I have a ASA5520 with 4 Port channel interfaces and ASA Version 8.4.(2). There are many vlan interfaces but in the DMZ I have one Server who has a Static NAT to all other interfaces.
Why the first ping works and the others doesn´t work?
I have setup a remote access VPN to an ASA5505
I have a directly connected server behind the ASA and I can ping the server without a problem.
The VPN client reports packets being encrypted and decrypted
However when I try to RDP to the server the encyrpted packets keep incrementing but the decrypted packets do not.
I am also not seeing any RDP traffic hit the server (verified by ethereal)
I have done a packet tracer and it suceeds but ends with an IP spoof which I believe is correct as it is vpn traffic and not actually being encrypted.
This is the debug from the RDP session, I am confused by a Denied ICMP on line 2 as I am able to ping the server?
%ASA-6-302013: Built inbound TCP connection 88193 for external:172.16.24.4/50984 (172.16.24.4/50984) to internal:192.168.100.146/3389 (192.168.100.146/3389) (roger_ssl)
%ASA-4-313004: Denied ICMP type=0, from laddr 172.16.24.4 on interface external to 192.168.100.146: no matching session
[Code].....
The only logical bit to this is flow closed by inspection? Does this mean the server has not responded?
And the decrypt packets not increasing when trying to RDP Does this mean that I have reached the end of my ASA knowledge on this one!
I am able to access ASA via hostname but with IP address it does not work.Need to know what config i need to put so i am able to access it using IP by ssh and ASDM? ASA is 5520 version is 8
View 12 Replies View RelatedI am trying to introduce an ASA5520 to my network based on the following diagram: ISP Internet ------> ASA5520 ------- > Cisco Router ------> LAN. The problem is I cannot ping the ASA from the LAN. I can ping it from inside the router. I already allow ICMP within ASA. If i remove the cisco router and replace it by a swich, I can ping the ASA with NO problem.
View 5 Replies View RelatedI have Cisco ASA5520 with a 8.4 code in GNS3. I have a problem pinging to the internet. On the ASA console, I can ping to outside world, but on vpc I cannot ping the outside world. But I can ping the ASA Inside interface and other VLANs, no problem. [code]
View 3 Replies View RelatedSo I have a client with an ASA 5520 running version 9.0 (was on 8.4) that I am trying to get either IPSec or SSL VPN configured on. I got everything setup and tried to connect. However, I couldn't connect to either. I fired up the real time monitoring and didn't see any syslog messages referring to a VPN build up. I also enabled SSH/Telnet on the outside interface and cannot connect to the ASA outside interface. I can ping the outside interface and can ping the internet from the ASA. I did set up a test ACL on the ASA and ran packet tracer on it and the results came back fine.
There is an IPS in the ASA as well, but I disabled the ACL for that and still am having these issues. Part of me wonders if the ISP has something set up to block inbound traffic. This should be a business class connection.
I have newly deployed network. I have two ASA5520-AIP20-k9. both connected to ISP and configured as Active/standby failover. the ASAs were working fine at first but later on, the internet connection becomes very slow. the ping reply i am getting from my next hop(ISP router) varies during the peak hour is some times in 2000 msec or above but during off hours, the ping reply time is 1 and 2 msec. when I directly connect my laptop to the link that comes from the ISP its ping reply is 1msec and 2msec. I thought the ping reply of the ASA5520 to the ISP gateway should be constant and should be 1 and 2 msec regardsless of the traffic passing through the firewall.
View 1 Replies View RelatedI have recently made some chages to my ASA 5510 (not sure what) I was previously able to ping url... and I am now not able to ping anything on the Internet, but The Internet connectivity work perfectly.
View 7 Replies View RelatedOur firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
My 2nd is that I have debug enabled on my rules but am not logging anything.
I just recently bought a Telewell Wlan AP wireless access point and my problem is that I can't connect to the internet with Lan, hence can't get connection on my desktop. My laptop however works fine with wlan.
There's a wall socket which connects to a bigger student local network, I can connect my desktop to it directly and it works so there seems to be nothing wrong with my computer. I've had 2 routers before this, another Telewell that worked flawlessly and a Buffalo that cut the connection every now and then but didn't have this kind of problem.
I have the router plugged into the wall, set to get a dynamic ip (as it should be) and it does find Wan-side ip-address and dns-servers, as I could connect through wifi. So there doesn't seem to be a problem with that either. But for some reason Lan doesn't work. I can access the router through Lan, dhcp is on and I can see my desktop on the routers client list.
We have ASA 5520 running 8.2(3) software and we're trying to make Remote Access VPN (l2tp/ipsec) working from Android. We succeeded in making IPSEC tunnel (ending "Phase 2 completed"), but we cannot make L2TP tunnel working.We're using RADIUS for L2TP authentication, but ASA doesn't even try to check credentials entered by use. The same set of credentials entered on Windows {XP, VISTA, 7, Mobile} works ok. Which debugging options should we turned on?
View 3 Replies View RelatedI have created an IPSEC VPN tunnel using a Cisco ASA5520 (corporate) to a Cisco SRP541W (remote). The corporate subnet is 10.1.0.0/16, and the remote subnet is 192.168.1.0/24. From the remote subnet, I can ping anything on the 10.1.0.0 corporate network, but I cannot ping from the corporate network to the remote subnet. At first I thought this was something obvious, perhaps an incorrect acl or something easy on the corporate firewall. However, we have several other vpn tunnels established, all set up the same, and they work just fine. After looking at it a bit more closely, if I ping the remote subnet I see the hit counter increment by one each time, which leads me to believe that traffic is in fact being routed properly.Now I'm thinking that something in the remote SRP541W that is not allowing icmp traffic, but I can't find it anywhere. To be honest I have never used this type of firewall before, they have all been Cisco PIX501/506e and ASA5500 models.
View 2 Replies View RelatedI am running XP Pro SP2 Ver. 2002 on my laptop.,i use the wifi connection very well. But when i plug the rj45 cable in from the modem,the LAN icon says Little or no connection.
View 14 Replies View Relatedi have a problem with a cisco 857-K9 router. We can access internet but if we ping a web server, every first ping fail but all others works...
View 15 Replies View RelatedI'm inclined to think this is a bad router but just wanted to run it by everyone. All of a sudden I can't get into the router interface or ping it, but the internet still works. If I power cycle the router, then I can get back into it.
View 2 Replies View Relatedhen its wireless, it has no problems with the internet, everything works fine.But when its wired, webpages will still load, but youtube videos wont work, anything that consists of streaming doesn't work, and he cant even useI have connected other laptops to the same cord and there is no problems. so i know its not the cord and i imagine its not the router since everything still works fine with other computers.
View 5 Replies View RelatedMy cable modem and router are in a closet. From there, wires run through the house to multiple locations. One of the locations has had a wireless access point (WAP) installed which has worked flawlessly. I want to put another device at that location that doesn't have wireless capability, so I tried to connect a switch. The switch does not connect. When I disconnect the cable from the WAP and plug it into the switch, the light on the switch port that would indicate a connection does not come on. When I then connect the WAP to another port on the switch, the light on its port does come on but it does not see the router. I've tried multiple cables (I even tried a crossover cable) and I've tried a second switch with the same result. When I plug back into the WAP, it works fine again. The switch works fine at other locations in the house.
One more thing - When I bought the house, the wire to this particular location was unterminated. I had never done any wiring before but I decided to try to do this myself. So, I read up on the process and bought the necessary tools. When I stripped the wires, I found that the twisted pairs were not just twisted (as they were in the patch cable I practiced on) but each pair was in a single strand of insulation (I'm not sure exactly how to describe this but there were four strands of plastic, each with two wires packaged inside.) I didn't know how to separate the two wires that were packaged together so I wired the connectors with all four color - color/white pairs next to each other. I know that's not the standard. But from what I read, as long as I wired both ends of the cable the same way, everything should work. And in fact, it did for connecting the WAP.
I didn't install new program or make a lot of change in my computer lately?Anyway here's the ipconfig/all result of my computer
Windows IP Configuration
Host Name . . . . . . . . . . . . : asus-95bdea2abb
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
[code]...
my internet works normally during daytime but starts to disconnect and reconnect every few minutes at around 11pm. I've tried restarting my modem but to no avail. My home telephone line is not working when my internet starts disconnecting and it starts working during daytime. My modem is connected to the telephone.
View 4 Replies View RelatedI configured ASA5520 and RV042 for site-to-site IPSec VPN tunnel.Tunnel get connected, but no ping, no traffic between both end network.
Network:
=======
192.168.113.0/24----------192.168.113.6 -ASA--------public, static IP address------Cisco 2821--------Internet
192.168.10.0/24-----------192.168.10.1 -RV042-----public, static IP address------Cisco 2821--------Internet
ASA5520 config:
----------------------
name 192.168.10.0 VPN
!
interface GigabitEthernet0/1
nameif NET
security-level 100
ip address 192.168.113.6 255.255.255.0
[code]....
I have been using my laptop since a year now and yesterday suddenly my internet stopped working. On top of the connectivity bar a yellow sign appeared. Now my internet status is "No internet access" but when i connect my ethernet cable the internet starts working and i can see the "Internet access" status. I have re-installed my wi-fi driver too from the orignal CD that i got with my laptop, but still no luck also i did not install anything in past 1 week and the only anti-virus i have is Avast (tried disabling it too). I plugged out the cables from my router and plugged them again but that dint work too. There are 2 other laptops (running on windows 7 just like mine) on which the wifi connection is working but on mine it is not working.
View 9 Replies View RelatedI have a IPSec tunnel that is working in one direction. Below is the router config from the side that can connect to the other side perfectly. I believe the issue is with this router as while I was waiting on delivery for the ASA I had an SRP527W sitting in it's place and had exactly the same problem.On one side I have a 887VA router and the other an ASA5505.The network behind the 887VA can access the remote site perfectly, backup services are traversing the link as are web interfaces for applications. In the other direction I can ping hosts but cannot connect. What else is interesting is if from the remote site I attempt to connect to a particular device that performs a port redirect the remote site browser gets so far as being redirected to port 5000 but then hangs.
I am seeing some very generic packet drop debug notices on the 887va on the NAT-ACL access list but I think this is as it should be as it is dropping the tunnel traffic from the NAT'ing.The config for the router is here, I will post the ASA config when I get to the other site shortly but I am convinced the issues is on this device, all the crypto configurations match.I have looked at the MTU's on each side, the path MTU on both sides is 1492. The asa does say the media MTU is 1500 but I believe that is the ADSL link so shouldnt matter?I even went so far as installing CCP and testing the VPN. It says the tunnel is up. It did state a failure:A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not fragment' packets. [code]
I have the below configurations done on a 2900 router. [code]I would like to know, if the IP address assigned to dialer1 interface "20.1.2.133" would be listed in "show arp" ?, as it failed to list on our router and I want to know if this is an expected behavior ?
Secondly, does self ping 20.1.2.133 (dialer interface IP) work ? [code]
I need remote access to certain programs on my home PC but I just cannot get it to work.
Program:- webcamXP
When I set the programs port preferences (i.e. port 8087), I can connect with"127.0.0.1:8087" and webcamXP work fine. But when I replace the localhost with my external IP (lets say 79.149.114.227, so that would be "http://79.149.114.227:8087".I tried port forwarding: I have added the port to my NAT in the router's setting so it should be fine, but it is not (numbers are fictual of course):
external port start 8085,
external port end 8089,
protocol TCP/UDP,
internal port start 8085,
internal port end 8089,
server IP address 192.168.1.215)
I also tried disabling AVG Internet Security 2011's firewall temporarily just to check it it was blocking it, but got the same result.I checked if Windows own firewall was on, but it is off.I cannot find any setting in the router's own configuration screen to disable any build in (router's) firewall (if it has any).
I try connecting via ethernet cable and it doesn't seem to work until the administrator of the network (my brother) comes home and then turns his computer on and starts using it. However, if i switch to a wireless adapter it sometimes works (like right now) even when my brother is not using the internet. Also, i tried to connect via wifi on my macbook pro to the same server and it used to work flawlessly 100% of the time, now i can only connect once in a while for short periods of times.
View 1 Replies View RelatedI'm trying to set up a wireless network for my parents. I have a Belkin Play N600 router (model F7D8302) that I'm trying to hook up to an Acer desktop running Vista. The modem is a Siemens Speed stream 4100. I have a cable going from the ethernet port of the modem to the modem port on the router. The pc is connected to one of the other four ports in the router. The wireless works fine, but I can't get the wired connection on the desktop working. The Internet light on the modem is not on, but the modem works fine when connected directly to the pc. I've tried power cycling and resetting everything, but it's still not working.
View 9 Replies View RelatedI have a Cisco linksys router e1550. My wireless network is working fine, but my wired (PC) is not working?
Removing the router and having the modem connected to my PC works but when I put on my router my wired connection only works for a few seconds to none
So I think the router may be causing it, could it be the settings? Even though there at default.
I have a win7 desktop upstairs with all of my media on it.I also have a winXP laptop that I would like to use as a media center running xbmc connected to my tv downstairs.I have set up a workgroup so my laptop can access the media stored on my desktop and everything works great when they are both hardwired to my router (Linksys E3000).However, as soon as I unplug my laptop from my router and switch to the wireless connection I can no longer ping my desktop or access the shared folder (internet still works fine on the laptop, it just cant see my desktop anymore).If I plug it back in to the router, everything works again.
The exact error message I get when I try to access the shared folder is "\INFINITYMedia is not accessable. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. [code]
About 6 months ago I bought a new router (Linksys E1000 v2.1) which worked great right out of the box. A couple months later I tried to setup a home network so that my two laptops could access a shared drive on my wired desktop, but for some reason they didn't show up as being on the same network. All computers involved are running Windows 7 if that matters.
Upon a recommendation from I friend I put DD-WRT on the router and it worked fine. Setup MAC filtering and WPA2 Personal security. This worked fine for about 4 months until today.
When I got home from work today I noticed my laptop wouldn't pull up any web pages, but it said it was connected. Then I noticed my iPhone wasn't connected either. I restarted my laptop and then it wouldn't connect to the wireless either (I could see the wireless, but I would get a Could not Connect error when I tried to connect to it).
I went to my desktop and it is working just fine, it is plugged into the back of the router. I also have an AT&T MicroCell (cell phone booster) that is plugged in to the back of the router and it works fine too.
I removed the encryption and MAC filtering. I then reset to factory (or "factory" DD-WRT) and now the wireless works, but it is MUCH slower than my desktop. I ran a speedtest on my desktop and got 12 Mbps down and 1 Mbps up. On my laptop, I get 0.03 Mbps down and 0.25 Mbps up.
Region : India
Model : TL-MR3420
Hardware Version : V1
Firmware Version : 3.12.21 Build 120523 Rel.37880n
ISP : Reliance
I've just set up a MR3420. It works fine in "WAN only" mode and provides access via our ADSL modem. It also works fine in "3G only" mode and provides access via a Reliance Netconnect+ USB modem (a Huawei E150 I think). I updated the firmware to the latest version in order to get it to work with the USB modem.
The problem I have is that when I set it to "3G preferred" it doesn't seem to connect over 3G. I can see it tries to connect but then fails and then WAN takes over. The connect and disconnect options are greyed out on the 3G page so I am unable to manually get it to retry. I've tried leaving it for a long time but it doesn't seem to connect over 3G ever. I've tried setting 3G to connect on demand and connect automatically but both behave the same.
For some reason I cannot ping or FTP on a specific computer on my home network. All other computers work fine and the specific computer works fine on other networks. But the combination of this computer and my home network it doesn't like.
I have disabled both windows firewall and my virus software but nothing seems to work. It seems to be a timeout issue as FTP and ping sometimes does work but FTP is increadibly slow when it works and the ping time is very high 670ms and above. I am running windows 7 and my router is a netgear n150
I've got a 3560-X that passes POST according to console, but there are issues nonetheless...USB console doesn't work. RJ45 works just fine. No status lights turn on at any point (e.g. syst, xps...). 10g network module is installed with a 10g LRM SFP. All lights on the module are amber. However, it passes according to POST. Switch passes traffic, obeys config, etc. Link lights on RJ45 ports work fine. This was brand new out of the box. Thinking about trying IOS reload..
View 6 Replies View RelatedI have a pair of OLD Cat6500's running CatOS:
WS-C6509 Software, Version NmpSW: 7.6(16)
Copyright (c) 1995-2005 by Cisco Systems
NMP S/W compiled on Dec 22 2005, 16:37:19
System Bootstrap Version: 7.1(1)
System Boot Image File is 'bootflash:cat6000-sup2k8.7-6-16.bin'
System Configuration register is 0x2
I know these are no longer supported, but I have to ready them for migration. Recently a problem began with these switches. What happens is that when I telnet to them, I cannot authenitcate via TACACS. This works fine for all our other IOS equipment, just not for these 2 switches. The error is:" % Error in authentication" and then I get kicked back to the login prompt.
The odd thing is that when I connect to the switch via the console port, I can authenticate fine with TACACS.
CMS> /c 14
[Code].....