Cisco :: After Tunnel Is Established Can't Ping Anything On Other Side

Jan 20, 2013

i successfully established site to site with 2 two ASA 5010. The problem is that traffic on not passing, This is current setup:1) Left side : only 1 private network 3) Right side : 1 private network, management network, 2 DMZ networks with public IP, On right ASA some netting is setup so servers in DMZ can be reached from private network. The goal would be that VPN client on left side can reach all resources on the right side (except management network, Just to get things going tunnel is built with only left and right private networks, but after tunnel is established i can't ping anything on other side.

View 4 Replies


Cisco Switching/Routing :: RV048 - VPN Tunnel Established But Cannot Access Or Ping

Oct 27, 2012

i have 2 RV048 and one RV016
I have established VPN gateway to gateway tunnels; all routers use functional DYNDNS
IPrange site 1 external adres x.y.z.w
IPrange site 2 external adres a.b.c.d
IPrange site 3 external adres e.f.g.h.i
site 1 with 192.168.123.x has two win 2008R2DC servers, running AD, DNS, DHCP, RRAS with  address
i can ping the routers only if i add the route to it but cannot ping further  (route add command)
if i dont establish the route then nothing pings
How can i use the tunnel to connect to the servers in site 1

View 2 Replies View Related

Cisco VPN :: 5520 / 5505 - VPN Tunnel Ping Branch Side But Not Other Way Around

Nov 2, 2012

I have HQ side with ASA 5520 (8.4) & Branch Side with ASA 5505 Design

VPN LAN<------->ASA5520(8.4)----->Thomson Business TG628s----->Internet<--->ADSL Modem------>ASA5505(8.2)
Now on both modems UDP 500 & TCP/UDP 4500 ports are enabled I can ping from internal LAN of HQ to internal LAN of branch but I cant ping from internal LAN of branch to internal LAN of HQ

HQ ASA 5520 Side
ASA Version 8.4(3)
host name aljoaib-fw01
[ code].... 
Branch side ASA 5505
ASA Version 8.2(5)
host name GTC- DMM- FIREWALL
domain-name ALJOAIB.COM
enable password 7pgp93AEPfHtDc5N encrypted
Both sides have static ip address.

View 22 Replies View Related

Cisco Routers :: VPN - SRP527W / 857 Established But No Tx Traffic On SRP Side

Aug 2, 2011

I have now the sa`s stablished between SRP527w and cisco 857, but If i ping from a host of Cisco side to a host of SRP side I get  only rx traffic on the tunnel, the stats keep tx at 0 and ping is not answered.My tunnel is to send some voice call into IPSEC tunnel keeping DSCP bits, It comunicate SRP voice vlan with Cisco lan.

I have on SRP 2 vlans:
1 Vlan for data  on ports 1,2 and 4
1 voice vlan on ports 1,2,3,4.
I connect a netbook to port 3 and I can connect to internet but I cant reach by ping the other side of the tunnel?Maybe traffic from voice vlan is being natted with data vlan ip address?I need all traffic must go into the tunnel without being natted, on cisco side I have a policy to avoid nat but don know if SRP have any problem about it too.All gateways are ok ?

View 2 Replies View Related

Cisco VPN :: 5510 - Get A Tunnel Established?

May 2, 2012

I have two 5510's that I am trying to get a tunnel established. One has an exsistinig tunnel to a 5505 that works but I cant get the next one to get past the first phase. I have sanitized the attached configs

View 5 Replies View Related

Cisco Routers :: RV042 Hangs On Reset If VPN Tunnel Is Established?

Sep 15, 2011

I was hoping that the latest firmware would fix my (2) 'bugs', but it did not.  We are using the RV042s at our remote medical clinics as an end-point VPN router to our Nortel 1700 VPN router, replacing our old Nortel Contivity 100s.When I try and do a reset when connected remotely via the WAN interface, the RV042 hangs and will only reset by re-powering.

View 1 Replies View Related

Cisco VPN :: Getting IPSec Tunnel Established Between 887VA And SRP527W Router?

Jul 22, 2012

I'm having some problems getting an ipsec tunnel established between a cisco 887VA router and a cisco srp527w router.I am working from a few text books and some example materials. I have worked through many combinations of what I have got and am still struggling a little bit.I look at debug results and it appears as though the policies do not match between the devices:
Jul 23 05:44:37.759: ISAKMP (0): received packet from XXX.XXX.XXX.XXX dport 500 sport 500 Global (R) MM_NO_STATE
Jul 23 05:44:57.079: ISAKMP:(0):purging SA., sa=85247558, delme=85247558
Jul 23 05:45:17.031: ISAKMP (0): received packet from XXX.XXX.XXX.XXX dport 500 sport 500 Global (N) NEW SA


Some specific questions:
1) on the SRP in the example's I have used (and I have a few SRP->SRP VPN's that work) I see you need to enter the preshared key, I'm not seeing in the examples I have used anything about the IKE preshared key on the IOS box. Any examples where you use the preshared key for IKE? I wonder if this is my primary issue as it states clearly in the log that there is no Preshared key :|
2) I have used a mish mash of names between the various sections as on the SRP the naming convention isnt the same; ie: which parts of the IPSEC negotiation come from the IKE policy section and which from the IPSEC policy section. Do the names really matter across different ends of the VPN?
3) I notice when I perform this command in the(config-crypto-map)#:
set peer FQDN

It is converted to:

set peer XXX.XXX.XXX.XXX
Is this expected? I want the device to look at the FQDN as this particular host is using DDNS and not use a static IP address. 

View 4 Replies View Related

Cisco VPN :: 876 - Connection Established From Firewall But No Ping Answer

Mar 18, 2013

We try to establish a Site-To-Site- IP Sec- connection between a Cisco 876 (local site) and a Check Point-firewall (remote site). The Cisco 876 is not directly connected to the internet, but is behind a DSL- Router with port-forwarding, forwarding ports 500 and 4500. The running config of the Cisco 876 is appended to this discussion thread. Unfortunately I get no output when debugging the connection with commands "debug crypto isakmp" and "debug crypto ipsec".

From the Checkpoint-firewall point of view the connection seems to establish, but there is no ping answer.

The server on the local site that should be reached from the network behind the Checkpoint-firewall has a routing entry "route -P add [inside ip-net remote] [inside ip local]" (see also appended running config for naming of ip- addresses). Establishing a Cisco VPN- Client connection to the same Cisco 876 router works fine.

View 7 Replies View Related

Cisco VPN :: ASA 5520 - Tunnel Up But Can't Access LAN For Each Side

Nov 1, 2012

i have configured site to site VPN between asa 5520.

Site A ( ASA5520-------Site B (
VPN tunnel is up but i cant access LAN for each side. config Site A 

host name CCASA 
name CCNetwork
dns-guard interface GigabitEthernet0/0
nameif outside
security-level 0
ip address

View 5 Replies View Related

Cisco VPN :: ASA5505 - Can't Make Tunnel Connection From LAN Home Side

Oct 6, 2011

I have an ASA 5505 with Base license and a vpn client. The scenario is like this: LAN -- ASA 5505 -- ISP DSL Router---( Internet ) -- Home DSL Router --- LAN -- VPN CLient, The ISP DSL Router gets a public IP address and the ASA gets a private IP address (ISP DSL router doing NAT) and I cant reach the internet with no problem from the LAN´s ASA side but I cant make the vpn tunnel connection from the LAN´s Home side so I told the provider to bridge the ISP DSL Router, to the ASA so the ASA could get the public IP but in order to do that the provider told me to do MAC clonning on the ASA 5505 which I did putting the ISP DSL Router MAC on the ASA. Now the ASA gets the public IP on the outside vlan by DHCP but when I try to make the VPN tunnel I just cannt. I can reach the public IP by ping on the ASA and I can see the pings coming in using debug but I just cant make the vpn client work.

View 2 Replies View Related

Cisco WAN :: 1800 Cannot Connect Or Ping Hosts On Other Side

Jul 13, 2011

I have recently bought two 1800 cisco routers and have tried to connect them over wan serial link, but I am having problems when trying to access resources on the other side. I am a newbie to cisco and I wonder if the problem is with the configuration or the new routers or the serial link between the sites. Below is the show-running config results I have done on both routers; I can ping the serial interfaces from both sides and remotely, but I can't ping hosts or FE from other side.

View 8 Replies View Related

Cisco Routers :: Allow PING On RV042 From WAN Side Only From Specific IP Address?

Nov 27, 2012

I would like to allow PING on RV042 from WAN side only from specific IP address, but when I set the rule, RV042 does not respond on WAN side, because Block WAN Request is Enabled.BUT! When I disable "Block WAN Requests", now any IP can ping my router from WAN side. Although I set access rule to Deny Ping from WAN side to anyone, it still responds.

View 1 Replies View Related

Cisco Routers :: SRP547W - Can't Ping External Side Of ADSL Interface

Mar 2, 2013

I have installed a couple of SRP547W's and can't ping the external side of the ADSL interface.
Is there an option to turn on "respond to ping" and also are you able to forward to a internal IP?

View 3 Replies View Related

Linksys E4200 Wireless Router / Unable To Ping Machine On The Internet Side

May 7, 2012

I am using Linksys E4200 wireless router. I connected two machines, this way.

|LAP1|--------(LAN ethernet connection)----------|LinksysE4200|-------(Internet wired connection)--------|LAP2|

On the Linksys E4200, the Internet wired connection side, I gave static IP address which is in the same network range as that of LAP2.When tried to ping from LAP1 to LAP2, ping doesnot happen. Any settings by which I can ping from LAP1 to LAP2.

View 2 Replies View Related

Cisco Switching/Routing :: 1841 - Unable To Ping Remote Gateway Or Hosts On Other Side Of Router

May 30, 2012

I am just setting up a simple scenario with a 1841. Server @ cannot ping or It can ping The router can, on the other hand, ping devices on both networks. This is just for testing routing theory so I don't know why hosts on either side of the network cannot ping each other.
I am only using the FastEthernet interfaces on Router 1841.

View 3 Replies View Related

Cisco VPN :: ASA 5520 - Communicate To EzVPN Client Side Internal IP From Server Side

Mar 13, 2013

i configured cisco asa 5520 as cisco ezvpn server and cisco 891 as ezvpn client .the configurtion is working fine.i am using client mode on the ezvpn client side.but my quesion is , is it possible to communicate to ezvpn client side internal ip from the ezvpn server side?and one more thing what is the benefit of network extension mode on the client side and how it will work what are possible changes need to do in the server and the client side.

View 4 Replies View Related

Cisco Firewall :: ASA And UC540 Side-by-side Traffic?

Mar 17, 2013

I'm trying to setup an ASA and a UC540 side by side, to utilize the ASA for data networking and the UC540 for voice. This 'should' work fine, I just seem to be having an issue where the ASA seems to be blocking traffic from the voice network as it passes through.So here is the LAN setup:ASA: UC has a voice vlan and a service module at PC uses the ASA as its default gateway, ASA then has static routes to the UC networksRoute from PC to the UC networks works fine. However, ping from the UC networks to PC fails. ASA logs show traffic being denied due to not having an established connection or something.My guess is that the traffic is being blocked because the egress and ingress paths are different? Traffic from the PC goes to the ASA, then gets routed to the UC and it works. However in the other direction, traffic from the UC is going directly to the PC and bypassing the ASA, because its a directly connected network and doesn't have to route through the ASA to get to the PC. The reply traffic from the PC DOES go through the ASA following its route table, thus the issue of the ASA not seeing the established connection?Same-security inter and intra interface is enabled.So I think I see the issue, I just don't know how to fix it. Is there something I can configure on the ASA to allow for this? My only other option would be to configure a /30 on a new vlan to handle the routing between the UC and ASA or something, but that seems like its going to make this simple setup way too complicated with extra networks, vlans, trunks, etc.I am running ASA version 8.4.5?

View 1 Replies View Related

Linksys Wireless Router :: E1500 LAN-side Works / WAN-side Just Goes Away

Jan 30, 2013

My E1500 enters a state where the LAN-side (broadcast, etc.) works, but the WAN-side (internet connection) just goes away. If I go unplug and replug the E1500 the internet connectivity comes back.When this happens, the wireless indicator on my desktop (Dell with Intel wifi) says I have an internet connection, but I clearly don't.

View 2 Replies View Related

Cisco WAN :: 1841 - Can't Ping To Up Tunnel

Apr 8, 2013

I have created the tunnel interface on cisco 1841 router. The tunnel is up but can't ping to it's interface ip, the ping drops.

R1#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Tunnel10             YES manual up                    up


View 4 Replies View Related

Cisco VPN :: 5510 VPN Tunnel Looks Up But No Ping

May 30, 2012

I had a pix that had two working tunnels going to one 5510 and one 5520. Today the VPN tunnel to our 5520 stopped working but if I do sh cry isa sa both tunnels have QM_IDLE as the state. (both ends) I tried to debug crypto isakmp 255 but all I get is PEER_REAPER_TIMER and no other output on the pix side.

View 20 Replies View Related

Cisco VPN :: SRP527W IPSec VPN Tunnel Works One Way / Can Ping Other Direction Too

Aug 2, 2012

I have a IPSec tunnel that is working in one direction. Below is the router config from the side that can connect to the other  side perfectly. I believe the issue is with this router as while I was  waiting on delivery for the ASA I had an SRP527W sitting in it's place  and had exactly the same problem.On one side I have a 887VA router and the other an ASA5505.The network behind the 887VA can access the remote site perfectly, backup services are traversing the link as are web interfaces for applications. In the other direction I can ping hosts but cannot connect. What else is interesting is if from the remote site I attempt to connect to a particular device that performs a port redirect the remote site browser gets so far as being redirected to port 5000 but then hangs.
I am seeing some very generic packet drop debug notices on the 887va on the NAT-ACL access list but I think this is as it should be as it is dropping the tunnel traffic from the NAT'ing.The config for the router is here, I will post the ASA config when I get to the other site shortly but I am convinced the issues is on this device, all the crypto configurations match.I have looked at the MTU's on each side, the path MTU on both sides is 1492. The asa does say the media MTU is 1500 but I believe that is the ADSL link so shouldnt matter?I even went so far as installing CCP and testing the VPN. It says the tunnel is up. It did state a failure:A ping with data size of this VPN interface MTU size and 'Do  not Fragment' bit set to the other end VPN device is failing. This may  happen if there is a lesser MTU network which drops the 'Do not  fragment' packets. [code]

View 1 Replies View Related

Cisco VPN :: 2611xm - Unable To Ping Remote Host Through Tunnel?

Apr 20, 2012

I am in a test environment using an ASA 55005 and a Cisoc 2611xm router. ASA is running version 8.4 and router is running is ios12.4. My VPN tunnel comes up but I am unable to ping between remote hosts. I used the ASDM and SDM for the configuration. Attached is a copy of both configs.

View 8 Replies View Related

Cisco Routers :: RVS4000 - IPSec VPN Tunnel / Cannot Ping From One Network To Other

Aug 5, 2011

I have a RVS4000 at one location and a second RVS4000 at home.  I have established an IPSec VPN tunnel between them and it is UP.  I can ping the routers from each end no problem.  I can ping  the IPs listed in the "Local Group Setup" and the "Remote Group Setup" from both ends no problem.  I can even open up a shared resource from a Win 7 machine (e.g. by typing \ in start-run from a computer on my home network).
But - i can't ping anything else on one network from the other.  What gives?  I need to access a machine but can't even ping it.  
- both RVS4000 boxes have latest firmware (V1.3.3.5)
- home RVS4000 setup with IP
- home network has a server with IP
- other location RVS4000 setup with IP
- other location server setup with IP
Tunnel settings on home RVS4000 (the other location properly mirror these).
  - Local Security Gateway Type :  IP Only
  - Local Security Group Type : Subnet

View 2 Replies View Related

Cisco WAN :: 1841 / Can't Ping Every Machine Across GRE Tunnel To Remote Subnet

Apr 7, 2011

I have an GRE Tunnel across my head office and remote site with multiple subnets using cisco 1841 routers.I can ping most of  the devices on the remote side, but I can not ping certain devices.These  devices respond to ping requests on the local LAN, but not through the WAN link. If I change the IP of device than it start responding. I am using same gateway and mask on these devices.The remote site is running classic STP on switches with distribution switch being the root bridge.

View 4 Replies View Related

Cisco VPN :: ASA 5520 - IPSEC Tunnel / Error When Ping Protected Network

Nov 2, 2009

On my ASA5520 I am trying to do a IPSEC tunnel between two sites. When I ping the protected network on the other side I get this when debugging IPSEC:
IPSEC(crypto_map_check): crypt o map man map 20 does not hole match for ACL man1
Not too sure what this means...

View 11 Replies View Related

Cisco Routers :: ASA5520 And RV042 - Tunnel Get Connected But No Ping / No Traffic Between Both End Network

Sep 13, 2011

I configured ASA5520 and RV042 for site-to-site IPSec VPN tunnel.Tunnel get connected, but no ping, no traffic between both end network.
======= -ASA--------public, static IP address------Cisco 2821--------Internet -RV042-----public, static IP address------Cisco 2821--------Internet
ASA5520 config:
name VPN
interface GigabitEthernet0/1
nameif NET
security-level 100
ip address


View 5 Replies View Related

Linksys Wireless Router :: E4200 Allow VPN Connection / No Traffic Passes Can't Ping Across Tunnel

Oct 28, 2011

I have recently purchased a E4200 i have flashed it with the latest Firmware 1.0.03 and Hard Reset the Router so the Media issue was resolved i was having. After upgrading the firmware to the latest version my Nortel VPN IPSEC Client no longer will work. The tunnel is connected and it passes traffic for about 15 seconds then nothing.  The connection remains connected but no traffic passes cant ping across tunnel.  I have checked all the settings and VPN - IPSEC - Passthru is enabled.   I have put the client in DMZ mode and tried that same thing.

View 7 Replies View Related

Linksys Wireless Router :: E4200 Cannot Ping Addresses Of IPv6 Tunnel Ends

Nov 21, 2011

i have my Cisco E4200 set up with a 6rd tunnel. the tunnel seems to work fine for the most part. i can ping and get a response.however, i cannot ping the addresses of the IPv6 Tunnel ends from within my network. If i run a ping from outside the network, i can ping the IPv6 address of the server end, however, i cannot ping the E4200's end of the tunnel. is there a specific option that needs to be set? i have allowed ping so that my IPv4 address is pingable, am i missing something for IPv6?

View 7 Replies View Related

Cisco WAN :: 800 - Site-to-site VPN Tunnel Is Up But Cannot Ping PCs On Either End

Mar 27, 2012

I've 3 Cisco 800 series routers and I needed to configure site-to-site vpn tunnel from branch2 to the main office(branch 1 VPN was already configured and working). I've managed to get the tunnel up and everything seemed OK as sh cry isa sa,sh cry session and sh cry ipsec sa didn't seem to have any problems.

Although the tunnel is up, I cannot ping PC-s on either side of the vpn tunnel.

View 8 Replies View Related

Cisco :: IOS 12.x+ Port Forward Only Established Connections?

Apr 3, 2013

Using Cisco IOS 12.x+ on a router.How would create an ACL that will only allow access to a port from the inside only after it has been established. i.e. similar to port triggering? Inside host needs to use port 61200 for bit torrent. Dont want the port to be visible as open to the global net accept when the host establishes the connection first.That way a port doesnt have to be left open 24-7.

View 4 Replies View Related

Cisco Routers :: IPSec SA Not Established 2 RV110W

Apr 7, 2013

I make a vpn site-to-site IPSEC tunnel between 2 RV110W the above ,you will find the configuration
Site 2
always the same message

View 3 Replies View Related

Cisco VPN :: 5510 - ASA 8.4.(1) VPN L2L Can Only Be Established Through Default Gateway

Jun 19, 2011

We have an ASA 5510, with two internet connections. One inteded for VPN l2l and the other for general users inet access.

On asa 8.04, I configured the crypto map on inteface "VPNAccess" and a static route to the L2L remote peer through VPN internet access, the default rotue was pointing the general inet router.
We bought a new firewall with 8.4.1, and now asa only tries to initiate traffic if remote peer is on the default gateway.
It ignores more specific routes (i mean longer masks) and always tries to use default gateway, but only for VPN, if I make a trace route for that peers it uses correctly the routing table.

View 12 Replies View Related

Broadband :: Internet Connection Could Not Be Established?

Sep 12, 2011

internet connection could not be established. the port used was closed.

View 1 Replies View Related

Copyrights 2005-15, All rights reserved