Cisco :: VPN Can't Ping Single Internal Address?
Feb 22, 2012
I'm running into a strange problem and cant seem to figure it out. I have an asa running 8.2(1). I have an ipsec vpn setup and working great. I can ping hosts on the inside of the network and everything seems to be fine. However there is one single ip address that i know for a fact is live, but i cannot ping through the vpn. If i ping the address from the asa i get a reply, if i ping the address from inside the network i get a reply, but if i ping when connected through the vpn no reply.
View 4 Replies
ADVERTISEMENT
Aug 23, 2012
I have configured an ASA 5505 to connect a single internal network to internet, it is not working. I have attached the config
View 9 Replies
View Related
Mar 6, 2012
I am having an issue where occasionally the Sidewinder starts to see my internal RFC 1918 address instead of the configured external address of my firewall. This is for peering between the two. The error they see on the Sidewinder is:So instead of seeing the external peer address he sees a 10.220.3.18 address. We are not sure what triggers this becuase normally he see's my 63.117.98.222 address.
View 5 Replies
View Related
Jul 8, 2012
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
View 7 Replies
View Related
Jan 25, 2012
I just recently purchased a dell latitude E6400 laptop and I did a clean install of Windows 7 Ultimate 64-bit on it, not an upgrade. I also installed service pack 1 right after the OS install. My problem is I cannot find a single driver that allows my WiFi card/connection to show up in Windows. I have been browsing the internet like a fiend and cannot find a single driver or solution anywhere for this. Every install or driver I try either shows an error saying "incompatable" or just does not fix the issue. All I want is my WiFi card to work, and dell did not have any drivers that worked off of its support site even when I put in my service tag number. compatable driver for the WiFi card for windows 7 64bit? Or steer me in the right direction to get the WiFi working on my laptop?
View 4 Replies
View Related
Mar 28, 2012
I just setup my home network with Pix 515 acting as my router/firewall but I can't seem to ping my internal PC from my ASA. I can access the internet and ping my Pix 515 inside interface from my pc but I can't ping my pc from my Pix 515. I can also renew/release IP's from my PC. I also did a packet tracer and it says that it was dropped due to an access list but I have one in place. Also my switch has the default config. Below is my config
Internet <----> Comcast modem <-----> Pix 515 <-------> Cisco switch <-----> PC
MYFIREWALL# sh run
: Saved
[Code].....
View 4 Replies
View Related
Nov 11, 2012
I have the connection working with my ASA 5505 but cannot ping the internal network. (Note external interface is getting the IP via DHCP)
View 4 Replies
View Related
Dec 6, 2012
I'm having an issue where internal hosts cannot access the internet but I am able to ping external hosts when I console into the router. The router is a 2800 series. [code]
View 3 Replies
View Related
Feb 6, 2011
I'm new to this cisco 5505 and I want to carry out a task as simple as a remote access VPN, in my case I did the wizard, with time on my test, I could connect to the VPN, but I can not ping any device internal network. [code]
View 6 Replies
View Related
Oct 15, 2012
We have two networks HQ and Site1 and for some reason we can’t ping the inside IP for Site1 PIX device. We have site-site-VPN set up between the two and everything works fine except we can’t ping the Site1 PIX from internal IP. However, I can ASDM/SSH in from HQ to the external IP of the Site1 PIX.
HQ is using an ASA 5550 (172.1.0.1) PC from HQ (172.1.64.x) Site1 is using a PIX-515E (172.2.0.1) PC from Site1 (172.2.64.x)
Ping from HQ PC to Site1 PC (172.1.64.x to 172.2.64.x) works fine
Ping from Site1 PC to HQ PC (172.2.64.x to 172.1.64.x) works fine
[code]...
ASDM/SSH from any HQ PC to Site1 PIX internal IP (172.1.64.x to 172.2.0.1) doesn’t work
ASDM/SSH from any HQ PC to Site1 PIX external IP (172.1.64.x to Site1 external IP) works fine
Everything was working fine until we recently changed the outside IP address for Site1 because we switch to a different ISP. Nothing changed on the HQ ASA or Site1 PIX other than the outside IP address on Site1 PIX. I did rebuild the site-to-site VPN tunnel between Site1 and HQ.
View 5 Replies
View Related
Jan 15, 2012
Cisco ASA 5505 Cannot Ping Secondary Internal Network.
View 9 Replies
View Related
Dec 3, 2011
I've got a 2621 configured as my main gateway to the internet - right now it's obtaining a DHCP ip from a the ISP's proprietary router set to bridged mode.
As of now, I'm unable to ping the internal interface of the router. I can ping external IP's only, even though I have DNS servers listed, i am unable to resolve host names. I'm running a few servers to which people are able to connect to my web server, among other services. I even have a crypto map setup to another 2621 across the country and can ping all internal ips on the other end... I JUST CANNOT PING THE INTERNAL INTERFACE of the router!!
I've noticed that when I ping the router during it's boot process (using linux un-interupted) I get a response in a very short window, then dies again. I'll post my config below:
[code]....
View 9 Replies
View Related
Mar 17, 2013
I have created a VPN connection for ASA 5512-X by using the wizards and nothing seems to be wrong on the wizards's config.I am able to connect to the network by using the VPN but unable to ping internal network.Below is my config for your reference:
Result of the command: "sh run"
: Saved
:
ASA Version 8.6(1)2
!
hostname FAA-ASA-1
enable password crzcsirI44h2BHoz encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code].....
View 6 Replies
View Related
Jan 17, 2012
We have an ASA5510 running version 8.25. This is in our central office in London. The London network has an ip address range of 10.110.128.0/22. Connected to this via a site-to-site VPN we have a satellite office that has an IP address range of 172.16.148.0/22.
We have now connected to our parent company via another site-to-site VPN connected to the same ASA5510. Their network has an internal range of 10.110.18.0/24. It was our parent company that issued us with our range of addresses a long while ago so that it all fits in with the rest of the company.
We have resources (web servers) on their network that we use which work just as it all should. We now want to allow our satellite office to view those same web servers. The problem is that only 10.110 addresses can flow to our parent company.
I have configured the firewall at our central office and our satellite office to route across to our parent company via our network network and the packets are flowing just fine except that obviously once they reach our firewall they cannot go to our parent company because the 172.16.148 range cannot be routed there.
My idea is to NAT traffic from our satellite office to one of our local addresses before it goes over to our parent company network.
For example: If someone in our satellite office with an IP address of 172.16.150.5 attempts to request a resource from 10.110.18.12 then the request would go via the VPN to our firewall and then get NATed to 10.110.131.200 before being passed on to our parent company network.
My question is what would the NAT configuration be to achieve this. I just cannot work out what type of NAT I would need or how to construct the command. It's probably PAT as it will be multiple addresses to a single address. Essentialy, all traffic from 172.16.148.0/22 destined for 10.110.18.0/24 should get NATed at our firewall to 10.110.131.200 before being passed on.
Just to add, we already have this working from our Cisco 3000 Concentrator which is now going to be phased out hence trying to get this to work on our ASA. The satellite office has now been moved to the ASA and as of today our parent company has been moved to the ASA.
View 4 Replies
View Related
Feb 14, 2012
I need to put a few cameras, without a server, on a static WAN ip address. Do I just assign them a static LAN ip address(for example 192.168.1.200), make sure the port they use is open, then type the WAN static ip address then colon and the last address? Like this.....I'm making up the WAN address....45.34.55.334:200
View 1 Replies
View Related
Jan 24, 2012
how to connect a different ip addressing single system in different place. but we cann't change the ip address in manually
View 1 Replies
View Related
Sep 11, 2012
I am having an issue with the user VPNs. For users connected via the AnyConnect VPN client, all of their Internet traffic goes out their local Internet connection, since I am using split tunneling. However, I need a specific public IP address to go through the VPN tunnel and out the DIA at the main office, rather than the user's local internet connection. I managed to have this IP address go through the tunnel to the ASA at the main office, but it appears that it gets blocked somewhere there, or maybe the return traffic gets blocked. I am using an ASA 5520 at the main office, with software version 8.3.
View 3 Replies
View Related
Apr 9, 2013
I have a i-ball 150M wireless-N ADSL2+ Router device in that , in the NAT tab, i have activated DMZ at my static ip with a private address 192.168.1.224 , so that that ip enabled device can be access to anywhere in public network.I want that using this single static ip , How to configure two private address devices in DMZ, so that both of ip enabled devices can be access in public network.
View 3 Replies
View Related
May 28, 2013
I need the following ports forwarded for a single ip address Port 88 (UDP)Port 3074 (UDP and TCP)Port 53 (UDP and TCP)Port 80 (TCP) .Is there an easy way to to it with service objects/groups?
View 7 Replies
View Related
Jul 25, 2012
I've been tasked with retiring a VPN Concentrator 3000 and replacing it with an ASA 5520. I'm trying to get a handle on how to set up the NATs and ACLs, since most of my experience is remote access VPNs, not site-to-site. Plus I've not configured a VPN 3000 in about 6 years so I'm having to re-learn a lot of the interface.
The VPN 3000 has a feature called LAN-to-LAN NAT rules that basically allow you to NAT an address on your internal network to an address on the "local" network for the LAN-to-LAN connection so it can then go through the tunnel to the remote side. The config looks something like this in the VPN 3000: [code]
Which looks to me like a "Static Policy NAT" in ASDM. So I set one of those up, that should be translating 172.16.3.151 on the inside interface to 192.168.200.151 on the inside interface (yes, the same interface) which should then (logically) be picked up as "interesting traffic" by the crypto-map and sent across the VPN tunnel. However, that doesn't seem to be the case - both the "packet trace" in the ASDM and traceroute from the source workstation show the packets getting to the inside interface, and then passed right out the outside interface to the internet router (which then drops the packets as they're a private IP).
what else do I need to do to make the crypto-map pick up the NATted traffic?
View 7 Replies
View Related
Oct 6, 2011
Ive run into something a bit new to me. Networking! Now i do have some experience but not enough for me to figure this one outHere is what i am trying to achieveWe have a webserver at the office which i can access from the outside world. We also have a local server with a static internal ip(File Server)My question is as follows can i add a link on a web page on my webserver to that i can access the internal ip address from outside the office?
View 13 Replies
View Related
Nov 16, 2011
I need to block this mac address in my 3550 switch.i enable port security but this mac address comes and do the violation and port is shut down.
View 3 Replies
View Related
Feb 29, 2012
I have a situation where a user needs more than one office extend AP in his home. My office extend controller is a 5508 running 7.0.220.0. Are there any issues NATing multiple OE APs to a single address? My initial lab results indicate that each of the AP's associate with the controller and establish a DTLS tunnel. I see the SSIDs get pushed to the AP and then it seems to restart the process never being fully operational. Is there a workaround that will allow me to run mutliple OE APs?
View 12 Replies
View Related
Jan 29, 2013
We have a Cisco 2911 router in our company. I didn't set it up myself nor I was involved. I only started working here recently, bit over 3 months ago. I have been given ongoing task which other IT Technicians been struggling for almost a year with a idea that maybe because I'm fresh person in the company I will find a original idea why could this thing not work.
Our router have a problem with blocking a single IP address, but not completely It's hard to explain but I will try my best. Company is hosting their website externally and accessing the host and FTP on the host on daily bases. It is important for the website to work on the internal network in company. It does work sometimes, but from time-to-time the website showing time-out error 118 on any point before Cisco router using both http and https, have tried putting just the IP address( doesn't matter is it on the general network or last ISA server on DMZ ). I am able to connect to the website using any of proxy gates but not directly to the website. I have also tested the connection past the router and I was able to connect to the website without any problems. I am also able to ping the host's address from the router and internal network.
I have eliminated the possibility of not correctly setup proxy or firewall on the network as problem also occur on the DMZ. I have also checked access-lists on the router and firewall rules for Any possibilities and I can't really see a way why would the router do this.
View 2 Replies
View Related
Jun 11, 2013
I have 2 servers, one active, the other standby, both will be using the same IP. If the active fails then a re-patch for the standby to make this the active. I understand that i will need to clear the arp & maybe mac address table on the 6500 for the new active server to work, as the failed server will have its mac address on the 6500,.
is there a way around this so i dont have to clear the arp cache & clear the mac table? [code]
View 6 Replies
View Related
Nov 25, 2011
I have a standard home network consisting of internet access provided by my cable company which is then disseminated to a variety of wired and wireless devices via a router.
I would like to create a second wireless network that is separate from my current one. This new wireless network would have extra access controls including access restrictions to some web sites using both IP address restrictions and using the OpenDNS DNS servers.
The picture below illustrates the current configuration. The question is: how can I connect ROUTER B to the internet using my current equipment (without buying another IP address from the cable company)?
W
MODEM --> ROUTER A --> ANTENNA <------> COMP 3
1 2 3 4
| |
| |
COMP 1 <---' | W
| ?? <--> ROUTER B --> ANTENNA <---> COMP 4
COMP 2 <-----' 1 2 3 4
W = WAN port
So, in the above picture, COMP 4 is connected via wireless to this second network and cannot access anything on the first network and uses different different DNS servers.
In case it matters, ROUTER A is a Linksys WRT54GL while ROUTER B is a D-Link DI-624.
View 1 Replies
View Related
Apr 24, 2012
I have been asked to "forward a port on an ASA 5505 to an internal ip address." Sounds easy for most of you, and I thought I did it right, but I am not certain. Basically, they want it set up so that when xx.xx.xx.xx:30000 (x's = the firewall ip with port 30000) is accessed from outside, it is forwarded to an internal ip on port 30000 (xxx.xxx.x.xxx:30000)
Here is what I tried from within ASDM 6.4:
1. NAT Rules-add static NAT route:
original-Interface: inside
-Source: xx.xx.xx.xx (local ip of computer on LAN they wish to access from outside)
Translated - Interface - Use Interface IP Address
Enable PAT: Original and Translated port both set to 30000
2. Access Rule - add
Interface: Inside
Source: any
Destination: xx.xx.xx.xx (IP of Firewall)
Service: tcp/30000
View 2 Replies
View Related
Sep 15, 2011
The problem is that the PABX is sending out an internal address in it's INVITE messages and the ASA5505 isn't changing the internal address to the external address.We need> From: Calling Number <SIP: SIP Username@Public IP Address>However our PABX sends out> From: Calling Number <SIP: SIP Username@Private IP Address>. How to translate the internal IP address to the external IP address on an ASA 5505?
View 1 Replies
View Related
Feb 19, 2013
We have a single 4500 connecting to two non-cisco devices. We need to enable port channelling or link aggregation between these two.The links are carrying mulitple vlans , hence are trunked and the ip address on either side is used for routing.
From each of the two non-cisco device, i am taking 2 ports each to connect to the 4500.On each non-cisco device side, two ports will bundle together as one aggregated interface (ae1) and the other will be called ae2.
my query is how do i do the configuration for etherchannel on the cisco 4500 side , as it will need two different Po's( port channels).I need a single ip address on both sides of port channel to be present for routing.
View 2 Replies
View Related
May 30, 2013
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
View 5 Replies
View Related
Jan 19, 2013
Is it possible to perform static Nat's through an internal network?I have a ASA 5510 with a public outside interface (let’s call it 68.68.68.1), and I have an inside private IP address (192.168.1.2/24). The inside IP address leads to a 4900m with that interface being configured with a 192.168.1.1 (no switching). On the 4900 M I have several VLANs one of them is an internal DMZ of sorts. (192.168.2.0/24). Within this DMZ network are several Web servers which need to be associated a public IP address (68.68.68.x).
Every time I configure a static Nat to associating a public IP address with an internal IP address within the DMZ, packet Tracer on the ASA informs me that the packet gets dropped at the static Nat and I cannot figure out why this is so.Safe it to say my question still stands is it possible to Nat (68.68.68.222 to and 92.168.2.60) given the configuration above, and how would I go about configuring in such the manner above so that I acn apply static nat through the 192.168.1.0 network to reach the 192.168.2.0 network.
View 11 Replies
View Related
Jun 2, 2013
We have a 5508 with 7.4.100.0 vor Internal APs and OEAPs. till now every thing is ok. Now we have to connect an AP (local) in a remote office, connected to the WLC by a VPN Tunnel. The problem is that the AP in the remote office uses the NAT Address to connect to the WLC, so the traffic goes over the Internet, not trough the VPN Tunnel. On the controller I have the following setting:
AP Discovery - NAT IP Only ................. Disabled
On the AP:
AP Link Latency.................................. Disabled
How to force the AP to use the internal IP Address of the WLC?
View 7 Replies
View Related
Nov 2, 2011
I have a RV042 using (for now), just the single WAN interface. I am trying to forward all packets to port 9000 from the WAN to a single IP address on the network. I've set up both forwarding rules under Setup -> Forwarding and under the Firewall -> Access Rules.I cannot connect to my device from the outside world, however. Is there something I'm missing?
View 4 Replies
View Related