We are using non-advertised IPs on many devices, but LMS is attempting to ping these addresses and setting off all sorts of security alarms. How to stop LMS 4.1 from pinging the interfaces? We don't even want LMS to do any fault monitoring so if that could be turned off, it would be even better.
View 1 Replies
I have two inside interfaces (both security level 100) inside and inside110. Inside is 192.168.105.3/24 and inside110 is 192.168.110.3/24. I have a PC on the 192.168.105.0/24 network. I cannot ping the 192.168.110.3 IP of interface inside110.
View 2 Replies View RelatedWe are using Cisco ASA 5580 (8.2) firewall. When i try to ping from inside lan to firewall DMZ interface IP it is not pingable and but from inside users i am able to ping firewall inside interface IP address.
I think we can't ping to other interfaces of ASA by default. But can we allow the single IP address who can ping all the interfaces of firewall?
We are not doing any natting in firewall, for that we used the Load Balancer.
I have set up site-site VPN on 5505s on 2 sites. I can ping outside interfaces from both sites but cannot get replies when I ping clients behind the 5505 from the ASA itself. I have also tried to ping from 10.x.x.x to 217.41.x.x and to 192.168..x.x but do not get a response.
I was expecting the configuration to be enough but there might be something I am missing.
I've just started a CCNA course and my lack of knowledge has me a bit stuck. My network is comprised of Cisco components and I'm semi familiar with them just from reading and looking through options. I currently am using a Cisco ASA 5520 on my network and I am trying to join another network via one of the interfaces. My network is 192.168.0.0 255.255.0.0 and my inside interface is 192.168.1.1 255.255.0.0. I enabled a second interface using a static ip of 10.0.0.1 with a subnet of 255.255.255.128. Connected to that interface, I have a Fortigate firewall at 10.0.0.2 255.255.255.128. I can ping just fine from the Fortigate network to the 10.0.0.1 interface on the Cisco ASA 5520 network, but I can not ping the 10.0.0.1 interface (or anything past it) on the ASA 5520 from any computer on the Cisco network. I've read that ACL's and NAT have to be done as well as enabling traffic between interfaces with the same security levels. (both interfaces have security levels of 100 and the option is checked to allow traffic).
Note: each network has it's own internet connection. The connection is to share information on servers on both networks with each other.
I'm having some trouble getting my head round the following but I think it's routing related?
I have a Cisco 3750 switch with the following configured:
interface Vlan1
ip address 192.168.0.223 255.255.254.0
no ip route-cache
[Code].....
The 3750 is connected to a firewall which handles the routing. From the 3750 I can only ping remote networks from the vlan1 interface not from vlan6,8 or 10 i.e ping 10.34.37.101 (remote network) source 192.168.0.223 (vlan1) works but ping 10.34.37.101 source 10.74.10.1 (vlan10) does not? I can ping 10.34.37.101 from computers on the various vlans but not from the 3750 it self.
I looked at setting a default gateway for the various vlan interfaces
I have a new 3560G to set up a small network for a remote site. I configured the vlan and an SVI as the gateway. The switch is also the DHCP server for the LAN. I configured Gi0/2 as L3 port, connecting to the nearest neighbor. My network runs EIGRP so i advertised the routes into the EIGRP process. The switch forms EIGRP neighbors and learns all routes in the enterprise network. The problems I'm having now are: 1. The switch learns all routes in my enterprise LAN and can ping devices in the enterprise LAN, but I can’t ping any interface on the switch from the enterprise LAN. 2.
View 5 Replies View RelatedI set this up and I can ping all the gateways but never the hosts. I was hoping I could make these links between 6500's a mix of L2 and L3. Check it out. They are connected in a linear fashion R1--->R2--->R3. I can ping from R1 to R3's SVI4 gateway but I can never ping a host on that SVI4. I was hoping that I could use the port-channels between 6500's as routed links or as trunk links depending on the type of traffic....thought it would ease the migration. I suppose I could always get rid of the port-channels and just make separate L2 and L3 links between the 6500's.
View 3 Replies View RelatedFrom My Router that connects to Cable modem i am unable to ping website 4.2.2.2I am able to ping all other websites fines.Same website i can ping from my pc and all other switches fine.Router has only 1 ACL thats for NAT.
View 25 Replies View RelatedWhen I ping an address from my windows machine, it succeeds, but when I ping to the same IP on my MAC OS X machine, it fails.
1. Why?
2. How to get successful ping on my MAC machine?
I installed window server 2003 in a old Pentium III server as a standalone test server. Now I want to use it as a print server and connected it to the domain. I can ping workstations and other servers from that test svr. But i cannot ping that test server from the work stations.
View 2 Replies View RelatedI had both a Westell 7500 and a Linksys Router working fine and had my 360 setup as an extender for Windows Media Center so I could stream TV, Music, Movies, etc from my desktop to the 360. Then I switched my modem/router out with a Zyxel PH5001Z
So now today I noticed that I can no longer find my desktop through the XBox. I have adjusted my firewall settings on the modem itself, even completely disabling it. UPnP is enabled for the 360 and the device is showing under my device table. At first I wasn't able to ping any network devices but after creating an ICMPv4 Firewall rule it worked fine. I've confirmed the XBox IP Address through Network Map, the Device Table on the modem and through Network Settings on the XBox. I've diabled my modem firewall as well as Windows Firewall, completely and I still can't ping my XBox or set it up as an Extender.
I have the XBox connected wirelessly using WPA2-Personal and it's operating in 802.11g/n mode.
I've got router as vpn-concentrator which receives vpn site-to-site connections from 10 branches with cisco 881 and cisco 1941.I started cacti monitoring and found out that there are too many errors on interfaces.URL.
View 5 Replies View RelatedI have an ASA connected to 2 ISPs.I am using object tracking for the default route so only 1 path is used at a time. I have a L2L VPN setup going out interface A. I would like to configure a 2nd VPN going out interface B with identical parameters.
(ASA software 8.2)
crypto map PATH_A 1 match address outside_1_cryptomap
crypto map PATH_A 1 set peer 10.1.1.1
crypto map PATH_A 1 set transform-set ESP-AES-128-SHA
crypto map PATH_A 1 set security-association lifetime seconds 28800
crypto map PATH_A 1 set security-association lifetime kilobytes 4608000
crypto map PATH_A 1 set reverse-route
[code]....
I am trying to secure sub interfaces on a 2600 Router
interface FA0/1.1
No Access-group
Interface FA0/1.2
IP Access-group 110 out
Access-list 110 deny ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
Access-list 110 permit ip any any
This works but it blocks traffic both ways I only want to block one, I dont want FA0/1.2 to be able to access FA0/1.1 but I want all traffic to be allowed to go the other way
Does any know why the ASA will monitor physical interfaces by default, but monitoring of logical interfaces is disabled by default? Or better yet, is anybody doing a monitor-interface for a subint without issue? I'd imagine it isn't enabled by default for a reason.
View 2 Replies View RelatedI understand that IPv6 uses the MAC address of a LAN interface to make up the EUI-64 of a serial interface since serial interfaces don't have MACs. What happens when there is no LAN interface available? What if the switch has only serial interface cards?
View 2 Replies View RelatedLMS 4.2. I am receiving the alert below in my email inbox. It was my understanding that DFM would not send alerts for interfaces that are shut down. Is this a bug? [code]
View 2 Replies View RelatedI have a question, it is possible to have two WAN interfaces to configure a cisco 892 router with an ip 255.255.240.0 84.197.167.111 adderess of the first interface and a different ip address 84.197.174.182 255.255.240.0 on the second interface
View 5 Replies View RelatedI have a location where I have 2 WAN links, but without a dynamic routing protocol in between. I want to implement a kind of hub to 2 spokes VPN. But the spokes will actualy be on one single ASA firewall, each spoke on a different interface. One hub-spoke will be primary, the other one the secondary. When the WAN link for the primary VPN fails the secondary should be started on the hub to the other spoke.
View 1 Replies View RelatedI'm trying to get two Cisco 1941 routers with HWIC-1T and HWIC-3G-HSPA interfaces to use the 3G interfaces if the frame is down (as it is right now).In the lab, I was not able to get these to use the 3G interfaces as a backup (i.e. backup interface cell 0/1/0) and I've not been able to workout the correct incantation for static routing either.
kununurra#show ip int br d1
Interface IP-Address OK? Method Status Protocol
Dialer1 172.31.2.94 YES IPCP up up
[Code]....
I have been configuring the SG-300 28 from both web and cli interfaces.When doing a sh run I get Int gi2 before int Gi1? WTF?Also one of my vlans wasn't working on interfaces but was working through the assigned trunk port to my other switch.I deleted it and recreated it and it is now working. Why we have a failure and go to reconfigure a switch and have these same issues.
View 1 Replies View RelatedIn ASA 8.0,I have following queries related to redundant interfaces
a)While configuring redundant interface can the redundant interface again be divided into logical interface like red1.1 , red1.2 ?
b)Is Redundant interface supported in the Multiple context mode
on 3750X how many interfaces can be configured with PIM activated on ?
View 2 Replies View RelatedI've installed the ACS version 5.2 in a VMware platform and everything seemed fine but in the post installation task I need to access to the GUI. Based on the documentation I should access the "https://10.0.0.X/acsadmin" on my browser's url but after I hit enter nothing comes up, there's just a whiter web page. Is there any missing configuration that I need to do and that it is not on the configuration pages?
View 5 Replies View RelatedIs there a limitation to the amount of sub-interfaces that can exist on a Cisco 6509? The switch has WS-SUP720-3B (Sup card), WS-X6724-SFP (linecard), and 12.2(33)SXH7 (IOS).
View 7 Replies View RelatedIf I have a PI 1.2 system that has multiple interfaces configured I can upgrade to PI 1.3 and both interfaces remain and I can see both under the admin webpage under appliance interfaces. But if I do a fresh install of PI 1.3 I can only configure one interface. The commands fail from the cli to configure anything but gigabitethernet 0. Are multiple interfaces not supported in PI?
View 2 Replies View RelatedI have two vlan interfaces, how to limit bandwidth on them ?I need than speed on each will be direrent.
View 1 Replies View RelatedI have 1841 router with 2 serial Wan interfaces each one is 2 Mbps. i want to configure them to use all of 4 Mbps.How to Configure them.
View 8 Replies View RelatedMy problem includes little bit design issue.I have site2site vpn between customer and my cisco router.But the customer wants to add L2TP traffic in this site2site tunnel.I have no experince about L2TP tunneling.I have also ASA 5500 series which locates behind the Cisco router.ASA interfaces have not public IP.Question is that Can I use my ASA firewall for just L2TP tunelling?Every document says ASA use IPSEC over L2TP. But IPsec tunneling is already done by Cisco Router. Or should I have to do both tunnel in same network device? I mean ASA or Router?
View 1 Replies View RelatedI want to implement QoS on our Core router but the core router makes use of GRE Tunnels to remote branch locations.so far all QoS techniques i want to use cannot be implemented using tunnel interfaces.
the core router is a cisco 7604 router with IOS version 12.2 (33)SRE while the remote locations have ISRs (2821).
Which QoS technique to use with respect to GRE Tunnels as there are times of congestion due to heavy network traffic to those remote locations.
Having upgraded to 8.3 from 8.2 I and read much about the differences , it seems that 8.3 deals with NAT in a much more managed method.However I am confused on how one would NAT a network object to multiple interfaces? i.e I know you can specficy a NAT adddress within the network object howeveer this only allows you to specific a single IP address.What if I want to talk accross multiple interfaces how would I specify this?
View 5 Replies View Relatedi have an ASA 5520 running ver 8.4(1). have attached my interface config below and need to do the following, NAT traffic coming on GigabitEthernet0/2.101 to GigabitEthernet0/1, i.e. packets with destination 10.21.110.25 will be forwarded to 10.11.21.25, will a nat (Production,Advocate_MPLS) static ... statement work ?
------------------------------------------------------------------------
interface GigabitEthernet0/1
description Production
nameif Production
security-level 100(code)
