I have two cisco asa firewalls connected through a VPN, one is 5505 and the other is a 5510. From the 5505 I can ping the internal interface of the 5510, but not vice versa. Would that be a NAT issue? I used the ASDM to configure the VPN tunnels with the wizard for IPsec site to site.
View 3 RepliesI have recently installed a new Cisco SG 300-10 switch--running in layer 3 mode--to function as a basic router for a new subnet installed at one of my company sites. When we attempt to ping devices on the 15.120.204.0 subnet from the 230.20.1.0 subnet, each device gives 2 responses and then times out continuously after that. If we wait long enough (thus far, an undetermined period of time) and reattempt to ping the same devices, the same thing occurs. Otherwise, we get nothing but timeouts. This occurs regardless of where we connect in the 230.20.1.0 subnet including VLAN1 on the SG 300-10. However, if we connect into VLAN 2 on the switch and assign a static IP, those same devices respond continuously. I was thinking that this must be a security setting of some kind but I'm unable to locate anything in the SG 300-10 that would appear to cause this.
View 1 Replies View RelatedI have a d-link dslg604t, i tried to do the frimware upgrade and it froze in the process. Now the internet doesn't work at all. I have uninstalled the drivers, reset the modem and it indicates the modem is working as in i have the two monitors and the blue flashing light between them shown, also all the network settings are there. DHCP is assigned automatically etc etc. I can ping the modem but when i try to connect to the internet i get "detecting proxy server", "internet explorer cannot display the page". "FTP (passive)- Error 12007 connecting to ftp microsoft.com
View 1 Replies View RelatedHow to you setup ip routing on a Nexus 5500 I want to do vlan routing between an Nexus 5500 and Catalyst 3750. Nothing clever just have the 2 switches talk and vlans route between the two.
View 3 Replies View RelatedHow many VMs can a pair of 5548s support? Remember, for each VM, I will have an ARP entry in the 5500 ARP Table (assume 5500 is the L3 default gateway).
View 3 Replies View Related: %DATACORRUPTION-1-DATAINCONSISTENCY: unterminated string in buffer of length 129, counted: 129 -Traceback= 4027CB2C 402B1E88 4052884C 40528A48 40528D08 40529188 40529358 403247E8 403247D4
Cisco Internetwork Operating System Software
IOS (tm) C5RSM Software (C5RSM-ISV-M), Version 12.2(46), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Thu 26-Apr-07 19:41 by pwade
Image text-base: 0x40010948, data-base: 0x410F41D0
[code]....
Is there an official Cisco-Page with the always-up-to-date recommended NX-OS-Releases for the Nexus 5000, just as there is URL
If there is no such page: What Release can be recommended?
We got new N596 & N2232 this week, and are using L2-LAN only, no L3,no FCoE- or FC-Ports. The command 'vPC orphan-ports suspend' is the newest feature used, so 5.0(3)N2(1) would be the oldest possible release.
Before I install 5.1(3)N1(1a) and then have to do a distruptive downgrade to 5.0(3)N2(2b), I'd like to be assured that the new one is already recommended as mature enough.
Having an issue with my WLC 5500 and client connectivity. This just started today. Clients will connect for a short period of time and then drop off. WLC appears fine with the exception of a bunch of trap errors. I've rebooted the WLC but this did not clear the issue.
View 3 Replies View RelatedIOS we used for limiting access for a group we used configuration of snmp-server views like following
snmp-server group backupgroup v3 priv read backupview write backupview access 20 snmp-server view backupview ccCopyTable included could not find out how to achive this config in NX-OS on Nexus5500
how to configure the ASA 5500 with "Directed Broadcast" for Wake of lan from other networksegment. we want pass traffic from 192.168.10.0 network to 192.168.100.0 DMZ Network to turn on the server with Wake on Lan.
I read something about "Static NAT" but how do i make this one?
Are there any dependencies on VTP on the Nexus platforms like the 5500 or 7000? In IOS P V LAN required VTP Transparent mode however I cannot find any reference to this for the Nexus platform. Are there any other features that would require the use of VTP? By default VTP is turned off on nexus and has to be enabled with the feature command so is there any benefit to running VTP in transparent mode vs off?
View 1 Replies View RelatedThere is very little and quite diverse Information regarding the if, where and how of a Nexus 5000 or 5500 series Switch and support for IEEE 802.1AE Link Layer Encryption (also called MACsec).
For example: the official FAQ denies that the Nexus 5500-series supports 802.1AE at all, while the data sheet says that only "downlink ports" are supported (host access).
On the Nexus 7000 platform the 802.1AE link layer encryption is part of TrustSec (feature cts) and much better documented.
The Question is: If and under which circumstances (configuration, L3 modules, license, NX/OS version) does a Nexus 5k or 5500 series Switch support 802.1AE on 1G or 10G interfaces that are directly connected to a Nexus 7000 (with the necessary cts feature licensed/configured)?
We have successfully peered two 5548UP switches together and separately we have successfully peered two 5596UP switches together. Works great and is our standard going forward for data center switching. I've been casting about Google and Cisco looking for an answer to this question:
Is it possible to have more than two 5500 class Nexus switches participate in a peered vPC configuration? For instance, can I connect a single FEX to four 5500 class switches in a vPC configuration? The question is more academic than actionable. Even if the answer is yes we probably wouldn't be in a position to implement something like this for a while.
Does the Nexus 5548/5596 switch support OSPF ECMP?
Also on OSPF and ECMP, the load-balancing method at the multiple links for Catalyst 3750 is per IP packet or per destination IP?
I am experiencing inconsistent echo-replay from devices connected via VPC to Nexus 5500s while pinging from the Nexus exec prompt.
In some cases I receive normal response when pinging from one Nexus, but no response when pinging from the other switch. In other instance I receive normal response to one Nexus, and duplicate replays to the other. It looks like a VPC related bug. NXOS is 5.1.3.N2.1
5501# ping 10.12.12.232
PING 10.12.12.232 (10.12.12.232): 56 data bytes
64 bytes from 10.12.12.232: icmp_seq=0 ttl=253 time=8.585 ms
64 bytes from 10.12.12.232: icmp_seq=0 ttl=254 time=9.227 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=1 ttl=253 time=1.011 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=253 time=8.097 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=254 time=9.429 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=3 ttl=253 time=18.195 ms
64 bytes from 10.12.12.232: icmp_seq=4 ttl=253 time=8.807 ms(code)
We are working with a contractor to upgrade our network, and I heard from them that the 5596/5548 might not need the Layer 3 module for our inter-VLAN routhing. They have yet to give me an answer.
We do have a few static routes on our current layer-3, core switch too.
Nexus 5500 support auto negotiation on 1gig sfp port? There is an end device that only support auto negotiation and cannot be manually set speed/duplex.
View 0 Replies View RelatedI have a Nexus 5500 which is the core of our network and we have access layer switches uplinked to it. I know by default the qos markings will be trusted.
1. On a trunk uplink from an access layer switch to the Nexus, I have "mls qos trust dscp". Will the DSCP marking be preserved when it reaches the Nexus?
2. How do I do prioritization of voice traffic on an uplink on Nexus based on DSCP EF?
So we've setup an ASA 5510 and users can VPN in no problem, and an IPCONFIG /ALL confirms that the DNS server settings from the group policy have been applied.Group policy sets DNS servers as 192.168.2.8 (internal), 8.8.8.8 (google). Public internet sites work ok.Typing nslookup opens up on the correct internet DNS server, but all requests timeout.
View 6 Replies View RelatedI was asked to block pings from the internet to the outside interface of our ASA-5505 firewall. I found a post that said to enter "icmp deny any outside", however that does not do it.
I created an ACL to try and do the trick, also to no avail:
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in in interface outside
access-group outside_in in interface outside
I'm looking for troubleshooting LMS 3.2.1 and the ping/ICMP traffic it transmits.A lot of my devices are receiving a lot more pings from LMS than I would have anticipated.I don't run PING sweeps in Device Discovery or CM-UT. I've even disabled DFM polling in a hope to trace the source of these PINGs. Any list of which modules use PINGs so I can turn them off and track down the offender.I really only want to manage the known devices I already have via SNMP alone. I don't require LMS to be PINGing for discovery or reachability purposes.
View 4 Replies View RelatedIn the new firmware version is there a way to turn off or not allow anyone to ping my router by blocking any private type of IP address? Which also include loopback addresses?
View 1 Replies View RelatedI was asked to block pings from the internet to the outside interface of our ASA-5505 firewall. I found a post that said to enter "icmp deny any outside", however that does not do it.
I created an ACL to try and do the trick, also to no avail:
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in in interface outside
access-group outside_in in interface outside
I'm trying to set up an 802.1 q trunk between my layer 3 switch and ASA5520. I understand I need to create a subinterface to accomplish this and have done so. However, the subinterface does not respond to pings, and when I attempt to run the packet tracer on the firewall itself, I get a message saying Flow is denied by configured rule. But the strange thing is it shows the output interface as "np identity ifc":
(The VLAN in question is VLAN2 192.168.2.3 is the VLAN2 address on the switch). The ASA config is as follows:
ASA Version 8.2(5) <context>
hostname context2
names
!
interface GigabitEthernet0/0.2
nameif Inside0/0.2
[Code] ....
I'm having an issue that I can't quite understand. I set up a test lab to get familiar with EIGRP routing. I have a Cisco 3845-MB with 2 VWIC2-2MFT-T1/E1 cards.sh ip int brief shows UP UP status on all serial ports. I gave it an IP address but I'm having trouble pinging the serial interface IP. It's dropping pings to its own S 1/1/0 interface when pinging from console. I have known good T1 crossover cables 1&2 - 4&5.
Here is the "ip int brief" from 3845-MB
3845-MB#sh ip int brief
Interface IP-Address OK? Method Status Prot
ocol
GigabitEthernet0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/1 172.30.2.1 YES NVRAM up up
Serial1/1/0:0 10.3.29.2 YES manual up up
Right now it's pinging itself at about 60 -90% success rate... and I can't figure out why it's dropping any packets at all. I have other issues with in the lab as well... but i think this might be my "core" issue.To make matters even more "weird" I've tried two different VWIC2-2MFT-T1/E1 cards and I drop pings with both of them.
Here is a sh run and a sh diag:
3845-MB#sh run
Building configuration...
Current configuration : 1434 bytes
!
version 12.4
service timestamps debug datetime msec
[code].....
Now there is an issue that I don't really know how to deal with it and its the multiplayer games ping that I get lately , its about 3 months that I get very high pings when connecting online to a multiplayer server , no matter which game it is , the same happens.
I was getting around 380-470 ping while playing on an European server , but then we solved my last problem (The someone that was connected to my home network) and it reduced the ping to something around 250-300 (sometimes it drops to 100-120).
It is still very high , 3 months ago I had a real bad internet connection and when I was playing on European server's I was getting a stable ping of 100-120 that was normal !
A friend of mine got the same connection that I have and he gets a ping of 100-120 and we play on the same servers (same ISP too).
How can I know where the problems come from ? I did move to a new house in a new area , maybe the ISP server's over there are weak and over loaded ? Because when its like 02.00 AM I am getting a stable ping of 100-120 . What is going on here ? Is there a possibility to ask the ISP to move my connection to another area servers or something like that ?
I've just purchased WRVS4400N VPN router and installed it. This was a replacement of a old Linksys router. After installing the router, I've started seeing wireless drops, packet drops and latency on pings. I've installed the latest firmware, disabled Firewall services, disabled IPS. No changes at all. As a basic example, I am pinging my NAS device (hard wired to router) from a laptop connected to wireless below. Previously while connected to my old linksys router the time was equal to no more than 2ms.
View 4 Replies View RelatedSo because of the way active directory handles Group Policy I have been tasked with finding out why this is failing over the WAN. Basically I know why, but don't know how to correct it. I am trying to increase the MTU over an ipsec tunnel to 2048 to allow Microsoft Slowlink detection to occur. [URL] Basically, it sends 2 icmp packets. One at a normal size and one at a size of 2048. In my case this is trying to occur over an ipsec tunnel and failing due to the MTU being at 1440. I have seen a few articles about increasing it to 1500, but is there a way to increase the MTU to allow the 2048 sized icmp packets?
View 4 Replies View RelatedI have a WRVS4400N router in a remote office. I have connectivity to the office and computers there. But the web interface for the router is failing to come up. This happens once every few days or so. Is there any utility or something that I can use to remotely reset the router without making use of the webinterface or having physical access to the router?
View 4 Replies View RelatedAfter hours of trial and error, and searching user groups, I have found that on occasion, ASA v8.4 will stop pings with the IPsec-Spoofing logic. Interestingly, the packet-trace will say everything is allowed.
The fix (at least in my case, and one other) is to narrow the crypto-map to specific hosts, not subnets.
I am purchasing a new DIR 600. It pings properly, but didn't access internet. I am using HP Desktop and ORTEL broadband connection.
View 1 Replies View RelatedIn my home setup I have an PFsense firewall wich is doing all the routing right now, but right now my net speed is maxing out about 500mbit, i my think it's the pfsense hardware, but its an 1500Mhz C7 VIA with 2Gb ram, I just bought two new switchs, HP-1910-24g and a HP 5500-24G they can do some layer 3 routing, will my speed get a bumb up when the switch is doing some of the vlan routing.
View 2 Replies View RelatedUsing a WRT310N Linksys Router and just today at 2PM I received the largest and longest lag spike ever, it is still going on as I write this (10:00PM). I am receiving pings of 500+ ping and my download speed spikes like crazy. Here are my speedtest.net results.Here are my results from Netalyzr URL
View 4 Replies View Related