Cisco Firewall :: Ping Reply Time Varies From ASA5520 To ISP Gateway
Jan 22, 2012
I have newly deployed network. I have two ASA5520-AIP20-k9. both connected to ISP and configured as Active/standby failover. the ASAs were working fine at first but later on, the internet connection becomes very slow. the ping reply i am getting from my next hop(ISP router) varies during the peak hour is some times in 2000 msec or above but during off hours, the ping reply time is 1 and 2 msec. when I directly connect my laptop to the link that comes from the ISP its ping reply is 1msec and 2msec. I thought the ping reply of the ASA5520 to the ISP gateway should be constant and should be 1 and 2 msec regardsless of the traffic passing through the firewall.
View 1 Replies
ADVERTISEMENT
Oct 1, 2012
My customer has various Cisco switches but only cisco 2950 switches has the problem of ping timeout or reply time is too long(average more than 2 sec). It will cause I Network Mangement software alarm always.
View 4 Replies
View Related
Feb 19, 2012
I am using my normal Ethernet cable that I used on my old PC at the exact same location / circumstances, but when I plug the cable in my new PC, my download speed peaks at 81.5 kb/s and my upload speed peaks at 10 kb/s. Now when I put it back in my old pc I get 3mb/s download speed and 0.5 mb/s upload speed. I don't quite understand what the problem is. Do I need to update drivers/BIOS? I can't find any updates. This is a clean install of Windows 7 Ultimate 64 Bit with barely any programs installed as of yet. I have reinstalled Windows 7 aswell, to no avail.
View 14 Replies
View Related
Oct 23, 2012
I purchased Linksys (Cisco) EA2700. For the moment it is being used as an access point for a wireless network (WLAN) and an Ethernet switch. 4 laptops are being connected to it through the wireless network, the wire connects one computer and a separate ADSL modem (it is used for accessing Internet). As a result minimal ping to any of the devices in wireless network is 8 ms – the best result and sometimes rises to 20 ms. Consequently when working with local network resources one suffers from speed decrease. Ping to the access point through the wire varies from 1 to 8 ms. These delays are quite strange as even on cheaper routers ping does not rise above 2 ms (usually <1ms). Is it normal for the device?
View 9 Replies
View Related
Mar 7, 2011
I am trying to introduce an ASA5520 to my network based on the following diagram: ISP Internet ------> ASA5520 ------- > Cisco Router ------> LAN. The problem is I cannot ping the ASA from the LAN. I can ping it from inside the router. I already allow ICMP within ASA. If i remove the cisco router and replace it by a swich, I can ping the ASA with NO problem.
View 5 Replies
View Related
May 22, 2013
I have Cisco ASA5520 with a 8.4 code in GNS3. I have a problem pinging to the internet. On the ASA console, I can ping to outside world, but on vpc I cannot ping the outside world. But I can ping the ASA Inside interface and other VLANs, no problem. [code]
View 3 Replies
View Related
Aug 22, 2012
I have a ASA5520 with 4 Port channel interfaces and ASA Version 8.4.(2). There are many vlan interfaces but in the DMZ I have one Server who has a Static NAT to all other interfaces.
Why the first ping works and the others doesn´t work?
View 12 Replies
View Related
Nov 5, 2012
So I have a client with an ASA 5520 running version 9.0 (was on 8.4) that I am trying to get either IPSec or SSL VPN configured on. I got everything setup and tried to connect. However, I couldn't connect to either. I fired up the real time monitoring and didn't see any syslog messages referring to a VPN build up. I also enabled SSH/Telnet on the outside interface and cannot connect to the ASA outside interface. I can ping the outside interface and can ping the internet from the ASA. I did set up a test ACL on the ASA and ran packet tracer on it and the results came back fine.
There is an IPS in the ASA as well, but I disabled the ACL for that and still am having these issues. Part of me wonders if the ISP has something set up to block inbound traffic. This should be a business class connection.
View 5 Replies
View Related
Mar 4, 2011
I am using the window server 2008 and configure tcp/ip properties correct ping locally reply successful when ping localy but when ping yahoo.com then reply destination host unreachable whereas gateway and dns ip is also correct configure so tell me solution about this problem because i am useing the internet.
View 1 Replies
View Related
Mar 31, 2011
We have two ASA5510s, each with outside interfaces to the same two ISPs (different IP addresses within the same subnet, of course). Both ASAs allow ICMP on all (inside and outside) interfaces. One ASA's default route is to ISP-1 and the other is to ISP-2. We can ping the default gateways for both ISPs from only one ASA. From the other ASA, we can only ping the default gateway for the default route but not the other. The pings originate from an inside client, first configured with the default gateway for ASA-1, then for ASA-2. Why does this happen, how do I troubleshoot something like this and how do I fix it?
View 1 Replies
View Related
Jul 25, 2012
Switching out a 5510 as our primary firewall with a 5520. I've essentially copied the working config from the 5510, and put it on to the 5520, making small changes where necessary. Plug everything. I cannot get out to the internet.
Facts:
-All interfaces have no shut on them
-No machine can ping out to the internet gateway
-All machines can ping out to the inside interface of the firewall
-It's not a problem with the internet because I can take a laptop, enter in our outside interface information, plug it into the internet gateway, and I can get out to the internet just fine.
View 14 Replies
View Related
Jun 13, 2011
I have a a firewall policy on a Cisco 2911 - the zone policy from OutZone>InZone basically drops everything apart from inspected traffic on the opposite direction and a few essential traffic generated externally (such as Outlook web access and E-mail exchanging). However, I seem to be getting a lot of firewall drops coming from the immediate gateway of the ADSL WAN address to the internal IP range on port 3. I get about 10 hits every 5 seconds.
Policy:
policy-map type inspect FWPol_Out-In
class type inspect CCP_PPTP
pass
class type inspect FCMAP_In-Email
pass
class type inspect FCMAP_In-OutlookWebAccess
inspect(code)
%FW-6-LOG_SUMMARY: 1 packet were dropped from IMMEDIATE WAN GATEWAY:0 => INTERNAL IP ADDRESS:3 (target:class)-(FWPair_Out-In:class-default), the immediate gateway would ping an internal IP address? Keepalive? Could this be stemming from another problem? The traffic wasn't generated internally as all InZone>OutZone is inspected.
View 1 Replies
View Related
May 30, 2013
I have a fresh out the box asa5510 with 8.4 on it.I have built these before but for some reason cannot get this one to work. I am consoled on, have applied the following config but can still not ping to or from, can not asdm, cannot http/s. Arp table shows device it tries to ping, but device trying to pping it has incomplete arp entry. [code]
View 7 Replies
View Related
Jul 26, 2012
We have a VPN setup between two Cisco RV082 routers, the VPN status shows as connected however I can't ping the other network. I am unable to ping between routers, let alone ping computers behind those routers.
We have 2 branches, branch 1 is on a static IP and branch 2 is Dynamic. I am able to connect via QuickVPN from Branch 2 to Branch 1 and remote desktop to computers, however have yet to VPN/remote desktop in the opposite direction.
To me it seems like a firewall issue at branch 2, but what's causing this. Also they are currently running 2 differnet firmware version not sure if this would cause a problem.
View 1 Replies
View Related
Dec 12, 2011
I set this up and I can ping all the gateways but never the hosts. I was hoping I could make these links between 6500's a mix of L2 and L3. Check it out. They are connected in a linear fashion R1--->R2--->R3. I can ping from R1 to R3's SVI4 gateway but I can never ping a host on that SVI4. I was hoping that I could use the port-channels between 6500's as routed links or as trunk links depending on the type of traffic....thought it would ease the migration. I suppose I could always get rid of the port-channels and just make separate L2 and L3 links between the 6500's.
View 3 Replies
View Related
Jun 15, 2011
I've got a 5520 running 8.4(1).I've setup a simple NAT: [code] Running wireshark on the outside of the ASA, I can see the packets going out fine (the source address has been translated). I can see the replies coming in from the 'net. But the replies don't get through the ASA to the internal host.What do I need to do to allow the reverse packets to get through the ASA back to the host ?
View 3 Replies
View Related
May 31, 2011
Our firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
My 2nd is that I have debug enabled on my rules but am not logging anything.
View 1 Replies
View Related
Apr 28, 2013
I need to monitor with ping the inside sub-interface of my ASA5540, is that possible? I get the ICMP requests but no replys going out from the box.
I need to ping the 192.168.10.250 from the 192.168.5.55:
ASA Version 8.0(5)
interface GigabitEthernet0/1
nameif inside
[Code].....
View 2 Replies
View Related
Jul 10, 2012
Not really a big problem, but not knowing the answer is killing me. This is what I have:
Host 1 <-> ASA 5505 <-> VPN connection<-> ASA5510 <-> Host 2
The problem is when one of the hosts trys to reach the inside interface of the remote ASA. E.g. Host 1 trying to ping ASA5510 inside interface. Again Host 1 and 2 have the same subnet address of 10.1.1.0/24. I have configured the ASA 5505 to do the the NAT translations.
[code]...
View 3 Replies
View Related
Sep 14, 2012
I have created an IPSEC VPN tunnel using a Cisco ASA5520 (corporate) to a Cisco SRP541W (remote). The corporate subnet is 10.1.0.0/16, and the remote subnet is 192.168.1.0/24. From the remote subnet, I can ping anything on the 10.1.0.0 corporate network, but I cannot ping from the corporate network to the remote subnet. At first I thought this was something obvious, perhaps an incorrect acl or something easy on the corporate firewall. However, we have several other vpn tunnels established, all set up the same, and they work just fine. After looking at it a bit more closely, if I ping the remote subnet I see the hit counter increment by one each time, which leads me to believe that traffic is in fact being routed properly.Now I'm thinking that something in the remote SRP541W that is not allowing icmp traffic, but I can't find it anywhere. To be honest I have never used this type of firewall before, they have all been Cisco PIX501/506e and ASA5500 models.
View 2 Replies
View Related
Sep 13, 2011
I configured ASA5520 and RV042 for site-to-site IPSec VPN tunnel.Tunnel get connected, but no ping, no traffic between both end network.
Network:
=======
192.168.113.0/24----------192.168.113.6 -ASA--------public, static IP address------Cisco 2821--------Internet
192.168.10.0/24-----------192.168.10.1 -RV042-----public, static IP address------Cisco 2821--------Internet
ASA5520 config:
----------------------
name 192.168.10.0 VPN
!
interface GigabitEthernet0/1
nameif NET
security-level 100
ip address 192.168.113.6 255.255.255.0
[code]....
View 5 Replies
View Related
Jul 6, 2011
I've had some issues with my internet connection lately. Occasionally I would have connection interruptions even when I am just browsing the web with no downloads in the background or anything like that.The strange thing is that connection fails right at the vey beginning - if I constanly ping the gateway, I will see that among the continous pings of 1ms or less, every once in a while I would have several "request time out" messages.My laptop is connected directly to the router with a 6 feet cable. I replaced the cable and it still happens.What I also noticed is that if I am online in the MMORG I am playing, I can stay online for long hours, however when I start browsing the web, I would get disconnected pretty soon. So I think somehow browsing (and downloading at high speeds, which is understandable) somehow triggers these timeouts. I dont know what to make out of it.
View 1 Replies
View Related
Feb 16, 2013
ACE version is A5_2_1.the transfer was carried out by the following procedures.1) C6509 vlan set2) client and serverfarm vlan svclc vlan-group not included.3) ACE configuration. - FT vlan 999 - Client vlan 20 - Serverfarm vlan 154) ACE services enable
Problem occurs, I know why I do not know.
Was configured as follows.
======>> MSFC Configure (C6509#1 and C6509#2)
svclc autostatesvclc multiple-vlan-interfacessvclc module 4 vlan-group 150svclc vlan-group 20 999
C6509#1interface Vlan20 ip address 172.16.20.2 255.255.255.0 no shutdown
ip route 192.168.15.0 255.255.255.0 172.16.20.100
[Code]....
View 1 Replies
View Related
Jan 24, 2012
I have 2 networks ,one is 135.7.31.0/24 for intranet to connect remote office gateway is 135.7.31.253. other is airtel broadband to (network 192.168.1.0/24)connect internet GW 192.168.1.1.both are connected in l2 switch(cisco cat exp500) now I assign 2 ip addresses and gateway in win xp PC with TCP/IP advance settings also set the different metrics for 2 networks , now problem is I cannot connect remote office and internet simultaneously, only one networks connect at a time,
View 3 Replies
View Related
Feb 13, 2013
i'm having problem to ping succesfully default gateway on Router1 from Router2. Basically i can: - ping from R1 the serial interface on R2 and default gateway on R2 - telnet from R1 to R2 - ping from R2 to serial link on R1, BUT I CANNOT ping default gateway from R2 to R1 Below is the photo showing topology and running configuration on both routers
View 2 Replies
View Related
May 13, 2013
One of our ASA5505 can not ping the gateway today. But when I use a notepad , using the same IPs, it can ping the gateway !!!
It is so strange, the ASA5505 was working ok before until today.
Is there anyting I can do to check whether the ASA is ok ?
View 2 Replies
View Related
Sep 10, 2012
I have a VM server, whose IP is in customer VLAN600 ( 172.60.60.10/24 ) and Peer end is switch then Firewall.Switch is configured with same VLAN600 and learning mac-address of Server on VLAN 600, Firewall is also having VLAN600 and IP is 172.60.60.1/24.Server is not able to Ping/reach Firewall and vice versa.
View 1 Replies
View Related
Aug 29, 2012
Have been given a Dell computer for my daughter, it is only just over a year old and cant get it to connect to internet. It keeps saying that the router is not working, when I know it is ok because my other computers work on the internet ok. When I was looking to see if I could find problem I managed to access something which let me check computer connection and it came up that the Gateway IP Ping failed so I would not be able to connect to internet
View 1 Replies
View Related
Oct 24, 2012
I've spent the last two days working on this problem and it is killing me! I know the answer has to be something simple, but despite hours of searching and trying different things, I just can't seem to fix it.Essentially, I am going to be installing a Cisco 2691 and use it as the default gateway for a small business. It will be directly connected to a cable modem with a static IP. The other Ethernet interface is going to connect to a 2950 switch with a couple different VLANs.
The problem I'm having is that I can ping anything external from the router itself. From the clients connected to the 2950, I can ping IPs in other VLANs, and I can ping up to the IP of the external interface, but no pings go beyond that.I've set up NAT overload on the router, and when I do a debug ip nat, I see the pings trying to get through with the proper translations, but I still don't receive ICMP replies back.I set up GNS3 to simulate what I'm trying to accomplish (since it emulates a 2691). Attached is a jpg of the topology -- on the right is the "simulated ISP" with 3 loopback networks and one host on a different subnet. The 2691 has a static route to the "Internet" router, and can ping everything attached to the router, including the host. The host (5.5.5.5) can also ping the outside interface of the 2691 (50.50.50.2).
However, the hosts behind the 2691 can't ping past 50.50.50.2. The 192.168.0.x network can be ignored, because that network won't need to access the Internet. But the 10.10.20.x (VLAN 20) and 10.10.30.x (VLAN 30) networks will need to. In the simulation, the hosts are 10.10.20.5 and 30.5. They can ping each other, their default gateways, and the 2691 outside interface (50.50.50.2) but not the other side, the "Internet" router at 50.50.50.1 or beyond.
[code]....
View 4 Replies
View Related
Dec 24, 2011
I have more than 10 PC om my Workgroup, using DHCP on network, but I have one PC alwaws got wrong IP (auto from dhcp), and can't connect even using static IP (status connect, but can't ping to gateway and other IP)Here "ipconfig /all" on one of PC that work. [code]
View 5 Replies
View Related
Nov 22, 2011
We recently upgraded to Windows 7 at work and my laptop was part of the first deployment. Laptops are imaged so that all configurations/software are already set and done. My problem is as follows, my laptop is part of domain, when I am at work I can ping anything just fine (network computers, printers) BUT when I am at home, I can't even ping my own PC. It returns back with the same address over and over. No matter what I ping when I am at home, it returns back with the same address. I can ping blah and it will display same address over and over. The weird part is I can ping websites no problem, but if i ping random names it will format as follow.Lets say I want to ping lost, below is what i get (I made changes to hide domain and IP)
Pinging lost.domain.com [70.99.199.99] with 32 bytes of data:
Reply from 70.99.199.99: bytes=32 time=57ms TTL=50
Reply from 70.99.199.99: bytes=32 time=58ms TTL=50
Reply from 70.99.199.99: bytes=32 time=57ms TTL=50
Reply from 70.99.199.99: bytes=32 time=58ms TTL=50
[code].....
Notice how my domain always shows up? When I am connected to the VPN at home, I have to log onto our intranet using the IP, I can't use the name, it wont direct to it.
View 2 Replies
View Related
Apr 21, 2013
I have one router and four switch one switch in server mode reset of them all in client mode. Four pc located in native vlan(default) and other 4pc connect in vlan20 now the problem is vlan10 pc cannot communicate with router (192.168.100.1). I try router on stick but I can't assign same ip in sub interface is there any way to access 100.1 ???
View 4 Replies
View Related
Nov 2, 2011
In my network i have Cisco nexus 4 switches those are running as redundancy and fault tolerance. I have mulitple VRF instances are running, when i tried to ping the gateway IP (hsrp Virtual IP) witch same VRF instance it is getting packet loss.
View 3 Replies
View Related
