Ping with source interface

Hello world

We have an IPSec tunnel to the headquarters. Our local address pool is 10.0.0.0/24. In the router, when I ping a remote server (ping 192.168.1.1) it does not work. But when I ping with source (bvi1 = 10.0.0.1/24) interface, it works: ping 192.168.1.1 source bvi1.

Could you please tell me the difference between the two commands? And why I can't ping in the normal way? If a computer is in the 10.0.0.0/24 subnet, can it ping the remote server?

Thank you

Triet

It all depends on what is in your crypto access list. So, if your crypto access list reads something like

access-list 101 permit ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255 (router version)

vpntraffic list access ip 10.0.0.0 allow 255.255.255.0 192.168.1.0 255.255.255.0 (Pix version)

You can generate with a source IP address ping in the 10.0.0.x range. When you ping the router without specifying the source interface used by the router, it is outside the interface. If the IP address of the external interface is not in your crypto map access-list, then it will not work.

Jon

Tags: Cisco Security

Similar Questions

could not ping via source interface

Hi all

Can someone help me solve my problem.below sh travels from the router all in what router R1, R2, R3, R4 communicate its ok but when I try to ping to router R1 f0/0 interface of R4 source then is not to get ping but if I normal ping from R1 to R4 can it ping.

Similarly for R3 also, but here I mention sh run of the R1 R2 R4 only.

even I add static route on R1 to R4 but I can't.

R4 #ping 10.1.1.1

Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes of 10.1.1.1, time-out is 2 seconds:
!!!!!
Success rate is 100 per cent (5/5), round-trip min/avg/max = 16/33/84 ms

R4 #ping 10.1.1.1 source f0/0

Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes of 10.1.1.1, time-out is 2 seconds:
Packet sent with a source address of 172.41.1.1
.....
Success rate is 0% (0/5)

---------------------------------------------------------------------------------------------------------------------

R1 #sh run
----------------------------------------------------------------------------------------------
Building configuration...

* 1 sep 11:20:11.163: % SYS-5-CONFIG_I: configured from console by console
Current configuration: 2048 bytes
!
! Last configuration change at 11:20:11 UTC Thu Sep 1 2016
!
version 12.2
horodateurs service debug datetime msec
Log service timestamps datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
IP source-route
no ip icmp rate-limit unreachable
!
!
!
!
no ip domain search
IP cef
No ipv6 cef
!
!
Authenticated MultiLink bundle-name Panel
!
!
!
!
synwait-time of tcp IP 5
!
!
!
!
!
!
interface Loopback4
10.1.1.1 IP address 255.255.255.0
!
interface Loopback5
10.1.2.1 IP address 255.255.255.0
!
interface Loopback6
10.1.3.1 IP address 255.255.255.0
!
interface Loopback7
10.1.4.1 IP address 255.255.255.0
!
interface Loopback8
10.1.5.1 IP address 255.255.255.0
!
interface Loopback9
10.1.6.1 IP address 255.255.255.0
!
interface Loopback10
IP 10.1.7.1 255.255.255.0
!
interface Serial2/0
IP 172.12.1.2 255.255.255.0
series 0 restart delay
!
router RIP
version 2
10.0.0.0 network
network 172.12.0.0
No Auto-resume
!
!
!
no ip address of the http server
no ip http secure server
IP route 172.41.0.0 255.255.255.0 Serial2/0
!
!
!
!
control plan
!
!
Line con 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line to 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line vty 0 4
opening of session
!
end

R2
------------------------------------------------------------------------------------------------------------
R2 #sh run
Building configuration...

Current configuration: 2163 bytes
!
version 12.2
horodateurs service debug datetime msec
Log service timestamps datetime msec
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
IP source-route
no ip icmp rate-limit unreachable
!
!
no ip domain search
IP cef
No ipv6 cef
!
!
Authenticated MultiLink bundle-name Panel
!
synwait-time of tcp IP 5
!

interface FastEthernet0/0
no ip address
Shutdown
!
interface Serial2/0
IP 172.12.1.1 255.255.255.0
series 0 restart delay
!
interface Serial2/1
IP 172.23.1.1 255.255.255.0
series 0 restart delay
!
interface Serial2/2
IP 172.24.1.1 255.255.255.0
series 0 restart delay

!
router ospf 1
Log-adjacency-changes
redistribute rip metric 1000 subnets rahul route map
network 172.0.0.0 0.255.255.255 area 0
!
router RIP
version 2
redistribute ospf 1 metric 12-card route pooja
network 172.12.0.0
No Auto-resume
!
no ip address of the http server
no ip http secure server
!
access-list 5 permit 10.1.1.0 0.0.0.255
access-list 5 permit 10.1.2.0 0.0.0.255
access-list 5 permit 10.1.3.0 0.0.0.255
access-list 10 permit 172.30.1.0 0.0.0.255
access-list 10 permit 172.30.2.0 0.0.0.255
access-list 10 permit 172.30.3.0 0.0.0.255
!
route allowed rahul 10 map
corresponds to the ip address 5
the metric value 2000
!
route allowed rahul 20 map
!
route allowed pooja 10 map
corresponds to the IP 10
the metric value 15
!
route allowed pooja 20 map
!
control plan
!
!
Line con 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line to 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line vty 0 4
opening of session
!
end

R4
-----------------------------------------------------------------------------------
R4 #sh run
Building configuration...

Current configuration: 1512 bytes
!
version 12.2
horodateurs service debug datetime msec
Log service timestamps datetime msec
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
IP source-route
no ip icmp rate-limit unreachable
!
no ip domain search
IP cef
No ipv6 cef
!
!
Authenticated MultiLink bundle-name Panel
!
synwait-time of tcp IP 5
!
interface FastEthernet0/0
IP 172.41.1.1 255.255.255.0
half duplex
!
interface Ethernet1/0
no ip address
Shutdown
half duplex
!
interface Serial2/0
IP 172.24.1.2 255.255.255.0
series 0 restart delay
!
no ip address of the http server
no ip http secure server
IP route 0.0.0.0 0.0.0.0 172.24.1.1
!
control plan
!
Line con 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line to 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line vty 0 4
opening of session
!
end

Itinerary for R4 F0/0 is 172.41.1.1 do not have R1

Add below the route on R1 and R2

R1
IP route 172.41.1.0 255.255.255.0 Serial2/0

R2
IP route 172.41.1.0 255.255.255.0 Serial2/2

equivalent command to 'Ganymede-source interface ip' on SAA

Y at - it equivalent command to 'Ganymede-source interface ip' on ASA? We have an L2L VPN between 2 ASAs and AAA server is through the VPN tunnel and I want ASA to go to ACS with source interface indoors, not outdoors. AAA server command is the external interface-oriented and management-access to the Interior is set up but always packets are routed using outside interface as a source. No work around outside NAT?

Yes, you can configure the interface within the command in aaa-server when you set the ip address of the server.

For example:

mytacacs AAA-server (inside) host 10.1.1.1

Here is the command for your reference:

http://www.Cisco.com/en/us/docs/security/ASA/asa84/command/reference/A1.html#wp1596947

Hope that helps.

ASA - upgrade to 8.4, impossible to ping inside the interface via IPSec VPN

We have configured a site 5, site to site VPN scenario. Last week, we have upgraded 2 devices ASA 5505 to 8.4.2. Before the upgrade, our monitoring software would ping the inside interface from remote devices to confirm VPN tunnels were established, as well as the addresses of remote devices and the outside of the ASA. While we were on 8.2, remote equipment successfully ping the inside interface. After that we went to 8.4.2 we can do a ping to this interface. We looked at the newspapers and we see the ICMP traffic that is listed in the newspaper, but the remote equipment does not receive back icmp traffic. We can ping successfully from local hardware interface inside and the external interface of remote devices successfully. In addition, we can ping material behind the two devices in both directions successfully.

We are unable to remotely manage the device through the VPN tunnel

Net is:

ASA #1 inside 10.168.107.1 (running ASA 8.2)

ASA #2 inside 10.168.101.1 (running ASA 8,4)

Server 1 (behind the ASA #1) 10.168.107.34

Server 2 (behind the ASA #2) 10.168.101.14

Can ping server 1 Server 2

Can ping server 1 to 1 of the SAA

Can ping server 2-ASA 2

Can ping server 2 to server 1

Can ping server 2 ASA 1

Can ping ASA 2 ASA 1

can not ping ASA 1 and 2 of the ASA

can not ping server 1 and 2 of the ASA

cannot access the ASA 2 https for management interface, nor can the ASDM software

Here is the config on ASA (attached) 2.

Any thoughts would be appreciated.

Hey Joseph,.

Most likely, you hit this bug:

CSCtr16184 Details of bug

To-the-box traffic switches vpn hosts after upgrade to 8.4.2.

Symptom:
After the upgrade of the ASA to 8.4.2 all management traffic to employment (including the)
ICMP/telnet/ssh/ASDM) hosts via the VPN (L2L or remote access VPN) can
fail the IP access address to the administration. Conditionsof :
1. the problem occurs if ASA is on 8.4.2. Not been seen on 8.4.1.
2. the user directly logged in the face of internal interfaces no problem with
ICMP/telnet/ssh/AMPS in their respective interfaces. Workaround:
The problem goes back to a Manual NAT statement that straddles the
address IP-access to the administration. The NAT must have both the
source areas and destination. Add the keyword "research route" at the end of
the statement by NAT solves the problem. Ex:
IP address access to the administration Interface of the ASA is 192.168.1.1. ! Statement by NAT overlapping:
NAT obj destination - 192.168.1.0 obj - 192.168.1.0 Shared source (indoor, outdoor)
VPN-vpn-obj static obj! New declaration:
NAT obj destination - 192.168.1.0 obj - 192.168.1.0 Shared source (indoor, outdoor)
public static obj - vpn vpn-obj-research route

http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtr16184

HTH,

Raga

Site to site VPN tunnel - cannot ping the second interface of the firewall peer inside2

I have two ASA 5505 firewall each with a basic license: FWa and FWb. currently there is a VPN tunnel between them work. I added a second (inside2) interface to the firewall, FWb, but I can't ping firewall FWa, so that I can ping the inside interface of FWa.

I can ping the FWb inside interface 192.168.20.1 from the FWa inside 172.16.1.1 interface, but I can not ping to the 10.52.100.10 of the FWa FWb inside2 interface. I can not ping the gateway host FWa 10.52.100.1.

I show the essential configuration of two firewalls as well as the debug icmp output on the two firewalls that I ping the internal interfaces and of FWa FWb inside2.
=========================================================

Here is a skeleton of the FWa configuration:

name 172.16.1.0 network-inside
name 192.168.20.0 HprCnc Thesys
name 10.52.100.0 ring52-network
name 10.53.100.0 ring53-network
name S.S.S.S outside-interface

interface Vlan1
nameif inside
security-level 100
IP 172.16.1.1 255.255.255.0
!
interface Vlan2
Description Connection to 777 VLAN to work around static Comast external Modem and IP address.
nameif outside
security-level 0
outside interface IP address 255.255.255.240

the DM_INLINE_NETWORK_5 object-group network
network-object HprCnc Thesys 255.255.255.0
ring52-network 255.255.255.0 network-object
ring53-network 255.255.255.0 network-object

the DM_INLINE_NETWORK_3 object-group network
ring52-network 255.255.255.0 network-object
network-object HprCnc Thesys 255.255.255.0
ring53-network 255.255.255.0 network-object

outside-interface of the access-list extended permitted Outside_5_cryptomap ip host object-group DM_INLINE_NETWORK_3
inside_nat_outbound list extended access allowed inside-network ip, 255.255.255.0 DM_INLINE_NETWORK_5 object-group
permit access list extended ip host 173.162.149.72 Outside_nat0_outbound aus_asx_uat 255.255.255.0

NAT (inside) 0 access-list sheep
NAT (inside) 101-list of access inside_nat_outbound
NAT (inside) 101 0.0.0.0 0.0.0.0
NAT (outside) 0-list of access Outside_nat0_outbound

card crypto VPN 5 corresponds to the address Outside_5_cryptomap
card crypto VPN 5 set pfs Group1
VPN 5 set peer D.D.D.D crypto card
VPN 5 value transform-set VPN crypto card
tunnel-group D.D.D.D type ipsec-l2l
IPSec-attributes tunnel-Group D.D.D.D
pre-shared key *.

=========================================================

FWb:

name 10.52.100.0 ring52-network
name 10.53.100.0 ring53-network
name 10.51.100.0 ring51-network
name 10.54.100.0 ring54-network

interface Vlan1
nameif inside
security-level 100
address 192.168.20.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
address IP D.D.D.D 255.255.255.240
!
interface Vlan52
prior to interface Vlan1
nameif inside2
security-level 100
IP 10.52.100.10 255.255.255.0

the DM_INLINE_NETWORK_3 object-group network
ring52-network 255.255.255.0 network-object
ring53-network 255.255.255.0 network-object

the DM_INLINE_NETWORK_2 object-group network
ring52-network 255.255.255.0 network-object
object-network 192.168.20.0 255.255.255.0
ring53-network 255.255.255.0 network-object

inside_nat0_outbound to access extended list ip 192.168.20.0 allow 255.255.255.0 host S.S.S.S
inside2_nat0_outbound list extended access allowed object-group DM_INLINE_NETWORK_3 S.S.S.S ip host

outside_1_cryptomap list extended access allowed object-group DM_INLINE_NETWORK_2 S.S.S.S ip host

NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
inside2_nat0_outbound (inside2) NAT 0 access list
NAT (inside2) 1 0.0.0.0 0.0.0.0

Route inside2 network ring51 255.255.255.0 10.52.100.1 1
Route inside2 network ring53 255.255.255.0 10.52.100.1 1
Route inside2 network ring54 255.255.255.0 10.52.100.1 1

card crypto outside_map 1 match address outside_1_cryptomap
card crypto outside_map 1 set pfs Group1
outside_map game 1 card crypto peer S.S.S.S
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
outside_map interface card crypto outside

tunnel-group S.S.S.S type ipsec-l2l
IPSec-attributes tunnel-group S.S.S.S
pre-shared key *.

=========================================================================
I'm Tournai on icmp trace debugging on both firewalls and could see the traffic arriving at the inside2 interface, but never return to FWa.

Ping Successul FWa inside the interface on FWb

FWa # ping 192.168.20.1
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 192.168.20.1, time-out is 2 seconds:
Echo request ICMP from outside-interface to 192.168.20.1 ID = 32068 seq = 23510 len = 72
! ICMP echo reply to 192.168.20.1 in outside-interface ID = 32068 seq = 23510 len = 72
....

FWb #.
Echo ICMP of S.S.S.S to 192.168.20.1 ID request = 32068 seq = 23510 len = 72
ICMP echo reply 192.168.20.1 S.S.S.S ID = 32068 seq = 23510 len = 72
==============================================================================
Successful ping of Fwa on a host connected to the inside interface on FWb

FWa # ping 192.168.20.15
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 192.168.20.15, wait time is 2 seconds:
Echo request ICMP from outside-interface to 192.168.20.15 ID = seq 50862 = 18608 len = 72
! ICMP echo reply to 192.168.20.15 in outside-interface ID = seq 50862 = 18608 len = 72
...

FWb #.
Inside outside:S.S.S.S ICMP echo request: 192.168.20.15 ID = seq 50862 = 18608 len = 72
ICMP echo reply to Interior: 192.168.20.15 outside:S.S.S.S ID = seq 50862 = 18608 len = 72

===========================
Unsuccessful ping of FWa to inside2 on FWb interface

FWa # ping 10.52.100.10
Send 5, echoes ICMP 100 bytes to 10.52.100.10, wait time is 2 seconds:
Echo request ICMP from outside-interface to 10.52.100.10 ID = 19752 seq = 63173 len = 72
? Echo request ICMP from outside-interface to 10.52.100.10 ID = 19752 seq = 63173 len = 72
...

FWb #.
10.52.100.10 ID of S.S.S.S ICMP echo request = 19752 seq = 63173 len = 72
10.52.100.10 ID of S.S.S.S ICMP echo request = 19752 seq = 63173 len = 72
....

==================================================================================

Unsuccessful ping of Fwa to a host of related UI inside2 on FWb

FWa # ping 10.52.100.1
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 10.52.100.1, wait time is 2 seconds:
Echo request ICMP from outside-interface to 10.52.100.1 ID = 11842 seq = 15799 len = 72

FWb #.
Echo request ICMP outside:S.S.S.S to inside2:10.52.100.1 ID = 11842 seq = 15799 len = 72
Echo request ICMP outside:S.S.S.S to inside2:10.52.100.1 ID = 11842 seq = 15799 len = 72

=======================

Thank you

Hi odelaporte2,

Is very probably the "access management" command is not applied in the second inside, only inside primary (see the race management) which will confirm.

This command can be applied to an interface at a time, for example, if the law is now applied to the inside, it can not be applied to the inside2 at the same time.

It may be useful

-Randy-

Ping inside the interface on a Pix 501 from outside the network

All the

I have a Pix 501 firewall at a remote site with an IPSEC tunnel established at HQ. We have an analysis tool which remote sites for us let proactively pings know when a site crashes. I want to set up this ping the inside interface of the Pix tool as I can with 871 routers; However I can't configure the Pix to allow ICMP inside interface. I know by default that the Pix does not allow ICMP to the opposite interface and I was wondering if someone could help me with a configuration that will allow this? I enclose my configuration of the pix!

Thank you

Brian

Hello

By raising the ordering tool, it seems that the 'management-access' command was introduced in version 6.3

I recommend spending at 6.3 If you can.

Federico.

Windows Server configured as the gateway crashes with referee interface

I'm running the Active Directory to Windows 2008 R2 servers multiple infrastructure test lab. One of the functions as a gateway server, configured with routing and remote access. Each time, after a few hours, the network to public internet traffic stops. One way to solve is, is to restart the gateway server. When network stops, same gateway itself cannot connect to the public network, the DNS servers of the ISP ping with the IP addresses is answer. Ipconfig/release and / renew buy do a thing and disabling WAN network interface freezes. After that, try to stop and restart the server will be fallow with blue screen and cold reboot.
WAN interface uses the pilot VMNET3 and Intel LAN interface 1000 (something like that). VMtools has been installed from the console of the last version of ESXi.
Familiar with this problem to anyone?

Try to change the external NETWORK adapter to E1000.

---

MCITP: SA, MCTS Hyper-V, VMware vExpert, VCP 3/4

http://blog.vadmin.ru

For the complex data type, how to generate the Dll with compatible interface to C/C++

Hello

I used the Labview FPGA module to develop test equipment. Now, I need to write a driver that is to be a Dll with compatible interface to C/C++ for this equipment. So that my client who is familiar with C/C++ can call the driver without any study on labview. But I had a few problem on how to convert labview for C/C++ data complex data type. To clearly explain to my question, I have attached a simple example. (see attachment) I try to generate a Dll for the attached example VI and get the the function prototype at the head of the files as below:

' void OpenFpgaReference (LStrHandle * RIODevice, TD1 * errorIn, LVRefNum * FPGAVIReferenceOut, TD1 * errorOut).

As you have known, the type of data "LStrHandle * RIODevice" and "LVRefNum * FPGAVIReferenceOut" Labview data format are. C/C++ do not have this kind of data type and can not reconige it. As a result, I can't call the Dll of C/C++ programming language. How to convert these two data type of labview for the C/C++ compatible data format, and then build the Dll? Anyone know about this?

The answer is really apprecaited! Thank you in advanced.

Ivan.Chen wrote:

As I found in the following article:

http://digital.NI.com/public.nsf/WebSearch/FB001AA027C8998386256AAD006C142D?OpenDocument

LVRefNum is the name of resource of LabVIEW VISA or refnum, and "it is impossible to convert LabVIEW VISA name of resource or refnum VISession valid ID."
This means that external code modules can not access & control the session VISA which is open by labview. But for my purposes, I will not attempt to access this VISA extenal code(C/C++) session. I just hope that save this session VISA in the external code once I opened it in Labview dll; and pass it to the labview dll when needed. While I have not need to login again when I need to control the device. Is it possible to do?

A LVRefNum is really just a single int32 value. Its meaning is useless for other environments than those who created it so that you Michael not any what in C/C++ caller but pass it back to other functions in your DLL, but this often isn't a problem at all.

You can take the following statement of the LabVIEW extcode.h headers and add them to your delabviewed header files to make it work in such a way.

#define Private (T) typedef struct T # _t {void * p ;} * T}

Private (LVRefNum);

The LStrHandle you must set a standard C string instead in your export DLL and document what is the size of the string buffer should have if it is an output parameter.

TD1 error clusters should also be divided into their parameters (C compatible) separate for all items or just to the left of suite entirely.

Rolf Kalbermatter

Ping the loopback interface fails - general failure - all windows 7 Networking fails

Hello, I am looking for advice on the following question:

1 ping the loopback interface fails general failure - ping 127.0.0.1-

2 netsh winsock reset - does not work - the system cannot find the specified file

3. the wireless interface detects the network but remains in limited access and never receives any dhcp server ip address, other wireless devices work correctly.

Hello

I suggest you follow the steps below:

Method 1:

a. click on Start -> all programs -> Accessories

b. right-click on command prompt and select run as administrator.

c. type ipconfig/flushdns and enter.

Method 2:

Reset internet protocol follow the steps described in the article below:

http://support.Microsoft.com/kb/299357

Method 3:

If the steps above fail, follow the steps in the link below:

http://TechNet.Microsoft.com/en-us/library/cc757819 (WS.10) .aspx

I hope this helps.

ASA 5540 - cannot ping inside the interface

Hi all. We have recently upgraded PIX to ASA5540 and we saw a strange thing going. In a Word, we can ping the inside interface of the ASA from any beach on our 6500 network (which is connected directly behind the ASA on the inside), but one where our monitoring tools are placed. Inside there is an ACL that allows all of our core networks, but it does not help that the interface is really strange.

In the ASDM, I see messages like this:

ID ICMP echo request: 2004 x.x.x.x y.y.y.y on the inside interface to. I don't think that's the problem, but I could be wrong.

This is also the configuration of the interface VLAN VIRTUAL local area network from which we cannot ping inside the interface we can ping to and since this VLAN and machines without problem. The only problem is ping the inside interface of the ASA.

interface Vlanx

IP x.x.x.x 255.255.255.0

IP broadcast directed to 199

IP accounting output-packets

IP pim sparse - dense mode

route IP cache flow

load-interval 30

Has anyone experiences the problem like this before? Thanks in advance for any help.

Can you post the output of the following on the ASA:-

display the route

And the output of your base layer diverter: -.

show ip route<>

HTH >

By specifying a source interface

Does anyone know if there is a way to force a packet from a router to the source of a specified interface? I'm running into a situation where my service provider may not necessarily know all the subnets that are hosted by a router and I want to force the management of network traffic came from a rear interface located in the address space of the carrier. Thanks for your help!

source-interface IP Ganymede

IP tftp source-interface

IP source-interface telnet

property intellectual ssh source-interface

source-interface IP radius

http://www.Cisco.com/en/us/partner/products/SW/iosswrel/ps1831/products_command_reference_chapter09186a00800e3efa.html#wp1017795

PIX 515 with several interfaces see each other

Hello

I realize that this question has been asked in different ways, but I have yet to see my way. My problem is we have a pix515e with 6 interfaces, all interfaces can go out to the outside world very well, but they can not cross to the other. We do not have any router behind them, we 10.0.0.1 and 10.0.1.1, etc. as interface id how to see the other side of the other I need 2 interface see interface servers and even inside. Also how can I get ip addresses translate. for example we have a mail server on the inside interface with 10.0.0.60 translated in X.X.X.60 on the external interface if the outside world can see. Computers of the interface 2 see this machine as X.X.X.X.60 not the fact that it is on the interface right next to her, and therefore can not find. Inside machines translated at 10.0.0.60 address please help. and I hope that this can be done without routers behind the pix.

Sincerely

Jim Kiddoo

Hello

is it possible to display your config? It would be much easier :-)

Please replace the public ip and remove the passwords. Thank you!

Kind regards.

Event Viewer displays customized with source Wininit

Hello Microsoft experts.

After trying to create a view custom in the event viewer, one with the 'Wininit' source, in order to capture all the events, I noticed that even though the view is created successfully, it brings no results (i.e. empty) (Windows 7 64 bit with SP1 operating system). Think that the application log is not registration events Wininit, I tried to add a custom filter in the category 'Application' of events with the source "Wininit. The latter brings multiple results (mainly information and one caveat, I think)). If the events with the "Wininit" source are recorded in the category 'Application '.

How do you think should I proceed in the future, in order to troubleshoot further? I checked the filesystem with sfc/scannow nothing helps. Also I discovered that when I change the view custom to another source, for example 'Winlogon', the results appear under the view, with the selected source - 'Winlogon' now, to make it work as it should.

Finally and most importantly, I navigated to my registry key (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Wininit) and saw the differences between the two (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Wininit, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Winlogon) without any ideas on how to proceed.

I assumed that it could be a matter of rights. So, I checked the security under the branches of two registry settings, and they are the same.

Now I'm out of ideas, and internet research helps not at all.

Please indicate something, because reinstalling Windows is not an option. Also, I checked this custom view (with source Wininit) in Windows 7 PCs of others (friends), and it works perfectly. What is the possible problem in my case?

Thanks in advance.

Hello

I would recommend you to view the query on the TechNet Forum which, I am sure, will help you better.

You can check the link to the request message:

http://social.technet.Microsoft.com/forums/en/category/w7itpro

Do not hesitate to write us if you have any other questions.

command 'Ganymede source interface ip' works not

I have a C-3750 L3 switch that is part of a project to get authentication based on the configured ACS, and while I'm able to get most of the devices working, this switch will not take control of Ganymede source ip interface . Can someone confirm if this is a problem of IOS? :

-C-3750-a (config) #ip Ganymede source-interface loopback0

^

Invalid entry % detected at ' ^' marker.

Current IOS on the device:

SW Version SW Image model switch ports

------ ----- ----- ---------- ----------

* WS-C3750G-28 1 24PS 12.2 (44) SE C3750-ADVIPSERVICESK9-M

2 28 WS-C3750G-24PS 12.2 (44) SE C3750-ADVIPSERVICESK9-M

--

Thank you!

Its a bug: -.

CSCsm28901

command 'Ganymede source interface ip' missing in 12.2.44SE.

Please move to other IOS.

Cannot ping PIX 515e Interfaces

I know it's a very silly question for this forum, but I have already tried many things and cannot get the answer from the PIX firewall interfaces.

It's my (very easy) installation:

Using a FastEthernet port on router, I have a cable connected directly to the outside I / F of the PIX-515e. (Crossover cable works, I have already tested). Router <-->PIX directly connected.

I configured the PIX firewall to allow pings (I used different commands):

ICMP allow any response of echo outdoors

ICMP allow all outside

ICMP permitted - echo outside response

I tried to configure each of them and also combined.

Also tried to send the PIX to its default values. Supposed to be after that the PIX should allow all pings if no "icmp" command is configured.

I have configured the ports on both sides to 100 Full

On both sides of the link (PIX and router) I have the links to the top. The lights are on.

The 'show interest' on the PIX firewall shows to the top/top

The same thing on the router...

The two interfaces are configured in

10.1.1.0/24 (10.1.1.1 & 10.1.1.2)

What I am doing wrong?

This should be very easy...

Hello

Majority of the time interfaces refuses explicitly to ICMP packets unless you indicate otherwise. Here is a link to a pretty good setup guide... Have a look at the link to the ping Security Appliance Interfaces section in this guide. I'm really frustrated myself during the installation/testing phase because the pings are not working and it helped. Hope this helps a little and makes your life easier =) (rate if it please and thank you)

http://www.Cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a00805521b6.html#wp1059645

Thank you

Chris

Ping with source interface

Similar Questions

CSCtr16184 Details of bug

Maybe you are looking for