Cisco ASA 5505 Simple PAT - Packet-tracer Can't Look At Any External Devices While Running
Sep 16, 2012
here, am used to the RouterSwitch CLI but been asked to set up an ASA 5505 8.4.Quite simply I am trying to at least test out a static PAT from an external source to an internal server in a test environment and no matter whether I set it up as an auto-nat or a twice-nat whenever I run a packet tracer I end up with the same error. This is the packet-tracer I am running-packet-trace input outside tcp 80.80.80.80 3389 10.240.0.10 3389
Phase: 5
Type: NAT
Subtype: rpf-check
Result: DROP
Config:nat (inside,outside) source static server publicIP service RDP RDP
Additional Information:
[code]....
Now I have a couple of questions initially. I have made the presumption that packet-tracer does not look at any external devices while running - as in as long as the ports are up it doesn't matter what is on the end of them for testing purposes? Is there anything I am missing?I have this morning wiped the config and have simply set up the adapters, a default route and twice nat and am not sure why I keep getting the error. I am sure it is something very simple and I'm being a massive donut!
[code]...
View 3 Replies
ADVERTISEMENT
Apr 19, 2011
i'm on the CCNA 4 accessing the WAN part for the Cisco Academy. I'm trying to do a packet tracer 8.6.1 and I'm stuck. I'm looking for the answer so I can figure out what I'm missing.
View 1 Replies
View Related
May 16, 2011
How can I pair a html file to a domain name in packet tracer?
View 2 Replies
View Related
Sep 9, 2012
having some issues. My basic VOIP network I can get to work no problem uner Vlan 1. But when I try tomake multiple basic networks to connect and put them in to diffrent Vlans such as Vlan 2, 3, 4 and conect them the phones now say configuering IP.
View 1 Replies
View Related
Jan 29, 2013
I'd like to know if packet tracer 6 can be download yet?
View 5 Replies
View Related
Mar 6, 2011
I'm trying to set up a network comprised of three LANs connected by serial. As this is a small part of an assignment I've been instructed to subnet into /26 and to use /30 subnets for my serial connections.At the moment I can ping between devices on each of the LANs but I can't ping between routers at all. Embarrassingly I'm not sure why, I think it may be something I've missed on setting up the serial links as I have set routers up fine before using other connection types.
View 12 Replies
View Related
Oct 25, 2011
how to unlock the config tab in packet tracer?
View 1 Replies
View Related
Oct 27, 2012
I'm preparing myself for CCNA exam and i started doing a lot of different examples. I've got problem with Packet Tracer when i'm trying to apply some security settings for the range of switch ports in default VLAN 1. I might just demonstrate my commands so it will be easier do understand.
View 2 Replies
View Related
Dec 5, 2012
I am trying to test PIM SM mode between some 2811 routers built up in my packet tracer 5.3.3 .But surprisingly PIM option is not coming in the interface mode .Even IP multicast option is not shown in global config mode.
View 6 Replies
View Related
May 27, 2012
I have been playing around with Packet Tracer trying to understand EIGRP and to put it into practice. Well im not doing so well, I cant get the routers to form an adjacency therefore nothing is pinging outside of the routers. [URL]
View 4 Replies
View Related
Jan 21, 2013
I'm an IT student and I've been assigned with homework simulating a network including an ISA server and some clients in Packet Tracer but I can't find anything which can be configured like an ISA (Internet Security and Acceleration) server(this is kind of Microsoft's technology as I know) in Packet Tracer, the generic Server from the devices box has only some basic services such as HTTP, DHCP, DNS, FTP, AAA, ... but none of anything related to ISA, all the servers in Packet Tracer have only 1 interface whereas the ISA server (as far as I know) should have at least two interfaces, and there is also no CLI supported for those servers so I think I can't simulate ISA server in Packet Tracer, can I?
View 4 Replies
View Related
Mar 18, 2013
I'm trying to create a silent, scripted install of Cisco Packet Tracer 5.33. At the end of the install there is a box that comes up about Packet Tracer Skills Based Assessment (PTSBA). Is there a way to supress this dialogue box? I'm using "PacketTracer533_setup.exe" /sp- /verysilent /norestart" with no luck.
View 2 Replies
View Related
Jan 16, 2011
have 2 routers connected in cluster ith serial dte link. screenis locked. I need to draw a topology of Internet cluster, but i don't know how to discover whats is in it, because i don't have set ip
View 2 Replies
View Related
Apr 5, 2013
I have a project about ISP in packet tracer,I want to know how to make firewall configuration and steps I don't know how to use firewall in packet tracer at all.
View 1 Replies
View Related
Oct 12, 2012
using packet tracer, how can i find dns server ip address and i am having trouble pinging the desktops and server that i manually assigned the ip addresses to
View 2 Replies
View Related
Sep 29, 2011
I am using packet tracer 5.3 version and I am trying to configure IGRP on it but it doesn't show me igrp under routing protocol selection.Router number is 2621XM.IOS version is 12.2.learn the configuration of IGRP.
View 2 Replies
View Related
Mar 22, 2013
I'm student from IT school and i have a school project but i have a problem on packet tracer.In a vlan, i must block the communication between computers in it but i dont know how i must do that.Effectively, it's about 250 computers in this VLAN but each computer can't caommunicate between us.
View 4 Replies
View Related
Oct 20, 2011
Asking about Packet Tracer. I currently use packet tracer 5.3.2.Can you give me any link where to download router template on packet tracer? I want to explore cisco 2821 but packet tracer 5.3.2 has an existing of cisco 2811 only then, I tried to add the 4 ports of RJ11 but I cannot see the 4 port telphone.
View 4 Replies
View Related
May 30, 2012
I am unable to get traffic from any VLAN to communicate outside of the router, as well as get any traffic from outside of the router to communicate with any device on either VLAN. I am able to ping the router from each device on each VLAN, and vice versa. However, the traffic seems to die at the router, and I cannot figure out why. I know it's probably a small, easy fix, but I cannot seem to find any kind of documentation on it.
View 13 Replies
View Related
Mar 16, 2013
I am trying to troubleshoot a problem where in one of my remote site is not able to access some networks at HQ over Site to SIte VPN ( asa 5505 at Remote and 5520 at HQ). I ran packet tracer and HQ ASA looks clean as everything came out as ALLOW. Remote site ASA packet tracer give me DROP out at Phase 9 (VPN). I am not very sure what to look in ASA for resolution now. Is it an access list that is blocking the traffice or VPN setup.
View 5 Replies
View Related
Nov 22, 2011
I've been using packet-tracer for some time on and off with mixed results.
I'm running a multi context firewall with over 10 of the contexts sharing the same outside interface / network. All interfaces obviously have valid, unique IPs and also unique MAC addresses as mac-address auto is enabled in the system context.
This is an ASA 5550 running 8.3(2.10) interim so includes the fix for the well known packet-tracer classication failed bug.
So in theory, with firewall contexts on a shared interface the ASA should use the firewall MAC address to classify incoming traffic to the correct firewall and as far as I am aware, only fall back on using NAT to classify if the interface MACs are the same. In reality on my platform this doesn't seem to be happening and the classifier is using NAT to determine the destination context. I'm seeing this with live traffic (i.e. not generated by packet-tracer) in logs and can prove it by disabling certain NAT rules (there is some overlap with the IP addressing behind each firewall).
My question regarding packet tracer is this - in the above scenario with a shared outside interface, does packet tracer ALWAYS use NAT to determine the destination context? Or does packet tracer look up the MAC address of the ingress interface according to what context you are running packet tracer from? It appears that packet-tracer is using NAT in my case which could be just symptomatic of the potential bug I've described above rather than by design.
View 2 Replies
View Related
May 23, 2012
i have made a topology in packet tracer related to etherchannel configuration.i am using 2 3560 switches and 1 2950 switch. Now what i want is to bundle up the redundant links between these 3 switches. The links fa0/1-3 between 2950_1 and 3560_1 switches have been bundled up but when i try to bundle the links fa0/4-6 of 3560_1 to fa0/4-6 of 3560_2 it wont work. i am using channel-group 1 mode desirable between the 3560 switches. secondly if i want to assign ip to port channels then it has to be of same subnet between 2 3560 switches right and it must be same between 2950_1 and 3560_1. But these 2 subnets should be different from one another.
View 3 Replies
View Related
Oct 9, 2012
I am using Packet Tracer to simulate Cisco networking.As the existing IOS of the 3560 and 2960 switch are in older version which has no new feature in new IOS, how to upgarde the IOS of Cisco switch at Packet Tracer?
View 5 Replies
View Related
Dec 19, 2011
I'm studying for CCNA Sec exam and looking for any security labs for GNS3 or Packet Tracer.
View 3 Replies
View Related
Oct 20, 2011
have some problems with setting up jobs for the backup running config on my switches. Have RW and RO contact with everyone and can change the config in editor, but do not get config.txt
View 1 Replies
View Related
Mar 22, 2012
I have created a simple static ip address by using this command:
interface Vlan1
nameif inside
security-level 100
[Code].....
But, no matter what, the I can't ping the static address or access the computer 10.2.1.2 from outside of the asa 5505. I have attempted to ping from inside of the asa 5505 or from another computer. I just does not work.
I also have created several rules that allows icmp traffic.
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply inside
icmp permit 10.2.1.0 255.255.255.0 inside
icmp permit any echo-reply outside
icmp permit any outside
View 1 Replies
View Related
Nov 12, 2012
I've attached a document showing how this network is designed. A client on a guest vlan behind the ASA, nat'd to one address on the public subnet, needs to be able to get out to the internet, and still come back in for specific services, such as OWA, via the IP which the mail server is nat'd to. The drawing is pretty explanatory. Do I simply need to create a NAT statement and ACL to allow that client out and back in, or do I need to set up hairpinning? I'm working with a Cisco ASA 5505 Version 8.4(4)3.
Note: The drawing has public IP's substituted with 1.1.1.x with final octet being accurate.
View 18 Replies
View Related
Jun 15, 2011
Internet usage is very slow when initially opening a site from LAN clients. Once established it is OK. If I ping a site from an LAN client by either host name or IP address it takes about 5 seconds, drops the first packet then is fine after that. if I ping it again immediately afterwards it is fine. But if i wait 2 minutes and try again the problem returns. So I would conclude that seeing it is the same whether I use Host name or IP address it is not a DNS issue. Pinging from the router produces no fault at all. [code] I can ping the router internal and external interface or any internal ip or hostname from the LAN with no delay or hesitation so it is not a switch interface or network card problem.Some sort of NAT issue maybe? [Code]
View 7 Replies
View Related
Jan 15, 2013
Here is my environment: DSL Modem - ASA 5505 - switch ,Inside network (192.168.2.0/24)
What I have successfully done:
- Modem online and passing on DHCP requests from the ASA to my ISP (ASA does get an internet address on the outside interface)
- ASA assigning DHCP to internal network
- All internal clients can access the internet.
What I am getting stuck on is getting NAT rules set up for simple port forwarding. What I would like: ANY internet address be able to access a server on the inside network address (192.168.2.x) over tcp/22 . I set up what I believe to be the correct NAT rule and Access Rule, but the packet tracer fails. Here is my config.
ASA Version 9.1(1)
hostname xxxxxx
domain-name ugh
enable password xxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[code]......
View 6 Replies
View Related
May 21, 2011
I wanted to move to the cisco arena, and having a bugger of a time figuring out simple nat/pat rules combined with access lists. I've been reading Richard Deal's Cisco ASA configuration book, googling the heck out of this simple problem and can't see what I'm missing.
I have an ASA 5505 unlimited security plus license running 8.2(3) and a simple network, 192.168.0.x internal, 192.168.3.x dmz (not even touching that yet!) and outside I have a /29 subnet of addresses, 25 is the gateway, and 26-30 are my addresses.
I have simple dynamic nat set up on the .26 address to nat to 192.168.0.x. All I'm trying to do is port forward a simple tcp port I set for my linux server (192.168.0.2) on the inside, for arguement's sake, it's 2222 (it's not really). My outside vlan 50 is X.X.X.226 255.255.255.248 , can I make a static nat (inside,outside) x.x.x.226 192.168.0.2 netmask 255.255.255.255 ?
I tried using (inside,outside) x.x.x.230 192.168.0.2 netmask 255.255.255.255 and that didn't work either. Is it not possible to use two external addresses to hit the entire /24 range AND a single server?
My access rule for this nat is permit tcp any 192.168.0.2 eq 2222 (where I'm using 2222 for my ssh port). then I apply that access list to the access group interface "outside".
I thought the outside interface would do a proxy arp (since I do not have the sysopt noproxyarp command) for my 227,228,229, and 230 addresses where .226 is my internal nat for all my internal machines i.e. 192.168.0.1 -> x.x.x.226 . I had this working like a charm before with my fortinet, so I know I have systems listening.
View 3 Replies
View Related
Mar 4, 2011
I have two devices in my office which both need to be accessible externally. One is an FTP server (Hermstedt Stingray), the other is a NAS drive (Lacie). I don't have a static IP so have instead configured an account with DYNDNS. My understanding is that by using this method, only one device will be ever be accessible because of the one single dynamic IP. Is this correct? Or is there a way of configuring something somewhere (DYNDNS, router etc) so that both my devices can be accessed externally.
View 3 Replies
View Related
Feb 5, 2012
We have a D-Link DIR655 wireless router on our network. I have purchased two Seagate 1TB network storage units and would like to have one for me and one for my wife. It seems that the router will not support two, because they try to access the same port. How can I plug these two storage units to the router and have access for each of us to one device?
View 2 Replies
View Related
Nov 25, 2012
I am running the e3000 as an access point.. My iphone and ipad connect to it seamlessly. After a few hours to days, they are no longer recognized by the router. Nothing I reset on the phone or ipad makes any difference. The only solution I have found is to re-boot the router. They then re-connect on their own.
View 4 Replies
View Related
