I changed from a Linksys E4200 to a 5505 and when I use trace route, it doesn't return a DNS name for each hop. I can see the hops shown as asterisks. Do I have to add something to inspect for this to work?
View 1 RepliesI've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
I have ICMP inspection and icmp-error inspection enabled.
I have an E4200 and have added it to my network with a new static IP and DHCP and firewalls off.It runs off my cable modem and router (Virgin Media Superhub) that has DHCP.When I tell it to do a firmware update, traceroute or ping it fails, just wont do any of them.
View 9 Replies View RelatedI am having touble with a NAT concept. What I have is a 3rd party software VPN product that basically tunnels encapsulated traffic to/from a server sitting inside the network. Right now this traffic utiluizes a physical interface on the ASA5510, but I need the interface for another project.
What I have is this:
Internet<----->ASA<-->router<-->4507(layer3)
| |
| |-Vlan1
[Code]......
We have a ASA 5505 and a 5510, that we are using site to site.I need to traceroute from the 5505-5510.. From the outside interfaces.. Don't want to do this through the site-to-site.I have temporarily added a few acl on the outside interfaces.when i traceroute it only goes one hop.. Maybe thats the way it suppose to be? I need to know all the hops between the outside interfaces on the 5505 to the outside interface on the 5510.
View 12 Replies View RelatedI have problem with icmp traceroute configuration. When I enabling icmp error inspection in global policy, my traceroute results through ASA 8.2.4 looks like this: My traceroute [v0.75]
icmp inspection and ttl decrement on ASA is enabled. Also I configured ACL on outside interface to permit ICMP completely.
I want to know the return path between my IP and a server. I know that trace route gets some information about the hops from my IP to a server (for example www.google.com) but this info is about the forward path. But I want to know what is the path from the server to my PC, what is the reverse path (return path)? What are the middle hops? In other word, I want to know where is the forward and reverse path when I ping a server? I can find the forward path using trace route, but what about the return path?
View 7 Replies View RelatedI am trying to track down a device that's blocking a certain port I know there are programs out there than will do a trace-route that's on TCP but is there any programs that allow you to specify a port?
View 6 Replies View RelatedHave win7 system, cisco WIRED 1720 router, ~1.5mb frame relay via C&WPanama, nortons antivirus installed. IP config dump is at the bottom, but in this event, I don't think my problem is local.An important work-related chat quit working today, and I have narrowed down the issue to not being able to connect to the provider website from my current location. (I can connect via US proxy, but cannot run the java applet via the proxy, it seems it is still trying to go from here to there).
The site I am trying to reach is host7.parachat.com, IP 64.13.158.24
I can load this page (just a landing page comment) as well as their main pages via us proxy, but time out trying to load directly. Fiddler returns a 502 error, socket connection failed.
have tested on 3 machines (all on same router), then on a laptop which hadn't been booted or updated in over a year (also on same router). Trying to find a free wireless network to test with the laptop, but that hasn't been found yet.
[code]....
when i make a trace route on an ASR 1001 router to 172.23.30.7 I get the following output:
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.99.192 0 msec
192.168.99.191 1 msec
192.168.99.192 0 msec
2 172.23.30.243 1 msec 1 msec 1 msec
3 172.23.30.7 1 msec 1 msec 1 msec
Is there a loop between 192.168.99.191 and .192 (this are two routers with hsrp .190) or is this normal behavior when using trace route on an asr 1001?
I need to be able to redirect some HTTP traffic to an Ironport WSA (for now) on a DMZ interface, the initial config I'm trying to test is along the lines of the following (don't have access to the ASA at the moment to cut-and-paste):
access-list 101 deny any any neq www
access-list 101 deny tcp host 10.0.2.2 any
access-list 101 permit tcp any any
route-map proxy-redirect permit 101
match ip address 101
set ip next-hop 10.0.2.2
Unfortunately the ASA does not take the "set ip next-hop" command, I get an invalid input error message and if I at the route map config prompt type "?" only the "metric" and "metric-type" commands are listed as available.
This happens both on 8.2 (ASA5510) and 8.4(2) (ASA5505). Since others are able to make this work, I assume there's something else on the ASA that I have to set to enable this command?
I've just bought a ASA 5505 to project my LAN. I've already use Cisco router in the past but it's the first time with ASA line.Everythings work except one major point, the return traffic is blocked by the system… I don't really understand how the zone based firewall is supposed to work but it seems OK by default, my LAN side is allowed to talk with the Internet but Internet is not allowed to directly call my LAN. The NAT is setup to use the IP of my outside interface.When I try to ping a public server, the ASA debug log show me that the communication can go out the network, with the good translation, then go back to the ASA from the public server and here, the ASA block it because the communication is not allowed.I've only found two workaround:
-allow inside trafic with static rules, and I say NO ;
-disable the zone based feature by settings all zone to the 0 level…
How I'm supposed to make my state-full firewall work with zone based feature?
On a 2821 Router with 15.1(3)T1
I have an IPSec VPN and NAT configured. Return traffic from an internal NAT host seems to be blocked by the WAN inbound ACL. What is the proper way to allow return traffic from the Internet for this internat NAT host? Note: As a test, removing the deny entry on the WAN ACL allows return traffic.
Our Firewall is just new. ASA5525X
Today, during a packet_trace to debug a routing problem, the active ASA
- thsasaprd02 - crashed suddenly.
I was able to copy-paste the console - including the command that triggered it - After the reboot I ran the command again, on the same ASA - after doing a manual failover - the command succeeded normally.
I am advertising the 172.16.10.0 network from R5 to R1 via EBGP. The problem is that on the Router R1 I see the route 172.16.10.0 whith show ip bgp command but in the show ip route don't appear.I thinked that the problem was SYNCHRONIZATION,so that will activated synchronization on the routers R1 and R4 but don't work. Furthermore the routers R2 and R3 neither receive the route via OSPF.
View 11 Replies View RelatedI'm trying to sort out someone else's 800 series router config IOS 12.2 that was just added onto for years and never cleaned up. There are about 10 route map statements near the end. As far as I can tell, only two are being used. Doesn't a route map statment have to be called(referenced) in another statement in order to actually be used such as either under an interface or in a nat statement?
View 2 Replies View RelatedI am trying to configure dual ISP on my ASA5505.I have everything configured and working when eth0/0 is connected, but when I disconnect it, it doesn't route any traffic.The static route for the primary isp is removed and the static route to the backup isp shows up, but no traffic goes in or out. I should note that I'm doing this as a proof of concept so eth0/0 is connected to a router and eth0/1 is connected to another router. [code]
View 7 Replies View RelatedI have a Cisco router 877. I am trying to configure a backup with ISDN.The primary line is an ADSL over pppoe. The problem is that despite the primary line fails, doesn't change the path and continue going by the main route.I have a very similar setup, also with a cisco 877, but with a normal DSL and it works perfectly.I solved the problem by activating a tracking but is slower than the other method.
View 2 Replies View RelatedMy network has two connections to a third party via links on two seperate ASA , one in location A and one in location B. The link in location A is the primary connection and the other in location B should be used by only two terminals (term1, term2) in location B. ASA are running OSPF and are redistributing static routes as metric-type 1 in OSPF. In order to achive the aforementioned goal, I have configured a route-map on ASA location B, that sets the metric for the route towards the third party to a high value (100). This way, all routers, even those in site B prefer the exit through location A (metric about 24).
I have checked that my routers correctly have the route to the 3rd party through location A, and the OSPF database has records for the network from both locations.In location B, I have configured the following route-map (on 6509)
route-map PREFER-LOCAL-ROUTER permit 10
match ip address XXX
set ip next hop locationB-ASA
int vlanYYYY
ip policy route-map PREFER-LOCAL-ROUTER
[code]....
From the terminals (term1 and term2) I have tried a traceroute towards the 3rd party's subnet, but I don't get any match neither on the access-list nor on the route-map. Unfortunately I have no other way to test that my configuration is correct, since the application on the terminals, that should access the 3rd party network, is not currently running.
I also addedd the statements below to the access-list, because of the test with tracert:
permit icmp host term1 route_to_3rd_party 0.0.255.255
permit icmp host term2 route_to_3rd_party 0.0.255.255
Nothing changed...Is there something wrong with the above config? Is there a chance that there is a problem with the IOS, that simply doesn't show any hits?
I have the following zebra.conf on my router box "A":
hostname nuclear-router
password password
enable password password
interface eth0
ip address 192.168.2.1/24
multicast
[code]...
eth0 is connected to a switch and contains the 192.168.2.0/24 range, and A is connected to my WRT54GL "B" (with IP 192.168.1.1, containing 192.168.1.0/24 range, DHCP serves IPs above .100) wirelessly. B is connected directly to my DSL modem.
The problem is that when I specify the default route using the interface name, I can't connect to the internet from A or any hosts behind it - I'm always hit with a "no route to host" error. Name lookup and pinging any local host (even in a different range) or the DSL modem works fine - it's only when going beyond the modem that things stop working. However, when I use the IP of B as the gateway, it works fine. I noticed that route output on A when the default route was specified using the interface alone had only an asterisk in the gateway column. I was under the impression that these approaches should be identical in practice, so though I got it working, I'd like to know what I'm misunderstanding (and/or misconfiguring). Why didn't the default route work when specified using just the interface?
All routers and the modem too have RIP (version 2) enabled, and of course the password isn't really the word "password".
I purchased a new router and it doesn't have a security key. I can't connect my blue ray or roku.
View 1 Replies View RelatedI have a Motorola Docis Surfboard model Model SB6120 and can connect to the internet with the ethernet cable directly onto the labtop but if I connect it to the E4200 router the range is there but the internet connection is not. This happened 2 days ago and can't get the router to work.
View 4 Replies View RelatedI can't connect with putty to E4200.I tried different ways - telnet, ssh, etc.
View 1 Replies View RelatedOk this is the send router this has happened to but anyway after a power blink the router no longer recognizes that i have a modem connected to it no matter how many times I reboot both of them it can't recognize that i have a modem connected i know it is not the modem because i'm using it to type this right now directly connected to my desktop
I have windows 7
Linkysy E4200 V1
Century link DSL modem 660 series
I have the 1.0.03 firmware installed and URL blocking doesn't work. I assigned the policy to the entire address range and could still access the web site I wanted to block.
View 1 Replies View RelatedI'm having a problem with Wake on Lan. (I'll bet you never guessed from the title, eh?). I have an E4200 and I can not get WoL to work over the internet.(I'm assuming it's not actually going out to the internet when I wirelessly wake it using shawn.dynamicservice.com and the subnet, but rather the DDNS name is being resolved through the ARP cache, but I don't know. I'm still learning) Consequently, if the sentence above in parenthesis is correct, I am unable to perform WoL from outside my LAN. What am I missing?
View 3 Replies View RelatedIm trying to bridge my zyxel eq660r-f1 dsl modem so that i can resolve the nat issue im having in my home network. Only problem is that everytime I bridge the modem and hook my E4200 up, I cannot connect to the internet. If i connect my laptop directly to the modem, I do get internet but not through the router itself.
View 8 Replies View RelatedI have a problem with the return path of NAT'd traffic on a Cisco 877W router. Here's the network setup:
gatekeeper1 (192.168.0.1) is a Cisco 857gatekeeper2 (192.168.0.253) is a Cisco 857gatekeeper3 (192.168.0.251) is a Cisco 877W
The default route is 192.168.0.1 on all devices, however there are some static route defined so that traffic to certain IP addresses bounce off to 192.168.0.253 and use that Internet connection instead. This new connection is designed so that traffic aimed for a certain internal IP address (192.168.0.190) comes via this third internet connection in order to take the load off of the main line. NAT is all configured and appears to be working when .251 is the default route but as soon as I set it back to .1, the traffic appears to come in but doesn't go out again.
I've tried to cascade two Linksys routers, but It hasn't worked for me. The first one (which has cable-modem connection) is the brand new E4200, and the second one is the old WRT54GCv3.[code] However, the WRT54GCv3 doesn't get the IP address from the E4200's DHCP. I've also tried to connect them directly (without the PLC), even specifing an static IP on the second router, but I got the same results.I've to state I don't want to change the first router IP/gateway parameters because I have a web and game home server working with an static IP and I don't want to put it offline temporarily because of readjusting network parameters.
View 9 Replies View RelatedI have a E4200 v1, connected with a few PCs by ethernet ports and various devices by wifi. Now the wireless devices work perfectly but sometimes the PC via ethernet ports cannot connect to LAN and internet.
View 2 Replies View RelatedI've configured an ASA5505 to be Lan to Lan VPN tunnel endpoint, peering with a linux box. The ASA is full licensed so that side isn't an issue.PROBLEM:When the tunnel is initialised from the linux box everything comes up okay except the ASA isn't encapsulation any packets. It is decrypted the packets received from the Linux box okay but no return traffic is being encrypted.When the tunnel is initialised from the ASA, nothing happens.After some troubleshooting I've found that the ACL defining interesting traffic nor the ACL defining NO_NAT aren't being hit at all.
ACL for NO_NAT:
access-list NO_NAT line 1 remark ACL USED TO DEFINE WHAT TRAFFIC NOT TO NAT OVER THE VPN
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER object-group LINUX-BOXES 0xc736d5fb
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER 10.11.228.0 255.255.255.0 (hitcnt=0)
[code]....
I've checked with the administrator of the linux box and the definition for interesting traffic is exactly the same (except in reverse as should be the case).The firewall is doing other things like NATs and such like too but those NATs have nothing to do with this VPN. The setup is a LAN to LAN connection with no natting in between.The main parts of the config are attached, i've deleted things that should have a bearing on this however if you think it necessary i can sanitise the config and re-post. I think it will be working fine as long as the traffic hits those ACLs, however they're not and I'm unsure why.At this time i'm not seeing anything at all when doing an debug cry ipsec or debug cry isa. The ACL's aren't being hit so i'm guessing it's not even trying to form the VPN as it can't see any traffic that constitutes being 'interesting'.
We have a wifi network for guests, that we route to internet through an old PIX515 Firewall. We recently tuned the timers to lower values in order to "save" on resources and publix address usage.
The timers we use are:
-timeout xlate 0:30:00
-timeout conn 0:30:00 half-closed 0:05:00 udp 0:02:00 icmp 0:00:02
Through verifying the new timers, we noticed at some xlate connections (TCP PAT) that are idle for ever!!In the connection table, I cannot find an idle connection for longer than 1h....
We have three brand new E4200 routers, all using the most current firmware (1.0.02). They are all in bridged mode, however when I attempt to enable the guest network on each of them, the config shows it as active, but it never shows up as visiible SSID. In previous posts, I've seen people saying that I need to do a complete hard reset of the router and re-enter all the configs again to get the guest network active. Is this true? I'd hate to think that I have to hard reset and reconfigure all three of these APs, just to get the guest network enabled.
View 2 Replies View Related