations currently simpler and clearer to see every goal of "nat" configurations.
-Jouni
-
Nested Hyper-V VM cannot ping the default gateway
Hello
At first, I have to say that I don't consider myself an expert produced a VMware.
I've been struggling with my test environment nested for a while and finally decided to get help (I hope) of pros.
Environment looks like this:
- Physical VMware ESXi 5.1.0 ("Promiscuous" mode enabled for the vSwitch)
- Couple of virtual machines, one of them being Hyper-V (Windows Server 2012 R2) server that is configured for nested virtualization - 10.106.5.27
- On the Hyper-V server, I have a VM in Windows Server 2012 R2 - 10.106.5.28
- Couple of virtual machines, one of them being Hyper-V (Windows Server 2012 R2) server that is configured for nested virtualization - 10.106.5.27
Hyper-V server has a NETWORK card and full network connectivity (internal and external: Internet) and in the Hyper-V Manager, a virtual switch is configured in external mode.
VM is connected to this virtual switch via a virtual network adapter. It has public static IP assigned with mask subnet, default gateway, and DNS even as a Hyper-V host. I ping times by IP and DNS name of the host of VM and vice versa. I cannot ping other resources of the virtual machine as the default gateway and DNS ("request timed") servers out. State of the network in the network and sharing Center is VM:
- unidentified network
- Public network
- type of access: no internet access
When I run the tool for troubleshooting problems on VM, he says "the default gateway is not available". As I said I can not ping.
I think that all my connectivity problems are caused by the unavailability of the gateway by default on the virtual machine, but I have no idea how to solve this problem. When you change the settings of the VM card from static to DHCP I can't even ping on the Hyper-V host.
All servers are joined to the same domain (VM has been migrated to ESXi, so he joined to the domain before, but I can't connect to using domain accounts, probably due to network issue).
I hope I described the problem enough, but please let me know if you need more information.
Try to activate forged passes also on the vSphere vSwitch as you do for the Promiscuous Mode.
- Physical VMware ESXi 5.1.0 ("Promiscuous" mode enabled for the vSwitch)
-
Cannot ping new addresses IP vmkernel
I created a few exchanges of vmkernel iSCSI in new bond for our 10G storage on a new vSwitch but I can't ping the IP addresses assigned to them (10.1.45.187 and 188). I have the same setup on a different host and it works very well. I swapped the connections on the 10G switch with those of the host of work as well as cables, so I know it isn't a switch port, the switch config issue or the cable. I even swapped the IP with the work those just to make sure.
But if I SSH to another host on the same network I can ping those IP vmkernal addresses I can't from my desktop. I can also ping vmkernel IP addresses on the host of my office work that is on the same subnet as the host of non-working. I cannot ping the vmkernel IPs of a host on a different subnet, but can ping ports vmkernel work of host to a host on another subnet.
I don't know that it's just something simple that I'm missing... I hope!
Don't ask me why I have not found this before, but here's the answer to my question. I can give me points?
VMware KB: Ping ICMP in 5.1 and 5.5 ESXi ESXi response behavior change
-
Difficulty ping between the hosts and guests
Hello
I want to establish network connectivity between my host OS (XPsp3) and my guests (CentOS5.5 and Windows 7).
So far, I can ping between guests, but not between host and guest, or comments to the host. When I try, I get a message "destination host unreachable".
When I configured my virtual machines in a first time, I put them to 'Host-Only' and I need to keep it like that for the purpose of what I do with them - which is the problem?
Ipconfig and ifconfig outs of machines attached.
Bests
Adam
... If you use VMware Workstation, you could also reconfigure VMnet1 in the 192.168. 8.x subnet using the "Virtual Network Editor"
André
-
Cannot switch between multiple Time Machine backups
I generally save my 2010 Macbook Pro to a 2012 Time Capsule, which is attached to my router via an ethernet cable (most recent) wireless. On a trip, I make the additional backups on an external hard drive. However, when I go home and try to return to the TC, my internal HD is now on the time Machine "Exclude" list and cannot be removed (greyed out). When I try to save, I get a message saying "no disks are available to back up."
What has happened a few times, and the only solution I could find was to delete my original Time Machine backup and put a new (which took forever).
Any ideas why my HD internal is added to the exclusion list after using Time Machine with an external hard drive?
Time Machine backups on a network drive or a disc attached locally stored in different formats. Switching between them was not in the overall theme of the design of this service of OS X.
I suggest that you set up Time Machine to use multiple disks.
FWIW, in my case, I backup destinations, Time Machine on a Time Capsule and an external hard drive of 2 bolt of lightning. When both are available, the time goes 'take turns' Machine backup on each drive.
If a disk is not available, it backs up to that which is, and which ignores the backup of the other. When the two are connected again, backups continue on both.
Maybe you are looking for
-
Display the plus sign for positive numbers
I see in format > cell > data format > numbering system there is a checkbox for «represent negative numbers using the sign less» Ability to wear a sign "+" for positive numbers?
-
SCAM TO RENEW THE WINDOWS XP?
I received a call from www.curingyourpc.com, saying that I needed to update my WINDOWS security, and that I had to immediately before the new year. I didn't understand what they were trying to tell me, but I think they said I'm unprotected now and m
-
Why my PC can't connect to bluetooth?
Why can't connect me my phone via bluetooth for my laptop
-
Image Enhancement off when put in charge.
Hey,. I have xperiaz2. I put x-reality for mobile/Super Vivid mode in option for Image improvement. But every time that I put the my phone on charge on the next time I found Image enhancement is in the off State. What is automatically disabled. Any i
-
How to disable the right-click in Flash canvas
How to disable the right-click in Flash canvas