Instances of VMware cannot ping between them somehow...

Similar Questions

• cannot ping between remote vpn site?

  vpn l2l site A, site B is extension vpn network, connect to the same vpn device 5510 to the central office and work well.  I can ping from central office for two remote sites, but I cannot ping between these two vpn sites?  Tried to debug icmp, I can see the icmp side did reach central office but then disappeared! do not send B next?  Help, please...

  permit same-security-traffic inter-interface
  permit same-security-traffic intra-interface
  !
  object-group network SITE-a.
  object-network 192.168.42.0 255.255.255.0
  !
  object-group network SITE-B
  object-network 192.168.46.0 255.255.255.0
  !
  extended OUTSIDE allowed a whole icmp access list
  HOLT-VPN-ACL extended access-list allow ip object-CBO-NET object group SITE-a.
  !
  destination SITE-a NAT (outside, outside) static source SITE - a static SITE to SITE-B-B
  !
  address for correspondence card crypto VPN-card 50 HOLT-VPN-ACL
  card crypto VPN-card 50 peers set *. *.56.250
  card crypto VPN-card 50 set transform-set AES-256-SHA ikev1
  VPN-card interface card crypto outside
  !
  internal strategy group to DISTANCE-NETEXTENSION
  Remote CONTROL-NETEXTENSION group policy attributes
  value of DNS server *. *. *. *
  VPN-idle-timeout no
  Ikev1 VPN-tunnel-Protocol
  Split-tunnel-policy tunnelspecified
  Split-tunnel-network-list value REMOTE-NET2
  value by default-field *.org
  allow to NEM
  !
  remote access of type tunnel-group to DISTANCE-NETEXTENSION
  Global DISTANCE-NETEXTENSION-attributes tunnel-group
  authentication-server-group (inside) LOCAL
  Group Policy - by default-remote CONTROL-NETEXTENSION
  IPSec-attributes tunnel-group to DISTANCE-NETEXTENSION
  IKEv1 pre-shared-key *.
  tunnel-group *. *.56.250 type ipsec-l2l
  tunnel-group *. *.56.250 ipsec-attributes
  IKEv1 pre-shared-key *.
  !

  !

  ASA - 5510 # display route. include the 192.168.42
  S 192.168.42.0 255.255.255.0 [1/0] via *. *. 80.1, outside
  ASA - 5510 # display route. include the 192.168.46
  S 192.168.46.0 255.255.255.0 [1/0] via *. *. 80.1, outside
  ASA-5510.

  !
  Username: Laporte-don't Index: 10
  Assigned IP: 192.168.46.0 public IP address: *. *.65.201
  Protocol: IKEv1 IPsecOverNatT
  License: Another VPN
  Encryption: 3DES hash: SHA1
  TX Bytes: bytes 11667685 Rx: 1604235
  Group Policy: Group remote CONTROL-NETEXTENSION Tunnel: remote CONTROL-NETEXTENSION
  Opening time: 08:19:12 IS Thursday, February 12, 2015
  Duration: 6 h: 53 m: 29 s
  Inactivity: 0 h: 00 m: 00s
  Result of the NAC: unknown
  Map VLANS: VLAN n/a: no
  !
  ASA - 5510 # display l2l vpn-sessiondb

  Session type: LAN-to-LAN

  Connection: *. *.56.250
  Index: 6 IP Addr: *. *.56.250
  Protocol: IPsec IKEv1
  Encryption: AES256 3DES hash: SHA1
  TX Bytes: bytes 2931026707 Rx: 256715895
  Connect time: 02:00:41 GMT Thursday, February 12, 2015
  Duration: 13: 00: 10:00

  Hi Rico,

  You need dynamic nat (for available IP addresses) for the two side to every subset of remote access to the other side remote subnet and so they can access every other subnet as if both from the traffic from your central location.

  example:

  Say, this IP (10.10.10.254) is unused IP to the central office, allowed to access remote tunnel 'A' and 'B' of the site.

  object-group network SITE-a.
  object-network 192.168.42.0 255.255.255.0
  !
  object-group network SITE-B
  object-network 192.168.46.0 255.255.255.0

  dynamic source destination SITE-a. 10.10.10.254 NAT (outdoors, outdoor)
  public static SITE SITE-B-B

  destination NAT (outdoors, outdoor) SITE-B 10.10.10.254 dynamic source
  SITE static-SITE a

  Hope this helps

  Thank you

  Rizwan James

• Cannot ping between virtual servers on the same host

  I have a 5 ESXi host with 3 virtual copies of Windows Server 2008R2 running on them. The ESXi host is connected to my switch, which has the Windows 2008 R2 DC to my test network and my laptop management with VSphere branch above as well. I can ping host, mobile and ad server of each of the individual virtual servers and can ping and RDP for all 3 from other devices not on that host, but I cannot communicate between the three. I have Windows Firewall disabled on all three. I have no firewall, and all machines have an IP address in the 10.0.0.X range I deleted then recreated the only virtual switch on the host on which appear all 3. I've been VERY frustrated for the last 3 days on it. Why my virtual machine cannot talk to each other?

  When you have registered virtual machines in ESX you selected moved VM or Coiped VM? Go to editing parameters and watch the MAC addresses. My guess is that if you copied power (including the vmx files) then the MAC address is the same for all virtual machines. You can stop the machine and change for a MAC address mac address. You can also remove the network adapters, one of each, and then add the new network cards. Remember to reconfigure the IP addresses on the box and remove the ghost network maps after doing this.

  Check this KB to change the mac address.

  http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalID=507

  Also, can you connect to the switch and look at the ARP table and see if the system VMs register here.

• Reference Dell powerconnect 5524 cannot ping between coelio and trunk port

  Hello...

  We set up a new switch of 5524 I untagged on vlan 20 and access ports where vlan 20 I allowed. I created a computer on the access port on the same trunk port ip net... cant ping beween them. I'm no expert of switch, so I wonder what I missed. I did the same thing on a dell old 3524 and it works directly...

  Here's the port config I tried to do a ping beween is 6 and 10 ports

  (Another thing, how how to remove):

  switchport mode trunk
  switchport access vlan none)

  Any help would be greatly appreciated!

  interface vlan 1
  IP 88.131.90.252 255.255.255.240
  !
  interface vlan 5
  the name 'SCE CJA'
  !
  interface vlan 6
  the name "out of Tele2.
  !
  interface vlan 7
  name "Outside Telenor"
  !
  interface vlan 8
  name "TDC Multivrf"
  !
  interface vlan 20
  TDC-CISCO-LAN name
  !
  [0mMore: , quit: q or CTRL + Z, one line: interface vlan 21]
  the name "FW inside."
  !
  interface vlan 99
  name «FW sync»
  !
  gigabitethernet1/0/1 interface
  Description CPE1
  switchport access vlan 5
  !
  interface gigabitethernet1/0/2
  Description CPE2
  switchport access vlan 5
  !
  interface gigabitethernet1/0/3
  Df description
  spanning tree portfast
  switchport mode trunk
  switchport access vlan no
  !
  interface gigabitethernet1/0/4
  Description Oupps-cb2
  [0mMore: , quit: q or CTRL + Z, a single line: spanning tree portfast]
  switchport mode trunk
  switchport access vlan no
  !
  interface gigabitethernet1/0/5
  Upp-ccm1 description
  spanning tree portfast
  switchport access vlan 20
  !
  interface gigabitethernet1/0/6
  Oupps-ccm2 description
  spanning tree portfast
  switchport access vlan 20
  !
  interface gigabitethernet1/0/7
  Tdc-multivrf1 description
  switchport access vlan 8
  !
  interface gigabitethernet1/0/8
  TDC-multivrf2 description
  switchport access vlan 8
  !
  [0mMore: , quit: q or CTRL + Z, one line: interface gigabitethernet1/0/9]
  Description Oupps-cb-tq03
  spanning tree portfast
  switchport mode trunk
  !
  interface gigabitethernet1/0/10
  Description Oupps-cb-tq04
  spanning tree portfast
  switchport mode trunk
  !
  interface gigabitethernet1/0/11
  Tele2-outside description
  switchport access vlan 6
  !
  interface gigabitethernet1/0/12
  Tele2-outside description
  switchport access vlan 6
  !
  interface gigabitethernet1/0/13
  Telenor-outside description
  switchport access vlan 7
  !
  [0mMore: , quit: q or CTRL + Z, one line: interface gigabitethernet1/0/14]
  Telenor-outside description
  switchport access vlan 7
  !
  interface gigabitethernet1/0/15
  Description Word-Oupps-fw-tq01-inside
  switchport mode trunk
  !
  interface gigabitethernet1/0/16
  Description Word-Oupps-fw-tq02-inside
  switchport mode trunk
  !
  interface gigabitethernet1/0/17
  FW-sync description
  switchport access vlan 99
  !
  interface gigabitethernet1/0/18
  FW-sync description
  switchport access vlan 99
  !
  interface gigabitethernet1/0/19
  Description Word-Oupps-fw-tq01-outside
  [0mMore: , quit: q or CTRL + Z, a single line: switchport mode trunk]
  !
  interface gigabitethernet1/0/20
  Description Word-Oupps-fw-tq02-outside
  switchport mode trunk
  !
  interface gigabitethernet1/0/22
  FW-Sync description
  switchport access vlan 99
  !
  interface gigabitethernet1/0/23
  Description Word-Oupps-FW-tq01-outside
  192.168.11.1 IP address 255.255.255.0
  switchport mode trunk
  !
  interface gigabitethernet1/0/24
  Description Word-AIN-LAN-SW
  switchport access vlan 20
  !
  IP route 0.0.0.0 0.0.0.0 88.131.90.241

  [0mMore: , quit: q or CTRL + Z, a single line:]

  Information of VLAN

  The name of the VLAN Tag Ports Ports unmarked Type permission
  ---- ------------ ------------------ ------------------ --------- -------------
  1 1 article gi1/0/3-4, default required
  Article gi1/0/9-10
  item in gi1/0/15-16,
  item in gi1/0/19-21,
  item in gi1/0/23,
  item in gi1/0/25-48,
  TE1/0/1-2.
  GI2/0/1-48.
  TE2/0/1-2.
  IG3/0/1-48.
  TE3/0/1-2.
  IG4/0/1-48.
  TE4/0/1-2.
  IG5/0/1-48.
  TE5/0/1-2.
  GI6/0/1-48.
  TE6/0/1-2.
  gi7/0/1-48.
  TE7/0/1-2.
  gi8/0/1-48.
  TE8/0/1-2, m 1-32
  5 CPE TDC article gi1/0/3-4, item in gi1/0/1-2 permanent required
  [0mMore: , quit: q or CTRL + Z, one line: article gi1/0/9-10]
  item in gi1/0/15-16,
  item in gi1/0/19-20,
  item in gi1/0/23
  6 outside section gi1/0/3-4, item in gi1/0/11-12 permanent required
  Tele2 item in gi1/0/9-10,
  item in gi1/0/15-16,
  item in gi1/0/19-20,
  item in gi1/0/23
  7 outside article gi1/0/3-4, item in gi1/0/13-14 required permanent
  Telenor item in gi1/0/9-10,
  item in gi1/0/15-16,
  item in gi1/0/19-20,
  item in gi1/0/23
  8 TDC Multivrf item in gi1/0/3-4, item in gi1/0/7-8 permanent required
  Article gi1/0/9-10
  item in gi1/0/15-16,
  item in gi1/0/19-20,
  item in gi1/0/23
  TDC-CISCO-LA 20, article gi1/0/3-4, item in gi1/0/5-6, item in gi1/0/24 required permanent
  N item in gi1/0/9-10,
  item in gi1/0/15-16,
  [0mMore: , quit: q or CTRL + Z, one line: item in gi1/0/19-20,]
  item in gi1/0/23

  In safe mode the PVID is 1 VLAN by default. You can do this by entering the command #switchport trunk vlan native {number of vlan}. If Cisco is configured to accept and send the marked packets and has an IP address in the subnet of VLAN 20, it should be able to communicate with other devices in VLAN 20.

• Cisco ASA 5520 cannot ping between VPN Tunnels

  I have the main site and sites A and B.  A to connect to the hand and B connects to the main.  I can ping from A hand and has for main.  I can ping from main to B and B to main.  However, I can not ping from A to B.  A and B are sonicwall 2040 and main is a 5520.  The question should not be with the 5520 none allowing traffic between the two VPN Tunnels, but I can't understand why it does not work.  Can someone give an idea on that?  Thanks in advance.

  Hello

  I see that you use ASDM. Always makes my eyes bleed when I need to look at the DM_INLINE of named objects and try to make sense the CLI format

  Seems to me that there are problems with the NAT.

  If you don't mind a small break between the main Site and remote locations, I'd say changing some follows the NAT configuration

  Remove old

  no nat source (indoor, outdoor) public static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_10 DM_INLINE_NETWORK_10 non-proxy-arp-search of route static destination

  no nat source (indoor, outdoor) public static DM_INLINE_NETWORK_11 DM_INLINE_NETWORK_11 DM_INLINE_NETWORK_12 DM_INLINE_NETWORK_12 non-proxy-arp-search of route static destination

  Add a new

  object-group network NETWORK-2790

  object-network 10.217.0.0 255.255.255.0

  object-network 10.217.1.0 255.255.255.0

  object-group network NETWORK-3820

  object-network 10.216.0.0 255.255.255.0

  object-network 10.216.1.0 255.255.255.0

  object-group network NETWORK-COLO

  object-net 10.8.0.0 255.255.255.0

  destination of NETWORK of NETWORK-2790-2790 static NAT (outside, outside) static source NETWORK - 3820 - 3820

  NAT static destination of NETWORK of NETWORK-COLO-COLO (indoor, outdoor) static source NETWORK - 2790 - 2790

  NAT static destination of NETWORK of NETWORK-COLO-COLO (indoor, outdoor) static source NETWORK - 3820 - 3820

  The first new line of configuring NAT manages the NAT0 configuration for traffic between SiteA and SiteB. The following configurations of NAT 2 manage the NAT0 for traffic between the main Site - hand Site SiteA - SiteB

  -Jouni

• Hosts distributed Virtual Switch cannot ping each other

  host of vSphere 4.0, introduced 2 vSphpere B and C hosts and all put in a switch of distruduted to VMkernal network. Only the host can vmkping has a virtual machine that was put into the same switch and the VM also ping on host A. But, 3 hosts cannot vmkping between them, and B and C cannot vmkpng the virtual machine.

  What is the problem and how can I solve this problem?

  Thank you.

  George

  No, this is not typical of a vDS.  Try starting here:

  http://www.VMware.com/files/PDF/vSphere-vNetwork-DS-migration-configuration-WP.PDF

  http://www.VMware.com/files/PDF/vSphere-vNetwork-deployment-WP.PDF

  If you have found this helpful at all prices please points using the correct or useful!  Thank you!

• I have two computers in Windows 7 which will not each other on my network. All other computers will see and can share files, but they connect between them.

  My HP laptop has installed Win7 Ult, the Fujitus Win7 Pro.

  Both computers were sharing the files back, outside a residential group, for a period of time. One day, they are stopped. No changes have been made to computers. I tried a restore of the system on each of them, and it did not help. I re windows loaded on the HP and that did not help. I don't think that it is only a permission of the questions that I used a windows machine 7 third to map actions to each of the individual laptops using their respective IDs. I can transfer files from one of them the "machine in the middle", then the action of the other, or as a copy/paste between them directly.

  WSD and NetBT will not solve one machine for others, but all other computers on the network will dispay on each machine. Only, they refuse to see each other. I have disabled the firewall. Password protected sharing, ensured that all netbios in the registry settings are correct. Pings between them are inaccessible returnded.

  Any help would be appreciated.

  Thank you!

  Hi Jonathan,.

  I see that you two computers on the network cannot see each other. I'll help you with this problem.

  1. don't you make changes to the computers?

  2 are computers on a domain network?

  3. do you have a router connected to these computers?

  Method 1:

  Open the HomeGroup troubleshooter

  http://Windows.Microsoft.com/en-us/Windows7/open-the-HomeGroup-Troubleshooter

  Method 2.

  Make sure that the following services are enabled on the computer.

  (a) click Start, type "services.msc" in the search and click on services. Verify that these services are enabled:

  -TCP/IP NetBIOS Helper service

  -DNS Client

  -Function Discovery Resource Publication

  -SSDP Discovery

  -UPnP device host

  To start the service and set it to automatic, follow these steps:

  (b) right click on each of the services listed above and click Properties.

  (c) click the general tab, and then, next to startup type, select automatic.

  (d) click on apply and then click Start.

  Method 3.

  I suggest you follow the steps in this article.

  Enable or disable network discovery: http://windows.microsoft.com/en-US/windows7/Enable-or-disable-network-discovery

  Method 4:

  Why can't I connect to other computers?

  http://Windows.Microsoft.com/en-us/Windows7/why-can-t-I-connect-to-other-computers

  Refer.

  Homegroup:

  http://Windows.Microsoft.com/en-CA/Windows7/products/features/HomeGroup

  Let us know if you need assistance with any windows problem. We will be happy to help you.

• Site to site between ASA 8.2 VPN, cannot ping

  Two 8.2 ASA is configured with a VPN tunnel from site to site, as shown in the diagram:

  

  Here is my setup for both.

  Clients on the inside network to the ASA cannot ping inside, network clients, else the ASA. Why not?

  When the rattling from inside network SALMONARM inside network of KAMLOOPS, the following debug logs can be seen on SALMONARM:

  %ASA-7-609001: Built local-host outside:10.30.7.2
  %ASA-6-302020: Built outbound ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
  %ASA-6-302021: Teardown ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
  %ASA-7-609002: Teardown local-host outside:10.30.7.2 duration 0:00:02
  %ASA-7-609001: Built local-host outside:10.30.7.2
  %ASA-6-302020: Built outbound ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
  %ASA-6-302021: Teardown ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
  %ASA-7-609002: Teardown local-host outside:10.30.7.2 duration 0:00:02
  %ASA-7-609001: Built local-host outside:10.30.7.2
  %ASA-6-302020: Built outbound ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
  ...
  

  Each attempt to ping responds with "Request timed out" on the computer of ping.

  Why clients cannot mutually ping on the VPN tunnel?

  Hello

  Create a NAT0 ACL at both ends.

  ex: 10.30.0.0 ip access-list extended SHEEP 255.255.0.0 allow 10.45.0.0 255.255.0.0

  NAT (inside) 0 access-list SHEEP

  THX

  MS

  Edit: at the beginning, I mentioned ACL #, it may not work.

• Cannot ping the Virtual Machine by host

  Hi all,

  Please help, I use VMWare Workstation 6.5 and I have a physical operating system which is Windows XP SP2, I have a network card, but not connected to a physical switch, the IP address is 192.168.0.1. I installed a Virtual Machine using Microsoft Windows 2003 server as the operating system, promote as domain controller, install the DHCP, DNS service and assign an IP 192.168.0.2, no default gateway.

  My VMnet1 on physical operating system has an IP 192.168.204.1 and VMNet8 has an IP 192.168.126.1.

  The host, I cannot ping the 192.168.0.2 which is the IP address of the Virtual Machine. Even in the Virtual Machine, I can not ping 192.168.0.1 is the IP address of the host. From what I read, the physical and the virtual machine were connected with a virtual switch. Am I wrong?

  Any advice?

  Thanks in advance.

  They SEEM to be in different networks, you need search routing between them,... since they differnet networks...

  on the other

  they do host and the virtual machine on the same subnet / network for EXAMPLE: class C class network 192.168.200.0/24

  granting of points if my answer was helpful... Thank you > > > > > > > >

  concerning

  Joe

• Cannot ping Lan devices in Vlan

  Hello

  I looked for a solution to this for the week without success. I came across a Cisco C3560, which is used because of its ability of poe to power some Deskphones Voip. While the works of great poe, machines connected to the switch can only communicate with each other and don't can't ping or otherwise access any device connected directly to the router of the network.

  The Cisco switch is configured with a vlan and a default gateway, but nothing comes out by behind the switch. On connected devices can ping by default gateway (192.168.0.1 - a tp-link router), receive a lease dhcp from the router said successfully and can connect to the internet, but on the local network, nothing works. (unable to connect to the printer connetced directly to the router or other computers connected directly to the router.

  Any advice? I am new to cisco switches, don't know what I'm doing here. I'm just trying to get devices that are connected directly to the switch to communicate with devices connected directly to the router.

  Switch#show runBuilding configuration...

  Current configuration : 1528 bytes!version 12.2service configno service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Switch!enable secret 5 {}{}{}{}{}{}{}{}{}{}{}{}!no aaa new-modelclock timezone UTC 2system mtu routing 1500ip subnet-zero!!!!no file verify autospanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!interface FastEthernet0/1!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24 switchport mode access!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1 ip address 192.168.0.26 255.255.255.0 no ip route-cache!ip default-gateway 192.168.0.1ip classlessip default-network 192.168.0.0ip http server!access-list 1 permit any log!control-plane!!line con 0line vty 0 4 password XXXXXXXXX login length 0line vty 5 15 password XXXXXXXX login length 0!end

   Switch#show interface

  Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 001e.bd27.c4c0 (bia 001e.bd27.c4c0) Internet address is 192.168.0.26/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 3 packets/sec 138534 packets input, 9472693 bytes, 0 no buffer Received 0 broadcasts (68 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 30296 packets output, 2248820 bytes, 0 underruns 0 output errors, 1 interface resets 0 output buffer failures, 0 output buffers swapped out

  FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c484 (bia 001e.bd27.c484) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:56, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 46000 bits/sec, 37 packets/sec 5 minute output rate 582000 bits/sec, 71 packets/sec 1941044 packets input, 327622438 bytes, 0 no buffer Received 38375 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 30699 multicast, 0 pause input 0 input packets with dribble condition detected 3224783 packets output, 2069682884 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
  
  FastEthernet0/4 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c486 (bia 001e.bd27.c486) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 129069 packets input, 64947010 bytes, 0 no buffer Received 9953 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9759 multicast, 0 pause input 0 input packets with dribble condition detected 600269 packets output, 45540585 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

  FastEthernet0/6 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c488 (bia 001e.bd27.c488) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:50, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 32693 packets input, 4244428 bytes, 0 no buffer Received 9942 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9759 multicast, 0 pause input 0 input packets with dribble condition detected 588460 packets output, 45003331 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

  FastEthernet0/8 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48a (bia 001e.bd27.c48a) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:30, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 32694 packets input, 4243413 bytes, 0 no buffer Received 9934 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9757 multicast, 0 pause input 0 input packets with dribble condition detected 588485 packets output, 45009466 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

  FastEthernet0/12 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48e (bia 001e.bd27.c48e) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:28, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 32742 packets input, 4252075 bytes, 0 no buffer Received 9947 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9763 multicast, 0 pause input 0 input packets with dribble condition detected 588497 packets output, 45019272 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

  FastEthernet0/13 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48f (bia 001e.bd27.c48f) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:13, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 148160 packets input, 73818106 bytes, 0 no buffer Received 9973 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9760 multicast, 0 pause input 0 input packets with dribble condition detected 599666 packets output, 49045070 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

  FastEthernet0/14 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c490 (bia 001e.bd27.c490) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:05, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 129165 packets input, 68409495 bytes, 0 no buffer Received 9982 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9773 multicast, 0 pause input 0 input packets with dribble condition detected 600283 packets output, 45551497 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

  FastEthernet0/18 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c494 (bia 001e.bd27.c494) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:49, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 21000 bits/sec, 18 packets/sec 5 minute output rate 13000 bits/sec, 16 packets/sec 606386 packets input, 88151136 bytes, 0 no buffer Received 159883 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 55198 multicast, 0 pause input 0 input packets with dribble condition detected 941617 packets output, 308269004 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

  FastEthernet0/20 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c496 (bia 001e.bd27.c496) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:54, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 1000 bits/sec, 2 packets/sec 515813 packets input, 87006769 bytes, 0 no buffer Received 21466 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 19952 multicast, 0 pause input 0 input packets with dribble condition detected 1858112 packets output, 1700009146 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

  FastEthernet0/24 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c49a (bia 001e.bd27.c49a) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 546556 packets output, 41182636 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out

  GigabitEthernet0/1 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 001e.bd27.c481 (bia 001e.bd27.c481) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not set Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX SFP input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 556000 bits/sec, 83 packets/sec 5 minute output rate 76000 bits/sec, 63 packets/sec 4457827 packets input, 3961330567 bytes, 0 no buffer Received 15028 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 11213 multicast, 0 pause input 0 input packets with dribble condition detected 3822373 packets output, 728132696 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
  
  

  Switch#show vlan

  VLAN Name     Status         Ports---- -------------------------------- --------- -------------------------------1     default active    Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16                        Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/21002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsup

  VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 0 01002 fddi 101002 1500 - - - - - 0 01003 tr 101003 1500 - - - - - 0 01004 fdnet 101004 1500 - - - ieee - 0 01005 trnet 101005 1500 - - - ibm - 0 0

  Remote SPAN VLANs------------------------------------------------------------------------------

  Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------

  Hello

  first thing, please edit your post and remove your remote vty lines access password

  never send passwords on a public forum for the just in case production equipment

  line vty 0 4
  password xxxxxx

  ***********************

  Your question

  What is the configuration of the router as a switch which seems to work correctly you're saying and I configured its doing its job, don't forget you said that you cannot route no between the router and the router switch should take care of this, whats the vlan ports on the router are on is - what the same subnet do they get an ip address in the same subnet off dhcp as devices of switching, if they do, and you cannot ping them to the same subnet theres something upward on the side of the router it would treat for layer 3 routing ip traffic

  the ping to the router devices connected to the cisco switch and can the device on the router cannot ping devices switches

  If you move a device out of the router and attach it to the doe sit switch still work ok, reach the talk of the internet to other devices on the switch?

  As there is a layer 2 switch you don't need this command you have your entry door you can remove it.. .IP default-network 192.168.0.0

• Peer AnyConnect VPN cannot ping, RDP each other

  I have an ASA5505 running ASA 8.3 (1) and ASDM 7.1 (1).  I have a remote access VPN set up and remote access users are able to connect and access to network resources.   I can ping the VPN peers between the Remote LAN.    My problem counterparts VPN cannot ping (RDP, CDR) between them.   Ping a VPN peer of reveals another the following error in the log of the SAA.

  Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp outside CBC: 10.10.10.8 outside dst: 10.10.10.9 (type 8, code 0) rejected due to the failure of reverse NAT.

  Here's my ASA running-config:

  ASA Version 8.3 (1)

  !

  ciscoasa hostname

  domain dental.local

  activate 9ddwXcOYB3k84G8Q encrypted password

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address dhcp setroute

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  passive FTP mode

  clock timezone CST - 6

  clock to summer time recurring CDT

  DNS lookup field inside

  DNS server-group DefaultDNS

  192.168.1.128 server name

  domain dental.local

  permit same-security-traffic inter-interface

  permit same-security-traffic intra-interface

  network obj_any object

  subnet 0.0.0.0 0.0.0.0

  network of the RAVPN object

  10.10.10.0 subnet 255.255.255.0

  network of the NETWORK_OBJ_10.10.10.0_28 object

  subnet 10.10.10.0 255.255.255.240

  network of the NETWORK_OBJ_192.168.1.0_24 object

  subnet 192.168.1.0 255.255.255.0

  access-list Local_LAN_Access note VPN Customer local LAN access

  Local_LAN_Access list standard access allowed host 0.0.0.0

  DefaultRAGroup_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0

  Note VpnPeers access list allow peer vpn ping on the other

  permit access list extended ip object NETWORK_OBJ_10.10.10.0_28 object NETWORK_OBJ_10.10.10.0_28 VpnPeers

  pager lines 24

  Enable logging

  asdm of logging of information

  logging of information letter

  address record [email protected] / * /

  exploitation forest-address recipient [email protected] / * / level of information

  record level of 1 600 6 rate-limit

  Outside 1500 MTU

  Within 1500 MTU

  mask 10.10.10.5 - 10.10.10.10 255.255.255.0 IP local pool VPNPool

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 711.bin

  don't allow no asdm history

  ARP timeout 14400

  NAT (inside, all) static source all electricity static destination RAVPN RAVPN

  NAT (inside, outside) static static source NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28

  NAT (inside, outside) static source all all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination

  !

  network obj_any object

  NAT dynamic interface (indoor, outdoor)

  network of the RAVPN object

  dynamic NAT (all, outside) interface

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  dynamic-access-policy-registration DfltAccessPolicy

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Community SNMP-server

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transit

  Crypto ipsec transform-set ESP-DES-SHA-TRANS esp - esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-SHA-TRANS mode transit

  Crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transit

  Crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transit

  Crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transit

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP ESP-AES-128-SHA ESP - AES - 192 - SHA ESP - AES - 256 - SHA ESP - 3DES - SHA - OF - SHA ESP - AES - 128 - SHA - TRANS ESP - AES - 192 - SHA - TRANS ESP - AES - 256 - SHA - ESP ESP - 3DES - SHA - TRANS TRANS-DES - SHA - TRANS

  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

  outside_map interface card crypto outside

  trustpoint crypto ca-CA-SERVER ROOM

  LOCAL-CA-SERVER key pair

  Configure CRL

  Crypto ca trustpoint ASDM_TrustPoint0

  registration auto

  name of the object CN = ciscoasa

  billvpnkey key pair

  Proxy-loc-transmitter

  Configure CRL

  crypto ca server

  CDP - url http://ciscoasa/+CSCOCA+/asa_ca.crl

  name of the issuer CN = ciscoasa

  SMTP address [email protected] / * /

  crypto certificate chain ca-CA-SERVER ROOM

  certificate ca 01

  * hidden *.

  quit smoking

  string encryption ca ASDM_TrustPoint0 certificates

  certificate 10bdec50

  * hidden *.

  quit smoking

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  authentication crack

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 20

  authentication rsa - sig

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 30

  preshared authentication

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 40

  authentication crack

  aes-192 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 50

  authentication rsa - sig

  aes-192 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 60

  preshared authentication

  aes-192 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 70

  authentication crack

  aes encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 80

  authentication rsa - sig

  aes encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 90

  preshared authentication

  aes encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 100

  authentication crack

  3des encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 110

  authentication rsa - sig

  3des encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 120

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 130

  authentication crack

  the Encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 140

  authentication rsa - sig

  the Encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 150

  preshared authentication

  the Encryption

  sha hash

  Group 2

  life 86400

  enable client-implementation to date

  Telnet 192.168.1.1 255.255.255.255 inside

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  management-access inside

  dhcpd outside auto_config

  !

  dhcpd address 192.168.1.50 - 192.168.1.99 inside

  dhcpd allow inside

  !

  a basic threat threat detection

  threat detection statistics

  a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200

  SSL-trust outside ASDM_TrustPoint0 point

  WebVPN

  allow outside

  SVC disk0:/anyconnect-win-3.1.04072-k9.pkg 1 image

  SVC profiles DellStudioClientProfile disk0: / dellstudioclientprofile.xml

  enable SVC

  tunnel-group-list activate

  internal-password enable

  chip-tunnel list SmartTunnelList RDP mstsc.exe windows platform

  internal DefaultRAGroup group strategy

  attributes of Group Policy DefaultRAGroup

  Server DNS 192.168.1.128 value

  Protocol-tunnel-VPN l2tp ipsec

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list DefaultRAGroup_splitTunnelAcl

  Dental.local value by default-field

  WebVPN

  SVC value vpngina modules

  internal DefaultRAGroup_1 group strategy

  attributes of Group Policy DefaultRAGroup_1

  Server DNS 192.168.1.128 value

  Protocol-tunnel-VPN l2tp ipsec

  Dental.local value by default-field

  attributes of Group Policy DfltGrpPolicy

  Server DNS 192.168.1.128 value

  VPN - 4 concurrent connections

  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn

  value of group-lock RAVPN

  value of Split-tunnel-network-list Local_LAN_Access

  Dental.local value by default-field

  WebVPN

  the value of the URL - list DentalMarks

  SVC value vpngina modules

  SVC value dellstudio type user profiles

  SVC request to enable default webvpn

  chip-tunnel enable SmartTunnelList

  wketchel1 5c5OoeNtCiX6lGih encrypted password username

  username wketchel1 attributes

  VPN-group-policy DfltGrpPolicy

  WebVPN

  SVC value DellStudioClientProfile type user profiles

  username privilege 15 encrypted password 5c5OoeNtCiX6lGih wketchel

  username wketchel attributes

  VPN-group-policy DfltGrpPolicy

  WebVPN

  modules of SVC no

  SVC value DellStudioClientProfile type user profiles

  jenniferk 5.TcqIFN/4yw0Vq1 of encrypted password privilege 0 username

  jenniferk username attributes

  VPN-group-policy DfltGrpPolicy

  WebVPN

  SVC value DellStudioClientProfile type user profiles

  attributes global-tunnel-group DefaultRAGroup

  address pool VPNPool

  LOCAL authority-server-group

  IPSec-attributes tunnel-group DefaultRAGroup

  pre-shared key *.

  tunnel-group DefaultRAGroup ppp-attributes

  PAP Authentication

  ms-chap-v2 authentication

  eap-proxy authentication

  type tunnel-group RAVPN remote access

  attributes global-tunnel-group RAVPN

  address pool VPNPool

  LOCAL authority-server-group

  tunnel-group RAVPN webvpn-attributes

  enable RAVPN group-alias

  IPSec-attributes tunnel-group RAVPN

  pre-shared key *.

  tunnel-group RAVPN ppp-attributes

  PAP Authentication

  ms-chap-v2 authentication

  eap-proxy authentication

  type tunnel-group WebSSLVPN remote access

  tunnel-group WebSSLVPN webvpn-attributes

  enable WebSSLVPN group-alias

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  !

  global service-policy global_policy

  173.194.64.108 SMTP server

  context of prompt hostname

  HPM topN enable

  Cryptochecksum:3304bf6dcf6af5804a21e9024da3a6f8

  : end

  Hello

  Seems to me that you can clean the current NAT configuration a bit and make it a little clearer.

  I suggest the following changes

  network of the VPN-POOL object

  10.10.10.0 subnet 255.255.255.0

  the object of the LAN network

  subnet 192.168.1.0 255.255.255.0

  PAT-SOURCE network object-group

  object-network 192.168.1.0 255.255.255.0

  object-network 10.10.10.0 255.255.255.0

  NAT static destination LAN LAN (indoor, outdoor) static source VPN-VPN-POOL

  destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL

  NAT interface (it is, outside) the after-service automatic PAT-SOURCE dynamic source

  The above should allow

  • Dynamic PAT for LAN and VPN users
  • NAT0 for traffic between the VPN and LAN
  • NAT0 for traffic between the VPN users

  You can then delete the previous NAT configurations. Naturally, please save the configuration before you make the change, if you want to revert to the original configuration.

  no static source nat (inside, everything) all electricity static destination RAVPN RAVPN

  No source (indoor, outdoor) nat static static NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28

  No source (indoor, outdoor) nat static everything all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination

  No network obj_any object

  No network object RAVPN

  In case you do not want to change the settings a lot you might be right by adding this

  network of the VPN-POOL object

  10.10.10.0 subnet 255.255.255.0

  destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL

  But the other above configurations changes would make NAT configurations currently simpler and clearer to see every goal of "nat" configurations.

  -Jouni

• Nested Hyper-V VM cannot ping the default gateway

  Hello

  At first, I have to say that I don't consider myself an expert produced a VMware.

  I've been struggling with my test environment nested for a while and finally decided to get help (I hope) of pros.

  Environment looks like this:

  • Physical VMware ESXi 5.1.0 ("Promiscuous" mode enabled for the vSwitch)
    • Couple of virtual machines, one of them being Hyper-V (Windows Server 2012 R2) server that is configured for nested virtualization - 10.106.5.27
      • On the Hyper-V server, I have a VM in Windows Server 2012 R2 - 10.106.5.28

  Hyper-V server has a NETWORK card and full network connectivity (internal and external: Internet) and in the Hyper-V Manager, a virtual switch is configured in external mode.

  VM is connected to this virtual switch via a virtual network adapter. It has public static IP assigned with mask subnet, default gateway, and DNS even as a Hyper-V host. I ping times by IP and DNS name of the host of VM and vice versa. I cannot ping other resources of the virtual machine as the default gateway and DNS ("request timed") servers out. State of the network in the network and sharing Center is VM:

  • unidentified network
  • Public network
  • type of access: no internet access

  When I run the tool for troubleshooting problems on VM, he says "the default gateway is not available". As I said I can not ping.

  I think that all my connectivity problems are caused by the unavailability of the gateway by default on the virtual machine, but I have no idea how to solve this problem. When you change the settings of the VM card from static to DHCP I can't even ping on the Hyper-V host.

  All servers are joined to the same domain (VM has been migrated to ESXi, so he joined to the domain before, but I can't connect to using domain accounts, probably due to network issue).

  I hope I described the problem enough, but please let me know if you need more information.

  Try to activate forged passes also on the vSphere vSwitch as you do for the Promiscuous Mode.

• Cannot ping new addresses IP vmkernel

  I created a few exchanges of vmkernel iSCSI in new bond for our 10G storage on a new vSwitch but I can't ping the IP addresses assigned to them (10.1.45.187 and 188). I have the same setup on a different host and it works very well. I swapped the connections on the 10G switch with those of the host of work as well as cables, so I know it isn't a switch port, the switch config issue or the cable. I even swapped the IP with the work those just to make sure.

  But if I SSH to another host on the same network I can ping those IP vmkernal addresses I can't from my desktop. I can also ping vmkernel IP addresses on the host of my office work that is on the same subnet as the host of non-working. I cannot ping the vmkernel IPs of a host on a different subnet, but can ping ports vmkernel work of host to a host on another subnet.

  I don't know that it's just something simple that I'm missing... I hope!

  Don't ask me why I have not found this before, but here's the answer to my question. I can give me points?

  VMware KB: Ping ICMP in 5.1 and 5.5 ESXi ESXi response behavior change

• Difficulty ping between the hosts and guests

  Hello

  I want to establish network connectivity between my host OS (XPsp3) and my guests (CentOS5.5 and Windows 7).

  So far, I can ping between guests, but not between host and guest, or comments to the host.  When I try, I get a message "destination host unreachable".

  When I configured my virtual machines in a first time, I put them to 'Host-Only' and I need to keep it like that for the purpose of what I do with them - which is the problem?

  Ipconfig and ifconfig outs of machines attached.

  Bests

  Adam

  ... If you use VMware Workstation, you could also reconfigure VMnet1 in the 192.168. 8.x subnet using the "Virtual Network Editor"

  André

• Cannot switch between multiple Time Machine backups

  I generally save my 2010 Macbook Pro to a 2012 Time Capsule, which is attached to my router via an ethernet cable (most recent) wireless. On a trip, I make the additional backups on an external hard drive. However, when I go home and try to return to the TC, my internal HD is now on the time Machine "Exclude" list and cannot be removed (greyed out). When I try to save, I get a message saying "no disks are available to back up."

  What has happened a few times, and the only solution I could find was to delete my original Time Machine backup and put a new (which took forever).

  Any ideas why my HD internal is added to the exclusion list after using Time Machine with an external hard drive?

  Time Machine backups on a network drive or a disc attached locally stored in different formats. Switching between them was not in the overall theme of the design of this service of OS X.

  I suggest that you set up Time Machine to use multiple disks.

  FWIW, in my case, I backup destinations, Time Machine on a Time Capsule and an external hard drive of 2 bolt of lightning. When both are available, the time goes 'take turns' Machine backup on each drive.

  If a disk is not available, it backs up to that which is, and which ignores the backup of the other. When the two are connected again, backups continue on both.