Cisco Firewall :: Can't Ping Internal Client From Pix 515
Mar 28, 2012
I just setup my home network with Pix 515 acting as my router/firewall but I can't seem to ping my internal PC from my ASA. I can access the internet and ping my Pix 515 inside interface from my pc but I can't ping my pc from my Pix 515. I can also renew/release IP's from my PC. I also did a packet tracer and it says that it was dropped due to an access list but I have one in place. Also my switch has the default config. Below is my config
Internet <----> Comcast modem <-----> Pix 515 <-------> Cisco switch <-----> PC
MYFIREWALL# sh run
: Saved
I have created a VPN connection for ASA 5512-X by using the wizards and nothing seems to be wrong on the wizards's config.I am able to connect to the network by using the VPN but unable to ping internal network.Below is my config for your reference:
Result of the command: "sh run" : Saved : ASA Version 8.6(1)2 ! hostname FAA-ASA-1 enable password crzcsirI44h2BHoz encrypted passwd 2KFQnbNIdI.2KYOU encrypted
We have two networks HQ and Site1 and for some reason we can’t ping the inside IP for Site1 PIX device. We have site-site-VPN set up between the two and everything works fine except we can’t ping the Site1 PIX from internal IP. However, I can ASDM/SSH in from HQ to the external IP of the Site1 PIX.
HQ is using an ASA 5550 (172.1.0.1) PC from HQ (172.1.64.x) Site1 is using a PIX-515E (172.2.0.1) PC from Site1 (172.2.64.x) Ping from HQ PC to Site1 PC (172.1.64.x to 172.2.64.x) works fine Ping from Site1 PC to HQ PC (172.2.64.x to 172.1.64.x) works fine [code]...
ASDM/SSH from any HQ PC to Site1 PIX internal IP (172.1.64.x to 172.2.0.1) doesn’t work ASDM/SSH from any HQ PC to Site1 PIX external IP (172.1.64.x to Site1 external IP) works fine
Everything was working fine until we recently changed the outside IP address for Site1 because we switch to a different ISP. Nothing changed on the HQ ASA or Site1 PIX other than the outside IP address on Site1 PIX. I did rebuild the site-to-site VPN tunnel between Site1 and HQ.
We have an internal DNS server that all internal hosts do lookups to .. these requests are forwarded onto open dns for anything the dns server isnt authoritative for.. My question is we have purchased the botnet filter and this requires the asa5505 dns client to be active on at least one interface .. Should i point the asa dns to an external IP such as 8.8.8.8 and apply DNS enabled on interface outside ( am using asdm) I don't want the ASA to control DNS for our internal clients we already have a internal server for this, i DO want the asa5505 to check dns packets against its botnet filter, whilst still using open dns for forwarding.
I'm running into a strange problem and cant seem to figure it out. I have an asa running 8.2(1). I have an ipsec vpn setup and working great. I can ping hosts on the inside of the network and everything seems to be fine. However there is one single ip address that i know for a fact is live, but i cannot ping through the vpn. If i ping the address from the asa i get a reply, if i ping the address from inside the network i get a reply, but if i ping when connected through the vpn no reply.
I'm having an issue where internal hosts cannot access the internet but I am able to ping external hosts when I console into the router. The router is a 2800 series. [code]
I'm new to this cisco 5505 and I want to carry out a task as simple as a remote access VPN, in my case I did the wizard, with time on my test, I could connect to the VPN, but I can not ping any device internal network. [code]
I've got a 2621 configured as my main gateway to the internet - right now it's obtaining a DHCP ip from a the ISP's proprietary router set to bridged mode.
As of now, I'm unable to ping the internal interface of the router. I can ping external IP's only, even though I have DNS servers listed, i am unable to resolve host names. I'm running a few servers to which people are able to connect to my web server, among other services. I even have a crypto map setup to another 2621 across the country and can ping all internal ips on the other end... I JUST CANNOT PING THE INTERNAL INTERFACE of the router!!
I've noticed that when I ping the router during it's boot process (using linux un-interupted) I get a response in a very short window, then dies again. I'll post my config below:
I have a VPN client running on a laptop connected a DSL circuit. The VPN client is configured correctly for an external address on another firewall, this external firewall passes through ISAKMP / IPSEC to an ASA where it terminates. The client authenticates and gets an address from the client pool (VPNCLIENTS – 10.2.16.x / 24) and the tunnel completes with no problems. From the internal ASA I can ping any internal network behind the 10.0.3.240 interface (INSIDE) and I have a route on the inside network to get to the 10.2.16/0 clients to point to this address (10.0.3.240). All good so far.
Now the problems begin. I cant ping anything from the VPN clients (10.2.16.0) network to anywhere, I cant ping any interface on the ASA or any internal network. I also cant ping the client from the ASA and therefore not from the internal network either. This configuration is bare bones configuration so I don’t even have the NAT exception rules added. Network diagram attached too.
I insert data from two clients.(1 window server 2003,2 XP clients ) the two client print paper and the printer is shared printer. At the same time two clients print paper and the printer stop working. So I restart my two clients and server. After restart the clients cannot ping to server.
I am having a weird issue with my Cisco 7200 router. From the router i am able to ping and reach out to the internet but from the client i am able to reach out to the internet but unable to ping I am not sure where is the issue but when i traceroute to it my packets are dropped at my routers interface. All my pings from the client time out. I checked the Access list to make sure ICMP is not blocked. Following is my running conf
ip audit notify log ip audit po max-events 100 ip ssh break-string ~ ipv6 unicast-routing no ftp-server write-enable
I have an ASA 5510 with the configuration below. I have configure the ASA as remote access vpn server with cisco vpn client, my problem now is I can connect but I can't ping.
A Windows Server 2008 r2 with 2 internet ports. One (IP: 10.0.96.132) connected to company intranet and one (192.168.10.1) as DHCP server connect to several PCs (192.168.10.**) through a switch.The problem is the PCs (192.168.10.**) can ping the DHCP server (192.168.10.1) , while DHCP server (192.168.10.1) can not ping (192.168.10.**).How to configure the server so that all these PCs can access the intranet?
(Router is ISR 1921)This is doing my head in. I am not using NAT, there are no ACLs, there is no split horizon.Here is what I have. It is practically generated by CCP. When connected I cannot ping the loopback interface or the gig0/0 interface, (not to mention anything else).
version 15.0 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname dcsgw1
CISCO ASA 5520 -K9 .Client can connects ASA server and get ip address(172.168.31.X),but can't ping ASA inside interface ip address and other servers in lan .
I am trying to connect my 2800 Series CIsco Office router with VPN client software from home. I can successfully authenticate and get the IP address from the pool configured but couldnt ping any LAN Ips including default gateway. I am pasting my router's configuration.
IP Address Of LAN: 192.168.22.x/ 24 IP Addresses handed out to Clients: 10.10.10.5- 10.10.10.20 aaa new-model ! ! aaa authentication login default local
[code]....
I have noticed that my virtual-access interface comes up but the line protocol of virtual-interface remains down as follows:
Virtual-Template100 x.x.x.x YES TFTP up down
Also The client PC picks up a random gateway of 10.10.10.1 which I never configured anywhere on the server.
I'm configuring ASA 5510 Remote Access VPN, I can connect from Cisco VPN Client to the ASA VPN. I obtain from ASA some routes to inside networks, but I can't do any ping to those inside hosts. I have got those error in ASDM log file: [code]
I have configured Remote Access VPN on an ASA5500 Firewall. I am able to login normally and Ping Internal servers on the LAN. However, The servers cannot ping my IP address that i am taking from the RAVPN Pool. So it is a one way communication.
I have a setup involving 3 clustered AP541 running off a sg300 switch. The wireless network setup VAP has one entry for vlan 1 with station isolation disabled. Is there anything more I need to do to allow one wireless client to ping another wireless client - am I missing something - i assume this is possible.Needless to say wireless clients can ping non wireless clients and vice versa quite happily. Everything is running with factory default settings more or less.
I have a need to Remote Desktop connect to company’s employees for support then they are abroad and using Cisco AnyConnect client.Cisco AnyConnect client connection works fine, clients can reach company’s inside network without problems, but I cannot make revers connection, I cannot Remote Desktop connect or ping VPN clients from companies inside network. I cannot ping clients from ASA too.I am using ASA 5520, Cisco Adaptive Security Appliance Software Version 8.4(3) Device Manager Version 6.4(7), and Cisco AnyConnect VPN Client 2.2.0133. Protocol Encryption- AnyConnect-Parent SSL – Tunnel DTLS-RC4 RC4 AES 128.
We have been using the VPN client for a very long time. Our most current VPN setup is using an ASA 5510, without split tunneling. We tunnel all traffic. We are using IPSec group authentication off of an AD domain controller.
Recently I have been having some issues with some of the client machines, and I can't for the life of me figure out what the issue is. Some machines will not respond to pings, and I cannot remotely access the machines (using Dameware Remote Control) while they are connected to the VPN. Other client machines work fine. In fact there have been a couple instances where I have two machines in a remote office, using the same internet connection, both connected to the VPN, where I can ping and remotely manage one machine, but not the other. If RDP is enabled, I can sometimes get into those problem machines via RDP. But this is crippling our ability to remotely support many of our VPN users, and I just don't know what to look for.
I have tried disabling Windows firewall completely, and that does not seem to work at all. The only other thing I can think of is I recently upgraded our McAfee software. But it does not prevent us from getting connected to or pinging any of the systems on our physical network, nor to half of our VPN users. Most of our clients are running Windows 7, or Vista, and using the client version 5.0.07.0290, or 5.0.05.0290. Most of the clients using 5.0.07.0290 are using the 64-bit version.
Ive been struggling with this issue for a week now with an 877w (now with andvanced ip ios) in short my wireless network consists of
The internal dot11 sibinterface 0.11 radio (IP Address 10.0.1.1) which on bridge group 1 (IP Address 10.0.0.10) The SSID for the radio is on vlan 11 which has no ip address.
This works i can ping the internal network and internet
The guest dot11 sibinterface 0.10 radio (IP Address 10.0.3.1) which on bridge group 2 (IP Address 10.0.2.1) The SSID for the radio is on vlan 10 which has no ip address.
This dosnt work i get no no recived packets on the clients network stats and i cant ping any name servers or the radio ip address.The client is listed as being successfully accosated with the show dot11 assoc commmand
Ive tried taking the guest wireless and creating a new vlan for it (so its not on the same vlan as the tmg firewall interface) so that i have only the dot11 radio and vlan 12 on brige group 2 but the same thing happens no traffic on the guest vlan.
Ive turned off all authentication while testing this and the wireless network is currently in open mode until its fixed ive also only configured whats neccessry to test the wireless connectivity (no radius etc) that will be added later, Im also not using dhcp yet and the client is configured to the apporprite adderess staticly ie 10.0.1.1 10.0.3.2 its not a dhcp issue
!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!logging message-counter syslog!aaa
I'm using the cisco 837 router as my VPN server. I get connected using Cisco VPN Client Version 5. But when I ping the router ip, i get request timed out. Here is my configuration :
Building configuration...
Current configuration : 3704 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec [Code]...
I have the following VPN site-2-site configuration.The trouble I'm having is host 172.168.88.3 in site A is not able to ping 172.168.200.3 in site B and visa versa. Think I have added the static routes and ACLs correctly on the 3560 switches (acting as gateways) and both PIX's to access the internal networks. Host 172.168.9.3 can ping 172.168.200.3 fine.
i configured cisco asa 5520 as cisco ezvpn server and cisco 891 as ezvpn client .the configurtion is working fine.i am using client mode on the ezvpn client side.but my quesion is , is it possible to communicate to ezvpn client side internal ip from the ezvpn server side?and one more thing what is the benefit of network extension mode on the client side and how it will work what are possible changes need to do in the server and the client side.
I am setting up remote access using an RV042 router. Using quickvpn or a client-to gateway vpn and shrewsoft client, I can only access/ping the LAN side of the remote router and one machine on the remote network. The PPTP server and native Windows 7 connection provide access to all machines on the remote network.I have 2 possible reasons for this and would like to find the real reason:
1) The remote RV042 is behind another router, and that router restricts access other than the PPTP traffic.
2) The VPN tunnels other than PPTP only allow access to the remote LAN side of the router and remote machines that have the remote router defined as their gateway in the IP configuration.
