object-group network

Hi all

recentry I had some problems with my router 892 and maybe I can find the answer here.

I have two groups of network object:

object-group network net1

192.168.1.0 255.255.255.0

the object-group net2 network

192.168.2.0 255.255.255.0

Two ACLs:

acl-net12 extended IP access list

permit ip object-group net1 net2 object-group

acl-net12-new extended IP access list

ip permit 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

A single card encryption:

card crypto ipsec vpn 1 isakmp

Network2 description

defined peer xx.xx.xx.xx

Set security-association second life 28800

the value of the transform-set 3des-sha

match address acl-net12

When the address for correspondence is set to acl-net12, I can't ping my router on the external interface and tunnel works very badly (15-20% packet loss).

If I change my address for correspondence of the acl-net12 to acl-net12 - new then I can ping my router on external if interface and vpn works well.

I also have an acl (located on the external interface) allowing the ping, but it seems that this does not work when the acl-net12 is used on a card encryption

outside_acl extended IP access list

Note leave ping

permit any any icmp echo

permit any any icmp echo response

What I am doing wrong?

Maybe someone can help me.

Thank you.

On my final tests with groups of crypto-acl objects, is that the content has been changed to "permit ip any any" which is usually not a desired configuration. I guess it's a bug or a feature that is not yet implemented.

Until that which is fixed, you must configure VPN without groups of objects. BTW: IOS-version are you running? I don't a not test it with the new versions-15, 2.

--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni

Tags: Cisco Security

Similar Questions

  • Configure NAT for object-group 8.3

    I'm working on a project to simplify our routing by NAT'ing the IP address of our clients VPN S2S.  Currently, the we have a bunch of roads pointing to different destinations that are created by the VPN S2S.  I wish that NAT all these destinations in a single subnet IP address, but a question about the configuration.

    As you can see, we are not currently NAT'ing anything:

    ***************************************************************************************************************************************************************

    NAT (inside, outside) static source OUR_HOSTS OUR_HOSTS THEIR_HOSTS THEIR_HOSTS non-proxy-arp-search of route static destination

    the OUR_HOSTS object-group network

    network-object VIP1

    network-object VIP2

    the VIP1 object network

    Home 10.200.125.32

    the VIP2 object network

    Home 10.200.120.32

    the THEIR_HOSTS object-group network

    host of the object-Network 192.168.15.100

    host of the object-Network 192.168.15.130

    host of the object-Network 192.168.15.15

    ********************************************************************************************************************************************************************

    What I would do is NAT THEIR_HOSTS to a 10.200.192.x/24 address.  I have NAT can do those at one address and Surchargez the NAT or must it be an address for each of these 3 hosts?  I'm very well be it.  According to which would be easier to do, please point me in the right direction.

    Thank you!

    Hello

    Else seems fine, but the ' object-group ' after the 'static destination' are the wrong way.

    First of all must be the ' object-group ' that contains the NAT IP address and the second the ' object-group ' holding real / IP address of the destination host.

    -Jouni

  • Client access FTP and object-group

    Hello

    Someone can help, we want to make a group of objects for some of our employees to have access to the FTP server of office

    All I want is to create a group of key members of staff can download files from any FTP server but denied anything else

    Use us ISA Server for web and ftp access seems never fully work through ISA and so would pass to key personnel

    So far, I tried these parameters but always violated user 192.168.2.30?

    object-group network access FTP

    Host network-object 192.168.2.30

    internal access-list allow tcp any object-group FTP eq ftp access

    Thank you

    Clint

    Thank you... mark the post as solved, which can help others... rate replise if found useful.

    REDA

  • NAT subnet in the network object group

    Can someone help me please? I'm rusty with VPN and Natting.

    Scenario: I need to share my internal-tunnel network. Traffic to 192.168.88.0/24 192.168.0.0/24 NAT when establishing a VPN connection for the objects that I defined in one group of objects specific network (Group1Servers). Internet traffic does not get this NAT 88, even by default.

    ASA5506-X, 7.5 ASDM, ASA 9.5

    Hello

    You can configure a static strategy of nat to translate 192.168.0.0/24 to 192.168.88.0/24 when the destination is Group1Servers, the CLI command:

    Create objects for 192.168.0.0/24 and 192.168.88.0/24

    network object obj - 192.168.0.0
    192.168.0.0 subnet 255.255.255.0

    network object obj - 192.168.88.0
    192.168.88.0 subnet 255.255.255.0

    Statement by NAT:

    NAT obj destination - source (indoor, outdoor) 192.168.88.0 obj - 192.168.0.0 static static Group1Servers Group1Servers

    You can view this documentation to setup NAT:

    https://supportforums.Cisco.com/document/33921/ASA-pre-83-83-NAT-CONFIGU...

    Given that this traffic goes through a tunnel of site to site do not forget interesting traffic must be configured with the translated '192.168.88.0/24' not the real network, which is a common error just keep in mind

    Best regards, please rate.

  • Adding a printer already installed on the pc for the home group network

    I want to add a printer that is already installed on my computer for the home group network. Because it is already installed, it does not appear when the computer search possible printers to be added. I don't want to uninstall and reinstall - our relationship is much fragile. Help, please.

    Hello

    See if this helps you:

    http://Windows.Microsoft.com/en-us/Windows/install-printer-home-network#1TC=Windows-7

    Setting up a shared printer

    "The most common way to make a printer available to a home network is traditionally to connect to one of the computers and then tell Windows to share it. This is called a shared printer.

    The advantage of sharing a printer is that it works with any USB printer. Side tilted? The host computer must always be fed up, otherwise the rest of the network will not be able to access the shared printer. »

    ________________________________

    Homegroup: recommended links

    http://Windows.Microsoft.com/en-us/Windows7/HomeGroup-recommended-links

    Read this section:

    'Connecting to homegroup printers' under ' access to files and printers on other computers in the homegroup.

    http://Windows.Microsoft.com/en-us/Windows7/access-files-and-printers-on-other-HomeGroup-computers

    See you soon.

  • Wrapping text around an object group

    I use CS 6 and when I have an image without text to top group and try to wrap the text around the object group my text disappears. I am referring to the text which is superimposed on the picture, not the text that I drove around the object. I don't have this problem in earlier versions of InDesign. What I am doing wrong?

    Select the block of text, right-click, choose Activate and text frame options ignore skin.

  • Trying to we object-group and PAT

    I try to configure dynamic PAT on a Cisco ASA 5510 with the help of a group of objects and difficulties.

    How to use a group object, which includes five subnets as the source for NATing to a dynamic address PAT?

    Hello

    Good if you have already created the Group of objects (say it's called internal_subnets)

    NAT must therefore:

    NAT interface Dynamics internal_subnets source (indoor, outdoor)

    In the last example, he'll get patted on the external interface, if you want it TAPE to a different IP address for the external interface simply create a host network object and use it on the NAT instead of the keyword interface.

    Kind regards

    Julio

  • Is it possible to attach a group networking for a netstream (multicast)

    I would use the property approximateMembers of the netgroup netstream multicast scenario.

    So guess my question is, is I there a way out the network associated with a netstream (multicast) group?

    For example something like

    netStream.netGroup

    or

    netStream.multicastNetGroup

    Or each client does a netGroup addition to the netGroup with the same groupSpecifier?

    Thank you

    Sean Murphy

    You can make a group in network with the same groupspec you used for multicast NetStream.  the NetStream and NetGroup share the same RTMFP group at low altitude (they are handles effectively separated on the same low-level object), so it is there no extra network traffic is associated with additional NetStream/NetGroup objects for the same groupspec in the same NetConnection.

    making a separate NetGroup is The Way To Do It.

  • Windows 8 - home group network is not possible

    A whole new problem now!

    Execution of two laptops using Win 7 and Win 8, nine only 10 days.
    Had it all set up and seemed OK, but after 4 days I started to lose emails & couldn't find them anywhere.

    Today, the residential group doesn't work - the two machines cannot see each other and the router & printer is found on the new machine.

    As the router is not here I can't access the internet or e-mail.
    I tried to move the home page settings via the Control Panel, but I get a message "homegroup is currently sharing of libraries on this computer.

    Homegroup is not available until the sharing is complete"is on the screen for 3.5 hours and I am unable to do anything at all with the homegroup settings.

    Can someone help me please?

    Hello

    I think that you must make sure that you ve enabled the + network discovery + on all computers.

    Network discovery is a network setting that determines if your computer can find other computers and devices on the network and whether other computers on the network can see your computer.
    By default, Windows Firewall blocks network discovery, but you can activate it.

    Here's how a nice HowTo from Microsoft to the + enable or disable network discovery.
    http://Windows.Microsoft.com/en-us/Windows7/enable-or-disable-network-discovery

    and here you can find beautiful video + how to create a homegroup.
    http://Windows.Microsoft.com/en-us/Windows7/create-a-HomeGroup

  • all the nodes property objects and objects grouped

    Hello

    Now position an on my GUI objects in the center of the screen using nodes property. However, I don't want to have to have a node property for each decoration, image and control. Is it possible that I can group all the objects and then use a property node to position them? I tried to use the property node all objects, but none of the clues seem to apply to my group of objects.

    Help please!

    Thank you very much.

    John

    p.s. I downloaded my vi test. The graph, the decoration and the exit button have been grouped. control over check.vi to set the object to be moved.

    Tabbed pages are a great way to group objects GUI.

    Rather than use a decoration,

    • use a tab control
    • Delete everything except the first tab
    • Hide tab
    • The value of the proprties of the tab control and control on this page is move, hide, display as well as the tab control.

    I hope this helps,

    Ben

  • Other computers/devices in my home group / network is unable to identify my computer

    I don't think that changes have been made, but all of a sudden my scanner and another computer on my cable network do not recognize my computer. Any suggestions?

    -Mike

    Hello

     
    1. are you able to see the scanner and your computer from other computers on the home group?
    2. what version of Windows are you using?
    3. which antivirus app do you use?
    Method 2: You can also check by keeping the computer in the boot and disabling antivirus.
    Step 1:
    How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
    http://support.Microsoft.com/kb/929135
    Note: Please go to step 7 of the Kb to maintain the computer to a normal startup after you fix the problem.

    Step 2:
    You can check if any third-party security software is causing issues. I suggest that you have temporarily disable or uninstall the security software installed and check if the problem is resolved.
    Note: If you temporarily disable or uninstall all security software for troubleshooting so remember to allow him, after the resolution of the problems to end because your computer will be at risk.

  • Home Group network.

    I just purcashed a HP all-in-one with Windows 7 Premium.  Can I install the network home group without upgrading Windows.

    rongould6373 wrote: I just purcashed a HP all-in-one with Windows 7 Premium.  Can I install the network home group without upgrading Windows.

    Hello rongould6373, you should be able to set up a home network, but you would need to have at least two computers connected to a network or a network router.

    I do not use the host network, but a working network. This seems to work better for me.

    The network name must be the same on all systems on the network. You must also open the network and sharing to set up the network and share systems to connect to the other (s).

  • How to remove duplicated home group (network) name ie. NetName netname 1, netnam2, netnam3

    INAME my cradlepoint router network wireless netname then my homegroup is associated with that name.  for some reason, I leave the homegroup.  router is always named netname and homegroup is named netname1 and so on and so forth.  How to remove names of group residential previous thos.  I was there once and that you can not find the way back.  Thank you

    Try to go to control panel > network and Internet > network and sharing Center and then click the icon in the form of House directly below the words 'Show your active networks' - Note that you must click on the icon, not the name of the blue network.  Which will make appear a "Set network properties" dialog box and includes a "merger or clear location network 'choice left."  Maybe it's one of the things most well hidden in Windows 7!

  • How to share a second hard drive with the residential group / network?

    Initially, I posted this to the security and privacy but we told him it should be under the sons of the network.  Here's hoping someone can help.

    I have a desktop computer and a laptop both running W7 Home Professional 64 bit.  On the desktop, I have 2 hard drives - C has programs, D has the data.  On the laptop, I'm just a hard drive.

    Each machine can see the other time under residential group and network.  From the Office I can access files that are on the laptop but I can't do the reverse.

    The laptop can see the desktop drive D and all folders that I shared, but when I try to dig into a folder I get a message saying I don't have permission to access the folder.  In this case, if I try to access using either homegroup or the network.

    On the desktop, when I look at the properties of the D drive it shows as a shared network drive.  Individual records within D show shared with permissions of read/write with anyone and/or homegroup.

    What did I do wrong (or failed to do) to allow me to access the files on the disk D of desktop from the laptop?

    Hello

    Step 1: Try to run the troubleshooter of shared folders and check.
    Reference: http://windows.microsoft.com/en-us/windows7/Share-files-with-someone

    Step 2: Try to give permissions to specific user through which you are trying to access these files or folders.
    Reference: http://technet.microsoft.com/en-us/library/bb727008.aspx

    Step 3: You can also try the advanced sharing and check.

    See the article provided in step 1 and the bottom of the article.

    http://Windows.Microsoft.com/en-us/Windows7/file-sharing-essentials#section_3

    You can also try the advanced sharing and check.

    Access to files and printers on other homegroup computers
    http://Windows.Microsoft.com/en-us/Windows7/access-files-and-printers-on-other-HomeGroup-computers

    Thanks and greetings
    Umesh P - Microsoft technical support.

    Visit our Microsoft answers feedback Forum and let us know what you think.
    [If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message.] [Marking a post as answer, or relatively useful, you help others find the answer more quickly.]

  • ISE 1.3 not allow authentication based on the group network

    ISE 1.3

    MS AD 2008R2

    Two groups: all employees, all students

    Problem: Students employee network connection

    I have two wireless networks, STUDENTS and EMPLOYEES. In ISE, I have two strategies for approval for these networks. In an effort prior to keep students to connect to the network employee, I set the permission policy:

    Employee: If (Wireless_802.1X AND AD1:ExternalGroups is equal to mydomain/accounts/all employees AND the AD1:ExternalGroups NOT_EQUALS mydomain/students/all students) then: Employee_Profile

    Unfortunately, it did not work. Students have their own username and password in AD and each faculty and staff member. I checked that students are using their identification and employee network connection information. Conversely, I can connect to the student network using the credentials of the employee. The main problem is with the students, employee network, they use all the applicable DHCP scope addresses.

    I need to not allow the network connection used by students and the network of students by employees.

    Any help would be appreciated!

    Kevin

    Glad you were able to solve your problem! Also thank you for taking the time to come back and share the solution with everyone (+ 5) to me.

    If your problem is resolved, you must mark the thread as "answered":) ".

Maybe you are looking for

  • Windows cannot load after a failed update

    Hello Last night, I had some windows update. After clicking on the button closure (option 'install updates and shut down' was) logging Windows appeared with a message "Configuring Windows updates 13 1 do not plug off your system" (something like that

  • SwipeDown event is not generated.

    In my application, I want to display the application on one menu to the bottom of the event. When I add the following code to my application on device beta1 (10.0.4) I am able to do swipeDown() event, but when I run the application on beta2 device (1

  • I have no idea why this 1130 does not work.

    Hello, everyone! I work in an elementary school in Detroit. We bought an access point Cisco 1130 for use on our local network. The problem is that our wireless laptops do not receive its signal. Here are the details. 1. I connected the access point t

  • How to copy a subregion of a button?

    HelloI'm new to Apex. I have a region that contains many different elements. Asked me the next feature. The user must be able to copy a region by clicking on a button create. They do not want to open a new page, it must be added at the bottom of the

  • Could not start the DHCP Service on any ESG

    Hi allI am currently training on the NSX. I lifted a laboratory, implementation of many of the features and then eliminated the NSX to do once more. I deleted all the logical switches, all edges of the NSX, all the controllers of the NSX and no Manag