Cisco :: (Duplicate TCP SYN From Inside)
Nov 8, 2011
I'm seeing a TON of traffic in my ASA logs (via ASDM) indicating the following:"Duplicate TCP SYN from inside: (valid internal address of one of our laptops)/50164 to inside: (address on our other subnet, still trying to trace it)/9100 with different initial sequence number"This looks like an attack to me, likely someone's downloaded something they shouldn't have and got an infected laptop. Why it's trying to "call home" to something inside our network is what puzzles me, though.Is there any VALID reason I would see these sort of messages in my log?
View 3 Replies
ADVERTISEMENT
Apr 5, 2012
We've had issues with our Exchange 2010 server (running on ESXi 4.1) since its default gateway was changed to our new ASA 5510. They manifested as frequent Outlook client connection dropouts or as IP address conflicts whenever Exchange was rebooted. The temporary fix was to disable the Exchange server NIC, bounce the ASA and enable the server's NIC again. We saw poor performance from Exchange after a while again, but after some research and testing I realised that disabling proxyarp on the inside interface fixed the problem permanently.
However I've now realised that the client VPN no longer routes properly because proxyarp is disabled on the inside interface, so I still have a problem.
View 10 Replies
View Related
Dec 18, 2010
I have 2 questions.Om my cisco 2811 (IOS 12.4(15) T9 IPBASE W/O Crypto) i am using 3 interfaces.And i have a pool of Global addresses: 200.x.z.97-200.x.z.126 255.255.255.0
FastEthernet 0/1 description WAN interfaceip nat outsideip address 200.x.y.253 255.255.255.0
GigabitInterface 0/2/0description DMZ interfaceip nat insideip address 10.0.0.1 255.255.255.0
GigabitInterface 0/3/0description LAN interfaceip nat insideip address 192.168.0.251 255.255.255.0
[Code]....
View 8 Replies
View Related
Nov 25, 2011
I'm trying to configure hairpinning on my Cisco 887VA VDSL router, so all LAN users can connect to the server using SMTP port 25 which is also in the same LAN subnet, using external router address, which is assigned to dialer1 interface.Traffic comming in from outside works fine.
External IP: 1.1.1.1/29
PC address connecting to the server: 192.168.101.28
Server address: 192.168.101.200
IOS: 15.1.4M1
[code]....
I'm running tcpdump on the server on port 25 and... nothing happens. The traffic is not going through.One thing that I've notices in debug ip packet is this line:
s=1.1.1.1 (Vlan1), d=192.168.101.200 (Vlan1), len 52, rcvd local pkt
shouldn't source be internal vlan1 IP - 192.168.101.1?
View 3 Replies
View Related
Apr 16, 2012
We have LMS 4.2 installed and added devices;Now if for example a device is not reachable we get two messages with same failure ;only the component name is different
- one event with "dns" in component name
- one with "dns(ip)" in component name
dns == hostname
View 4 Replies
View Related
Aug 29, 2012
Everyday a few of the computer will error with "A duplicate name exists on the network:" A quick Google search shows the same answer EVERYWHERE on the internet. So I changed the names of a few of the computers too something I knew was unique. Still though the problem persists/ it afters the two XP bases computers the most, but my main workstations (windows 7 sp1) has had this error a few times, although it appears to have left for a while. I have a feenas server but Active directory is not turned on.My router is a e4200. I was using DHCP server on there (and would very much still like to) although I have turning it off, rebooted both the router and the computers but to no avail.
View 19 Replies
View Related
Feb 20, 2011
I'm running web server on Linux Redhat when i run
# /etc/init.d/tomcat status
I got a number of lines:
warning, got duplicate tcp line
warning, got duplicate tcp line
warning, got duplicate tcp line
warning, got duplicate tcp line
Tomcat running in normal mode Also , I can see that Tomcat unstability makes some strange behaviour in the system overall.
View 3 Replies
View Related
Apr 29, 2012
I have tried changing adapter settings, did the ipconfig /release, renew and still no luck.
View 1 Replies
View Related
Apr 3, 2011
I am installing a advance ip service licnese on cisco 861 router but it gives the following error message
Router#license install flash:FCZ143294BM_20110221232946625.licInstalling licenses from "flash:FCZ143294BM_20110221232946625.lic"Installing...Feature:advsecurity...Failed:% Error: Duplicate licenseInstalling...Feature:advipservices...Failed:% Error: Duplicate license0/2 licenses were successfully installed2/2 licenses were existing licenses0/2 licenses were failed to install
Router#
Also show ver shows the following
License Information for 'c860-data' License Level: advsecurity Type: Permanent Next reboot license Level: advsecurity
View 1 Replies
View Related
May 26, 2013
My customer is seeing these Errors coming up on one of his 2504 WLC's (ver7.3) The MAC's and IP addresses Mentioned seem to be completely fictitious as the customers IP plan is way off these subnets and the vendor lookup tool cant resolve the MAC addresses.I can confirm that there is no conflict.I've seen them appear on other 2504's across his network on seperate occasions.
View 4 Replies
View Related
Jul 17, 2012
I am having peculiar issue in my setup. I recently replaced my ASA 5505 (8.2.1) with ASA 5510 (8.4.3). Everything works fine for a while suddenly I see some of the servers will not be reachable from the LAN all the servers gateway is my switch. If I check on my Dell switch the particular server's arp entry on the connected port is same as ASA physicall MAC. If im reverting to 5505 ASA everything goes smooth without any issue.
View 6 Replies
View Related
Oct 17, 2012
I got some issues with my CISCO ASA, the thing is that when I add a new rule on the device this rule duplicate and goes to the bottom. We already tried to delete the duplicate rule but it always show an error.
-Model 5585
-ASA Version: 8.2(5)
-ASDM version: 6.4(5)
View 5 Replies
View Related
Aug 24, 2012
In case I configure duplicate IP addresses to the same VLAN(two interfaces in VLAN 1100 have IP address 192.168.2.2) I see following ARP messages rapidly(those six messages were received in less than 2ms time-frame)
View 2 Replies
View Related
Dec 1, 2012
I am using 2 anchor controllers 5508 as DHCP server. Anchor controller A is primary and anchor controller B is secondary. From time to time, client will complain "duplicate IP address error" when they try to connect guest wireless.First question: both anchor controller should have a recorder of IP address which is assigned to each PC, right?Second question: is there any way this type of issue can be avoided?
View 3 Replies
View Related
Feb 27, 2011
I have a little problem with a Easy VPN, this is the topology:
-One router 2811: This is the Easy-client (Who has a ip address by dhcp)
-One ASA 5540: This is the Easy-server
View 11 Replies
View Related
Apr 9, 2012
I have just moved to the 3750X switch and have connected it to a 6509E. From the beginning I was having OSPF encryption errors, followed by flood warnings, LSA issue's, duplicate IP's which is baffling me.
There are no IP's which match on either switch however the 3750X was continually power recycling causing the interfaces drop continually.Even after disconnecting from the 6509 the 3750X continue to behave in the same manner. Could there be some issue with this switch?
View 6 Replies
View Related
Feb 18, 2009
I am getting the following error messge on Cat4500:
Feb 18 23:37:53.098: %IP-4-DUPADDR: Duplicate address 10.237.66.3 on Vlan601, sourced by 001d.096b.4858
Feb 18 23:38:58.092: %IP-4-DUPADDR: Duplicate address 10.237.66.3 on Vlan601, sourced by 001d.096b.47ed
View 9 Replies
View Related
Mar 17, 2010
First here is our network breakdown
8 Windows 2008 Servers - UN effected
5 Windows 2003 Servers - effected with dupe IP's
We have AP - A, B and C all configured static and outside of our DHCP scope
A - 104.240
B - 104.241
C - 104.242
WAP A is setup to allow the Mac's of A and B to repeat its signal. The issue starts about 1-2 minutes after I set B and C to client/repeater and select A in site survey then save the settings. Obviously its weird that only our 2003 servers are getting this error.
The system detected an address conflict for IP address 192.168.105.201 with the system having network hardware address *MAC ADDRESS OF ROUTER A*. Network operations on this system may be disrupted as a result.
View 1 Replies
View Related
Mar 19, 2012
I have a duplicate router ID problem that is confusing to me. A 6509 and 4510 swich both show the same router ID, but only the 6500 has the router ID IP address configured in it. We are running EIGPR. The 6509 has L0 as 164.72.239.1 configured, which is it's router ID. The 4510 doesn't have 164.72.239.1 configured on it, yet that's what it's router ID is. Below are a few show commands displaying this - and as you can see from the 'show run | include 239' from the 4510 there is no 164.72.239.1 configured on it:
6509 chassis
interface Loopback0ip address 164.72.239.1 255.255.255.255end
RS6509-Core-A#sh ip eigrp topIP-EIGRP Topology Table for AS(1)/ID(164.72.239.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s -
[Code].....
why the 4510 has that router ID?
I know I can configure a different router ID on the 4510, but I'm curious as to why it is the way it is.
View 3 Replies
View Related
Feb 10, 2011
Using windows xp. how do i find and delete network name?
View 1 Replies
View Related
Mar 14, 2013
I have two 2960's in this new environment that I am administering. I am receiving a message on one unit (Designate it 2960-2) of %IP-4-DUPADDR: Duplicate address 192.168.168.8 on Vlan1, sourced by 3037.a63e.540. The "sourced by" address is the 2960-1. I do not know how these units were originally set up. How can I determine where the duplicate address is originating from.When I perform an ARP -a the address that corresponds to the 192.168.168.8 is the mac address of the ethersvi interface on the 2960-1. I
View 3 Replies
View Related
Dec 17, 2011
I am using LMS 4.0.1 to monitor the data center network devices. I have two core switches, each core switch has an ACE module installed on it. I have configured many virtual context on each ACE module, and these ACE contexts are acting as primary and standby roles. The problem i faced with is LMS reports the virtual ip address configured on each ace context as duplicate ip address, and i didn't know how to deal with it. As to my understanding, this should be the normal behavior due to my setup, but how can i remove this alarm on LMS 4.0.1?
View 1 Replies
View Related
Mar 21, 2013
I have a setup where a spoke (cisco 1841) is sending a multicast feed to a hub (cisco 2951) via a DMVPN tunnel on the Internet. The feed arrives on interface fa0/0 of the cisco 1841 and is forwarded to the tunnel interface. It is about 160,000 kbit/s and 18 pps. This always looks the same:
cisco2951-1-hub#sh run int tu10
!
interface Tunnel10
description DMVPN TUNNEL
[Code]...
View 5 Replies
View Related
Apr 30, 2013
ISE 1.1.3
Cisco 3750 switches
Windows XP / 7 / 2008 clients
I'm having some weird issues were if a client connects to a switchport and happens to be using a static IP address then the client warns of a duplicate address problem. Also the client will then only show the default gateway within ipconfig even though the IP address / mask is still in the GUI network properties of the adaptor. This is happening with Windows 7 and Windows 2008 devices.
Windows XP clients don't get the issue.
Some clients will use 802.1x native supplicant and some will be authenticated based on MAB. Not noticed the problem with 802.1x clients but it always occurs on MAB.
I came across a similar issue here: URL
Going of that blog I tried using the "ip device tracking delay probe delay" command but the switches don't recognise the "delay" keyword.
The switches are 3750 switches running version 12.2(58)SE2.
All I have is "count, interval, use-svi" as extra options.
Catalyst 4500 switch guide has "delay" option but no "count, interval or use-svi".
The only way I have managed to avoid the problem is using the second solution which is a registry hack on each client. This is fine for the odd server but not realistic when there will be hundreds of other clients.
View 5 Replies
View Related
Feb 24, 2013
Trying to apply this config to a 2900 router and getting this error message. [code] This works ok in in a 2800 router using 12.4(25d) spservices IOS
Not working on 2911 using 15.2(3)T2 ipbase image.
View 3 Replies
View Related
Mar 7, 2012
In NX-OS release 4.2(8) a feature was introduced to supress duplicate IP address warning messages in DCI environments.When using the same HSRP addresses in both DCs but blocking the HSRP exchange, ARP still detects these duplicate configuration and writes log messages. There obviously is a feature to suppress this but I do not find any reference how to enable it.url...
View 1 Replies
View Related
Aug 17, 2012
I have set up LogMeIn Hamachi with my Linux server and a few clients. I have also created a simple shared folder on the server which shares with a Windows 7 machine.
I'm a bit confused though as to where the data is actually stored - presumably, because I have created the folder ON the server, and then shared it with the client Windows - the data is written on the server, and then accessed by the client if opened.
What I want is to create 2 copies, and automatically create a local copy of anything I put into this shared 'network' folder as well - so essentially there will be a folder when I can throw things into that will instantly duplicate (I run backup protocols separately of this).
View 4 Replies
View Related
Feb 8, 2012
Got a classical remote access vpn with Cisco VPN Client and ASA-5520, Some weeks ago I noticed in my ASA logs this severity 5 Message. Group = xyz, Username = abc, IP = 84.n.n.n, Duplicate Phase 2 packet detected. No last packet to retransmit. This message comes with every connect, but then connections works fine.
Remark: See ASA ADSM:
- 1. Duplicated Phase II (!!)
- 2. Phase I
- 3. Phase II
View 4 Replies
View Related
May 8, 2012
I have multiple wireless access points plugged into a 3560X. When the wireless clients begin roaming they cause duplicate MAC enteries to be created and this causes the switch ports to flap. Is there a way to configure the switch to either ignore the duplicate MAC enteries on the switchports that have been connected to the APs or is there a way to have the ARP tables update and resolve the conflicting MAC enteries with out causing the switchport to flap?
View 3 Replies
View Related
Aug 5, 2011
We are facing the problem in ASDM 5.x creates duplicate network object groups in the configuration when PIX with software 7.0.7 is used.
Audit report its showing below commands :
asdm group SALES_ref dmz2 reference SALES object-group network SALES_ref network-object 172.20.7.8 network-object 172.20.10.3 network-object 172.20.11.2
no access-list dmz2_access_in extended permit tcp object-group Network_10.10.1.0 object-group SALES object-group SALES_Ports access-list dmz2_access_in line 200 extended permit tcp object-group Network_10.10.1.0 object-group SALES_ref object-group SALES_Ports
i was created SALES object group 2 month back after that ASDM Automatically created the duplicate object with SALES_ref name and changed the old ACL.
View 3 Replies
View Related
May 22, 2013
I have a WLC 2504 with 5 AP licenses for which I have installed an adder license via GUI. The installation completed successfully, but I still cannot view the new license. The maximum number of APs is still showing as 5 and in fact I cannot add more that 5 APs. I tried installing the license file again, but now I get a "duplicate" error.
View 4 Replies
View Related
Sep 19, 2011
Recently I had came across 1 issue where one of the server IP had conflicted with VIP of Nexus core switch. The blade server was physically connected to Nexus Distribution switch which in turn connects to Nexus core. Neither Nexus core nor distribution had generate any logs in regards to IP conflict which ideally happens on Cisco catalyst switches. I haven't find any document on cisco as well as on internet for this issue . I dont know what logging need to enable on Nexus for this specific case . There are different logging levels define for every feature like hsrp, ip,monitor etc...
We have Nexus 7k with latest release 4.2(6) Software
BIOS: version 3.22.0
kickstart: version 4.2(6)
system: version 4.2(6)
View 5 Replies
View Related
Nov 24, 2012
I am experiencing inconsistent echo-replay from devices connected via VPC to Nexus 5500s while pinging from the Nexus exec prompt.
In some cases I receive normal response when pinging from one Nexus, but no response when pinging from the other switch. In other instance I receive normal response to one Nexus, and duplicate replays to the other. It looks like a VPC related bug. NXOS is 5.1.3.N2.1
5501# ping 10.12.12.232
PING 10.12.12.232 (10.12.12.232): 56 data bytes
64 bytes from 10.12.12.232: icmp_seq=0 ttl=253 time=8.585 ms
64 bytes from 10.12.12.232: icmp_seq=0 ttl=254 time=9.227 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=1 ttl=253 time=1.011 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=253 time=8.097 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=254 time=9.429 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=3 ttl=253 time=18.195 ms
64 bytes from 10.12.12.232: icmp_seq=4 ttl=253 time=8.807 ms(code)
View 5 Replies
View Related
