VPN Site-to-Site - cannot ping the router's internal IP address
Hi guys,.
I configured a VPN site-to site between two routers, everything works well except ping the internal (LAN) IP of a router.
Everything works fine: ping the hosts through the tunnel in both feel.
Routers that I use:
-IOS 1841: M3 15.0 (1)
-2811 IOS: 15.0 (1) M5-> here is the problem. I can't ping the inside interface of the router.
I checked its ipsec counters and it seems that it does not send packets through the tunnel when I ping from the LAN interface.
#pkts program is not incrementing.
Anyone had this problem before?
Thank you very much.
Best regards
I think that happens because when the router responds to icmp request he gets is outside interface IP (not the IP Address of the inside interface, wich you are trying to ping) as the source of a package. If icmp-response does not go in the tunnel, because the IP address in the router's external interface is not included in the crypto-acl.
Solution to this, if it's correct guess, is to add the router's external IP to the crypto-acl.
Tags: Cisco Security
Similar Questions
-
WRT160N v2 site blocking to the router even after reset and upgrade firmware
For some reason any my WRT160N v2 router blocks access to the following Web site: www.cngoons.com
I can connect on the site if I connect to the modem directly, or using the connection to the internet of someone else. However computers that connect through the router is unable to access the site via a web browser (IE, FF or Chrome), cannot ping the site, and a tracert also fails.
I have reset the router by default, but the site is still blocked. I've upgraded to the latest firmware (WRT160Nv2_v2.0.03.009_US_code.bin) and the problem persists.
Any ideas on what's going on?
And after a search even more, I found this old thread dealing with the same question:
http://homecommunity.Cisco.com/T5/wireless-routers/Linksys-router-blocked-website/TD-p/12917
A solution is given at the end to change the MAC address of the router (I cloned MAC address of my PC), and then restart the cable modem. It worked for me!
-
Once the VPN connection is established, cannot ping or you connect other IP devices
Try to get a RV016 installed and work so that people can work from home. You will need to charge customers remote both WIN XP and MAC OS X.
Have the configured router and works fine with the VPN Linksys client for WIN XP users. Can connect, ping, mount the shared disks, print to printers to intellectual property, etc.
Can connect to the router fine with two VPN clients third 3 for Mac: VPN Tracker and IPSecuritas. However, once the connection is established, cannot ping the VPN LinkSYS router or any other IP address on the LAN Office. Turn the firewall on or off makes no difference.
Is there documentation anywhere that describes how the LinksysVPN for Windows Client communicates so these can be replicated in 3rd VPN clients from third parties for the Mac in OS X?
The connection with IPSecuritas and VPN Tracker is performed using a shared key and a domain name. It is not a conflict of IP address network between the client and the VPN 192.168.0.0/24 network.
VPN Tracker and IPSecuritas are able to connect to the routers CISCO easy VPN with no poblem.
Any ideas on how to get the RV016 to work for non-Windows users?
We found and fixed the problem, so using VPN Tracker or current IPSecuritas on OS X people have access to the LAN via the RV016 machines. The "remote networks" in the screen BASE in VPN Tracker has been set on the entire subnet: 192.168.0.0/255.255.255.0 the in the RV016 has been set to the IP of 192.168.0.1 to 192.168.0.254 range. Even if the addresses are essentially the same, without specifying the full subnet in the RV016 has allowed the connection to do but prevented the VPN client machine to connect because the RV016 would pass all traffic to the Remote LAN. Change the setting of 'local group' in RV016 settings in the screen "VPN/summary/GroupVPN', 'Local Group Zone' for the subnet 192.168.0.0/24 full solved the problem.
-
ASUS laptop computer only connects if I'm sitting next to the router loses power after a few feet
- ASUS laptop computer only connects if I'm sitting next to the router loses power after a few feet
- new laptop
I have the same problem with this ASUS Ultrabook. New brand ASUS but in two different houses and I have the same problems. Get right next to the router and it connects ok. Get a few feet away from the router and the ASUS gets angry and does not connect. Downloaded the latest driver, but that did not help either. Obviously, this is a faulty piece of equipment in the laptop. Great joy!
-
Satellite T110-11U - cannot find the router WLAN
Hello
I have a Toshiba Satellite T110-11U. Have had since February and loved it-fortunately it wireless used throughout the House. Then one day on a month, unless I was in the same room that the wireless router, Wireless does not work. I have 2 other laptops (and iPhone) which still connect wirelessly throughout the House and the garden without problem.
As you can imagine, it was very strange. When I take in the garden, my other laptops are all networks wireless in the region, but my Toshiba can't find any.Suspecting it was a driver problem, I made sure that the wireless drivers are up-to-date. With no joy, I got the system as it was at the time of purchase (do a complete restoration by interupting, starting and leaving the hard drive to be deleted and reinstalled etc.). Still the same problem. I even changed the rooms in which the router is, and the same problem - the Toshiba cannot find the router unless the router is located a few meters from the laptop.
Until I lose the will to live, can anyone suggest the cause of my problems, or is it time I admitted defeat and brought back to the Comet under warranty (where likely test next to a wireless router and tell me everything is fine!).
Thank you very much
Steve.
Hey Buddy,
Did you check if the wireless network card is recognized correctly in the Device Manager? There may be a yellow exclamation or unknown device. Try also updating the driver WLAN from Toshiba Web site:
http://APS2.toshiba-tro.de/WLAN/See all other WLAN routers?
The wireless network card can be activated using a combination of keys FN + F8 and in the BIOS. In the BIOS, you should also load default settings and test again. -
VPN IS CONNECTED BUT CANNOT ACCESS THE INTERNAL NETWORK
I tried to set up a simple customer vpn using this document
VPN IS CONNECTED BUT CANNOT ACCESS THE INTERNAL NETWORK BEHIND "RA"...
6.3 (5) PIX version
interface ethernet0 car
Auto interface ethernet1
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
activate the encrypted password of VmHKIhnF4Gs5AWk3
VmHKIhnF4Gs5AWk3 encrypted passwd
hostname VOIPLABPIX
domain voicelab.com
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol they 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
access-list 101 permit ip 172.10.2.0 255.255.255.0 172.10.3.0 255.255.255.0
access-list 101 permit ip 172.10.1.0 255.255.255.0 172.10.3.0 255.255.255.0
access-list 102 permit ip 172.10.2.0 255.255.255.0 172.10.3.0 255.255.255.0
access-list 102 permit ip 172.10.1.0 255.255.255.0 172.10.3.0 255.255.255.0
pager lines 24
Outside 1500 MTU
Within 1500 MTU
IP address outside 208.x.x.11 255.255.255.0
IP address inside 172.10.2.2 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
IP local pool voicelabpool 172.10.3.100 - 172.10.3.254
history of PDM activate
ARP timeout 14400
NAT (inside) - 0 102 access list
Route outside 0.0.0.0 0.0.0.0 208.x.x.11 1
Route inside 172.10.1.0 255.255.255.0 172.10.2.1 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + 3 max-failed-attempts
AAA-server GANYMEDE + deadtime 10
RADIUS Protocol RADIUS AAA server
AAA-server RADIUS 3 max-failed-attempts
AAA-RADIUS deadtime 10 Server
AAA-server local LOCAL Protocol
Enable http server
http 172.0.0.0 255.0.0.0 inside
http 0.0.0.0 0.0.0.0 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Permitted connection ipsec sysopt
Crypto ipsec transform-set esp-aes-256 trmset1, esp-sha-hmac
Crypto-map dynamic map2 10 set transform-set trmset1
map map1 10 ipsec-isakmp crypto dynamic map2
client authentication card crypto LOCAL map1
map1 outside crypto map interface
ISAKMP allows outside
ISAKMP identity address
part of pre authentication ISAKMP policy 10
ISAKMP policy 10 encryption aes-256
ISAKMP policy 10 sha hash
10 2 ISAKMP policy group
ISAKMP life duration strategy 10 86400
vpngroup address voicelabpool pool cuclab
vpngroup dns 204.x.x.10 Server cuclab
vpngroup cuclab by default-field voicelab.com
vpngroup split tunnel 101 cuclab
vpngroup idle 1800 cuclab-time
vpngroup password cuclab *.
Telnet timeout 5
SSH 208.x.x.11 255.255.255.255 outside
SSH 0.0.0.0 0.0.0.0 outdoors
SSH 172.10.1.2 255.255.255.255 inside
SSH timeout 60
Console timeout 0
username labadmin jNEF0yoDIDCsaoVQ encrypted password privilege 2
Terminal width 80
Cryptochecksum:b03a349e1ac9e6022432523bbb54504b
: end
Try to turn on NAT - T
PIX (config) #isakmp nat-traversal 20
http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1
HTH
-
Cannot ping the Virtual Machine by host
Hi all,
Please help, I use VMWare Workstation 6.5 and I have a physical operating system which is Windows XP SP2, I have a network card, but not connected to a physical switch, the IP address is 192.168.0.1. I installed a Virtual Machine using Microsoft Windows 2003 server as the operating system, promote as domain controller, install the DHCP, DNS service and assign an IP 192.168.0.2, no default gateway.
My VMnet1 on physical operating system has an IP 192.168.204.1 and VMNet8 has an IP 192.168.126.1.
The host, I cannot ping the 192.168.0.2 which is the IP address of the Virtual Machine. Even in the Virtual Machine, I can not ping 192.168.0.1 is the IP address of the host. From what I read, the physical and the virtual machine were connected with a virtual switch. Am I wrong?
Any advice?
Thanks in advance.
They SEEM to be in different networks, you need search routing between them,... since they differnet networks...
on the other
they do host and the virtual machine on the same subnet / network for EXAMPLE: class C class network 192.168.200.0/24
granting of points if my answer was helpful... Thank you > > > > > > > >
concerning
Joe
-
Can ping the router and the computers to the network, but not beyond router
I have 2 computers in linux and 3 Windows XP computers. All can ping the router and inside my network. Anyone can browse the internet. None can ping outside my network (google.com or its IP address) if connected directly via the switch or router. Traceroute shows stopping at the router. Router firewall is disabled. Ping on the router tool not working anymore. Linksys WRT54G Router is and I've just updated to firmware 4.21.1 but the old firmware is has never worked. I use 192.168.1.1 for the router. Linux has some IP fixed all the other usind DHCP. ISP is a provider of mobile phone to the modem. Just like cable or DSL, I guess. I've looked everywhere with no solutions. Anyone have any ideas?
Yes, contact your ISP to get it resolved.
-
Access router
I can't access my linksys router using 192,168.1.1 or ping the router or research on the ipconfig command. 192.168.1.1 is the URL and only worked twice in the multiple attempts
Are you absolutely sure this is the IP address of the gateway?
Open a command prompt and type "ipconfig/all" (without the quotes, noting the space between ipconfig and / all) and see what it teaches you about the IP Address of the default gateway.
-
After that host on vSHere 4.0 strightly connected to iSCSI (initiator) host cannot ping the server iSCSI (target), but target can. And iSCSI works well. I mean I can create and use the iSCSI disk, why? It makes me confused.
Thank you!
Geoarge,
iSCSI traffic uses a VMkernel port, instead of using the command 'ping', use 'vmkping '.
André
-
Site to site VPN tunnel - cannot ping the second interface of the firewall peer inside2
I have two ASA 5505 firewall each with a basic license: FWa and FWb. currently there is a VPN tunnel between them work. I added a second (inside2) interface to the firewall, FWb, but I can't ping firewall FWa, so that I can ping the inside interface of FWa.
I can ping the FWb inside interface 192.168.20.1 from the FWa inside 172.16.1.1 interface, but I can not ping to the 10.52.100.10 of the FWa FWb inside2 interface. I can not ping the gateway host FWa 10.52.100.1.
I show the essential configuration of two firewalls as well as the debug icmp output on the two firewalls that I ping the internal interfaces and of FWa FWb inside2.
=========================================================Here is a skeleton of the FWa configuration:
name 172.16.1.0 network-inside
name 192.168.20.0 HprCnc Thesys
name 10.52.100.0 ring52-network
name 10.53.100.0 ring53-network
name S.S.S.S outside-interfaceinterface Vlan1
nameif inside
security-level 100
IP 172.16.1.1 255.255.255.0
!
interface Vlan2
Description Connection to 777 VLAN to work around static Comast external Modem and IP address.
nameif outside
security-level 0
outside interface IP address 255.255.255.240the DM_INLINE_NETWORK_5 object-group network
network-object HprCnc Thesys 255.255.255.0
ring52-network 255.255.255.0 network-object
ring53-network 255.255.255.0 network-objectthe DM_INLINE_NETWORK_3 object-group network
ring52-network 255.255.255.0 network-object
network-object HprCnc Thesys 255.255.255.0
ring53-network 255.255.255.0 network-objectoutside-interface of the access-list extended permitted Outside_5_cryptomap ip host object-group DM_INLINE_NETWORK_3
inside_nat_outbound list extended access allowed inside-network ip, 255.255.255.0 DM_INLINE_NETWORK_5 object-group
permit access list extended ip host 173.162.149.72 Outside_nat0_outbound aus_asx_uat 255.255.255.0NAT (inside) 0 access-list sheep
NAT (inside) 101-list of access inside_nat_outbound
NAT (inside) 101 0.0.0.0 0.0.0.0
NAT (outside) 0-list of access Outside_nat0_outboundcard crypto VPN 5 corresponds to the address Outside_5_cryptomap
card crypto VPN 5 set pfs Group1
VPN 5 set peer D.D.D.D crypto card
VPN 5 value transform-set VPN crypto card
tunnel-group D.D.D.D type ipsec-l2l
IPSec-attributes tunnel-Group D.D.D.D
pre-shared key *.=========================================================
FWb:
name 10.52.100.0 ring52-network
name 10.53.100.0 ring53-network
name 10.51.100.0 ring51-network
name 10.54.100.0 ring54-networkinterface Vlan1
nameif inside
security-level 100
address 192.168.20.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
address IP D.D.D.D 255.255.255.240
!
interface Vlan52
prior to interface Vlan1
nameif inside2
security-level 100
IP 10.52.100.10 255.255.255.0the DM_INLINE_NETWORK_3 object-group network
ring52-network 255.255.255.0 network-object
ring53-network 255.255.255.0 network-objectthe DM_INLINE_NETWORK_2 object-group network
ring52-network 255.255.255.0 network-object
object-network 192.168.20.0 255.255.255.0
ring53-network 255.255.255.0 network-objectinside_nat0_outbound to access extended list ip 192.168.20.0 allow 255.255.255.0 host S.S.S.S
inside2_nat0_outbound list extended access allowed object-group DM_INLINE_NETWORK_3 S.S.S.S ip hostoutside_1_cryptomap list extended access allowed object-group DM_INLINE_NETWORK_2 S.S.S.S ip host
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
inside2_nat0_outbound (inside2) NAT 0 access list
NAT (inside2) 1 0.0.0.0 0.0.0.0Route inside2 network ring51 255.255.255.0 10.52.100.1 1
Route inside2 network ring53 255.255.255.0 10.52.100.1 1
Route inside2 network ring54 255.255.255.0 10.52.100.1 1card crypto outside_map 1 match address outside_1_cryptomap
card crypto outside_map 1 set pfs Group1
outside_map game 1 card crypto peer S.S.S.S
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
outside_map interface card crypto outsidetunnel-group S.S.S.S type ipsec-l2l
IPSec-attributes tunnel-group S.S.S.S
pre-shared key *.=========================================================================
I'm Tournai on icmp trace debugging on both firewalls and could see the traffic arriving at the inside2 interface, but never return to FWa.Ping Successul FWa inside the interface on FWb
FWa # ping 192.168.20.1
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 192.168.20.1, time-out is 2 seconds:
Echo request ICMP from outside-interface to 192.168.20.1 ID = 32068 seq = 23510 len = 72
! ICMP echo reply to 192.168.20.1 in outside-interface ID = 32068 seq = 23510 len = 72
....FWb #.
Echo ICMP of S.S.S.S to 192.168.20.1 ID request = 32068 seq = 23510 len = 72
ICMP echo reply 192.168.20.1 S.S.S.S ID = 32068 seq = 23510 len = 72
==============================================================================
Successful ping of Fwa on a host connected to the inside interface on FWbFWa # ping 192.168.20.15
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 192.168.20.15, wait time is 2 seconds:
Echo request ICMP from outside-interface to 192.168.20.15 ID = seq 50862 = 18608 len = 72
! ICMP echo reply to 192.168.20.15 in outside-interface ID = seq 50862 = 18608 len = 72
...FWb #.
Inside outside:S.S.S.S ICMP echo request: 192.168.20.15 ID = seq 50862 = 18608 len = 72
ICMP echo reply to Interior: 192.168.20.15 outside:S.S.S.S ID = seq 50862 = 18608 len = 72===========================
Unsuccessful ping of FWa to inside2 on FWb interfaceFWa # ping 10.52.100.10
Send 5, echoes ICMP 100 bytes to 10.52.100.10, wait time is 2 seconds:
Echo request ICMP from outside-interface to 10.52.100.10 ID = 19752 seq = 63173 len = 72
? Echo request ICMP from outside-interface to 10.52.100.10 ID = 19752 seq = 63173 len = 72
...FWb #.
10.52.100.10 ID of S.S.S.S ICMP echo request = 19752 seq = 63173 len = 72
10.52.100.10 ID of S.S.S.S ICMP echo request = 19752 seq = 63173 len = 72
....==================================================================================
Unsuccessful ping of Fwa to a host of related UI inside2 on FWb
FWa # ping 10.52.100.1
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 10.52.100.1, wait time is 2 seconds:
Echo request ICMP from outside-interface to 10.52.100.1 ID = 11842 seq = 15799 len = 72FWb #.
Echo request ICMP outside:S.S.S.S to inside2:10.52.100.1 ID = 11842 seq = 15799 len = 72
Echo request ICMP outside:S.S.S.S to inside2:10.52.100.1 ID = 11842 seq = 15799 len = 72=======================
Thank you
Hi odelaporte2,
Is very probably the "access management" command is not applied in the second inside, only inside primary (see the race management) which will confirm.
This command can be applied to an interface at a time, for example, if the law is now applied to the inside, it can not be applied to the inside2 at the same time.
It may be useful
-Randy-
-
VPN - cannot ping the next hop
Then some advice... I have configured a server VPN - pptp on my router, create a vpn for the customer at the site. For the moment, the client computer can connect and a connection to the router. I can ping from client to the router (192.168.5.1) but cannot ping 192.168.5.2 (switch) or 192.168.10.X (workstations)
What I try to achieve is to access the internal network (192.168.10.X), which is the end of the layer 3 switch. Any help/extra eyes would be good.
Here is my design of the network and the config below:
Client computer---> Internet---> (1.1.1.1) Cisco router (192.168.5.1) 881---> switch Dell Powerconnect 6248 (192.168.5.2)--> Workstation (192.168.10.x)
Router Cisco 881
AAA new-model
!
AAA of authentication ppp default local
!
VPDN enable
!
!
VPDN-group VPDN PPTP
!
accept-dialin
Pptp Protocol
virtual-model 1
!
interface FastEthernet0
Description link to switch
switchport access vlan 5
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 70
no ip address
!
interface FastEthernet4
Description INTERNET WAN PORT
IP [IP EXTERNAL address]
NAT outside IP
IP virtual-reassembly in
full duplex
Speed 100
card crypto VPN1
!
interface Vlan1
no ip address
!
interface Vlan5
Description $ES_LAN$
IP 192.168.5.1 255.255.255.248
no ip redirection
no ip unreachable
IP nat inside
IP virtual-reassembly in
!
interface Vlan70
IP [IP EXTERNAL address]
IP virtual-reassembly in
IP tcp adjust-mss 1452
!
!
!
interface virtual-Template1
IP unnumbered FastEthernet4
encapsulation ppp
peer default ip address pool defaultpool
Ms-chap PPP chap authentication protocol
!
IP local pool defaultpool 192.168.10.200 192.168.10.210
IP forward-Protocol ND
IP http server
23 class IP http access
local IP http authentication
IP http secure server
IP http timeout policy inactive 600 life 86400 request 10000
!
overload of IP nat inside source list no. - NAT interface FastEthernet4
IP route 0.0.0.0 0.0.0.0 [address IP EXTERNAL]
Route IP 192.168.0.0 255.255.0.0 192.168.5.2
!
No. - NAT extended IP access list
deny ip 192.168.0.0 0.0.255.255 10.1.0.0 0.0.255.255
IP 192.168.0.0 allow 0.0.255.255 everything
VLAN70 extended IP access list
ip [IP EXTERNAL] 0.0.0.15 permit 192.168.10.0 0.0.1.255
permit tcp [IP EXTERNAL] 0.0.0.15 any eq smtp
permit tcp [IP EXTERNAL] 0.0.0.15 any eq www
permit any eq 443 tcp [IP EXTERNAL] 0.0.0.15
permit tcp [IP EXTERNAL] 0.0.0.15 any eq field
permits any udp [IP EXTERNAL] 0.0.0.15 eq field
list of IP - VPN access scope
IP 192.168.10.0 allow 0.0.1.255 10.1.0.0 0.0.1.255
Licensing ip [IP EXTERNAL] 0.0.0.15 10.1.0.0 0.0.1.255
WAN extended IP access list
!
Layer 3 switch - Dell Powerconnect 6224
!
IP routing
IP route 0.0.0.0 0.0.0.0 192.168.5.1
interface vlan 5
name "to connect to the Cisco router.
Routing
IP 192.168.5.2 255.255.255.248
output
!
interface vlan 10
"internal network" name
Routing
IP 192.168.10.1 255.255.255.0
output
!
interface ethernet 1/g12
switchport mode acesss vlan 5
output
!
interface ethernet 1/g29
switchport mode access vlan 10
output
!
Hi Samuel,.
I went through your configuration and picked up a few problematic lines...
First of all, you can't have your vpn-pool to be in the range of 192.168.10.x/24, because you already have this subnet used behind the switch (this would be possible if you had 192.168.10.x range connected directly to the router). In addition, you may not link your virtual model to the WAN ip address, it must be bound to an interface with a subnet that includes your IP vpn-pool range.
The cleaner for this is,
Create a new interface of back of loop with a new subnet
!
loopback interface 0
192.168.99.1 IP address 255.255.255.0
!
New vpn set up, pool
!
IP local pool defaultpool 192.168.99.200 192.168.99.210
!
Change your template to point the new loopback interface,
!
interface virtual-Template1
IP unnumbered loopback0
encapsulation ppp
peer default ip address pool defaultpool
Ms-chap PPP chap authentication protocol
!
All vpn clients will get an IP address of 192.168.99.200 192.168.99.210 range. And they will be able to get the router and up to the desired range 192.168.10.x/24 behind the router. Packages get the switch, then to the host. Host will respond through the gateway (switch)-> router-> Client.
PS: Sooner, even if your packages arrive at the host, the host will never try to send the response back through the gateway (switch) packets because STI (hosts) point of view, the package came from the same local network, so the host will simply try to "arp" for shippers MAC and eventually will expire)
I hope this helps.
Please don't forget to rate/brand of useful messages
Shamal
-
Hello
5505 Cisco's internal IP: 10.10.0.1 static, securty level 100
External IP of Cisco 5505: 36.X.X.23 Dhcp, 0 security level
of within peut all host external example ping by host 10.10.0.3 to google.com
inside peut ping all domestic example of the host, host 10.10.0.3 to 10.10.0.5 included the internal IP of Cisco 10.10.0.1
inside peut ping ip network address different on the same network from my router external example the host 36.x.x.25
cannot ping inside the IP 36.X.X.23?
from outside peuvent ping the IP 36.X.X.23
outside peuvent ping different extenal network 36.X.X.X network ip
How can I ping the 36.X.X.23 of the Interior, any suggestions?It's called background management which is not supported in the ASA
https://Tools.Cisco.com/bugsearch/bug/CSCtd86651
That's why is not and this will never work the ASA design does not
It will be useful.
-
SharePoint site cannot use the explore display
Hello
I have a sharepoint site that I used to upload and download documents in which I am not able to use the option 'Explorer View'When I try that it show windows cannot display the page web errorThe site is located in the Local intranet zone and I am running Win 7 with IE8Thank youSIDHi yerleştiriniz,
The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in SharePoint from TechNet Forums.
http://social.technet.Microsoft.com/forums/en-us/category/SharePoint
It will be useful.
-
Connected to the ASA via the "VPN Client" software, but cannot ping devices.
I have a network that looks like this:
I successfully connected inside the ASA via a software "Client VPN" tunnel network and got an IP address of 10.45.99.100/16.
I am trying to ping the 10.45.99.100 outside 10.45.7.2, but the ping fails (request timed out).
On the SAA, including the "logging console notifications" value, I notice the following message is displayed:
"% 305013-5-ASA: rules asymmetrical NAT matched for flows forward and backward; "Connection for icmp src, dst outside: 10.45.99.100 inside: 10.45.7.2 (type 8, code 0) rejected due to the failure of reverse path of NAT.
I have a vague feeling that I'm missing a NAT rule of course, but not all. What did I miss?
Here is my configuration of ASA: http://pastebin.com/raw.php?i=ad6p1Zac
Hello
You seem to have a configured ACL NAT0 but is not actually in use with a command "nat"
You would probably need
NAT (inside) 0-list of access inside_nat0_outside
He must manage the NAT0
Personally, I would avoid using large subnets/networks. You probably won't ever have host behind ASA who would fill / 16 subnet mask.
I would also keep the pool VPN as a separate network from LANs behind ASA. The LAN 10.45.0.0/16 and 10.45.99.100 - 200 are on the same network.
-Jouni
Maybe you are looking for
-
OfficeJet Pro 6830: Officejet 6830 noise
Since the automatic last update (a few days ago), my printer started making a rhythmic whining sound (similar to an old dial-up modem) when it is in standby mode. The noise comes close the power supply to the back of the printer. Whenever the noise h
-
Outlook does not not because I've updated to el capitan
Hi I have updated at el capitan and since then my outlook 2011 does not work, what can I do?
-
I get an error of binding of the program trying to reopen the Windows Vista Games.
From: BrianWhen you try to open a standard game installed, IE solitaire, chess, mahjong, I get the message error "file doesn't have a program that are associated with...". "" Under turn Windows features on and outside ', I have uninstalled/reinstalle
-
Upgrade WINDOWS 7 OEM of windows anytime upgrade
I have preinstalled OEM windows 7 HB. If I switch to Windows AnyTime Upgrade key (kit). Is there a problem? I read somewhere that Windows Anytime upgrade button does not support windows OEM. I have to upgrade to Home Premium.
-
Why the Asian language fonts pack extended to XI player takes up a large amount of space?
I did some manual cleaning on my local drive and to my great surprise, the largest 'program', that I had installed was the fonts pack extended Asian languages for Adobe Reader XI, taking 26.4 GB of space on my computer.This pack of fonts is supposed