Cisco VPN :: 876 - Connection Established From Firewall But No Ping Answer
Mar 18, 2013
We try to establish a Site-To-Site- IP Sec- connection between a Cisco 876 (local site) and a Check Point-firewall (remote site). The Cisco 876 is not directly connected to the internet, but is behind a DSL- Router with port-forwarding, forwarding ports 500 and 4500. The running config of the Cisco 876 is appended to this discussion thread. Unfortunately I get no output when debugging the connection with commands "debug crypto isakmp" and "debug crypto ipsec".
From the Checkpoint-firewall point of view the connection seems to establish, but there is no ping answer.
The server on the local site that should be reached from the network behind the Checkpoint-firewall has a routing entry "route -P add [inside ip-net remote] 255.255.255.0 [inside ip local]" (see also appended running config for naming of ip- addresses). Establishing a Cisco VPN- Client connection to the same Cisco 876 router works fine.
View 7 Replies
ADVERTISEMENT
Oct 25, 2011
I defined a static route: 192.168.0.0 / 255.255.255.0 / 192.168.1.201 (gateway), I can connect from 192.168.1.0 to 192.168.0.0 but we cannot ping in this local network. We have a CISCO 18000 as a VPN IP configured between this two local network.
View 1 Replies
View Related
Dec 4, 2011
Cisco RV016 Small Business Router (firmware version 4.0.4.02-tm) . We have several old RV series Linksys, and the interface seem identical to this new Cisco version so it isnt difficult to have it configured. However, I am facing issues. I cannot ping from untrust to WAN IP of the router. However pinging from trust to any IP is just fine.
I tried disabling firewall, I also created a firewall rule that allows all ICMP from ANY to ANY. I also tried All traffic from Any to Any. But still the WAN1 and WAN2 IP addresses (Multiple ISP) still does not reply to ICMP.
View 3 Replies
View Related
Jan 20, 2013
i successfully established site to site with 2 two ASA 5010. The problem is that traffic on not passing, This is current setup:1) Left side : only 1 private network 3) Right side : 1 private network, management network, 2 DMZ networks with public IP, On right ASA some netting is setup so servers in DMZ can be reached from private network. The goal would be that VPN client on left side can reach all resources on the right side (except management network, Just to get things going tunnel is built with only left and right private networks, but after tunnel is established i can't ping anything on other side.
View 4 Replies
View Related
Oct 27, 2012
i have 2 RV048 and one RV016
I have established VPN gateway to gateway tunnels; all routers use functional DYNDNS
IPrange site 1 192.168.123.1-254 external adres x.y.z.w
IPrange site 2 192.168.124.1-254 external adres a.b.c.d
IPrange site 3 192.168.122.1-254 external adres e.f.g.h.i
site 1 with 192.168.123.x has two win 2008R2DC servers, running AD, DNS, DHCP, RRAS with address 192.168.123.4-5
i can ping the routers only if i add the route to it but cannot ping further (route add command)
if i dont establish the route then nothing pings
How can i use the tunnel to connect to the servers in site 1
View 2 Replies
View Related
Dec 26, 2010
Running FWSM Firewall Version 3.1(4)
The problem is that calls originating from the outside of the firewall to the inside will ring but you cannot answer. The internal video conference server is a Polycom HDX 7000. There are ANY/ANY rules to/from this server and the default application inspection policy is set for h323/ras/h225 as follows:
[code]...
View 2 Replies
View Related
Sep 12, 2011
internet connection could not be established. the port used was closed.
View 1 Replies
View Related
May 27, 2012
I have the netgear wndr4500 setup on my home theater shelves which are located in the corner of the room. When using my ASus G74sx with the Atheros 9002 wifi I consistently get disconnected. The wifi connection is lost and needs to be re-established.
Interestingly, when I am using the laptop downstairs the disconnects never happen. I have pored over my router's settings, updated to the latest firmware, as well as installed the latest drivers on the laptop. I also tried setting the router to short preamble and changing the channels to 11and automatic.
View 1 Replies
View Related
Jul 4, 2012
PPPoE connection isn't established...Config Cisco 1811 (c181x-advipservicesk9-mz.124-15.T15.bin):
...
vpdn enable
...
vpdn-group 1
request-dialin
protocol pppoe
[code].....
View 7 Replies
View Related
Aug 17, 2012
I use win7 os and samsung e2652 champ duos mobile. When I connect mobile to pc, the dial-up connection not established and show the error 777: the modem on the remote computer is out of order.
View 1 Replies
View Related
Jan 16, 2012
I have one ASA5520 with version 8.4(3), and a few ACL rules defined. One ACL is permit traffic from one interface(EXT_SERVICE) to another interface(DMZ_SERVICE), if i change that rule to deny traffic, all new connections that match the rule is denied, but no the established connectios. ¿Why the established connections can pass the deny rule? ¿How I can change that? I need create a ACL with deny type and stop all comunications that is running and match the deny rule.
Running-config of my ASA5520:
ciscoasa# show run
: Saved
:
ASA Version 8.4(3)
!
hostname ciscoasa
enable password 8ay2wjIyt7RRXU24 encrypted passwd 2wFQnbNIdI.2KYtU encrypted names !
interface GigabitEthernet0/0
[Code] ........
View 9 Replies
View Related
Oct 22, 2009
After I change my router, I recently found out that I cannot access remote network resources after VPN tunnel is established. I use CISCO System VPN client. I can see the connection is successful. I cannot ping server on the remote network
View 2 Replies
View Related
Apr 30, 2011
All my years on the computer and internet, i've only been connected via ethernet directly from my cable modem as i have just 1 desktop. Anyhow, i just bought a laptop yesterday and so, a router is a must to connect wirelessly. I received an old Linksys BEFW11S4 v4 router from a friend and decided to use it as it's still functional. Yes, i know it's an ancient router but i'm on a tight budget.The setup - I have the ethernet from my modem plugged into the router. I have another ethernet cable in slot #1 (router) connected to my desktop. For my laptop, it'll be a wireless connection.Issue - Now, the connection for my desktop (via ethernet cable in slot #1 on the router) works perfectly fine. I have it set up (on browser - 192.168.1.1), added the SSID, WPA Shared Key and such. The only issue is with my laptop. Everytime i switch on my laptop, i cannot establish a connection (after selecting the SSID and entering the key). The ONLY way for me to get a connection is if i power off then on the router. Each time i turn on/restart my laptop, i'll have to power off/on the router in order for me to get it to work.
View 9 Replies
View Related
Jul 7, 2012
i have user connected to office using Cisco vpn client , Cisco asa 5520 acts as vpn gateway, frequently the users got disconnected from the server while the VPN still established and not disconnected!
what is the cause of the issue , where the fault is located ? how to start the troubleshooting to figure out the issue?
View 1 Replies
View Related
Jul 1, 2012
I'm using a SRP521W-U. I've set up a SIP account on Line 1. I would like to be able to answer incoming calls on both FXS1 and FXS2. How do I achieve that both ports will ring?
View 2 Replies
View Related
Oct 10, 2012
I am trying to filter ARP answer arriving on a C6500 trunk port, for a specific vlan.Filtering conditions are:
- packet arrive from vlan ID x on the trunk (on only for this vlan ID)
- source MAC address = xx:xx:xx:xx:xx:xx
Thae aim is that the C6500 with never enter into its CAM table this MAC address.I looked at several methos like service policy or vlan filter, but no solution for the moment.
View 3 Replies
View Related
Feb 15, 2013
I have a standard ADSL modem which connects to the internet. On the inside I have a few computers within my LAN.when the modem receives an incoming request from the internet for a connection to one of my LAN computers e.g. a Skype incoming call, how does the modem know which port to forward that traffic to on my internal LAN? i.e. how does the modem know which of my computers is running the skype application that will answer the incoming call? I know port forwarding normally handles this sort of thing, but in my case, I am not using any configured port forwarding rules so how does the modem know where to forward skype traffic?
View 2 Replies
View Related
May 2, 2012
I have two 5510's that I am trying to get a tunnel established. One has an exsistinig tunnel to a 5505 that works but I cant get the next one to get past the first phase. I have sanitized the attached configs
View 5 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
Apr 3, 2013
Using Cisco IOS 12.x+ on a router.How would create an ACL that will only allow access to a port from the inside only after it has been established. i.e. similar to port triggering? Inside host 10.1.1.60 needs to use port 61200 for bit torrent. Dont want the port to be visible as open to the global net accept when the host 10.1.1.60 establishes the connection first.That way a port doesnt have to be left open 24-7.
View 4 Replies
View Related
Apr 7, 2013
I make a vpn site-to-site IPSEC tunnel between 2 RV110W the above ,you will find the configuration
Site1
Site 2
always the same message
View 3 Replies
View Related
Jun 19, 2011
We have an ASA 5510, with two internet connections. One inteded for VPN l2l and the other for general users inet access.
On asa 8.04, I configured the crypto map on inteface "VPNAccess" and a static route to the L2L remote peer through VPN internet access, the default rotue was pointing the general inet router.
We bought a new firewall with 8.4.1, and now asa only tries to initiate traffic if remote peer is on the default gateway.
It ignores more specific routes (i mean longer masks) and always tries to use default gateway, but only for VPN, if I make a trace route for that peers it uses correctly the routing table.
View 12 Replies
View Related
Jul 14, 2011
I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail. I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config. Secondly, the server I have on there ("Sar") can't connect out to the internet.I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on. Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.
View 32 Replies
View Related
Jan 9, 2013
Internet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2 -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
1. Internet is connected to Juniper Ge0/0/0 via /30 IP.
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.
From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
Issue:
1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
Troubleshooting Done so far.
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3. Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **
View 2 Replies
View Related
Mar 26, 2013
how its possible that even when I turn off wifi on the laptop and even disconnect the modem that when I type netstat into CMD that there is still one or two TCP ESTABLISHED connections? I have waited as long as an hour and there are still established connections even though I am not connected to my internet. if I shut down the computer and reload it again with the router unplugged there will be either no connections or maybe one TIME WAIT connection for one or two IPs. but as soon as I reconnect to the internet then disconnect, the same thing happens where there are established connections to the laptop even though I am not connected to the internet.I use ccleaner to remove all cookies between sessions.
View 4 Replies
View Related
Aug 2, 2011
I have now the sa`s stablished between SRP527w and cisco 857, but If i ping from a host of Cisco side to a host of SRP side I get only rx traffic on the tunnel, the stats keep tx at 0 and ping is not answered.My tunnel is to send some voice call into IPSEC tunnel keeping DSCP bits, It comunicate SRP voice vlan with Cisco lan.
I have on SRP 2 vlans:
1 Vlan for data on ports 1,2 and 4
1 voice vlan on ports 1,2,3,4.
I connect a netbook to port 3 and I can connect to internet but I cant reach by ping the other side of the tunnel?Maybe traffic from voice vlan is being natted with data vlan ip address?I need all traffic must go into the tunnel without being natted, on cisco side I have a policy to avoid nat but don know if SRP have any problem about it too.All gateways are ok ?
View 2 Replies
View Related
Feb 18, 2013
I have 2 modules of FWSM in 6500 switch (failover).I need 5 context.When I use in routed mode (like in the picture) , I cannot ping the servers behind the firewall. (I have ping to FW context),In transparent mode, it is not happening.what is the problem with routed mode?
View 1 Replies
View Related
Apr 18, 2012
We are going to impliment Spectrum (CA) in my network,i have ASA-5580-20 firewall now my spectrum server want to communicate with firewall,then only it will discover the firewall logs.Now the problem is my spectrum server is in MZ zone(10.10.10.45) security leval is 70 and my inside interface(10.20.20.101) security leval is 100.
I am unable to ping from spectrum server to firewall because of high security leval.How can i solve this problem,can i change my inside security leval to 69 then i think it will ping.
View 1 Replies
View Related
Sep 15, 2011
I was hoping that the latest firmware would fix my (2) 'bugs', but it did not. We are using the RV042s at our remote medical clinics as an end-point VPN router to our Nortel 1700 VPN router, replacing our old Nortel Contivity 100s.When I try and do a reset when connected remotely via the WAN interface, the RV042 hangs and will only reset by re-powering.
View 1 Replies
View Related
Jul 22, 2012
I'm having some problems getting an ipsec tunnel established between a cisco 887VA router and a cisco srp527w router.I am working from a few text books and some example materials. I have worked through many combinations of what I have got and am still struggling a little bit.I look at debug results and it appears as though the policies do not match between the devices:
Jul 23 05:44:37.759: ISAKMP (0): received packet from XXX.XXX.XXX.XXX dport 500 sport 500 Global (R) MM_NO_STATE
broute1#
Jul 23 05:44:57.079: ISAKMP:(0):purging SA., sa=85247558, delme=85247558
broute1#
Jul 23 05:45:17.031: ISAKMP (0): received packet from XXX.XXX.XXX.XXX dport 500 sport 500 Global (N) NEW SA
[code]....
Some specific questions:
1) on the SRP in the example's I have used (and I have a few SRP->SRP VPN's that work) I see you need to enter the preshared key, I'm not seeing in the examples I have used anything about the IKE preshared key on the IOS box. Any examples where you use the preshared key for IKE? I wonder if this is my primary issue as it states clearly in the log that there is no Preshared key :|
2) I have used a mish mash of names between the various sections as on the SRP the naming convention isnt the same; ie: which parts of the IPSEC negotiation come from the IKE policy section and which from the IPSEC policy section. Do the names really matter across different ends of the VPN?
3) I notice when I perform this command in the(config-crypto-map)#:
set peer FQDN
It is converted to:
set peer XXX.XXX.XXX.XXX
Is this expected? I want the device to look at the FQDN as this particular host is using DDNS and not use a static IP address.
View 4 Replies
View Related
Jan 23, 2013
I have four ACE 4710. Each pair of ACE is in one geographical location. Probes are configured so that it is checking regular regex (HTTP GET).When there is need rserver update we change text in our testpage.html (for ie. from "OK" to "SUSPEND" ) so that probe detect fail. In fact rservers are still operational, but should not accept new connections. This works fine. BUT I observed that established connection/sessions did not end up after probe fails. ACE probably wait for openned/established connections to end up and it is what I am askign for.What happens if probe fails but in fact rserver is operational? I thought that if probe fails it also end up/cut all established connections to rserver. But seems it is not true.
View 2 Replies
View Related
Aug 14, 2010
I have the WPC54G , used on Sony Vaio, Windows XP Home Edition Version 2002 and use a Novatel Wireless MiFi 2200 Mobile Hotspot. Recently had system crash--reinstalled through recovery discs and all current Windows Update (SP3), as well as the WPC54G The WPC54G worked with various WiFi Networks and the MiFi2200 Device before crash. After "recovery", it recognize WiFi Networks, however; it does not recognize my network established through the Novatel Wireless MiFi 2200 Device. (Note: the MiFi Device is working because other computer/devices are gaining access to internet.
View 7 Replies
View Related
Nov 20, 2011
Im loosing my patience with my home setup im running. My ISP has given me a /29 static range which I have correctly applied. I have statically mapped a external IP to a device on the LAN without any issues. When checkign external ip on the device it appears as it shoud and everythgin else appears as the external address of the PIX. When I try to access anything past the router externally I cannot. I can ping the dialer and vlan1 interface on the 857w but cannot see anything past that. All I want the router to do is route, and control everything from the pix. Have i left out a command somewhere?
View 5 Replies
View Related
