I am trying to troubleshoot a problem where in one of my remote site is not able to access some networks at HQ over Site to SIte VPN ( asa 5505 at Remote and 5520 at HQ). I ran packet tracer and HQ ASA looks clean as everything came out as ALLOW. Remote site ASA packet tracer give me DROP out at Phase 9 (VPN). I am not very sure what to look in ASA for resolution now. Is it an access list that is blocking the traffice or VPN setup.
I have a project about ISP in packet tracer,I want to know how to make firewall configuration and steps I don't know how to use firewall in packet tracer at all.
I've been using packet-tracer for some time on and off with mixed results.
I'm running a multi context firewall with over 10 of the contexts sharing the same outside interface / network. All interfaces obviously have valid, unique IPs and also unique MAC addresses as mac-address auto is enabled in the system context.
This is an ASA 5550 running 8.3(2.10) interim so includes the fix for the well known packet-tracer classication failed bug.
So in theory, with firewall contexts on a shared interface the ASA should use the firewall MAC address to classify incoming traffic to the correct firewall and as far as I am aware, only fall back on using NAT to classify if the interface MACs are the same. In reality on my platform this doesn't seem to be happening and the classifier is using NAT to determine the destination context. I'm seeing this with live traffic (i.e. not generated by packet-tracer) in logs and can prove it by disabling certain NAT rules (there is some overlap with the IP addressing behind each firewall).
My question regarding packet tracer is this - in the above scenario with a shared outside interface, does packet tracer ALWAYS use NAT to determine the destination context? Or does packet tracer look up the MAC address of the ingress interface according to what context you are running packet tracer from? It appears that packet-tracer is using NAT in my case which could be just symptomatic of the potential bug I've described above rather than by design.
I have ASA5505 configured with internal network as 192.168.15.0 and default gateway 192.168.15.1 From the inside network, i'm able to access internet and able to ping all website (enabled ping). and all internel network devices can ping each other. Except i cannot ping my gateway (ASA5505) 192.168.15.1. I'm continously seeing this message on the log, when i tried to ping.. How to fix this?
Denied ICMP type=8, code=0 from 192.168.15.xxx on interface inside
replace xxx with my network devices that try to ping the gateway..I dont want outsiders ping my gateway, i need ping for inside internal network only.
i'm on the CCNA 4 accessing the WAN part for the Cisco Academy. I'm trying to do a packet tracer 8.6.1 and I'm stuck. I'm looking for the answer so I can figure out what I'm missing.
having some issues. My basic VOIP network I can get to work no problem uner Vlan 1. But when I try tomake multiple basic networks to connect and put them in to diffrent Vlans such as Vlan 2, 3, 4 and conect them the phones now say configuering IP.
I'm trying to set up a network comprised of three LANs connected by serial. As this is a small part of an assignment I've been instructed to subnet into /26 and to use /30 subnets for my serial connections.At the moment I can ping between devices on each of the LANs but I can't ping between routers at all. Embarrassingly I'm not sure why, I think it may be something I've missed on setting up the serial links as I have set routers up fine before using other connection types.
I'm preparing myself for CCNA exam and i started doing a lot of different examples. I've got problem with Packet Tracer when i'm trying to apply some security settings for the range of switch ports in default VLAN 1. I might just demonstrate my commands so it will be easier do understand.
I am trying to test PIM SM mode between some 2811 routers built up in my packet tracer 5.3.3 .But surprisingly PIM option is not coming in the interface mode .Even IP multicast option is not shown in global config mode.
I have been playing around with Packet Tracer trying to understand EIGRP and to put it into practice. Well im not doing so well, I cant get the routers to form an adjacency therefore nothing is pinging outside of the routers. [URL]
I'm an IT student and I've been assigned with homework simulating a network including an ISA server and some clients in Packet Tracer but I can't find anything which can be configured like an ISA (Internet Security and Acceleration) server(this is kind of Microsoft's technology as I know) in Packet Tracer, the generic Server from the devices box has only some basic services such as HTTP, DHCP, DNS, FTP, AAA, ... but none of anything related to ISA, all the servers in Packet Tracer have only 1 interface whereas the ISA server (as far as I know) should have at least two interfaces, and there is also no CLI supported for those servers so I think I can't simulate ISA server in Packet Tracer, can I?
I'm trying to create a silent, scripted install of Cisco Packet Tracer 5.33. At the end of the install there is a box that comes up about Packet Tracer Skills Based Assessment (PTSBA). Is there a way to supress this dialogue box? I'm using "PacketTracer533_setup.exe" /sp- /verysilent /norestart" with no luck.
have 2 routers connected in cluster ith serial dte link. screenis locked. I need to draw a topology of Internet cluster, but i don't know how to discover whats is in it, because i don't have set ip
using packet tracer, how can i find dns server ip address and i am having trouble pinging the desktops and server that i manually assigned the ip addresses to
I am using packet tracer 5.3 version and I am trying to configure IGRP on it but it doesn't show me igrp under routing protocol selection.Router number is 2621XM.IOS version is 12.2.learn the configuration of IGRP.
I'm student from IT school and i have a school project but i have a problem on packet tracer.In a vlan, i must block the communication between computers in it but i dont know how i must do that.Effectively, it's about 250 computers in this VLAN but each computer can't caommunicate between us.
Asking about Packet Tracer. I currently use packet tracer 5.3.2.Can you give me any link where to download router template on packet tracer? I want to explore cisco 2821 but packet tracer 5.3.2 has an existing of cisco 2811 only then, I tried to add the 4 ports of RJ11 but I cannot see the 4 port telphone.
I am unable to get traffic from any VLAN to communicate outside of the router, as well as get any traffic from outside of the router to communicate with any device on either VLAN. I am able to ping the router from each device on each VLAN, and vice versa. However, the traffic seems to die at the router, and I cannot figure out why. I know it's probably a small, easy fix, but I cannot seem to find any kind of documentation on it.
here, am used to the RouterSwitch CLI but been asked to set up an ASA 5505 8.4.Quite simply I am trying to at least test out a static PAT from an external source to an internal server in a test environment and no matter whether I set it up as an auto-nat or a twice-nat whenever I run a packet tracer I end up with the same error. This is the packet-tracer I am running-packet-trace input outside tcp 80.80.80.80 3389 10.240.0.10 3389
Phase: 5 Type: NAT Subtype: rpf-check Result: DROP Config:nat (inside,outside) source static server publicIP service RDP RDP Additional Information:
[code]....
Now I have a couple of questions initially. I have made the presumption that packet-tracer does not look at any external devices while running - as in as long as the ports are up it doesn't matter what is on the end of them for testing purposes? Is there anything I am missing?I have this morning wiped the config and have simply set up the adapters, a default route and twice nat and am not sure why I keep getting the error. I am sure it is something very simple and I'm being a massive donut!
i have made a topology in packet tracer related to etherchannel configuration.i am using 2 3560 switches and 1 2950 switch. Now what i want is to bundle up the redundant links between these 3 switches. The links fa0/1-3 between 2950_1 and 3560_1 switches have been bundled up but when i try to bundle the links fa0/4-6 of 3560_1 to fa0/4-6 of 3560_2 it wont work. i am using channel-group 1 mode desirable between the 3560 switches. secondly if i want to assign ip to port channels then it has to be of same subnet between 2 3560 switches right and it must be same between 2950_1 and 3560_1. But these 2 subnets should be different from one another.
I am using Packet Tracer to simulate Cisco networking.As the existing IOS of the 3560 and 2960 switch are in older version which has no new feature in new IOS, how to upgarde the IOS of Cisco switch at Packet Tracer?
MIB OID and the values.also i want to know the values og output packet and output packet drops MIB OID values of POS interface on GSR router (12000).because i am getting many output packet drops on these pos interface.how do i get these values from the router.
I have a video feed coming into my 3570. It comes in at 5 minute input rate 18777000 bits/sec, 1695 packets/sec. However, the uplink to the router is much different, 5 minute output rate 130000 bits/sec, 28 packets/sec. I am in a lab and about ready to go into testing phase for a project when we discovered this problem, as this video feed is not veiwable on the other end.
Below is the config and capture from the switch.
BLOSSw1#sh int g1/0/6GigabitEthernet1/0/6 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is a44c.112f.3506 (bia a44c.112f.3506) MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 4/255 Encapsulation ARPA, loopback not set Keepalive not set Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX SFP input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of "show interface" counters 15:16:25 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute
In my cisco 3845 router I can see output packet drop in some of the interfaces.I suspect that router is processing packet beyond its mix throughput limit. Moreover when i run show int fax/y switching command I can see packet drop by RP process.
when using egress netflow (v9) and output marking.
The topologie : Server <-----> R1 1>-----<1 R2 2>----<2 R3
R2 is a 7200 with c7200p-adventerprisek9-mz.124-15.T11.bin What I'm doing :- R2 forwards ping packets from Server to R3. When they arrive on R2, icmp packets are marked with CS3
- I change the DSCP to CS4 on R2 before forwarding packet to R3. I'm using for that an output service-policy on the R2-2 interface like this : interface ATM2/0.36 point-to-point
ip address 192.168.1.1 255.255.255.252 ip flow ingress ip flow egress
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0 description Connected To Internet Router switchport access vlan 10
I have 2 sites connected by a site-to-site IPSec VPN link using ASAs. (ASA5505 and ASA5510 at sites A and B respectively.) There is a UDP data stream that feeds into a Site A server from the internet (packets arrive on the Site A outside interface and NAT is applied to forward to Server A). I need the Site A ASA to redirect these UDP packets over the VPN link to a Site B server instead of to the Site A server.
The source devices can not be reprogrammed with the Site B outside IP. The VPN tunnel is working, Server A can communicate with Server B.