Localhost unreachable destination to the LAN address

Similar Questions

• physical connection to the LAN address all zeros...

  Hi, I connect to the internet using the wireless at home, but at work, I use a wired connection.  I created this two weeks ago on my laptop (Vista) and it worked very well.  Today at work, I couldn't connect to the server and found that the physical address for my wired connection is all zeros.  Talked to the it guy at work and said he stressed the "zeros" for me.  Spoke to the hp in this regard customer service and they were not so useful.  any ideas?  Please let me know if you have had a similar problem and how it is resolved.  Thank you!

  Hello

  Try a system restore before what happened:

  How to make a Vista system restore
  http://www.Vistax64.com/tutorials/76905-System-Restore-how.html
  I hope this helps.
  Rob - bicycle - Mark Twain said it is good.

• My ASA cannot ping the lan address

  I use ASA built ezvpn.   I can access the ASA and ping inside port address successfully.    But in my ping to the address of interconnection 10.100.255.2 window7 cant.     I don't know how to solve the problem.  If all goes well, can help me. Thank you...

  set it up

  ASA5520 # sh run

  : Saved

  :

  ASA Version 7.2 (3)

  !

  asa5520-host name

  sxng domain name

  activate the encrypted password of DOAXe2w/ilkXwCIz

  names of

  DNS-guard

  !

  interface GigabitEthernet0/0

  nameif outside

  security-level 0

  IP x.x.x.x 255.255.255.248

  !

  interface GigabitEthernet0/1

  nameif inside

  security-level 100

  IP 10.100.255.254 255.255.255.0

  !

  interface GigabitEthernet0/2

  nameif dmz

  security-level 50

  IP x.x.x.x 255.255.255.0

  !

  interface GigabitEthernet0/3

  nameif wireless

  security-level 10

  IP x.x.x.x 255.255.255.0

  !

  interface Management0/0

  Shutdown

  nameif management

  security-level 100

  IP 192.168.1.1 255.255.255.0

  management only

  !

  2KFQnbNIdI.2KYOU encrypted passwd

  Disk0: / pix723.bin starting system

  passive FTP mode

  DNS server-group DefaultDNS

  sxng domain name

  dmz_access_in of access allowed any ip an extended list

  dmz_access_in list extended access permit icmp any one

  tunnel of splitting allowed access list standard 10.0.0.0 255.0.0.0

  inside_nat0_outbound list of allowed ip extended access all 10.100.254.0 255.255.255.0

  inside_nat0_outbound to access ip 10.0.0.0 scope list allow 255.0.0.0 10.100.254.0 255.255.255.0

  outside_cryptomap_dyn_20 list of allowed ip extended access all 10.100.254.0 255.255.255.0

  acl_out list extended access permit icmp any one

  acl_out list extended access permit tcp any host x.x.x.x eq www

  acl_out list extended access permit tcp any host x.x.x.x eq 9000

  acl_out list extended access permit udp any host x.x.x.x eq 9000

  ........

  ......

  acl_out allowed ip extended access list any 10.1.1.0 255.255.255.0

  inside_access_in list extended access permitted tcp 10.1.10.0 255.255.255.0 any eq 5000

  acl_inside of access allowed any ip an extended list

  acl_inside list extended access permit icmp any one

  wireless_access_in of access allowed any ip an extended list

  wireless_access_in list extended access permit icmp any one

  pager lines 24

  Enable logging

  timestamp of the record

  emergency list vpn-event logging level

  log message 109001-109028 vpn-event list

  log message 113001-113019 vpn-event list

  exploitation forest-size of the buffer 5000

  information recording console

  debug logging in buffered memory

  recording of debug trap

  asdm of logging of information

  Outside 1500 MTU

  Within 1500 MTU

  MTU 1500 dmz

  MTU 1500 wireless

  management of MTU 1500

  IP local pool vpnpool 10.100.254.1 - 10.100.254.250 mask 255.255.255.0

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  ICMP allow all outside

  ICMP allow any inside

  ASDM image disk0: / asdm - 507.bin

  don't allow no asdm history

  ARP timeout 14400

  Global (outside) 1 x.x.x.x

  Global (dmz) 1 10.100.253.101 - 10.100.253.200 netmask 255.255.255.0

  Global (wireless) 1 172.16.255.101 - 172.16.255.200 netmask 255.255.255.0

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 1 10.1.1.14 255.255.255.255

  NAT (inside) 1 10.1.13.100 255.255.255.255

  NAT (wireless) 1 172.16.0.0 255.255.0.0

  static (dmz, outside) tcp x.x.x.x www 10.100.253.1 www netmask 255.255.255.255

  .......

  .........

  static (inside, dmz) 10.1.1.11 10.1.1.11 netmask 255.255.255.255

  static (inside, dmz) 10.1.1.16 10.1.1.16 netmask 255.255.255.255

  static (dmz, external) 10.100.253.20 x.x.x.x 255.255.255.255 netmask

  static (dmz, external) 10.100.253.32 x.x.x.x 255.255.255.255 netmask

  Access-group acl_out in interface outside

  acl_inside access to the interface inside group

  Access-group interface inside acl_inside

  Access-group dmz_access_in in dmz interface

  Route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

  Route inside 10.0.0.0 255.0.0.0 10.100.255.1 1

  Route inside 10.0.0.0 255.0.0.0 10.100.255.2 1

  Route wireless 172.16.0.0 255.255.0.0 172.16.255.1 1

  !

  router ospf 1

  255.255.255.255 network 10.67.180.0 area 0

  network 0.0.0.0 0.0.0.0 area 1

  Journal-adj-changes

  !

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout, uauth 0:05:00 absolute

  the ssh LOCAL console AAA authentication

  Enable http server

  http 192.168.1.0 255.255.255.0 management

  http 10.0.0.0 255.0.0.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA

  Crypto outside-dyn-map Dynamics-plan 20 reverse-drive value

  map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map

  outside_map interface card crypto outside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 1

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Crypto isakmp nat-traversal 20

  Telnet 0.0.0.0 0.0.0.0 outdoors

  Telnet 10.0.0.0 255.0.0.0 inside

  Telnet 10.100.0.0 255.255.0.0 inside

  Telnet 10.100.255.0 255.255.255.0 inside

  Telnet 0.0.0.0 0.0.0.0 wireless

  Telnet timeout 10

  SSH 0.0.0.0 0.0.0.0 outdoors

  SSH timeout 30

  Console timeout 0

  dhcpd x.x.x.x dns

  !

  management of 192.168.1.2 - dhcpd address 192.168.1.254

  enable dhcpd management

  !

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  Policy-map global_policy

  class inspection_default

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the netbios

  inspect the rsh

  inspect the rtsp

  inspect the skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect the tftp

  inspect the sip

  inspect xdmcp

  inspect the icmp

  !

  global service-policy global_policy

  internal sxnggroup group policy

  attributes of the strategy of group sxnggroup

  value of server DNS 202.99.192.68

  enable IP-comp

  Split-tunnel-policy tunnelspecified

  Split-tunnel-network-list value split tunnel

  username password sxtrq Y6cwK1wOhbhJ6YI / encrypted

  maboai R6eu6P1iKIwFIFjS username encrypted password

  winet FwZ0ghxvIpXOepvf username encrypted password

  tunnel-group sxnggroup type ipsec-ra

  tunnel-group sxnggroup General-attributes

  address vpnpool pool

  Group Policy - by default-sxnggroup

  sxnggroup group of tunnel ipsec-attributes

  pre-shared-key *.

  context of prompt hostname

  Cryptochecksum:119ae137eef5ed97d38b4e2f90ed46d7

  : end

  ASA5520 # route sh

  Code: C - connected, S - static, RIP, M - mobile - IGRP, R - I, B - BGP

  D - EIGRP, OSPF, IA - external EIGRP, O - EX - OSPF inter zone

  N1 - type external OSPF NSSA 1, N2 - type external OSPF NSSA 2

  E1 - OSPF external type 1, E2 - external OSPF of type 2, E - EGP

  i - IS - L1 - IS - IS level 1, L2 - IS - IS IS level 2, AI - IS inter zone

  * - candidate by default, U - static route by user, o - ODR

  P periodical downloaded static route

  Gateway of last resort is 202.97.158.177 to network 0.0.0.0

  C x.x.x.x 255.255.255.248 is directly connected to the outside of the

  C 172.16.255.0 255.255.255.0 is directly connected, wireless

  S 172.16.0.0 255.255.0.0 [1/0] via 172.16.255.1, wireless

  S 10.0.0.0 255.0.0.0 [1/0] via 10.100.255.1, inside

  [1/0] via 10.100.255.2, inside

  C 10.100.255.0 255.255.255.0 is directly connected to the inside

  S 10.100.254.2 255.255.255.255 [1/0] via x.x.x.x, outdoor

  C 10.100.253.0 255.255.255.0 is directly connected, dmz

  S * 0.0.0.0 0.0.0.0 [1/0] via x.x.x.x, outdoor

  ASA5520 # sh arp

  outside 00d0.d0c6.9181 x.x.x.x

  outside 00d0.d0c6.9181 x.x.x.x

  outside 224.0.0.5 0100.5e00.0005

  inside 224.0.0.5 0100.5e00.0005

  inside the 10.100.255.1 0000.0c07.acff

  inside the 10.100.255.2 001c.b0cb.5ec0

  DMZ 10.100.253.20 60a4.4c23.3032

  DMZ 224.0.0.5 0100.5e00.0005

  DMZ 10.100.253.1 001a.6436.6df6

  224.0.0.5 wireless 0100.5e00.0005

  Wireless 172.16.255.1 0026.98c6.41c8

  

  

  

  Try to use the "crypto ipsec to show his ' command to watch the program and decaps packages, I hope this isn't too fast increment. You should be able to see the two increase when you successfully and only one side increase when it fails. Check both sides of the vpn, and this should give you an idea where the problem is. If the program packages are multiplying on the ASA local to your PC Win7 and Decaps multiply on the ASA Remote and the program is not so, then the question is with packets from the remote side. I hope this will help you determine the location of the problem and then you can focus your search here.

• Trying to connect a computer to the lan port Aiport Express "auto assigned IP address"

  I am trying to connect a computer to the lan on my Airport Express port. In preferences, it says "status: connected, Ethernet has an assigned IP address and won't be able to connect to the internet." Any suggestions?

  An "auto assigned" IP address indicates that your computer could not find or negotiate with a DHCP server to obtain an IP address appropriate for network access.

  It should be more on your network to provide assistance if you need it. For example, is the terminal of AirPort Express the only router in the current configuration of your network? What exact model do? What is the brand and model of your modem Internet?

• LAN address MAC using the windows API?

  I would like to read the MAC address of the LAN to my WIFI on my PC card.

  Apparently, this can be done using the Windows API

  Anyone tried something like this again?

  Thank you

  Hi morngoose,

  You can use the function "exec system" with "cmd/c" ipconfig/all "" "connected." Parse the string and you'll get your MAC address.

  Mike

• RVL200 error message: DHCP IP address range into conflict with the LAN IP address

  I have a RVL200 (firmware v1.0.12).  I use it mainly as a firewall, but also taking advantage of the DHCP server on this subject - at least I thought I was!

  When I configured the RVL initially (several years ago), I have it has assigned an address 192.168.0.128 LAN IP and enabled the DHCP server.  The DHCP address for the allocation range is 192.168.0.100-. 149.  I have not assigned a DNS server address (don't remember why not - maybe - because of the same issue, I'm now face).  Since then, whenever I have to appear a new PC on my LAN I put client PC using DHCP to get an IP address... but I need to manually specify the DNS server address (which is logical in the light of what I have described so far).

  The question I have now is that I want to assign the DNS server address on the DHCP server on the tab Configuration RVL, so my client DHCP PCs will automatically resume the DNS server address.   But when I enter the address of the local DNS (192.168.0.1), the RVL gives me the error message listed above (conflict IP range).  I can't understand why...

  The "strange thing" I see is the DHCP of the RVL / status tab - at the top of this tab it lists the DHCP server address is 192.168.0.1.  This is the address of my DNS server / domain controller.  And the IP address of the domain controller is assigned statically (if it matters).  So I do not know why the RVL shows the DHCP server or my DNS server / DC, rather than showing his own address de.128.  Or why I get this error message when I try to enter the address of the DNS server?  Just as an experiment, I also tried entering the other IP addresses, just to see what happens (all on the local subnet)... and they all return the same error message.

  Any ideas?

  Thanks in advance.

  Adam

  1. the address LAN IP of the RVL shouldn't be in the DHCP address pool. I guess that causes the error message when you try to change the settings for the DHCP server.

  2. I would say that you Flash the latest firmware 1.1.7 on your router. Read the release notes.

• Localhost instead of the IP address.

  Hi all

  I tried to install Oracle on Oracle 12.1.0.1.0-5.0.1.00.06 APEX. I used Tomcat 7.0.64 3.0.1.177.18.02 ADR.

  I think that I have installed successfully, but the strange thing happened. I can only access the APEX thru localhost as below.

  

  But I tried to access it by using the IP address http://10.30.7.100:8181 / apex / , but it I redirected http://10.30.7.100:8181 / ADR / and received the error like below.

  
  

  

  
  

  I tried to access the tomcat via the same IP address and it worked.

  
  

  

  
  

  Could someone please help to guide and point out what I've been missing to set up?

  Thank you

  Troy.

  Hi Troy Lagi,

  Lagi Troy wrote:

  I tried to install Oracle on Oracle 12.1.0.1.0-5.0.1.00.06 APEX. I used Tomcat 7.0.64 3.0.1.177.18.02 ADR.

  I think that I have installed successfully, but the strange thing happened. I can only access the APEX thru localhost as below.

  But I tried to access the address IP / http://10.30.7.100:8181 / apex /, but it redirect me to http://10.30.7.100:8181/ADR/and received the error as below.

  

  I tried to access the tomcat via the same IP address and it worked.

  Could someone please help to guide and point out what I've been missing to set up?

  You have renamed ords.war to apex.war before moving the war file in Tomcat folder "webapps" as mentioned in the documentation of Oracle for ADR:

  Apache Tomcat determines the context root, the name of a file archive of the WAR. If you need maintain backward compatibility, so that the URLS are of the form http://server/apex/... rather than http://server/ords/..., then you must rename it to ords.war to apex.war before moving in to the webapps folder.

  Reference: http://docs.oracle.com/cd/E56351_01/doc.30/e56293/install.htm#CHDBJHAF

  For debugging this problem, you face on ADR:

  • Find the folder of configuration of ADR.
  • Enable debug tracing in defaults.xml (if the entry is not there add the entry)
  • Turn on detailed error messages ask in defaults.xml (if the entry is not there add the entry)
  • Start(Re-Start) the Standalone ADR / support for Java EE application server.
  • Go to the URL of the APEX
  • Copy / paste the debug log in the response to the forum. (The error is usually at the end of the paper, paste/fix the whole journal where occurs the first exception)

  Kind regards

  Kiran

• "Error: failed to get the IP address of the destination virtual machine running the converter to assistance server." with a static IP address

  Hi all

  I'm trying to p2v linux 6.4. It fails with the following message is displayed:

  Error: Cannot get the IP address of the virtual destination machine running the converter assistance server.

  I have seen discussions on this message, but they all refer to dynamic IP address, taken from DHCP, as in my case, I use static IP address.

  In the meantime the p2v (which then breaks down...) I open console support machine and saw a message:

  
  

  eth0 is not a recognized interface.

  Can someone tell me what is happening?

  Hello

  I assume you are using converter 5.5. There is a new feature that allows the selection of the network card. However, it works well in the case of Linux P2V. If you have changed the type of adapter, use 'e1000' or 'auto' and try again.

  HTH

  Plamen

• Determine the MAC address of the LAN knowing that the model and serial number

  Laptop Toshiba SN 96592614 G

  Is it possible to determine the MAC address of the network card, knowing that the model and the serial number of your laptop?

  How to enter the Toshiba addicts.

  I saw you using Toshiba unit details page with the serial posted Qosmio F30-113 offered in Russia.

  Your laptop is stolen or what?

• Changing the LAN IP address

  Hi guys,.

  We're heading subnet IP address to a subnet of complete new IP addresses for our entire local network that our VMWare and SAN resides.  Our VI holds, controller of domain, DNS, DHCP and WINS server, but we have other backup DNS GAGNÉ to another site and domain controllers.

  I am familiar with ESX host IP address change setting of this project I learned the hardway. :))

  Now with my knowledge limited on the SAN, this project look much more complicated then what I first thought.

  If I change the IP address of the SP to SAN, our ESX host loses connectivity to the SAN storage when my understanding is that ESX access to the SAN storage network fabric?

  Or

  If I change the IP address of the host, he would lose connectivity to the SAN storage?

  Finally, here are the steps that I think doing this project and was hoping if someone could comment on that.

  1. change of address IP SAN to the new IP address uses the DNS server on another site

  2. change IP of ESX host to the new IP address, use the DNS server on another site

  3. fiber change switch IP address

  3. change the IP address of the router

  4. change the domain controller that has the IP address of the DNS server

  5. change the DNS IP SAN server on our DNS server

  6. change the IP address of the ESX host to our DNS server

  During steps 1 through 3, I can have the closure of my VM but would it need to be stop?  Our ESX Server is configured so that even if she is not able to ping of the default gateway, VM will not be stopped, but I'm a little worried that ESX will not be able to access to the SAN storage.

  Thank you and you are waiting for your comment on that.

  If you access it by fiber channel, you don't need to worry - just changind the administration INVESTIGATION period does not affect connections, ESX use Ethernet to connect to it. Only if you are using iSCSI, it would be a problem.

• Dynamic L2L Tunnel - the Tunnel is up, will not pass the LAN traffic

  Hello everyone. I am repurposing an ASA for my business at a remote site and must use a dynamic Configuration of L2L with Split tunneling active. We used these in the past and they work a lot, and I've referenced Cisco official documentation for the implementation. Currently, I am having a problem where I am unable to pass traffic on the local remote network over the VPN tunnel (it does even not raise the tunnel of form). However, if I run the following command in the ASA remote:

  Ping inside the 192.168.9.1

  I receive the ICMP responses. In addition, this traffic causes the VPN Tunnel to be created as indicated by show ISA SA:

  1 peer IKE: xx.xx.xx.xx

  Type: L2L role: initiator

  Generate a new key: no State: MM_ACTIVE

  Here is the IP addressing scheme:

  Network remotely (with the ASA problem): 192.168.12.0/24

  Basic network (Hub): 192.168.9.0/24

  Other rays: 192.168.0.0/16

  Config:

  ASA Version 8.2 (1)
  !
  hostname xxxxxxxxx
  domain xxxxxxxxxxx.local
  activate the xxxxxxxx password
  passwd xxxxxxxxx
  names of
  !
  interface Vlan1
  nameif inside
  security-level 100
  192.168.12.1 IP address 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  IP address dhcp setroute
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  !
  interface Ethernet0/4
  !
  interface Ethernet0/5
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  !
  passive FTP mode
  clock timezone CST - 6
  clock to summer time recurring CDT
  DNS server-group DefaultDNS
  domain xxxxxxxx.local
  permit same-security-traffic intra-interface
  to_hq to access extended list ip 192.168.12.0 allow 255.255.255.0 192.168.0.0 255.255.0.0
  inside_nat0_outbound to access extended list ip 192.168.12.0 allow 255.255.255.0 192.168.0.0 255.255.0.0
  pager lines 24
  Within 1500 MTU
  Outside 1500 MTU
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400
  Global 1 interface (outside)
  NAT (inside) 1 0.0.0.0 0.0.0.0
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  Enable http server
  http 192.168.0.0 255.255.0.0 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  card crypto outside_map 10 correspondence address to_hq
  crypto outside_map 10 card game CORE peers. ASA. WAN. INTELLECTUAL PROPERTY
  outside_map crypto 10 card value transform-set ESP-3DES-SHA
  outside_map interface card crypto outside
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 65535
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet 192.168.0.0 255.255.0.0 inside
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  management-access inside
  dhcpd 192.168.9.2 dns 208.67.222.222
  !
  dhcpd address 192.168.12.101 - 192.168.12.131 inside
  rental contract interface 86400 dhcpd inside
  dhcpd xxxxxxxxx.local area inside interface
  dhcpd ip interface 192.168.9.50 option 66 inside
  dhcpd allow inside
  !

  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN
  tunnel-group basis. ASA. WAN. Type of IP ipsec-l2l
  tunnel-group basis. ASA. WAN. IPSec-attributes of intellectual property
  pre-shared key xxxxxxxxxxxx
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the netbios
  inspect the rsh
  inspect the rtsp
  inspect the skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect the tftp
  inspect the sip
  inspect xdmcp
  inspect the icmp
  !
  global service-policy global_policy
  context of prompt hostname

  Once the tunnel is in place, LAN to the Remote Site traffic won't pass through the VPN Tunnel any upward. On the side of ASA Core, I was able to Telnet in the ASA distance very well, but could not ping the Remote Access Point.

  Someone at - it a glimpse of my problem?

  Hello

  Add:

  NAT (inside) 0-list of access inside_nat0_outbound

• CANNOT ACCESS THE LAN WITH THE EASY VPN CONFIGURATION

  Hello

  I configured easy vpn server in cisco 1905 SRI using ccp. The router is already configured with zone based firewall. With the help of vpn client I can reach only up to the internal interface of the router, but cannot access the LAN from my company. I need to change any configuration of ZBF since it is configured as "deny everything" from outside to inside? If so that all protocols should I match?   Also is there any exemption of NAT for VPN clients? Please help me! Thanks in advance.

  Please see my full configuration:

  Router #sh run
  Building configuration...

  Current configuration: 8150 bytes
  !
  ! Last modification of the configuration at 05:40:32 UTC Wednesday, July 4, 2012 by
  ! NVRAM config updated 06:04 UTC Tuesday, July 3, 2012 by
  ! NVRAM config updated 06:04 UTC Tuesday, July 3, 2012 by
  version 15.1
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  no password encryption service
  !
  router host name
  !
  boot-start-marker
  boot-end-marker
  !
  !
  Passwords security min-length 6
  no set record in buffered memory
  enable secret 5 xxxxxxxxxxx
  !
  AAA new-model
  !
  !
  AAA authentication login default local
  AAA authentication login ciscocp_vpn_xauth_ml_1 local
  AAA authorization exec default local
  AAA authorization ciscocp_vpn_group_ml_1 LAN
  !
  !
  !
  !
  !
  AAA - the id of the joint session
  !
  !
  No ipv6 cef
  IP source-route
  no ip free-arps
  IP cef
  !
  Xxxxxxxxx name server IP
  IP server name yyyyyyyyy
  !
  Authenticated MultiLink bundle-name Panel
  !

  parameter-map local urlfpolicy TSQ-URL-FILTER type
  offshore alert
  block-page message "Blocked according to policy"
  parameter-card type urlf-glob FACEBOOK
  model facebook.com
  model *. Facebook.com

  parameter-card type urlf-glob YOUTUBE
  mires of youtube.com
  model *. YouTube.com

  parameter-card type urlf-glob CRICKET
  model espncricinfo.com
  model *. espncricinfo.com

  parameter-card type urlf-glob CRICKET1
  webcric.com model
  model *. webcric.com

  parameter-card type urlf-glob YAHOO
  model *. Yahoo.com
  model yapo

  parameter-card type urlf-glob PERMITTEDSITES
  model *.

  parameter-card type urlf-glob HOTMAIL
  model hotmail.com
  model *. Hotmail.com

  Crypto pki token removal timeout default 0
  !
  Crypto pki trustpoint TP-self-signed-2049533683
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 2049533683
  revocation checking no
  rsakeypair TP-self-signed-2049533683
  !
  Crypto pki trustpoint tti
  crl revocation checking
  !
  Crypto pki trustpoint test_trustpoint_config_created_for_sdm
  name of the object [email protected] / * /
  crl revocation checking
  !
  !
  TP-self-signed-4966226213 crypto pki certificate chain
  certificate self-signed 01
  3082022B 30820194 02111101 300 D 0609 2A 864886 F70D0101 05050030 A0030201
  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43647274 31312F30
  69666963 32303439 35323236 6174652D 3833301E 170 3132 30363232 30363332

  quit smoking
  encryption pki certificate chain tti
  for the crypto pki certificate chain test_trustpoint_config_created_for_sdm
  license udi pid CISCO1905/K9 sn xxxxxx
  licence start-up module c1900 technology-package datak9
  username privilege 15 password 0 xxxxx xxxxxxx
  !
  redundancy
  !
  !
  !
  !
  !
  type of class-card inspect entire tsq-inspection-traffic game
  dns protocol game
  ftp protocol game
  https protocol game
  match icmp Protocol
  match the imap Protocol
  pop3 Protocol game
  netshow Protocol game
  Protocol shell game
  match Protocol realmedia
  match rtsp Protocol
  smtp Protocol game
  sql-net Protocol game
  streamworks Protocol game
  tftp Protocol game
  vdolive Protocol game
  tcp protocol match
  udp Protocol game
  match Protocol l2tp
  class-card type match - all BLOCKEDSITES urlfilter
  Server-domain urlf-glob FACEBOOK game
  Server-domain urlf-glob YOUTUBE game
  CRICKET urlf-glob-domain of the server match
  game server-domain urlf-glob CRICKET1
  game server-domain urlf-glob HOTMAIL
  class-map type urlfilter match - all PERMITTEDSITES
  Server-domain urlf-glob PERMITTEDSITES match
  inspect the class-map match tsq-insp-traffic type
  corresponds to the class-map tsq-inspection-traffic
  type of class-card inspect correspondence tsq-http
  http protocol game
  type of class-card inspect all match tsq-icmp
  match icmp Protocol
  tcp protocol match
  udp Protocol game
  type of class-card inspect correspondence tsq-invalid-src
  game group-access 100
  type of class-card inspect correspondence tsq-icmp-access
  corresponds to the class-map tsq-icmp
  !
  !
  type of policy-card inspect urlfilter TSQBLOCKEDSITES
  class type urlfilter BLOCKEDSITES
  Journal
  reset
  class type urlfilter PERMITTEDSITES
  allow
  Journal
  type of policy-card inspect SELF - AUX-OUT-policy
  class type inspect tsq-icmp-access
  inspect
  class class by default
  Pass
  policy-card type check IN and OUT - POLICIES
  class type inspect tsq-invalid-src
  Drop newspaper
  class type inspect tsq-http
  inspect
  service-policy urlfilter TSQBLOCKEDSITES
  class type inspect tsq-insp-traffic
  inspect
  class class by default
  drop
  policy-card type check OUT IN-POLICY
  class class by default
  drop
  !
  area inside security
  security of the OUTSIDE area
  source of security OUT-OF-IN zone-pair outside the destination inside
  type of service-strategy check OUT IN-POLICY
  zone-pair IN-to-OUT DOMESTIC destination outside source security
  type of service-strategy inspect IN and OUT - POLICIES
  security of the FREE-to-OUT source destination free outdoors pair box
  type of service-strategy inspect SELF - AUX-OUT-policy
  !
  Crypto ctcp port 10000
  !
  crypto ISAKMP policy 1
  BA 3des
  preshared authentication
  Group 2
  !
  crypto ISAKMP policy 2
  Group 2
  !
  ISAKMP crypto client configuration group vpntunnel
  XXXXXXX key
  pool SDM_POOL_1
  include-local-lan
  10 Max-users
  ISAKMP crypto ciscocp-ike-profile-1 profile
  vpntunnel group identity match
  client authentication list ciscocp_vpn_xauth_ml_1
  ISAKMP authorization list ciscocp_vpn_group_ml_1
  client configuration address respond
  virtual-model 1
  !
  !
  Crypto ipsec transform-set TSQ-TRANSFORMATION des-esp esp-md5-hmac
  !
  Profile of crypto ipsec CiscoCP_Profile1
  game of transformation-TRANSFORMATION TSQ
  set of isakmp - profile ciscocp-ike-profile-1
  !
  !
  !
  !
  !
  !
  the Embedded-Service-Engine0/0 interface
  no ip address
  response to IP mask
  IP directed broadcast to the
  Shutdown
  !
  interface GigabitEthernet0/0
  Description LAN INTERFACE-FW-INSIDE
  IP 172.17.0.71 255.255.0.0
  IP nat inside
  IP virtual-reassembly in
  security of the inside members area
  automatic duplex
  automatic speed
  !
  interface GigabitEthernet0/1
  Description WAN-INTERNET-INTERNET-FW-OUTSIDE
  IP address xxxxxx yyyyyyy
  NAT outside IP
  IP virtual-reassembly in
  security of the OUTSIDE member area
  automatic duplex
  automatic speed
  !
  interface Serial0/0/0
  no ip address
  response to IP mask
  IP directed broadcast to the
  Shutdown
  no fair queue
  2000000 clock frequency
  !
  type of interface virtual-Template1 tunnel
  IP unnumbered GigabitEthernet0/0
  ipv4 ipsec tunnel mode
  Tunnel CiscoCP_Profile1 ipsec protection profile
  !
  local IP SDM_POOL_1 172.17.0.11 pool 172.17.0.20
  IP forward-Protocol ND
  !
  no ip address of the http server
  local IP http authentication
  IP http secure server
  !
  IP nat inside source list 1 interface GigabitEthernet0/1 overload
  IP route 0.0.0.0 0.0.0.0 yyyyyyyyy
  IP route 192.168.1.0 255.255.255.0 172.17.0.6
  IP route 192.168.4.0 255.255.255.0 172.17.0.6
  !
  access-list 1 permit 172.17.0.0 0.0.255.255
  access-list 100 permit ip 255.255.255.255 host everything
  access-list 100 permit ip 127.0.0.0 0.255.255.255 everything
  access-list 100 permit ip yyyyyy yyyyyy everything
  !
  !
  !
  !
  !
  !
  !
  !
  control plan
  !
  !
  !
  Line con 0
  line to 0
  line 2
  no activation-character
  No exec
  preferred no transport
  transport of entry all
  output transport lat pad rlogin lapb - your MOP v120 udptn ssh telnet
  StopBits 1
  line vty 0 4
  transport input ssh rlogin
  !
  Scheduler allocate 20000 1000
  end

  A few things to change:

  (1) pool of IP must be a single subnet, it is not the same subnet as your subnet internal.

  (2) your NAT ACL 1 must be changed to ACL extended for you can configure NAT exemption, so if your pool is reconfigured to be 10.10.10.0/24:

  access-list 120 deny ip 172.17.0.0 0.0.255.255 10.10.10.0 0.0.0.255

  access-list 120 allow ip 172.17.0.0 0.0.255.255 everything

  overload of IP nat inside source list 120 interface GigabitEthernet0/1

  No inside source list 1 interface GigabitEthernet0/1 ip nat overload

  (3) OUT POLICY need to include VPN traffic:

  access-list 121 allow ip 10.10.10.0 0.0.0.255 172.17.0.0 0.0.255.255

  type of class-card inspect correspondence vpn-access

  game group-access 121

  policy-card type check OUT IN-POLICY

  vpn-access class

  inspect

• Cisco 2509 - % unreachable Destination; gateway or host down. Can anyone help?

  I am unable to connect to the devices to help. They are connected via asynchronous cable. Can someone take a look please?

  Terminal #r1
  Try R1 (192.168.1.111, 2001)...
  % Of destination unreachable; gateway or host down

  Terminal #sh config
  With the help of 780 on 32762 bytes
  !
  version 12.2
  horodateurs service debug uptime
  Log service timestamps uptime
  no password encryption service
  No dhcp service
  !
  Terminal host name
  !
  !
  IP subnet zero
  host IP S4 2008 192.168.1.111
  host IP S3 2007 192.168.1.111
  host IP S2 2006 192.168.1.111
  host IP S1 2005 192.168.1.111
  host IP 2004 R4 192.168.1.111
  host IP R3 2003 192.168.1.111
  host IP R2 2002 192.168.1.111
  IP host R1 2001 192.168.1.111
  !
  !
  !
  !
  !
  interface Loopback0
  address 192.168.0.111 IP 255.255.255.0
  !
  interface Ethernet0
  192.168.1.111 IP address 255.255.255.0
  !
  interface Serial0
  no ip address
  Shutdown
  !
  interface Serial1
  no ip address
  Shutdown
  !
  IP classless
  IP http server
  !
  !
  Line con 0
  1 8 line
  exec-timeout 0 0
  No exec
  transport of entry all
  line to 0
  line vty 0 4
  password ccna
  opening of session
  !
  end

  Use the loopback address 0 for orders of host ip, not your ethernet address 0:

  no host ip R1 2001 192.168.1.111

  IP host R1 2001 192.168.0.111

  No point using an interface which can be down.

• I have currently 2 Email addresses with Mozella, I am wanting to get rid of one, but I want to keep some of the emails to the email address. How can I keep t

  I currently have 2 Email addresses with Mozella, but I am wanting to get rid of one as my main one, but I want to keep some of the emails to that Email address.
  How can I keep these emails but still not got rid of the email address and does not lose the one I want to keep?

  I currently have 2 Email addresses with Mozella

  Or, you have an e-mail with "Mozella" or Mozilla. Mozilla is not an e-mail provider.
  You do not have an account with your e-mail provider, and you access this account via Mozilla Thunderbird.

  How can I keep these emails but still not got rid of the email address and does not lose the one I want to keep?

  Move all the messages you want to keep your local folders account. You can create subfolders under "Local folders" to replicate a folder hierarchy, you can have for the account to be deleted.

  Manually create folders, do not try to move entire folders.
  Then copy the messages in a folder at a time.
  Do this by selecting the messages can be completely copied to the source folder. Then a selected message - copy, right-click and choose the destination folder.
  Once the messages have been copied successfully, you can delete them in the source folder.
  Once all messages to be kept have been copied to local folders, safely, you can delete the account.

• When it is connected to the LAN, FF cannot find servers; no problem with the wi - fi

  26.0 Firefox running on a Windows 8.1 System. The thing I meet is this: I have no problem loading of pages and surfing when I am connected to my wi - fi network (I have a double function modem that wireless and LAN at the same time). However, whenever I plug the LAN cable, I get the error message that Firefox can't find the server. In this case if I disconnect the wireless at the same time. BUT, if I continually press the button [start] or simply tap the icon reload the page in the address bar, will eventually load, usually after a few failed attempts. However, the page loads usually only partially in a first time, apparently without advanced HTML formatting. But, after clicking on reload again one or two times, the page loads normally. Unknown, is that the behavior is not consistent - some pages of charge very well. But I can't for the life of understand me a boss.

  I've tried troubleshooting by disabling NoScript, but it doesn't seem to make a difference.  It's almost as if the wait time for a response from the server is so minimal when connected to LAN that the server has no chance of loading the first time.  Does that make any sense?  If so, how can I go about fixing the issue?
  

  Thanks for any help you can offer on this (for me, anyway) head-scratcher.

  Maybe another DNS server is used or there is still cached data.

  Have you tried a hard facing to bypass the cache to refresh all files?

  • Hold down the SHIFT key and click the Reload button
  • Press 'Ctrl + F5' or 'Ctrl + Shift + R' (Windows, Linux)
  • Press 'Command + shift + R' (Mac)

  You can also try to switch to work offline/off voltage after changing the network connection.

  If is also possible that your firewall treats the Wi - fi connection other than the connection to the local network.