Network problems, cannot ping my mac
I run Fusion 7.1.1 and 14.04 Ubuntu Server on my imac 10.10.3 for web development.
I have a bolt of lightning promise connected to the mac and mounted it on my ubuntu via smb, everything worked fine.
So I decided to leave my college surf on my ubuntu, so I set up a local dns server on a server running the same configuration in the office and I changed the fusion network settings to detect automatically so that my ubuntu has got a 10.0.1.x - address, we have an Airport extreme.
Somewhere here I lost connection to my hard drive.
If I ssh to my ubuntu, or any other computer on the network and the ping 10.0.1.2 (my imac) I get timeout. I can ping 10.0.1.2 from my mac.
ifconfig - a on my imac gives at the end:
VMnet1: flags = 8863 < UP, BROADCAST, SMART, RUNNING, SIMPLEX, MULTICAST > mtu 1500
ether 00:50:56:c0:00:01
INET 172.16.20.1 netmask 0xffffff00 broadcast 172.16.20.255
VMnet8: flags = 8863 < UP, BROADCAST, SMART, RUNNING, SIMPLEX, MULTICAST > mtu 1500
ether 00:50:56:c0:00:08
INET 192.168.36.1 netmask 0xffffff00 broadcast 192.168.36.255
My guess is that I'm not on the dissemination of the right and these two are to mess up something.
I followed a tutorial on how to get my ubuntu on 10.0.1.x - network before realizing that I had to do it in vmware, so I could have done something, but I think I have everything reset.
There are stranger things with my computer, the Facebook popup is really slow and dropbox sync, indicating that they expect a waiting period before you get on the web?
He had nothing to do with vmware to do, I had also installed a vpn client who had a firewall that I never knew.
Tags: VMware
Similar Questions
-
Network problem Windows vista and Mac computers.
Original title: cannot share the file, help!
Hello.
I just got a macbook the other day, the mac was pretty easy to understand how to set up for file sharing. It is installed on my pc and that you can view the files mac very well. However, I can't the PC to share files on mac to save my life. I didn't actually work earlier pretty ok, just read a comment online, but then the mac has had a problem with a hard drive so they just replaced with a new computer. I had the same model. I'm not sure what I'm doing wrong. As he asked a username and password for my PC to connect and view files (so I thought a lot of outside). I entered the same username and password for PC information, I entered earlier (several times), and it wouldn't work. I tried to enter my information to connect PC and it wouldn't work. I tried implementing new user names to add to the permissions and it would not work to connect on the mac. I tried to disable the password protection all together on pc and it still does not either. I know I entered the data correctly, I tried to work 3-4 hours... I'm a little confused, because it worked pretty quickly earlier and I did the same thing.What can I do? I'm doing something wrong? Any help that anyone can give is GREATLY, GREATLY appreciated! Thank you!!! :)HelloFollow the below mentioned article and see if that helps:Mac OS X: how to connect to files Windows (SMB) sharing
http://support.Apple.com/kb/HT1568If the article above is not enough, there will be some settings on a Mac computer need to change, then you can contact Apple for additional assistance.Here is the link: https://discussions.apple.com/index.jspa -
Home network problem cannot access one of that PC even if should be able
I ran into a problem... I have a PC running Windows Vista and Windows 7 PC on my network home. I can 'see' each from the other PC PC when I go on the network. The Windows Vista-based computer can access shared folders on the Windows 7 PC... and the Windows Vista computer can share items specially for windows 7 PC SHOULD have access to these folders. I placed the user for the Windows 7 PC as co-owner. HOWEVER, when I go to the network on the Windows 7 option, I select the Vista PC in the network thinking it should then show me the file and instead, troubleshooting network appears.
When I go to the troubleshooter, it says that it can't find the Vista machine... even if it it displays network before I tried to access it.
They are both in the same workgroup. I checked the machine windows 7 has permission for the folder in question indeed. and I've checked that the machine of windows Vista CAN access folders on the windows machine 7...
No idea what I'm missing?
Thank you!
Hi Jim,
1. did you change any software on the computer?
2. where you can access files on Windows Vista earlier?
Method 1:
Please click on this link to find how to share files and specific folders with someone,
http://Windows.Microsoft.com/en-us/Windows7/share-files-with-someone
Method 2:
Disable the antivirus/firewall softwareand check if it helps.
http://Windows.Microsoft.com/en-us/Windows7/disable-antivirus-software
http://Windows.Microsoft.com/en-us/Windows7/turn-Windows-Firewall-on-or-off
NOTE: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software.
Warning: If you need to disable temporarily to install other software, you must reactivate as soon as you are finished. If you are connected to the Internet or a network, while your antivirus software is disabled, your computer is vulnerable to attacks.
Method 3:
Turn off sharing protected by password:
Password sharing is enabled by default for computers of working groups. When password sharing is enabled, people using other computers on your network cannot access your shared folders or printers unless they have a user account on your computer. There are two ways to enable file or printer sharing:
o identical user accounts create on all computers in the workgroup (recommended). For more information, see create a user account.
o turn off password protected sharing. To turn off password protected sharing, follow these steps:
a. open the network and sharing Center by clicking the Start button on the Control Panel, click Network and Internet, and then click Network and sharing Center.
b. under sharing and discovery, click the arrow next to password protected sharing.
c. click turn off password protected sharing, and then click apply. If you are prompted for an administrator password or a confirmation, type the password or provide confirmation.
Please, try the following steps and check.
I hope it works!
-
Cannot download the software due to a network problem
Hi all I'm on MacBook Pro (retina, 15 inches, end of 2013).
I try to install Windows 10 with the version downloaded from the Microsoft Web site.
I finished uploaded and am trying to use Boot Camp to install Windows 10.
However, I faced a question and it is that he "cannot download the software due to a network problem".
I'm stuck here for an hour and I can't find a solution.
I did all right until now by the following online tutorial but it prevents me to continue.
Any help will be appreciated.
Thank you.It is a very common problem. To fix this, first try to start your Mac in safe mode by following these steps-> safe mode try if your Mac does not commissioning - Apple Support
Then, restart your Mac as usual and try to download the Windows support software again.
-
Windows 7 cannot see my Mac on my home network
I can share between the two computers, but my windows 7 cannot see the Mac when I go to the network in windows Explorer. However, I see the PC from the Mac. Both are under the same working group: MSHOME.
Any help would be greatly appreciated,
Brian
Hello
Please keep us informed about the issue.
I think that the problem to which you may be due to viruses or malware.
There could be chances that some settings were not correct or there could be a network congestion.
You can also look at post Len Flier in the thread following parameters of Mac replied on September 29, 2012.
Feel free to visit our Web site for any help with the Windows operating system in the future.
Thank you.
-
Cannot install updates due to temporary network problems
Hi need help please teporary network problems are interfering with windows update
Read this: http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/1467f44b-ee27-4f7d-98d7-f1c4b35b3395
Help us help you.
Is this relevant: you may encounter temporary connection related errors when you use Windows Update or Microsoft Update to install updates
http://support.Microsoft.com/kb/836941Harold Horne / TaurArian [MVP] 2005-2011. The information has been provided * being * with no guarantee or warranty.
-
Once the VPN connection is established, cannot ping or you connect other IP devices
Try to get a RV016 installed and work so that people can work from home. You will need to charge customers remote both WIN XP and MAC OS X.
Have the configured router and works fine with the VPN Linksys client for WIN XP users. Can connect, ping, mount the shared disks, print to printers to intellectual property, etc.
Can connect to the router fine with two VPN clients third 3 for Mac: VPN Tracker and IPSecuritas. However, once the connection is established, cannot ping the VPN LinkSYS router or any other IP address on the LAN Office. Turn the firewall on or off makes no difference.
Is there documentation anywhere that describes how the LinksysVPN for Windows Client communicates so these can be replicated in 3rd VPN clients from third parties for the Mac in OS X?
The connection with IPSecuritas and VPN Tracker is performed using a shared key and a domain name. It is not a conflict of IP address network between the client and the VPN 192.168.0.0/24 network.
VPN Tracker and IPSecuritas are able to connect to the routers CISCO easy VPN with no poblem.
Any ideas on how to get the RV016 to work for non-Windows users?
We found and fixed the problem, so using VPN Tracker or current IPSecuritas on OS X people have access to the LAN via the RV016 machines. The "remote networks" in the screen BASE in VPN Tracker has been set on the entire subnet: 192.168.0.0/255.255.255.0 the in the RV016 has been set to the IP of 192.168.0.1 to 192.168.0.254 range. Even if the addresses are essentially the same, without specifying the full subnet in the RV016 has allowed the connection to do but prevented the VPN client machine to connect because the RV016 would pass all traffic to the Remote LAN. Change the setting of 'local group' in RV016 settings in the screen "VPN/summary/GroupVPN', 'Local Group Zone' for the subnet 192.168.0.0/24 full solved the problem.
-
Cannot ping hosts on the same vlan on the 2 switches.
Hey guys so I create my own network in Packet Tracer 6.3. While the hosts can ping others on the same switch 2960 and VLAN, they are unable to ping a host on another switch in the same VLAN. For example. Josh PC on S1 (192.168.10.10) cannot ping PC Doge on S2 (192.168.10.13). I'm sure that they are on the same subnet, so I thing it is a problem of junction...
S1:
S1 #show ip int br
Interface IP-Address OK? Method State Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/2 unassigned YES manual up up
FastEthernet0/3 unassigned YES manual up up
FastEthernet0/4 unassigned YES manual up up
FastEthernet0/5 unassigned YES manual administratively down down
FastEthernet0/6 unassigned YES manual administratively down down
FastEthernet0/7 unassigned YES manual administratively down down
FastEthernet0/8 unassigned YES manual administratively down down
FastEthernet0/9 unassigned YES manual administratively down down
FastEthernet0/10 unassigned YES manual administratively down down
FastEthernet0/11 unassigned YES manual administratively down down
FastEthernet0/12 unassigned YES manual administratively down down
FastEthernet0/13 unassigned YES manual administratively down down
FastEthernet0/14 unassigned YES manual administratively down down
FastEthernet0/15 unassigned YES manual administratively down down
FastEthernet0/16 unassigned YES manual administratively down down
FastEthernet0/17 unassigned YES manual administratively down down
FastEthernet0/18 unassigned YES manual administratively down down
FastEthernet0/19 unassigned YES manual administratively down down
FastEthernet0/20 unassigned YES manual administratively down down
FastEthernet0/21 unassigned YES manual administratively down down
FastEthernet0/22 unassigned YES manual administratively down down
FastEthernet0/23 unassigned YES manual administratively down down
FastEthernet0/24 unassigned YES manual administratively down down
GigabitEthernet0/1 unassigned YES manual down down
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down
Vlan2 unassigned YES manual downwards upwards
Vlan10 unassigned YES manual up up
S1 #show interface f0/1 switchport
Name: Fa0/1
Switchport: enabled
Administrative mode: trunk
Operational mode: trunk
Encapsulation of administrative circuits: dot1q
Operational Trunking encapsulation: dot1q
Trunking negotiation: Off
The VIRTUAL LAN access mode: (default) 1
Native mode VLAN Trunking: 2 (native)
The voice of VLAN: no
Private-vlan host association Directors: no
Mapping of private - vlan management: no
Private-vlan trunk administration VLAN native: no
Private - vlan administration trunk encapsulation: dot1q
Private-vlan trunk administration VLAN normal: no
Private-vlan trunk administration private VLAN: no
Private-vlan operational: no
VLAN Trunking enabled: ALL
Pruning VLANS enabled: 2-1001
Capture Mode disabled
Capture VLAN allowed: ALL
Protected: false
The unit trust: no
S1 #show vlan br
Ports of status for the name of VLAN
---- -------------------------------- --------- -------------------------------
1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
FA0/13, Fa0/14, Fa0/15, Fa0/16
FA0/17, Fa0/18, Fa0/19, Fa0/20
FA0/21, Fa0/22, Fa0/23 and Fa0/24
Gig0/1, Gig0/2
2 active native
5 active
10 active VLAN0010 Fa0/2, Fa0/3, Fa0/4
active by default fddi 1002
assets of token-ring-default 1003
1004 fddinet - default active
1005 trnet - default active
Trunk interface #show S1
VLAN Mode Encapsulation native port State
FA0/1 on 802. 1 trunking q 2
Port VLAN allowed on trunk
5,10,20 FA0/1
Port VLAN authorized and active in the field of management
FA0/1 5,10
VLAN port extending on transmission State and no tree pruned
FA0/1 5,10
S1 #show mac-address-table
Mac address table
-------------------------------------------
VLAN Mac Address Type Ports
---- ----------- -------- -----
5 00d0.d37a.ed01 DYNAMICS Fa0/1
S2:
S2 #show ip int br
Interface IP-Address OK? Method State Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/2 unassigned YES manual up up
FastEthernet0/3 unassigned YES manual up up
FastEthernet0/4 unassigned YES manual up up
FastEthernet0/5 unassigned YES manual administratively down down
FastEthernet0/6 unassigned YES manual administratively down down
FastEthernet0/7 unassigned YES manual administratively down down
FastEthernet0/8 unassigned YES manual administratively down down
FastEthernet0/9 unassigned YES manual administratively down down
FastEthernet0/10 unassigned YES manual administratively down down
FastEthernet0/11 unassigned YES manual administratively down down
FastEthernet0/12 unassigned YES manual administratively down down
FastEthernet0/13 unassigned YES manual administratively down down
FastEthernet0/14 unassigned YES manual administratively down down
FastEthernet0/15 unassigned YES manual administratively down down
FastEthernet0/16 unassigned YES manual administratively down down
FastEthernet0/17 unassigned YES manual administratively down down
FastEthernet0/18 unassigned YES manual administratively down down
FastEthernet0/19 unassigned YES manual administratively down down
FastEthernet0/20 unassigned YES manual administratively down down
FastEthernet0/21 unassigned YES manual administratively down down
FastEthernet0/22 unassigned YES manual administratively down down
FastEthernet0/23 unassigned YES manual administratively down down
FastEthernet0/24 unassigned YES manual administratively down down
GigabitEthernet0/1 unassigned YES manual down down
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down
Vlan2 unassigned YES manual downwards upwards
Vlan5 unassigned YES manual up up
Vlan10 unassigned YES manual up up
Vlan20 unassigned YES manual up up
Vlan99 unassigned YES manual administratively down down
S2 #show interface f0/1 switchport
Name: Fa0/1
Switchport: enabled
Administrative mode: trunk
Operational mode: trunk
Encapsulation of administrative circuits: dot1q
Operational Trunking encapsulation: dot1q
Trunking negotiation: on
The VIRTUAL LAN access mode: (default) 1
Native mode VLAN Trunking: 2 (native)
The voice of VLAN: no
Private-vlan host association Directors: no
Mapping of private - vlan management: no
Private-vlan trunk administration VLAN native: no
Private - vlan administration trunk encapsulation: dot1q
Private-vlan trunk administration VLAN normal: no
Private-vlan trunk administration private VLAN: no
Private-vlan operational: no
VLAN Trunking enabled: ALL
Pruning VLANS enabled: 2-1001
Capture Mode disabled
Capture VLAN allowed: ALL
Protected: false
The unit trust: no
S2 #show vlan br
Ports of status for the name of VLAN
---- -------------------------------- --------- -------------------------------
1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
FA0/13, Fa0/14, Fa0/15, Fa0/16
FA0/17, Fa0/18, Fa0/19, Fa0/20
FA0/21, Fa0/22, Fa0/23 and Fa0/24
Gig0/1, Gig0/2
2 active native
5 active
10 VLAN0010 active Fa0/4
20 VLAN0020 active Fa0/2, Fa0/3
active by default fddi 1002
assets of token-ring-default 1003
1004 fddinet - default active
1005 trnet - default active
S2 #show mac-address-table
Mac address table
-------------------------------------------
VLAN Mac Address Type Ports
---- ----------- -------- -----
2 0030.f2c1.94e5 STATIC Fa0/1
2 0060.5c83.3401 STATIC Fa0/1
10 0002.4ae9.6964 STATIC Fa0/4
10 0060.5c83.3401 STATIC Fa0/1
20 0009.7c9a.a134 STATIC Fa0/2
----------------------------------------------------------------------------------
Let me know what I missed here. All connections are made with a straight through cable.
See you soon
Josh
Try to remove the S2 switchport port-security:
interface FastEthernet0/1 no switchport port-security
-
Network problem ESXI on reviews of CentOS 5.5
We have dedicated node in HP ProLiant DL120 G7 (ONLINE.NET datacenter in France) with installation 5.5 ESXI and vSphere Clent. In the data store, we have the ISO for CentOS 5 and 6 files in order to create VM customers for the web server application.
vSphere Client creates the VM on the dedicated node successfully, but we have a problem with the networking, guests of virtual computer cannot access the internet. Settings for the virtual machine networking vSphere client a VMXNET3 adapter with edited manually (provided data center virtual MAC) MAC address and default VM network as network connection option.
Inside of the virtual machine comments (CentOS 6 minimum), that we have tried to install/etc/sysconfig/network-scripts/ifcfg-eth0 and/etc/sysconfig/network-scripts/route-eth0 according to the tutorial https://documentation.online.NET/en/serveur-dedie/Systemes-d_exploitation/vmware_vsphere_hypervisor_esxi_english
but still cannot ping external container.
We have an IP address main and tipping 5 IPs with virutal MAC addresses.
How to set up the connection?
Problem solved!
Here's a solution:
/ etc/sysconfig/network-scripts/ifcfg-eth0
should have:
DEVICE = eth0
BOOTPROTO = none
ONBOOT = yes
USERCTL = no
IPV6INIT = no
PEERDNS = yes
TYPE = Ethernet
NETMASK = 255.255.255.255
IPADDR #Replace with your IP address
IPADDR = 195.154. *. *
#Replace GATEWAY with your GATEWAY IP address
GATEWAY = 195.154. *. *
DNS1 = 8.8.8.8
ARP = yes
ARPCHECK = no
-
Hello
I can't reach my host. What could be the problem?
I am using Vmware Server 2.0.1 Build 156745
Host: Windows XP Professional sp2
IP:192.168.146.1 host (vmnet1)
Hardware: Computer laptop Dell 630
Comments: Linux
CentOS 2.16.0
GuestIP:192.168.146.120
Comments cannot ping the host
Host cannot ping the prompt
I tried to configure the nat and the host only to connect. Nat could also be able to reach the external pages.
I appreciate any ideas
Is the fixed prompt on DHCP or IP?
What network cards do you have on the host and bridged (vmnetcfg.exe run as administrator)?
Is the physical card on the guest living/connected - sometimes to the life of a card NETWORK disconnected will no connectivity in the guest?
Have you recently changed the VMware network in the host? If so, you will need to restart the VMware services or reboot the host.
Is there a firewall clutter it?
Is the card NETWORK connected to the prompt - it shouldn't be a red cross on the network icon in the list of the material in the center of the console pane when the virtual machine is selected in the left pane?
The MAC address or virtual and physical adapters in the host and the single guest, that is not duplicated?
If all this pans, can be helpful to remove the NETWORK card in the prompt and add a. Also, what type of NETWORK adapter is it in the guest - 'flexible' or 'e1000 '? Should be 'flexible' for Linux - post (tie) the .vmx doubt customers.
--
If you have found this device or any other answer useful please consider the use of buttons useful or Correct to award points.
-
Hi all:
I have a strange problem of networking that VMware technical support has not been able to help.
Summary of the problem: comments cannot ping host unless the host is a ping command, while the guest is ping to the host
Details of the problem: I have intalled VMware Workstation 6.5.2 on the host Windows Vista Edition Home Premium (SP1). I installed several guests, including Ubuntu 8.04, openSUSE 11, Win XP and Win 2000. All guests use "bridged" network. The host has a static IP address. All guests have DHCP. All these people have the same problem - they cannot ping the host. It simply returns "Destination unreachable". However, if I run a ping from the host (it didn't ping the same customer, any ip address on the network) while the guest is ping to the host, and then will cross ping of the guest. For the next two minutes, the guest will be able to ping the host without any problem (without 'help' of the host). Then the guest will again be able ping on the host and you will have to repeat the same process. Quite strange, isn't? Another problem, I can access the internet from the hosts and guests can ping each other. (I can't access the printer connected to the host. However if the guest can ping on the host, then it can also access the printer as well.) I tried everything but still can't find the root cause of the problem. Here is a list of the things I've tried:
1. tried VMware Workstation 6.5.2 on a Windows XP computer on the same network (equipped with a wireless card intel) and did NOT have this problem.
2. firewalls, antivirus software, VPN clients, etc. were all off. It did not help.
3. the problem disappears if I use the wired Ethernet connection
4. the current wireless adapter is a D-Link, but I also tried with a Linksys Wireless card and had the same problem
5. the same problem exists also for VMware 6.5.1
6. I have installed the software VirtuaBox VM from Sun and installed the same comments from Ubuntu on the same host. The problem goes away!
7. I also tried the "NAT" networking and had the same problem.
8. I also tried DHCP for host and had the same problem.
I've tried everything I can think of and nothing seemed to help. I have filed a request for assistance with VMware tech and traded a few emails with the support guy but have not heard from him for a few days. I would really appreciate if someone can offer a few ideas to help solve this problem. I'm not a networking guru, but I'm a software engineer, so you can talk to me in technical terms.
Thank you in advance.
Yes! as noted above, it is the arp tables.
my router is assigned the same IP address for the host computer and the guest, so as soon as you ping from your host prompt, the mac and ip is back in the arp (invites) tables and from there he will communicate via newly assigned ARP table. You can check this scathing the hostname and it will be the same ip address as your guest (in my case)
I then googled arp vmware and discovered that it is familir with chipset broadcom and vmware behavior.
ARP - a displays the tables,
ARP s 00-00-00-00-00-00 192.168.x.xxx - assign the IP address to a MAC address.
I hope this helps.
-
I can't ping my router or other device on my network, and can't connect to the internet.
I can ping myself or the local host. I use a wireless connection. The wireless connection icon shows the status connected with a staff of excellent.
I ran the Diagnostics network and everything he told me that if he failed because he cannot ping the router and DNS servers.
I don't know why. Can someone tell what to do next?Solved.
If you missed all info, all you had to do was ask. I don't remember do not provide that whatever it is asked.
In any case, I tried to connect an ethernet cable from the vrouter in it mobile and connected to the network immediately ITI.
I don't know why the diagnosis doesn't have to indicate the wireless card has been a problem. It shows that its correct operation. Now, I even once to download and reinmstall Norton. I hope their support will provide me with the correct key. I'm happy I don't have to wast of countless hours to redo my network addressing scheme works.
Thanks for your time. -
ASA 5540 - cannot ping inside the interface
Hi all. We have recently upgraded PIX to ASA5540 and we saw a strange thing going. In a Word, we can ping the inside interface of the ASA from any beach on our 6500 network (which is connected directly behind the ASA on the inside), but one where our monitoring tools are placed. Inside there is an ACL that allows all of our core networks, but it does not help that the interface is really strange.
In the ASDM, I see messages like this:
ID ICMP echo request: 2004 x.x.x.x y.y.y.y on the inside interface to. I don't think that's the problem, but I could be wrong.
This is also the configuration of the interface VLAN VIRTUAL local area network from which we cannot ping inside the interface we can ping to and since this VLAN and machines without problem. The only problem is ping the inside interface of the ASA.
interface Vlanx
IP x.x.x.x 255.255.255.0
IP broadcast directed to 199
IP accounting output-packets
IP pim sparse - dense mode
route IP cache flow
load-interval 30
Has anyone experiences the problem like this before? Thanks in advance for any help.
Can you post the output of the following on the ASA:-
display the route
And the output of your base layer diverter: -.
show ip route<>
HTH >
-
Hello
I am setting up and reconfiguration of a firewall PIX515 with 6.3 software (4) OS PIX.
I cannot ping devices on the Internet from inside interface. There are a few addresses that I can ping if I am outside of the firewall.
Looks like the firewall is not translate correctly on the return package. I can navigate and do other things but not ping.
Here's my nat and global declarations:
# Sh nat Pix1
NAT (inside) 1 10.0.0.0 255.0.0.0 0 0
NAT (dmz) 1 172.xx.xx.0 255.255.255.0 0 0
Pix1 # global HS
Global (outside) 1 6x.xxx.xxx.6 x - 6 x .xxx .xxx. 7 x
Global 1 6x.xxx.xxx.6x (outside)
Global interface (dmz) 1
Here's an abbreviated ICMP trace:
Pix1 debug icmp trace #.
ICMP trace on
WARNING: This can cause problems on busy networks
Pix1 # 1:-inside:10.xx.xx.x ICMP echo request 5-6x.xxx.xxx.1 ID = 512 seq = 89
length 63 = 40
2: ICMP echo request: translation of inside:10.xx.xx.x 5-outside:6 x .xxx .xxx. 6
3:-inside:10.xx.xx.x ICMP echo request 5-6x.xxx.xxx.1 ID = 512 seq = len 9219
GTH = 40
4: ICMP echo request: translation of inside:10.xx.xx.x 5-outside:6 x .xxx .xxx. 6
5:-inside:10.xx.xx.x ICMP echo request 5-6x.xxx.xxx.1 ID = 512 seq = len 9475
GTH = 40
6: ICMP echo request: translation of inside:10.xx.xx.x 5-outside:6 x .xxx .xxx. 6
7: ICMP echo-reply of the outside:6 x .xxx .xxx. 1 to the seq ID = 512 6x.xxx.xxx.6 = the 9475
ngth = 40
8:-inside:10.xx.xx.x ICMP echo request 5-6x.xxx.xxx.1 ID = 512 seq = len 9731
GTH = 40
9: ICMP echo request: translation of inside:10.xx.xx.x 5-outside:6 x .xxx .xxx. 6
Thanks in advance for your help.
Doug.
ICMP is not a protocol with the State, to allow ping trought the PIX, you must add extra lines in your access list on the outside!
See: Handling ICMP Pings with the PIX firewall
http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml
The PIX and the traceroute command
http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_tech_note09186a00800e9312.shtml
examples:
Traveroute
Microsoft:
Access-group 101 in external interface
access-list 101 permit icmp any unreachable host YourPublicIP
access-list 101 permit icmp any host YourPublicIP time exceeded
access-list 101 permit icmp any host YourPublicIP echo-reply
UNIX:
Access-group 101 in external interface
access-list 101 permit icmp any unreachable host YourPublicIP
access-list 101 permit icmp any host YourPublicIP time exceeded
ICMP command example
ICMP deny everything outside
ICMP allow any response of echo outdoors
ICMP allow any response echo inside
permit ICMP echo host 192.168.1.30 inside
permit ICMP echo host 192.168.1.31 inside
permit ICMP echo host 192.168.1.20 inside
permit ICMP echo host 192.168.1.40 inside
permit ICMP echo host 192.168.1.100 inside
sincerely
Patrick
-
Peer AnyConnect VPN cannot ping, RDP each other
I have an ASA5505 running ASA 8.3 (1) and ASDM 7.1 (1). I have a remote access VPN set up and remote access users are able to connect and access to network resources. I can ping the VPN peers between the Remote LAN. My problem counterparts VPN cannot ping (RDP, CDR) between them. Ping a VPN peer of reveals another the following error in the log of the SAA.
Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp outside CBC: 10.10.10.8 outside dst: 10.10.10.9 (type 8, code 0) rejected due to the failure of reverse NAT.
Here's my ASA running-config:
ASA Version 8.3 (1)
!
ciscoasa hostname
domain dental.local
activate 9ddwXcOYB3k84G8Q encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
clock timezone CST - 6
clock to summer time recurring CDT
DNS lookup field inside
DNS server-group DefaultDNS
192.168.1.128 server name
domain dental.local
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
network obj_any object
subnet 0.0.0.0 0.0.0.0
network of the RAVPN object
10.10.10.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.10.10.0_28 object
subnet 10.10.10.0 255.255.255.240
network of the NETWORK_OBJ_192.168.1.0_24 object
subnet 192.168.1.0 255.255.255.0
access-list Local_LAN_Access note VPN Customer local LAN access
Local_LAN_Access list standard access allowed host 0.0.0.0
DefaultRAGroup_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
Note VpnPeers access list allow peer vpn ping on the other
permit access list extended ip object NETWORK_OBJ_10.10.10.0_28 object NETWORK_OBJ_10.10.10.0_28 VpnPeers
pager lines 24
Enable logging
asdm of logging of information
logging of information letter
address record [email protected] / * /
exploitation forest-address recipient [email protected] / * / level of information
record level of 1 600 6 rate-limit
Outside 1500 MTU
Within 1500 MTU
mask 10.10.10.5 - 10.10.10.10 255.255.255.0 IP local pool VPNPool
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 711.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside, all) static source all electricity static destination RAVPN RAVPN
NAT (inside, outside) static static source NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28
NAT (inside, outside) static source all all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination
!
network obj_any object
NAT dynamic interface (indoor, outdoor)
network of the RAVPN object
dynamic NAT (all, outside) interface
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Community SNMP-server
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transit
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP ESP-AES-128-SHA ESP - AES - 192 - SHA ESP - AES - 256 - SHA ESP - 3DES - SHA - OF - SHA ESP - AES - 128 - SHA - TRANS ESP - AES - 192 - SHA - TRANS ESP - AES - 256 - SHA - ESP ESP - 3DES - SHA - TRANS TRANS-DES - SHA - TRANS
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
trustpoint crypto ca-CA-SERVER ROOM
LOCAL-CA-SERVER key pair
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN = ciscoasa
billvpnkey key pair
Proxy-loc-transmitter
Configure CRL
crypto ca server
CDP - url http://ciscoasa/+CSCOCA+/asa_ca.crl
name of the issuer CN = ciscoasa
SMTP address [email protected] / * /
crypto certificate chain ca-CA-SERVER ROOM
certificate ca 01
* hidden *.
quit smoking
string encryption ca ASDM_TrustPoint0 certificates
certificate 10bdec50
* hidden *.
quit smoking
crypto ISAKMP allow outside
crypto ISAKMP policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
enable client-implementation to date
Telnet 192.168.1.1 255.255.255.255 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
management-access inside
dhcpd outside auto_config
!
dhcpd address 192.168.1.50 - 192.168.1.99 inside
dhcpd allow inside
!
a basic threat threat detection
threat detection statistics
a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
SSL-trust outside ASDM_TrustPoint0 point
WebVPN
allow outside
SVC disk0:/anyconnect-win-3.1.04072-k9.pkg 1 image
SVC profiles DellStudioClientProfile disk0: / dellstudioclientprofile.xml
enable SVC
tunnel-group-list activate
internal-password enable
chip-tunnel list SmartTunnelList RDP mstsc.exe windows platform
internal DefaultRAGroup group strategy
attributes of Group Policy DefaultRAGroup
Server DNS 192.168.1.128 value
Protocol-tunnel-VPN l2tp ipsec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list DefaultRAGroup_splitTunnelAcl
Dental.local value by default-field
WebVPN
SVC value vpngina modules
internal DefaultRAGroup_1 group strategy
attributes of Group Policy DefaultRAGroup_1
Server DNS 192.168.1.128 value
Protocol-tunnel-VPN l2tp ipsec
Dental.local value by default-field
attributes of Group Policy DfltGrpPolicy
Server DNS 192.168.1.128 value
VPN - 4 concurrent connections
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
value of group-lock RAVPN
value of Split-tunnel-network-list Local_LAN_Access
Dental.local value by default-field
WebVPN
the value of the URL - list DentalMarks
SVC value vpngina modules
SVC value dellstudio type user profiles
SVC request to enable default webvpn
chip-tunnel enable SmartTunnelList
wketchel1 5c5OoeNtCiX6lGih encrypted password username
username wketchel1 attributes
VPN-group-policy DfltGrpPolicy
WebVPN
SVC value DellStudioClientProfile type user profiles
username privilege 15 encrypted password 5c5OoeNtCiX6lGih wketchel
username wketchel attributes
VPN-group-policy DfltGrpPolicy
WebVPN
modules of SVC no
SVC value DellStudioClientProfile type user profiles
jenniferk 5.TcqIFN/4yw0Vq1 of encrypted password privilege 0 username
jenniferk username attributes
VPN-group-policy DfltGrpPolicy
WebVPN
SVC value DellStudioClientProfile type user profiles
attributes global-tunnel-group DefaultRAGroup
address pool VPNPool
LOCAL authority-server-group
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared key *.
tunnel-group DefaultRAGroup ppp-attributes
PAP Authentication
ms-chap-v2 authentication
eap-proxy authentication
type tunnel-group RAVPN remote access
attributes global-tunnel-group RAVPN
address pool VPNPool
LOCAL authority-server-group
tunnel-group RAVPN webvpn-attributes
enable RAVPN group-alias
IPSec-attributes tunnel-group RAVPN
pre-shared key *.
tunnel-group RAVPN ppp-attributes
PAP Authentication
ms-chap-v2 authentication
eap-proxy authentication
type tunnel-group WebSSLVPN remote access
tunnel-group WebSSLVPN webvpn-attributes
enable WebSSLVPN group-alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
173.194.64.108 SMTP server
context of prompt hostname
HPM topN enable
Cryptochecksum:3304bf6dcf6af5804a21e9024da3a6f8
: end
Hello
Seems to me that you can clean the current NAT configuration a bit and make it a little clearer.
I suggest the following changes
network of the VPN-POOL object
10.10.10.0 subnet 255.255.255.0
the object of the LAN network
subnet 192.168.1.0 255.255.255.0
PAT-SOURCE network object-group
object-network 192.168.1.0 255.255.255.0
object-network 10.10.10.0 255.255.255.0
NAT static destination LAN LAN (indoor, outdoor) static source VPN-VPN-POOL
destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL
NAT interface (it is, outside) the after-service automatic PAT-SOURCE dynamic source
The above should allow
- Dynamic PAT for LAN and VPN users
- NAT0 for traffic between the VPN and LAN
- NAT0 for traffic between the VPN users
You can then delete the previous NAT configurations. Naturally, please save the configuration before you make the change, if you want to revert to the original configuration.
no static source nat (inside, everything) all electricity static destination RAVPN RAVPN
No source (indoor, outdoor) nat static static NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28
No source (indoor, outdoor) nat static everything all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination
No network obj_any object
No network object RAVPN
In case you do not want to change the settings a lot you might be right by adding this
network of the VPN-POOL object
10.10.10.0 subnet 255.255.255.0
destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL
But the other above configurations changes would make NAT configurations currently simpler and clearer to see every goal of "nat" configurations.
-Jouni
Maybe you are looking for
-
After the upgrade to Firefox version 29, the browser crashes every 30-45 seconds, about 15 seconds. [Windows Vista]
-
Tecra M9 - peripheral unknown.
Hi guys,. Just wipe the base that was on my Tecra, install no problem with most of the drivers had obtained most of them since the Toshiba download pages. However, I am really puzzled with one device and its beginning to my nerves now! I searched the
-
Satellite C660-13R - BIOS update problem
Hi all I was updating the BIOS on TOSHIBA SATELLITE C660-13R of 64-bit windows 7. Downloaded driver toshiba web. To halfway the portable installation hangs. I left it for 40 minutes to run, but he did not return to the normal state. As the motherboar
-
Hello guys, I want to say my problem and see if you can help me. So today I came home, tried to start my computer but nothing happened (no lights, no noise fan, nothing as he died), I did a quick search and found this problem was called no power prob