Network problems, cannot ping my mac

Similar Questions

• Network problem Windows vista and Mac computers.

  Original title: cannot share the file, help!

  Hello.

  I just got a macbook the other day, the mac was pretty easy to understand how to set up for file sharing. It is installed on my pc and that you can view the files mac very well. However, I can't the PC to share files on mac to save my life. I didn't actually work earlier pretty ok, just read a comment online, but then the mac has had a problem with a hard drive so they just replaced with a new computer. I had the same model. I'm not sure what I'm doing wrong. As he asked a username and password for my PC to connect and view files (so I thought a lot of outside). I entered the same username and password for PC information, I entered earlier (several times), and it wouldn't work. I tried to enter my information to connect PC and it wouldn't work. I tried implementing new user names to add to the permissions and it would not work to connect on the mac. I tried to disable the password protection all together on pc and it still does not either. I know I entered the data correctly, I tried to work 3-4 hours... I'm a little confused, because it worked pretty quickly earlier and I did the same thing.
  What can I do? I'm doing something wrong? Any help that anyone can give is GREATLY, GREATLY appreciated! Thank you!!! :)
  Hello
   
   
  Follow the below mentioned article and see if that helps:
   
  Mac OS X: how to connect to files Windows (SMB) sharing
  http://support.Apple.com/kb/HT1568
   
  If the article above is not enough, there will be some settings on a Mac computer need to change, then you can contact Apple for additional assistance.
  Here is the link: https://discussions.apple.com/index.jspa

• Home network problem cannot access one of that PC even if should be able

  I ran into a problem... I have a PC running Windows Vista and Windows 7 PC on my network home. I can 'see' each from the other PC PC when I go on the network. The Windows Vista-based computer can access shared folders on the Windows 7 PC... and the Windows Vista computer can share items specially for windows 7 PC SHOULD have access to these folders. I placed the user for the Windows 7 PC as co-owner. HOWEVER, when I go to the network on the Windows 7 option, I select the Vista PC in the network thinking it should then show me the file and instead, troubleshooting network appears.

  When I go to the troubleshooter, it says that it can't find the Vista machine... even if it it displays network before I tried to access it.

  They are both in the same workgroup. I checked the machine windows 7 has permission for the folder in question indeed. and I've checked that the machine of windows Vista CAN access folders on the windows machine 7...

  No idea what I'm missing?

  Thank you!

  Hi Jim,

  1. did you change any software on the computer?

  2. where you can access files on Windows Vista earlier?

  Method 1:

  Please click on this link to find how to share files and specific folders with someone,

  http://Windows.Microsoft.com/en-us/Windows7/share-files-with-someone

  Method 2:

  Disable the antivirus/firewall softwareand check if it helps.

  http://Windows.Microsoft.com/en-us/Windows7/disable-antivirus-software

  http://Windows.Microsoft.com/en-us/Windows7/turn-Windows-Firewall-on-or-off

  NOTE: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software.

   

  Warning: If you need to disable temporarily to install other software, you must reactivate as soon as you are finished. If you are connected to the Internet or a network, while your antivirus software is disabled, your computer is vulnerable to attacks.

   

  Method 3:

  Turn off sharing protected by password:

  Password sharing is enabled by default for computers of working groups. When password sharing is enabled, people using other computers on your network cannot access your shared folders or printers unless they have a user account on your computer. There are two ways to enable file or printer sharing:

  o identical user accounts create on all computers in the workgroup (recommended). For more information, see create a user account.

  o turn off password protected sharing. To turn off password protected sharing, follow these steps:

  a. open the network and sharing Center by clicking the Start button on the Control Panel, click Network and Internet, and then click Network and sharing Center.

  b. under sharing and discovery, click the arrow next to password protected sharing.

  c. click turn off password protected sharing, and then click apply.  If you are prompted for an administrator password or a confirmation, type the password or provide confirmation.

   

  Please, try the following steps and check.

  I hope it works!

• Cannot download the software due to a network problem

  Hi all I'm on MacBook Pro (retina, 15 inches, end of 2013).
  I try to install Windows 10 with the version downloaded from the Microsoft Web site.
  I finished uploaded and am trying to use Boot Camp to install Windows 10.
  However, I faced a question and it is that he "cannot download the software due to a network problem".
  I'm stuck here for an hour and I can't find a solution.
  I did all right until now by the following online tutorial but it prevents me to continue.
  Any help will be appreciated.
  Thank you.

  It is a very common problem. To fix this, first try to start your Mac in safe mode by following these steps-> safe mode try if your Mac does not commissioning - Apple Support

  Then, restart your Mac as usual and try to download the Windows support software again.

• Windows 7 cannot see my Mac on my home network

  I can share between the two computers, but my windows 7 cannot see the Mac when I go to the network in windows Explorer. However, I see the PC from the Mac. Both are under the same working group: MSHOME.

  Any help would be greatly appreciated,

  Brian

  Hello

  Please keep us informed about the issue.

  I think that the problem to which you may be due to viruses or malware.

  There could be chances that some settings were not correct or there could be a network congestion.

  You can also look at post Len Flier in the thread following parameters of Mac replied on September 29, 2012.

  http://answers.Microsoft.com/en-us/Windows/Forum/Windows_7-networking/still-cant-get-Windows-7-to-see-Mac-on-home/d6bd510c-A956-4984-8e80-66f784c904c3

  Feel free to visit our Web site for any help with the Windows operating system in the future.

  Thank you.

• Cannot install updates due to temporary network problems

  Hi need help please teporary network problems are interfering with windows update

  Read this: http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/1467f44b-ee27-4f7d-98d7-f1c4b35b3395

  Help us help you.

  Is this relevant: you may encounter temporary connection related errors when you use Windows Update or Microsoft Update to install updates
  http://support.Microsoft.com/kb/836941

  Harold Horne / TaurArian [MVP] 2005-2011. The information has been provided * being * with no guarantee or warranty.

• Once the VPN connection is established, cannot ping or you connect other IP devices

  Try to get a RV016 installed and work so that people can work from home.  You will need to charge customers remote both WIN XP and MAC OS X.

  Have the configured router and works fine with the VPN Linksys client for WIN XP users.  Can connect, ping, mount the shared disks, print to printers to intellectual property, etc.

  Can connect to the router fine with two VPN clients third 3 for Mac: VPN Tracker and IPSecuritas.  However, once the connection is established, cannot ping the VPN LinkSYS router or any other IP address on the LAN Office.  Turn the firewall on or off makes no difference.

  Is there documentation anywhere that describes how the LinksysVPN for Windows Client communicates so these can be replicated in 3rd VPN clients from third parties for the Mac in OS X?

  The connection with IPSecuritas and VPN Tracker is performed using a shared key and a domain name.  It is not a conflict of IP address network between the client and the VPN 192.168.0.0/24 network.

  VPN Tracker and IPSecuritas are able to connect to the routers CISCO easy VPN with no poblem.

  Any ideas on how to get the RV016 to work for non-Windows users?

  We found and fixed the problem, so using VPN Tracker or current IPSecuritas on OS X people have access to the LAN via the RV016 machines. The "remote networks" in the screen BASE in VPN Tracker has been set on the entire subnet: 192.168.0.0/255.255.255.0 the in the RV016 has been set to the IP of 192.168.0.1 to 192.168.0.254 range. Even if the addresses are essentially the same, without specifying the full subnet in the RV016 has allowed the connection to do but prevented the VPN client machine to connect because the RV016 would pass all traffic to the Remote LAN. Change the setting of 'local group' in RV016 settings in the screen "VPN/summary/GroupVPN', 'Local Group Zone' for the subnet 192.168.0.0/24 full solved the problem.

• Cannot ping hosts on the same vlan on the 2 switches.

  Hey guys so I create my own network in Packet Tracer 6.3. While the hosts can ping others on the same switch 2960 and VLAN, they are unable to ping a host on another switch in the same VLAN. For example. Josh PC on S1 (192.168.10.10) cannot ping PC Doge on S2 (192.168.10.13). I'm sure that they are on the same subnet, so I thing it is a problem of junction...

  S1:

  S1 #show ip int br

  Interface IP-Address OK? Method State Protocol

  FastEthernet0/1 unassigned YES manual up up

  FastEthernet0/2 unassigned YES manual up up

  FastEthernet0/3 unassigned YES manual up up

  FastEthernet0/4 unassigned YES manual up up

  FastEthernet0/5 unassigned YES manual administratively down down

  FastEthernet0/6 unassigned YES manual administratively down down

  FastEthernet0/7 unassigned YES manual administratively down down

  FastEthernet0/8 unassigned YES manual administratively down down

  FastEthernet0/9 unassigned YES manual administratively down down

  FastEthernet0/10 unassigned YES manual administratively down down

  FastEthernet0/11 unassigned YES manual administratively down down

  FastEthernet0/12 unassigned YES manual administratively down down

  FastEthernet0/13 unassigned YES manual administratively down down

  FastEthernet0/14 unassigned YES manual administratively down down

  FastEthernet0/15 unassigned YES manual administratively down down

  FastEthernet0/16 unassigned YES manual administratively down down

  FastEthernet0/17 unassigned YES manual administratively down down

  FastEthernet0/18 unassigned YES manual administratively down down

  FastEthernet0/19 unassigned YES manual administratively down down

  FastEthernet0/20 unassigned YES manual administratively down down

  FastEthernet0/21 unassigned YES manual administratively down down

  FastEthernet0/22 unassigned YES manual administratively down down

  FastEthernet0/23 unassigned YES manual administratively down down

  FastEthernet0/24 unassigned YES manual administratively down down

  GigabitEthernet0/1 unassigned YES manual down down

  GigabitEthernet0/2 unassigned YES manual down down

  Vlan1 unassigned YES manual administratively down down

  Vlan2 unassigned YES manual downwards upwards

  Vlan10 unassigned YES manual up up

  S1 #show interface f0/1 switchport

  Name: Fa0/1

  Switchport: enabled

  Administrative mode: trunk

  Operational mode: trunk

  Encapsulation of administrative circuits: dot1q

  Operational Trunking encapsulation: dot1q

  Trunking negotiation: Off

  The VIRTUAL LAN access mode: (default) 1

  Native mode VLAN Trunking: 2 (native)

  The voice of VLAN: no

  Private-vlan host association Directors: no

  Mapping of private - vlan management: no

  Private-vlan trunk administration VLAN native: no

  Private - vlan administration trunk encapsulation: dot1q

  Private-vlan trunk administration VLAN normal: no

  Private-vlan trunk administration private VLAN: no

  Private-vlan operational: no

  VLAN Trunking enabled: ALL

  Pruning VLANS enabled: 2-1001

  Capture Mode disabled

  Capture VLAN allowed: ALL

  Protected: false

  The unit trust: no

  S1 #show vlan br

  Ports of status for the name of VLAN

  ---- -------------------------------- --------- -------------------------------

  1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8

  Fa0/9, Fa0/10, Fa0/11, Fa0/12

  FA0/13, Fa0/14, Fa0/15, Fa0/16

  FA0/17, Fa0/18, Fa0/19, Fa0/20

  FA0/21, Fa0/22, Fa0/23 and Fa0/24

  Gig0/1, Gig0/2

  2 active native

  5 active

  10 active VLAN0010 Fa0/2, Fa0/3, Fa0/4

  active by default fddi 1002

  assets of token-ring-default 1003

  1004 fddinet - default active

  1005 trnet - default active

  Trunk interface #show S1

  VLAN Mode Encapsulation native port State

  FA0/1 on 802. 1 trunking q 2

  Port VLAN allowed on trunk

  5,10,20 FA0/1

  Port VLAN authorized and active in the field of management

  FA0/1 5,10

  VLAN port extending on transmission State and no tree pruned

  FA0/1 5,10

  S1 #show mac-address-table

  Mac address table

  -------------------------------------------

  VLAN Mac Address Type Ports

  ---- ----------- -------- -----

  5 00d0.d37a.ed01 DYNAMICS Fa0/1

  S2:

  S2 #show ip int br

  Interface IP-Address OK? Method State Protocol

  FastEthernet0/1 unassigned YES manual up up

  FastEthernet0/2 unassigned YES manual up up

  FastEthernet0/3 unassigned YES manual up up

  FastEthernet0/4 unassigned YES manual up up

  FastEthernet0/5 unassigned YES manual administratively down down

  FastEthernet0/6 unassigned YES manual administratively down down

  FastEthernet0/7 unassigned YES manual administratively down down

  FastEthernet0/8 unassigned YES manual administratively down down

  FastEthernet0/9 unassigned YES manual administratively down down

  FastEthernet0/10 unassigned YES manual administratively down down

  FastEthernet0/11 unassigned YES manual administratively down down

  FastEthernet0/12 unassigned YES manual administratively down down

  FastEthernet0/13 unassigned YES manual administratively down down

  FastEthernet0/14 unassigned YES manual administratively down down

  FastEthernet0/15 unassigned YES manual administratively down down

  FastEthernet0/16 unassigned YES manual administratively down down

  FastEthernet0/17 unassigned YES manual administratively down down

  FastEthernet0/18 unassigned YES manual administratively down down

  FastEthernet0/19 unassigned YES manual administratively down down

  FastEthernet0/20 unassigned YES manual administratively down down

  FastEthernet0/21 unassigned YES manual administratively down down

  FastEthernet0/22 unassigned YES manual administratively down down

  FastEthernet0/23 unassigned YES manual administratively down down

  FastEthernet0/24 unassigned YES manual administratively down down

  GigabitEthernet0/1 unassigned YES manual down down

  GigabitEthernet0/2 unassigned YES manual down down

  Vlan1 unassigned YES manual administratively down down

  Vlan2 unassigned YES manual downwards upwards

  Vlan5 unassigned YES manual up up

  Vlan10 unassigned YES manual up up

  Vlan20 unassigned YES manual up up

  Vlan99 unassigned YES manual administratively down down

  S2 #show interface f0/1 switchport

  Name: Fa0/1

  Switchport: enabled

  Administrative mode: trunk

  Operational mode: trunk

  Encapsulation of administrative circuits: dot1q

  Operational Trunking encapsulation: dot1q

  Trunking negotiation: on

  The VIRTUAL LAN access mode: (default) 1

  Native mode VLAN Trunking: 2 (native)

  The voice of VLAN: no

  Private-vlan host association Directors: no

  Mapping of private - vlan management: no

  Private-vlan trunk administration VLAN native: no

  Private - vlan administration trunk encapsulation: dot1q

  Private-vlan trunk administration VLAN normal: no

  Private-vlan trunk administration private VLAN: no

  Private-vlan operational: no

  VLAN Trunking enabled: ALL

  Pruning VLANS enabled: 2-1001

  Capture Mode disabled

  Capture VLAN allowed: ALL

  Protected: false

  The unit trust: no

  S2 #show vlan br

  Ports of status for the name of VLAN

  ---- -------------------------------- --------- -------------------------------

  1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8

  Fa0/9, Fa0/10, Fa0/11, Fa0/12

  FA0/13, Fa0/14, Fa0/15, Fa0/16

  FA0/17, Fa0/18, Fa0/19, Fa0/20

  FA0/21, Fa0/22, Fa0/23 and Fa0/24

  Gig0/1, Gig0/2

  2 active native

  5 active

  10 VLAN0010 active Fa0/4

  20 VLAN0020 active Fa0/2, Fa0/3

  active by default fddi 1002

  assets of token-ring-default 1003

  1004 fddinet - default active

  1005 trnet - default active

  S2 #show mac-address-table

  Mac address table

  -------------------------------------------

  VLAN Mac Address Type Ports

  ---- ----------- -------- -----

  2 0030.f2c1.94e5 STATIC Fa0/1

  2 0060.5c83.3401 STATIC Fa0/1

  10 0002.4ae9.6964 STATIC Fa0/4

  10 0060.5c83.3401 STATIC Fa0/1

  20 0009.7c9a.a134 STATIC Fa0/2

  ----------------------------------------------------------------------------------

  Let me know what I missed here. All connections are made with a straight through cable.

  See you soon

  Josh

  Try to remove the S2 switchport port-security:

  interface FastEthernet0/1
   no switchport port-security

• Network problem ESXI on reviews of CentOS 5.5

  We have dedicated node in HP ProLiant DL120 G7 (ONLINE.NET datacenter in France) with installation 5.5 ESXI and vSphere Clent. In the data store, we have the ISO for CentOS 5 and 6 files in order to create VM customers for the web server application.

  vSphere Client creates the VM on the dedicated node successfully, but we have a problem with the networking, guests of virtual computer cannot access the internet. Settings for the virtual machine networking vSphere client a VMXNET3 adapter with edited manually (provided data center virtual MAC) MAC address and default VM network as network connection option.

  Inside of the virtual machine comments (CentOS 6 minimum), that we have tried to install/etc/sysconfig/network-scripts/ifcfg-eth0 and/etc/sysconfig/network-scripts/route-eth0 according to the tutorial https://documentation.online.NET/en/serveur-dedie/Systemes-d_exploitation/vmware_vsphere_hypervisor_esxi_english

  but still cannot ping external container.

  We have an IP address main and tipping 5 IPs with virutal MAC addresses.

  How to set up the connection?

  Problem solved!

  Here's a solution:

  / etc/sysconfig/network-scripts/ifcfg-eth0

  should have:

  DEVICE = eth0

  BOOTPROTO = none

  ONBOOT = yes

  USERCTL = no

  IPV6INIT = no

  PEERDNS = yes

  TYPE = Ethernet

  NETMASK = 255.255.255.255

  IPADDR #Replace with your IP address

  IPADDR = 195.154. *. *

  #Replace GATEWAY with your GATEWAY IP address

  GATEWAY = 195.154. *. *

  DNS1 = 8.8.8.8

  ARP = yes

  ARPCHECK = no

• The host cannot ping

  Hello

  I can't reach my host. What could be the problem?

  I am using Vmware Server 2.0.1 Build 156745

  Host: Windows XP Professional sp2

  IP:192.168.146.1 host (vmnet1)

  Hardware: Computer laptop Dell 630

  Comments: Linux

  CentOS 2.16.0

  GuestIP:192.168.146.120

  Comments cannot ping the host

  Host cannot ping the prompt

  I tried to configure the nat and the host only to connect. Nat could also be able to reach the external pages.

  I appreciate any ideas

  Is the fixed prompt on DHCP or IP?

  What network cards do you have on the host and bridged (vmnetcfg.exe run as administrator)?

  Is the physical card on the guest living/connected - sometimes to the life of a card NETWORK disconnected will no connectivity in the guest?

  Have you recently changed the VMware network in the host? If so, you will need to restart the VMware services or reboot the host.

  Is there a firewall clutter it?

  Is the card NETWORK connected to the prompt - it shouldn't be a red cross on the network icon in the list of the material in the center of the console pane when the virtual machine is selected in the left pane?

  The MAC address or virtual and physical adapters in the host and the single guest, that is not duplicated?

  If all this pans, can be helpful to remove the NETWORK card in the prompt and add a. Also, what type of NETWORK adapter is it in the guest - 'flexible' or 'e1000 '? Should be 'flexible' for Linux - post (tie) the .vmx doubt customers.

  --

  If you have found this device or any other answer useful please consider the use of buttons useful or Correct to award points.

• Comments cannot ping host

  Hi all:

  I have a strange problem of networking that VMware technical support has not been able to help.

  Summary of the problem: comments cannot ping host unless the host is a ping command, while the guest is ping to the host

  Details of the problem: I have intalled VMware Workstation 6.5.2 on the host Windows Vista Edition Home Premium (SP1). I installed several guests, including Ubuntu 8.04, openSUSE 11, Win XP and Win 2000. All guests use "bridged" network. The host has a static IP address. All guests have DHCP. All these people have the same problem - they cannot ping the host. It simply returns "Destination unreachable". However, if I run a ping from the host (it didn't ping the same customer, any ip address on the network) while the guest is ping to the host, and then will cross ping of the guest. For the next two minutes, the guest will be able to ping the host without any problem (without 'help' of the host). Then the guest will again be able ping on the host and you will have to repeat the same process. Quite strange, isn't? Another problem, I can access the internet from the hosts and guests can ping each other. (I can't access the printer connected to the host. However if the guest can ping on the host, then it can also access the printer as well.) I tried everything but still can't find the root cause of the problem. Here is a list of the things I've tried:

  1. tried VMware Workstation 6.5.2 on a Windows XP computer on the same network (equipped with a wireless card intel) and did NOT have this problem.

  2. firewalls, antivirus software, VPN clients, etc. were all off. It did not help.

  3. the problem disappears if I use the wired Ethernet connection

  4. the current wireless adapter is a D-Link, but I also tried with a Linksys Wireless card and had the same problem

  5. the same problem exists also for VMware 6.5.1

  6. I have installed the software VirtuaBox VM from Sun and installed the same comments from Ubuntu on the same host. The problem goes away!

  7. I also tried the "NAT" networking and had the same problem.

  8. I also tried DHCP for host and had the same problem.

  I've tried everything I can think of and nothing seemed to help. I have filed a request for assistance with VMware tech and traded a few emails with the support guy but have not heard from him for a few days. I would really appreciate if someone can offer a few ideas to help solve this problem. I'm not a networking guru, but I'm a software engineer, so you can talk to me in technical terms.

  Thank you in advance.

  Yes! as noted above, it is the arp tables.

  my router is assigned the same IP address for the host computer and the guest, so as soon as you ping from your host prompt, the mac and ip is back in the arp (invites) tables and from there he will communicate via newly assigned ARP table. You can check this scathing the hostname and it will be the same ip address as your guest (in my case)

  I then googled arp vmware and discovered that it is familir with chipset broadcom and vmware behavior.

  ARP - a displays the tables,

  ARP s 00-00-00-00-00-00 192.168.x.xxx - assign the IP address to a MAC address.

  I hope this helps.

• Cannot ping router

  I can't ping my router or other device on my network, and can't connect to the internet.
  I can ping myself or the local host.  I use a wireless connection. The wireless connection icon shows the status connected with a staff of excellent.
  I ran the Diagnostics network and everything he told me that if he failed because he cannot ping the router and DNS servers.
  I don't know why.  Can someone tell what to do next?

  Solved.
  If you missed all info, all you had to do was ask.  I don't remember do not provide that whatever it is asked.
  In any case, I tried to connect an ethernet cable from the vrouter in it mobile and connected to the network immediately ITI.
  I don't know why the diagnosis doesn't have to indicate the wireless card has been a problem.  It shows that its correct operation.  Now, I even once to download and reinmstall Norton.  I hope their support will provide me with the correct key.  I'm happy I don't have to wast of countless hours to redo my network addressing scheme works.
  Thanks for your time.

• ASA 5540 - cannot ping inside the interface

  Hi all. We have recently upgraded PIX to ASA5540 and we saw a strange thing going. In a Word, we can ping the inside interface of the ASA from any beach on our 6500 network (which is connected directly behind the ASA on the inside), but one where our monitoring tools are placed. Inside there is an ACL that allows all of our core networks, but it does not help that the interface is really strange.

  In the ASDM, I see messages like this:

  ID ICMP echo request: 2004 x.x.x.x y.y.y.y on the inside interface to. I don't think that's the problem, but I could be wrong.

  This is also the configuration of the interface VLAN VIRTUAL local area network from which we cannot ping inside the interface we can ping to and since this VLAN and machines without problem. The only problem is ping the inside interface of the ASA.

  interface Vlanx

  IP x.x.x.x 255.255.255.0

  IP broadcast directed to 199

  IP accounting output-packets

  IP pim sparse - dense mode

  route IP cache flow

  load-interval 30

  Has anyone experiences the problem like this before? Thanks in advance for any help.

  Can you post the output of the following on the ASA:-

  display the route

  And the output of your base layer diverter: -.

  show ip route<>

  HTH >

• Cannot ping to Internet

  Hello

  I am setting up and reconfiguration of a firewall PIX515 with 6.3 software (4) OS PIX.

  I cannot ping devices on the Internet from inside interface. There are a few addresses that I can ping if I am outside of the firewall.

  Looks like the firewall is not translate correctly on the return package. I can navigate and do other things but not ping.

  Here's my nat and global declarations:

  # Sh nat Pix1

  NAT (inside) 1 10.0.0.0 255.0.0.0 0 0

  NAT (dmz) 1 172.xx.xx.0 255.255.255.0 0 0

  Pix1 # global HS

  Global (outside) 1 6x.xxx.xxx.6 x - 6 x .xxx .xxx. 7 x

  Global 1 6x.xxx.xxx.6x (outside)

  Global interface (dmz) 1

  Here's an abbreviated ICMP trace:

  Pix1 debug icmp trace #.

  ICMP trace on

  WARNING: This can cause problems on busy networks

  Pix1 # 1:-inside:10.xx.xx.x ICMP echo request 5-6x.xxx.xxx.1 ID = 512 seq = 89

  length 63 = 40

  2: ICMP echo request: translation of inside:10.xx.xx.x 5-outside:6 x .xxx .xxx. 6

  3:-inside:10.xx.xx.x ICMP echo request 5-6x.xxx.xxx.1 ID = 512 seq = len 9219

  GTH = 40

  4: ICMP echo request: translation of inside:10.xx.xx.x 5-outside:6 x .xxx .xxx. 6

  5:-inside:10.xx.xx.x ICMP echo request 5-6x.xxx.xxx.1 ID = 512 seq = len 9475

  GTH = 40

  6: ICMP echo request: translation of inside:10.xx.xx.x 5-outside:6 x .xxx .xxx. 6

  7: ICMP echo-reply of the outside:6 x .xxx .xxx. 1 to the seq ID = 512 6x.xxx.xxx.6 = the 9475

  ngth = 40

  8:-inside:10.xx.xx.x ICMP echo request 5-6x.xxx.xxx.1 ID = 512 seq = len 9731

  GTH = 40

  9: ICMP echo request: translation of inside:10.xx.xx.x 5-outside:6 x .xxx .xxx. 6

  Thanks in advance for your help.

  Doug.

  ICMP is not a protocol with the State, to allow ping trought the PIX, you must add extra lines in your access list on the outside!

  See: Handling ICMP Pings with the PIX firewall

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

  The PIX and the traceroute command

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_tech_note09186a00800e9312.shtml

  examples:

  Traveroute

  Microsoft:

  Access-group 101 in external interface

  access-list 101 permit icmp any unreachable host YourPublicIP

  access-list 101 permit icmp any host YourPublicIP time exceeded

  access-list 101 permit icmp any host YourPublicIP echo-reply

  UNIX:

  Access-group 101 in external interface

  access-list 101 permit icmp any unreachable host YourPublicIP

  access-list 101 permit icmp any host YourPublicIP time exceeded

  ICMP command example

  ICMP deny everything outside

  ICMP allow any response of echo outdoors

  ICMP allow any response echo inside

  permit ICMP echo host 192.168.1.30 inside

  permit ICMP echo host 192.168.1.31 inside

  permit ICMP echo host 192.168.1.20 inside

  permit ICMP echo host 192.168.1.40 inside

  permit ICMP echo host 192.168.1.100 inside

  sincerely

  Patrick

• Peer AnyConnect VPN cannot ping, RDP each other

  I have an ASA5505 running ASA 8.3 (1) and ASDM 7.1 (1).  I have a remote access VPN set up and remote access users are able to connect and access to network resources.   I can ping the VPN peers between the Remote LAN.    My problem counterparts VPN cannot ping (RDP, CDR) between them.   Ping a VPN peer of reveals another the following error in the log of the SAA.

  Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp outside CBC: 10.10.10.8 outside dst: 10.10.10.9 (type 8, code 0) rejected due to the failure of reverse NAT.

  Here's my ASA running-config:

  ASA Version 8.3 (1)

  !

  ciscoasa hostname

  domain dental.local

  activate 9ddwXcOYB3k84G8Q encrypted password

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address dhcp setroute

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  passive FTP mode

  clock timezone CST - 6

  clock to summer time recurring CDT

  DNS lookup field inside

  DNS server-group DefaultDNS

  192.168.1.128 server name

  domain dental.local

  permit same-security-traffic inter-interface

  permit same-security-traffic intra-interface

  network obj_any object

  subnet 0.0.0.0 0.0.0.0

  network of the RAVPN object

  10.10.10.0 subnet 255.255.255.0

  network of the NETWORK_OBJ_10.10.10.0_28 object

  subnet 10.10.10.0 255.255.255.240

  network of the NETWORK_OBJ_192.168.1.0_24 object

  subnet 192.168.1.0 255.255.255.0

  access-list Local_LAN_Access note VPN Customer local LAN access

  Local_LAN_Access list standard access allowed host 0.0.0.0

  DefaultRAGroup_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0

  Note VpnPeers access list allow peer vpn ping on the other

  permit access list extended ip object NETWORK_OBJ_10.10.10.0_28 object NETWORK_OBJ_10.10.10.0_28 VpnPeers

  pager lines 24

  Enable logging

  asdm of logging of information

  logging of information letter

  address record [email protected] / * /

  exploitation forest-address recipient [email protected] / * / level of information

  record level of 1 600 6 rate-limit

  Outside 1500 MTU

  Within 1500 MTU

  mask 10.10.10.5 - 10.10.10.10 255.255.255.0 IP local pool VPNPool

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 711.bin

  don't allow no asdm history

  ARP timeout 14400

  NAT (inside, all) static source all electricity static destination RAVPN RAVPN

  NAT (inside, outside) static static source NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28

  NAT (inside, outside) static source all all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination

  !

  network obj_any object

  NAT dynamic interface (indoor, outdoor)

  network of the RAVPN object

  dynamic NAT (all, outside) interface

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  dynamic-access-policy-registration DfltAccessPolicy

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Community SNMP-server

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transit

  Crypto ipsec transform-set ESP-DES-SHA-TRANS esp - esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-SHA-TRANS mode transit

  Crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transit

  Crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transit

  Crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transit

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP ESP-AES-128-SHA ESP - AES - 192 - SHA ESP - AES - 256 - SHA ESP - 3DES - SHA - OF - SHA ESP - AES - 128 - SHA - TRANS ESP - AES - 192 - SHA - TRANS ESP - AES - 256 - SHA - ESP ESP - 3DES - SHA - TRANS TRANS-DES - SHA - TRANS

  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

  outside_map interface card crypto outside

  trustpoint crypto ca-CA-SERVER ROOM

  LOCAL-CA-SERVER key pair

  Configure CRL

  Crypto ca trustpoint ASDM_TrustPoint0

  registration auto

  name of the object CN = ciscoasa

  billvpnkey key pair

  Proxy-loc-transmitter

  Configure CRL

  crypto ca server

  CDP - url http://ciscoasa/+CSCOCA+/asa_ca.crl

  name of the issuer CN = ciscoasa

  SMTP address [email protected] / * /

  crypto certificate chain ca-CA-SERVER ROOM

  certificate ca 01

  * hidden *.

  quit smoking

  string encryption ca ASDM_TrustPoint0 certificates

  certificate 10bdec50

  * hidden *.

  quit smoking

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  authentication crack

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 20

  authentication rsa - sig

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 30

  preshared authentication

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 40

  authentication crack

  aes-192 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 50

  authentication rsa - sig

  aes-192 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 60

  preshared authentication

  aes-192 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 70

  authentication crack

  aes encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 80

  authentication rsa - sig

  aes encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 90

  preshared authentication

  aes encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 100

  authentication crack

  3des encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 110

  authentication rsa - sig

  3des encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 120

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 130

  authentication crack

  the Encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 140

  authentication rsa - sig

  the Encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 150

  preshared authentication

  the Encryption

  sha hash

  Group 2

  life 86400

  enable client-implementation to date

  Telnet 192.168.1.1 255.255.255.255 inside

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  management-access inside

  dhcpd outside auto_config

  !

  dhcpd address 192.168.1.50 - 192.168.1.99 inside

  dhcpd allow inside

  !

  a basic threat threat detection

  threat detection statistics

  a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200

  SSL-trust outside ASDM_TrustPoint0 point

  WebVPN

  allow outside

  SVC disk0:/anyconnect-win-3.1.04072-k9.pkg 1 image

  SVC profiles DellStudioClientProfile disk0: / dellstudioclientprofile.xml

  enable SVC

  tunnel-group-list activate

  internal-password enable

  chip-tunnel list SmartTunnelList RDP mstsc.exe windows platform

  internal DefaultRAGroup group strategy

  attributes of Group Policy DefaultRAGroup

  Server DNS 192.168.1.128 value

  Protocol-tunnel-VPN l2tp ipsec

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list DefaultRAGroup_splitTunnelAcl

  Dental.local value by default-field

  WebVPN

  SVC value vpngina modules

  internal DefaultRAGroup_1 group strategy

  attributes of Group Policy DefaultRAGroup_1

  Server DNS 192.168.1.128 value

  Protocol-tunnel-VPN l2tp ipsec

  Dental.local value by default-field

  attributes of Group Policy DfltGrpPolicy

  Server DNS 192.168.1.128 value

  VPN - 4 concurrent connections

  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn

  value of group-lock RAVPN

  value of Split-tunnel-network-list Local_LAN_Access

  Dental.local value by default-field

  WebVPN

  the value of the URL - list DentalMarks

  SVC value vpngina modules

  SVC value dellstudio type user profiles

  SVC request to enable default webvpn

  chip-tunnel enable SmartTunnelList

  wketchel1 5c5OoeNtCiX6lGih encrypted password username

  username wketchel1 attributes

  VPN-group-policy DfltGrpPolicy

  WebVPN

  SVC value DellStudioClientProfile type user profiles

  username privilege 15 encrypted password 5c5OoeNtCiX6lGih wketchel

  username wketchel attributes

  VPN-group-policy DfltGrpPolicy

  WebVPN

  modules of SVC no

  SVC value DellStudioClientProfile type user profiles

  jenniferk 5.TcqIFN/4yw0Vq1 of encrypted password privilege 0 username

  jenniferk username attributes

  VPN-group-policy DfltGrpPolicy

  WebVPN

  SVC value DellStudioClientProfile type user profiles

  attributes global-tunnel-group DefaultRAGroup

  address pool VPNPool

  LOCAL authority-server-group

  IPSec-attributes tunnel-group DefaultRAGroup

  pre-shared key *.

  tunnel-group DefaultRAGroup ppp-attributes

  PAP Authentication

  ms-chap-v2 authentication

  eap-proxy authentication

  type tunnel-group RAVPN remote access

  attributes global-tunnel-group RAVPN

  address pool VPNPool

  LOCAL authority-server-group

  tunnel-group RAVPN webvpn-attributes

  enable RAVPN group-alias

  IPSec-attributes tunnel-group RAVPN

  pre-shared key *.

  tunnel-group RAVPN ppp-attributes

  PAP Authentication

  ms-chap-v2 authentication

  eap-proxy authentication

  type tunnel-group WebSSLVPN remote access

  tunnel-group WebSSLVPN webvpn-attributes

  enable WebSSLVPN group-alias

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  !

  global service-policy global_policy

  173.194.64.108 SMTP server

  context of prompt hostname

  HPM topN enable

  Cryptochecksum:3304bf6dcf6af5804a21e9024da3a6f8

  : end

  Hello

  Seems to me that you can clean the current NAT configuration a bit and make it a little clearer.

  I suggest the following changes

  network of the VPN-POOL object

  10.10.10.0 subnet 255.255.255.0

  the object of the LAN network

  subnet 192.168.1.0 255.255.255.0

  PAT-SOURCE network object-group

  object-network 192.168.1.0 255.255.255.0

  object-network 10.10.10.0 255.255.255.0

  NAT static destination LAN LAN (indoor, outdoor) static source VPN-VPN-POOL

  destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL

  NAT interface (it is, outside) the after-service automatic PAT-SOURCE dynamic source

  The above should allow

  • Dynamic PAT for LAN and VPN users
  • NAT0 for traffic between the VPN and LAN
  • NAT0 for traffic between the VPN users

  You can then delete the previous NAT configurations. Naturally, please save the configuration before you make the change, if you want to revert to the original configuration.

  no static source nat (inside, everything) all electricity static destination RAVPN RAVPN

  No source (indoor, outdoor) nat static static NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28

  No source (indoor, outdoor) nat static everything all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination

  No network obj_any object

  No network object RAVPN

  In case you do not want to change the settings a lot you might be right by adding this

  network of the VPN-POOL object

  10.10.10.0 subnet 255.255.255.0

  destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL

  But the other above configurations changes would make NAT configurations currently simpler and clearer to see every goal of "nat" configurations.

  -Jouni