Cisco Firewall :: Ubuntu 10.04 / Firewall Starts Randomly Responding To ARP Requests For Other IPs
Aug 22, 2011
I have my firewall on IP 192.168.0.1 (for example, real IP is a class C address). I have a web server (Ubuntu 10.04, though this happened before with an 8.04 box as well) on ip 192.168.0.101. Everything will be functioning fine, and I won't have any issues for a while. Then, randomly I'll have problems getting to my web server, getting disconnected from SSH sessions. I go to one of my linux boxes and do an "arping -b 192.168.0.101" and I will get two responses, one from my firewall and one from the box, as illustrated below. The only way to correct the issue that I've run into is to reload the firewall, which will then behave properly again until it randomly decides to start answering ARP requests on the other IP again.
nwiadmin@vm-test-lx:~$ arping -b if-webdevint4-lxWARNING: interface is ignored: Operation not permittedARPING 192.168.0.101 from 192.168.0.168 eth0Unicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx] 2.309msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.434msUnicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx] 2.280msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.377msUnicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx] 2.129msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.221msUnicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx] 1.839msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 1.934msSent 4 probes (4 broadcast(s))Received 8 response(s)
Reloaded firewall
nwiadmin@vm-test-lx:~$ arping -b if-webdevint4-lxWARNING: interface is ignored: Operation not permittedARPING 192.168.0.101 from 192.168.0.168 eth0Unicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.839msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 1.935msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 1.758msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.733msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 9.568msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 1.931msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.283msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 1.756msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy] 2.070msSent 9 probes (9 broadcast(s))Received 9 response(s)
View 5 Replies
ADVERTISEMENT
Jun 5, 2012
I have an asa5505 with software version 7.2(3) that randomly stops responding. The firewall sits in front of a public facing webserver that handles a significant amount of traffic.I was wondering that would happen when the asa5505 reaches or exceeds the 4000 connections per second limit... i.e. would this possibly explain why my asa5505 stops responding and requires a power cycle in order to start working again. when it "crashes" it does not respond on either the outside or inside interfaces.
View 5 Replies
View Related
Feb 15, 2013
I have a school with 550 iPads. We are using two 5508 WLCs sharing the number of APs. The DHCP server and the default gateway for the network are on the firewall. The clients are able to get a DCHP. After some time, maybe about longer than a month, the clients are no longer able to get DCHP addresses. A reboot of both controllers takes care of this. Presently we are runing 7.2.110 OS. I am going to upgrade to the latest 7.4.100, and reload tonight.
View 1 Replies
View Related
Jan 4, 2012
client is unable to establish a connection to the backend servers via the vip on port 389 ,636 configured that servers are listening on these ports .even the probe is successful on port 389 but not getting any response back from the servers. [code]
View 1 Replies
View Related
Apr 4, 2012
We have a 25Mbit connection comming in through a cable in the basement, going through a modem that is connected to a RVS4000 small buisness router on the first floor, that acts as the single NAT. Connected to that in parallel we have 4 wireless b/g or b/g/n routers of various cisco/linksys models, one for each floor, each with DHCP disabled.Over the last few months there have been some issues with the router and I'm curious if there is anything that can be done to solve them.The firmware of the router is the latest at the time of this writing, V2.0.2.7
1. The router will occasionally lock up and completely stop responding to DNS requests. Attempting to open a website will result in browsers giving their standard 'DNS Lookup Failure' messages. The router will also become completely non-responsive when trying to access it via its IP address (standard 192.168.1.1). No username/password dialog appears.However oddly enough IRC and other chats like skype will still work fine.Restoring Factory settings has not worked. This issue has gotten to the point where this happens about once a day. Restarting the router will fix the issue. While I think the issue may sometimes resolve itself, it could also just be one of the other people in the house restarting it manually.I'm assuming that the router is to blame here and not the cable modem in the basement or the DNS server of our ISP, mostly due to the fact that the router becomes unresponsive and won't let me log in as admin when this happens. also restarting the router, not the modem, seems to fix the issue.
2. The router's log is always empty Specifically I have enabled 'Output' and 'Local Log' as you can see here:
3. Issues with some people hogging bandwidth With 25 people and a 25Mbit connection each person in the house should effectively get about 125KB/s of download speed, especially since not everyone is always using bandwidth. However it can happen where one person is, often without knowing it, hogging a large chunk of bandwidth and slowing the network down for everyone, such as downloading multiple large files from different sites, streaming high-quality video, etc.I would like to know if any of the following might be possible to do with this router: See the bandwidth usage per individual MAC or IP address on the network over timeLimit the amount of bandwidth a specific MAC or IP address can use. Make the distribution of bandwidth more fair when a few people are using far more of it than other people.
I have at times resorted to limiting P2P via IPS in the past, and of-course that does work somewhat, but that's not ideal. I'd much rather just know who is doing it, and specifically by how much they are slowing other people down. While the IPS page will list the IP addresses of those trying to use P2P when it's disabled, there is no way for me to really quantify how much bandwidth they'd be using otherwise, and this doesn't at all include things straight-up HTTP downloads.In any case, this router should easily be able to handle ~25 simultaneous connections, right? Are there any settings that I should make sure to enable or set to distribute bandwidth more fairly, given the setup we have?
4. The IPS report chart is not readable.This is a bit of a nit-pick, but the IPS report chart is basically not readable because the colors used in the key are identical in color. Can you tell the difference between the colors of 'Network Traffic' and 'Attack Counts' in the key at the top? They could have used any two colors that are at least somewhat distinguishable, even light grey and dark grey would have been better, not magenta and another magenta.
View 7 Replies
View Related
Apr 18, 2013
I'll start out with the fact I work mostly with Wi-Fi and not a lot in the security realm... If I plug my workstation into the 3560, my wired client adapter can get an IP address. But the WLAN adapter will not when associated to WLAN.Usually this is not a problem since you may only have two access points on the controller and a dozen or so hosts. In my case, however, I want to put a few of the ports on the 3560 into the same VLAN as the WLAN on the 2106 so I can give them the same guest access as the WLAN. The hosts plugged into the 3560 get an IP address without issue from the ASA. When I disable dhcp proxy, the WLAN clients get an IP address, but then the APs cannot get an IP address from the internal DHCP server on the WLAN controller, and cease to function when rebooted since they cannot get to the controller without an IP address.
Any way to configure the ASA to accept the modified DHCP packets from the WLAN controller? It appears to me that the ASA is not able to accept DHCP relayed packets.
View 21 Replies
View Related
Mar 3, 2011
Using a DIR-655, does anybody know how to create a firewall rule to block all dns requests except to specific servers?
View 2 Replies
View Related
Feb 5, 2011
I want to set up ipchain firewall of my ubuntu so that it prevents to traffic to an specific IP address?
View 1 Replies
View Related
Aug 31, 2012
Roughly once an hour my games will simply just stop responding, most notably on League of Legends everything else continues to happen around me uninterrupted but I cannot move my character nor can I use any abilities for about ~4 seconds and will do the same for literally every online game I have played.It doesn't seem to cut out my internet but when it happens on occasion it will crash a Skype call for about the same duration the unresponsiveness occurs.I have Optimum Online and a Linksys wired router with Windows 7.
View 2 Replies
View Related
Feb 26, 2013
We have a situation with 20 4410N's They are connected through a 2960 switch. They runned for about a year with no problems. We use the WiFi system with 10 cisco wireless ip phones, several workstations (5-10) and a few mobile devices.
Three weeks ago we took 10-15 iPads in commission (almost equally divided over the AP's), since then the trouble started. Several accesspoints stop randomly responding a few times a, day. We updated to the latest firmware (2.0.4.2), but that did not solve the problems.
Were using 3 SSID's WPA2 encryption and fixed IP's for the AP's. If we can't get a hold on this we have to replace all the AP's by other ones.
View 2 Replies
View Related
Feb 26, 2013
My internet works fine but after a random period of time, usually 20-30 minutes the internet stops responding. I have ran a diagnostics test using the Intel PROset/wireless tools program and it states on the ping test that there is no response from the default gateway and the DHCP server.
View 3 Replies
View Related
Nov 5, 2011
We have a Cisco 1811 which is running a number of different services. Let me try and explain how everything is working first.
On routed port 0, we have a statically configured fiber connection which routes a public /28. No BGP, etc just default routes. The /28 is divided into a two /29's, once of which is routed to Vlan3.
On routed port 1, we have a PPPoE DSL connection, with a single static IP.
Vlan1 is a 192.168.1.x subnet
Vlan2 is a 192.168.2.x subnet
Vlan3 is a y.y.y.x/29 subnet(the routed subnet)
Vlan1 and Vlan2 PAT the static fiber IP(not the other /29) along with the DSL. The other /29 is used for a few static NAT translations and SSLVPN
There is a zone based firewall in play, as well as a few route-maps to redirect traffic out certain interfaces on the inside.
The problem is, the fiber IP randomly stops responding to ping/ssh, however I can ping the interface IP assigned to Vlan3 from the WAN. DSL never loses connection in this manner.
I can normally reestablish "normal" connectivity by connecting to the DSL and bringing down the fiber and routed vlan in a specific order.
View 2 Replies
View Related
Jan 17, 2013
Any one experience with this issue that cannot access to console port. USB serial cable and terminal server working fine with all other ASA 5510 except one of them. I rarely see the console and aux port failed to response.
View 2 Replies
View Related
Feb 12, 2013
My buffalo link station 3t was giving me problems due to avg firewall blocking access to my drive. so switched it off to work . now that the drive is working but now when i click to access the drive the back ground on the desktop goes black on windows 7 its a acer laptop and the graphics are blurey.
View 1 Replies
View Related
Aug 8, 2012
i have been facing strange issue on FWSM (6509 switch). we have created a vlan inteface for server farm on fwsm and its stop responding automatically and we need to give shut/ no shut command under that interface to back into normal .
View 11 Replies
View Related
Apr 18, 2012
I’m using a cisco 5510 ASA at the head office and all the branches (32) connect to the head office via cisco VPN client(Remote access VPN), as per the configuration branches used to get ip addresses from the VPN pool randomly. Now, my requirement is I need that each branch should get the same ip address every time when the VPN is established. Is this feasible?
View 3 Replies
View Related
May 24, 2012
One of our hospitals keeps reporting that their internet is going out for a while than comes back up, sometimes they even have to reset the ISP modem for this it to work again. I upgraded and switched ISP to Time Warner Cable and figured it would essentially solve the issue, but there are still reports of internet outage and our new ISP has confirmed multiple times that their end is still up. Our ASA 5505 was configured by a previous employee, but when looking at the running config I noticed that the Interface for our ISP is NOT set to Duplex Full and Speed 100.
interface Ethernet0/5
switchport access vlan 2
View 3 Replies
View Related
May 24, 2012
One of our hospitals keeps reporting that their internet is going out for a while than comes back up, sometimes they even have to reset the ISP modem for this it to work again. I upgraded and switched ISP to Time Warner Cable and figured it would esentially solve the issue, but there are still reports of internet outage and our new ISP has confirmed multiple times that their end is still up. Our ASA 5505 was configured by a previous employee, but when looking at the running config I noticed that the Interface for our ISP is NOT set to Duplex Full and Speed 100.
interface Ethernet0/5
switchport access vlan 2
View 1 Replies
View Related
Sep 11, 2012
Hardware: RV082 V03
Firmware: RV0XX-v4.2.1.02
Lan: 192.168.1.0/255
Static routing: 192.168.1.239 to 172.25.152.64/224
The unit is configured as internet gateway. 4 NAT ports are active. When firewall disabled all works fine. When firewall enabled I do get connection lost at random interval. In firewall only 4 rules added to the default 3 rules. The added rules are:
1/ permit 192.168.1.22 port 25 to any
2/ permit 192.168.1.27 port 25 to any
3/ permit 192.168.1.10 port 25 to any
4/ deny any port 25 to any
I do get at random times connection lost when navigating with windows explorer on a PC with IP 192.168.1.x to a share on a PC with IP 172.25.152.74. The same happens when copying files. Sometimes it works, later it fails or reties are needed. When the firewall is switched off all runs fine.
Ping from 192.168.1.x to 172.25.152.74 allways give a <1ms response
Is there a RV082 perfomance problem or do I have a configuration problem?
View 4 Replies
View Related
May 8, 2012
I have ASA 5510 with CSC-SSM-10 .ASA 5510 IOS version- 8.4.2 and CSC-SSM-10 IOS version 6.6.1162.Web filtering is working fine with respective to my configuration.From yesterday morning, i was facing issue with the sites like gmail, webmail.After giving credentials like username and password in the web page, the page is not resonding.In troubleshooting process, i removed all the acls, class maps which will direct all the traffic towards the CSC. In this scenario all my mail service sites are opening.If we apply the these ACLs and Class-Maps, only my mail service sites only affecting.
View 1 Replies
View Related
Apr 24, 2012
When my ASA5505 starts it loads into rommon. I enter "boot" and everything boots fine. How do I make that load by default whenever it starts. Any correct command syntax to make that happen ?
View 0 Replies
View Related
Apr 13, 2012
I have some issues with win 7 64 bit pro. I have 3 computers on a cat 5 wired home LAN using a DGL-4500 router and in yhe same homegroup. All are gigabit capable. 2 are regular PCs, one is an HTPC. All have the latest drivers.1) File transfers never exceed 12% of the network capacity.2) If I transfer from computer A to computer B's public folder, I can transfer 1GB in a few minutes. However, if I attempt to copy/paste a file from Computer B's public folder to computer A, computer A takes forever "discovering" the file, then gives some absurd transfer time, say 11 hours for the same file.3) If however I go to computer B and paste the same file into Computer A's public folder, the transfer takes only a few minutes.
4) If at any point during scenario #2 I right-click B's public folder from A during a transfer, I get the spinning circle forever which 90% of the time results in Explorer hanging and requiring the process to be killed/restarted.
View 4 Replies
View Related
Mar 6, 2013
When my Toshiba Satellite notebook first begins booting up, the ethernet cable "connected indicator" light is ON, but somewhere around the halfway booted-up point, the light goes out. Once booting is completed, I get the message "Network cable is unplugged". The cable is definitely plugged in, as I also have Ubuntu Linux running on this same machine (dual-boot), and use this cabled-connection ALL THE TIME (for both LAN and Internet access)
View 8 Replies
View Related
Nov 1, 2011
when i press fn+f3 on my acer 4750z laptop it starts up bluetooth and not wifi! when i enter into the wifi wizard installed, which is intel mywifi tech, it shows "NO SUPPORTED WIRELESS ADAPTER FOUND" what should i do to start up wifi??
View 1 Replies
View Related
Dec 4, 2011
I'm using a dlink network adapter (6 months old) on my pc, have always gotten an excellent signal. Main pc in house is hooked up to dir-615 router & works fine. I had some bsod's recently & decided to reformat xp. Loaded the driver for the adapter, got an excellent signal, but couldn't access the net. The signal shows 4 green bars for about 20 seconds, then all white bars for a few seconds, then back to green. It keeps dropping the signal over & over. The network card shows its working properly.
I did an ipconfig, and it says "media state disconnected" & shows no addresses. If the dlink adapter is faulty then i'm assuming it wouldn't work in the first place. I'm thinking its some setting not right in the pc. The reformat went fine, loaded all the drivers in the right order. I only have IE for a browser which i need to access the net with to load firefox & all other programs plus service pack 3 & other xp updates back on with.
When I loaded the driver for the dlink adapter, i used a different workgroup/name than the network name originally used to set up the dlink router if that means anything. I've read about resetting the winsock which i'm going to try, but I would think that wouldn't be it since i just reformatted the pc.
View 1 Replies
View Related
Apr 20, 2011
I had a D-link DSL-G604T router which recently had begun to drop connections, so I decided it was time for an upgrade. I bought a D-link DIR-615 and followed the instructions on the CD, but no internet connection. After several hours of hair pulling I came accross a solution; If I connected the internet port on the DIR-615 to one of the ethernet ports on the DSL-G604T using an ethernet cable I could then connect to the internet.However this defeats the point of having a new router if I have to use the old one to connect to the internet.Is there a way to configure the DIR-615 so that is works properly?
View 8 Replies
View Related
Dec 22, 2011
I would be surfing the internet for about 30 minutes, then all of a sudden the wireless connection just stops. The wireless icon says that I'm connected with an 'excellent' connection, but I can't browse any webpages and nothing loads.
After about another 30 minutes of no connection, the wireless starts again and everything is fine. I tried updating the driver, but it says that it's already up to date. I also did a diagnostics, and I get this message: "Dell Wireless 1490 Dual Band WLAN Mini Card (Failed)".
View 3 Replies
View Related
Apr 22, 2013
I will be implementing a new firewall (cisco asa 5515x) on my existing 3750x (server switches) and my 2960s (user switches). What should I need to apply on my firewall and swtiches to make the implementation successfull. I will put my 3750x as my DMZ and my 2960s as my inside. The 3750x have multiple subnet and also the 2960s.which features and technologies i need to know on those 3 products. my 3750x and 2960s don't have any ACL defined and most common features are vlan, switchport, trunking, spanning-tree, stacking, vtp.how my asa knows that my 3750x/2960s have multiple vlans. my current connection right now on 3750x and 2960s is just through 6 ports i assigned as one trunk, below is my config [code]
my 2960s vlans are almost the same with my 3750x except vlan 160, 170, 192. but of course when i put this in asa, i have to segragate vlan for 3750x (192, 100, 110,160, 170) and 2960s (130, 150). for my 2960s connection to the asa and since this will have big bandwidth, i will use 3 ports on my asa (and trunk it) connecting to my 2960s and i will use 2 ports on my asa (and trunk it) connecting to my 3750x. the one internet ports and my one management ports on my asa will stay like that.
View 2 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
Aug 2, 2011
We had a problem with SMTP inspection dropping some regular emails (Cisco 2901 IOS 15.0). The original configuration.
View 2 Replies
View Related
Jun 21, 2011
We had a problem with SMTP inspection dropping some regular emails (Cisco 2901 IOS 15.0).Incoming mails are going thru Spam and Virus Blocker so that bypassing SMTP inspection is not security issue in this case.
View 1 Replies
View Related
Dec 28, 2011
I have a question with regard to setting up the ID firewall on the ASA 5585 in a single forest, multiple domain windows network.Currently I have a semi-operational IDF at the top level but can't find users on the lower other domains, here is the setup:I have 3 domains.
[URL]
Both domains have a two way parent-child trust and I can look for users in AD Users/Computer on both domains. I initially setup the ASA to look at domain1.test.com using an LDAP aaa-server per the IDF instructions, and then proceeded to configure the ad-agent. I installed the adagent on the domain1.test.com domain controller configured the settings on that system and had no problem adding users to the firewall and getting functionality within domain1. I looked to see if I could see domain 2 and domain 3 users and found none. I went ahead and added the domain2 system to the adagent on the DC and the system says that it is up, but when I search for users is not pulling them from domain2. Instead, it shows domain1 users as domain2user1. I also configured another adserver in the ASA to search ldap on domain 2 to no avail.The cisco documentation states the following:•Before you configure even a single domain controller machine using the adacfg dc create command, ensure that the AD Agent machine is first joined to a domain (for example, domain J) that has a trust relationship with each and every domain (for example, domain D[i]) that it will monitor for user authentications (through the domain controller machines that you will be configuring on the AD Agent machine). Single Forest, Multiple Domains—All the domains in a single forest already have an inherent two-way trust relationship with each other. Thus, the AD Agent must first be joined to one of the domains, J, in this forest, with this domain J not necessarily being identical to any of the domains D[i] corresponding to the domain controller machines. Because of the inherent trust relationship between domain J and each of the domains D[i], there is no need to explicitly configure any trust relationships.Reading that it sounds like it should just work. I had everything properly configured before I installed the adagent, but I'm guessing that there is a chance that you can't have the adagent on the top level DC and get to communicate with the lower level domains.
View 1 Replies
View Related
Apr 26, 2011
I do have the below setup,,
1. I have 6509 switch
2. I have 2 WLC configured in Active/Active mode connected in Trunk mode (L2 Port-Channel) connected with 6509 switch
3. On switch side i have configured the port as Trunk
4. L3 SVI for wireless users are created in 6509 switch (attached the diagram).
I would like to introduce a Cisco ASA 5520 firewall with AIp-SSM module so that all wirelees traffic can be inspected.
The issue is: Without changing any configuration in the network (switch & WLC) is it possible to introduce the firewall?
View 2 Replies
View Related
