Cisco WAN :: ASA5510 - Can't Ping Within LAN

Apr 27, 2011

I haven't come across this before and have been scratching my head about it for the last few hours and need a second (or third or fourth!) pair of eyes here.
 
I have an ASA5510 at the network edge, an inside interface of 10.1.0.x, a dmz interface of 192.168.1.x
 
[code]...

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: ASA5510 Cannot PING From Inside To Outside

Jul 1, 2012

I cannot seem to determine exacly why I am not able to ping from the inside to outside using the standard 100/0 security levels respectively. I am dynamic natting the inside to the outside interface, something I don't usually do but cannot see why ICMP's are not passing through.
 
The Packet trace tool says there is something in the ACL but there really isn't.
 
Is there simply an issue of Natting to the WAN interface on a 5510?

View 10 Replies View Related

Cisco VPN :: ASA5510 Can't Ping VPN Clients But Clients Can Ping

Feb 29, 2012

I have a strange issue on my ASA 5510 (8.4). I can't ping or connect to the VPN clients but the VPN clients can ping/connect to any inside resources. I have checked all the NAT extemtion entries.

View 3 Replies View Related

Cisco Firewall :: ASA5510 - Cannot Ping Inside Over VPN After Upgrade

Jan 16, 2012

We currently have a central hub using an ASA5510 and then a few site-to-site VPN connections to our support staff homes. The devices at the homes are Cisco routers. We were running version 8.25 on the ASA and all was working fine. We recently upgraded to version 8.42 and although all the functionality of the network is ok and it does what it should, our support staff cannot ping, ASDM or telnet to the ASA inside interface anymore whereas they could before the upgrade. The home VPNs all run on a 10.30 subnet (i.e. 10.30.1.x, 10.30.2.x etc etc). I can post our config (security edited of course), but it is quite a big config. The command management-access inside is specified and the 10.30.0.0/16 subnet is permitted to ASDM and Telnet. Are there any extra things that have to be done in version 8.42 to get this to work as the support staff do have to access the firewall for configuration purposes. At the moment, they have to telnet to one of the routers on the local LAN and then Telnet to the firewall from there.Prior to the upgrade, they were all able to ping the inside ASA interface and also telnet and HTTPS to it from their PCs at home. Now they cannot and the only change made was an upgrade to 8.42. Immediately after the upgrade none of them can ping the interface anymore and it seems it can only be accessed from the local LAN. I cannot find any access-lists that might be blocking the packets so can only assume it's something in the way 8.42 works.

View 8 Replies View Related

Cisco :: Unable To Access ASA5510 - Cannot Ping Interface

Oct 22, 2012

I have been working on figuring out a VPN problem on my companies ASA5510. I was accessing the device via: ASDM, SSH using Putty, and even initially with a console cable (also using Putty) using a computer in the networking closet. All 3 of these access methods worked properly for me.I believe I may have inadvertently changed something as of Friday using ASDM. I am mostly assuming this because, as of yesterday I can no longer connect to the device. I actually cannot even communicate with it (ping the interface I normally use to manage, which I could previously ping). No computer on the same subnet as me is able to ping the interface. The device is still accepting VPN connections, dishing out DHCP addresses and everything else it normally does, but I really need to be able to gain access to it again. I am thinking to reboot the device when there is some downtime, in the hopes that ASDM doesn't save to startup-config and only to running-config.

View 5 Replies View Related

Cisco Firewall :: ASA5510 Impossible To Ping Outside Interface

Aug 4, 2011

I'm currently configuring an ASA5510.I connected a laptop (IP 192.168.96.18/255.255.255.0) to port 0/2 and tried to ping 192.168.100.2 ... impossible to ping outside interface.I resetted the config of the ASA to retest more simple. [code]

View 1 Replies View Related

Cisco Firewall :: Cannot Access ASA5510 For First Time Config ASDM Or PING

May 30, 2013

I have a fresh out the box asa5510 with 8.4 on it.I have built these before but for some reason cannot get this one to work. I am consoled on, have applied the following config but can still not ping to or from, can not asdm, cannot http/s. Arp table shows device it tries to ping, but device trying to pping it has incomplete arp entry. [code]

View 7 Replies View Related

Cisco Firewall :: ASA5510 - Unable To Ping From User Desktop To Firewall Inside IP

Jun 11, 2012

I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to  FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
 
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:

[Code].....

View 7 Replies View Related

Cisco Firewall :: Difference ASA5510-BUN-K9 And ASA5510-Sec-Bun-K9

Jun 6, 2012

ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?

View 3 Replies View Related

Cisco Switching/Routing :: 3560G Can Ping Devices In Enterprise LAN But Cannot Ping Interface

Mar 31, 2012

I have a new 3560G to set up a small network for a remote site. I configured the vlan and an SVI as the gateway. The switch is also the DHCP server for the LAN. I configured Gi0/2 as L3 port, connecting to the nearest neighbor. My network runs EIGRP so i advertised the routes into the EIGRP process. The switch forms EIGRP neighbors and learns all routes in the enterprise network. The problems I'm having now are: 1. The switch learns all routes in my enterprise LAN and can ping devices in the enterprise LAN, but I can’t ping any interface on the switch from the enterprise LAN. 2.

View 5 Replies View Related

Cisco Switching/Routing :: Can Ping From R1 To R3 SVI4 Gateway But Cannot Ping Host

Dec 12, 2011

I set this up and I can ping all the gateways but never the hosts.  I was hoping I could make these links between 6500's a mix of L2 and L3.  Check it out.  They are connected in a linear fashion R1--->R2--->R3.  I can ping from R1 to R3's SVI4 gateway but I can never ping a host on that SVI4.  I was hoping that I could use the port-channels between 6500's as routed links or as trunk links depending on the type of traffic....thought it would ease the migration.  I suppose I could always get rid of the port-channels and just make separate L2 and L3 links between the 6500's.

View 3 Replies View Related

Cisco Switching/Routing :: 4.2.2 Unable To Ping 1 Internet Site From Edge Router Able To Ping

Jan 18, 2013

From My Router that connects to Cable modem i am unable to ping website 4.2.2.2I am able to ping all other websites fines.Same website i can ping from my pc and all other switches fine.Router has only 1 ACL thats for NAT.

View 25 Replies View Related

Routers / Switches :: Windows Ping Success But Mac Ping Fails

Aug 15, 2011

When I ping an address from my windows machine, it succeeds, but when I ping to the same IP on my MAC OS X machine, it fails.

1. Why?

2. How to get successful ping on my MAC machine?

View 1 Replies View Related

Can Ping From Server But Can't Ping To Work Stations

Jan 26, 2012

I installed window server 2003 in a old Pentium III server as a standalone test server. Now I want to use it as a print server and connected it to the domain. I can ping workstations and other servers from that test svr. But i cannot ping that test server from the work stations.

View 2 Replies View Related

Can't Ping XBox 360 But Can Ping Other Devices

Mar 1, 2013

I had both a Westell 7500 and a Linksys Router working fine and had my 360 setup as an extender for Windows Media Center so I could stream TV, Music, Movies, etc from my desktop to the 360. Then I switched my modem/router out with a Zyxel PH5001Z

So now today I noticed that I can no longer find my desktop through the XBox. I have adjusted my firewall settings on the modem itself, even completely disabling it. UPnP is enabled for the 360 and the device is showing under my device table. At first I wasn't able to ping any network devices but after creating an ICMPv4 Firewall rule it worked fine. I've confirmed the XBox IP Address through Network Map, the Device Table on the modem and through Network Settings on the XBox. I've diabled my modem firewall as well as Windows Firewall, completely and I still can't ping my XBox or set it up as an Extender.

I have the XBox connected wirelessly using WPA2-Personal and it's operating in 802.11g/n mode.

View 19 Replies View Related

Cisco VPN :: ASA5510 7.2 - GRE Over IPsec / ASA And NAT-T?

Nov 20, 2011

I want to establish GRE over IPsec tunnel between four branch offices and head office. At branch offices, I have 1841 router with Advanced Security software. At head office, I have a ASA5510 7.2 as frontend with one public IP addres and 1841 router behind it in private address space. Since ASA is not supporting GRE tunnels, can ASA be endpoint for GRE over IPsec? If not, can ASA pass this tunnel to the 1841 router behind it, so 1841 would be logical tunnel endpoint? What should I pay attention? Should both ASA and every 1841 support NAT-T, or just ASA?

View 1 Replies View Related

Cisco Firewall :: Using SCP On ASA5510

Mar 14, 2011

We have to use scp on all of our network devices.  It worked quite well on our routers and switches but I can't seem to get it to work for the firewalls and IPS.  I enabled scp on my ASA5510 using the command "ssh scopy enable".  I also ensured that a rsa key was generated and that ssh ver 2 was enabled.  But I can't seem to locate the commands to actually have my firewall either copy it's configuration to a server or reach out to a server to pull down a file.  We are using IOS 8.2(1).

View 1 Replies View Related

Cisco Firewall :: ASA5510 Rdp With QoS

Mar 22, 2011

I have a customer who wants to prioritze rdp traffic throgh the firewall.I know that its port 3389, but outgoing traffic is a random port number.Any smart way to catch this traffic and get it in the LLQ ?

View 3 Replies View Related

Cisco VPN :: VPN Configuration On ASA5510 With Two WAN

Jul 9, 2012

how to configure IPSEC VPN, but unsuccessfully.At my office are two uplinks - LAN and Backup, both are connected to ASA5510 (with static IP) and I would like to create ipsec to data center where I have another ASA5510 with one uplink.

View 7 Replies View Related

Cisco WAN :: ASA5510 And Multihop - BGP

Nov 28, 2010

It's my understanding the ASA5510 will do BGP but does it can handle multi hop -BGP?

View 1 Replies View Related

Cisco VPN :: Setting Up VPN On ASA5510?

Jan 19, 2012

Currently we are using a Windows 2003 Server with VPN Sever Role for VPN Access and my users use the built in VPN connection with Windows client. In the past few weeks we upgraded our router/firewall to CISCO ASA5510.
 
My understanding is that I get 1 or 2 VPN licenses with the Cisco ASA5510 and I would like to configure to test Cisco VPN access. My first question…when I configure the Cisco ASA5510 for VPN (Clientless or via Client), do I need to point the Cisco to my Windows 2003 Server with VPN role on it or the Cisco ASA5510 handles the VPN connection and access?

View 3 Replies View Related

Cisco :: ASA5510 Why ASA Doesn't Have Right Command

May 8, 2012

I would like to implement a zone based firewall on my ASA5510. Is ZBF possible on ASA? or is it strictly for routers? I know we've implementd ZBF using Sonicwall firewalls before. A little confused here as to why my ASA doesnt have the right commands.Maybe my version of ASA software is too old? It's 8.2 if i remember right.

View 11 Replies View Related

Cisco :: Migration From Asa5505 To Asa5510?

Jul 3, 2012

i exported config file from asa5505. i changed this file and i imported in my asa5510. can you tell me that config file allright

View 1 Replies View Related

Cisco :: Split Tunneling / ACL On ASA5510

Jul 16, 2011

I just moved our vpn over to using LDAP/DAP instead of the previous RADIUS we were using before. First of all, the group policy split tunnel is setup for Tunnel Network list Below Network list has a group of networks named "split-tunnel" setup with all of our internal subnets in it. Which seems to be working fine, users are hitting internal networks no problem.Where the issue lies is surfing the web while they are connected to the VPN.I think I know what one of the the issues are, I'm just not sure how to get around it. I have a proxy server setup that all domain traffic goes through say 10.20.30.40. That is obviously on our internal subnet. Our remote users has a policy on their laptops set to where if they can see/get to the proxy server then it pushes all traffic through there, however if they can not, it goes straight to the internet. That way they can still surf the web when they aren't connected to the domain network.

With the new DAP vpn policies, it seems as though they are trying to go through the proxy but failing so all http traffic is getting blocked on their computer as I can still ping say google.com...just can't open the web page.In my SALES-VPN access lists there isn't any acl that allows any traffic to 10.20.30.40(proxy server) so there isn't any reason their laptop would think it could get to it correct?I can't put an access-list SALES-VPN extended deny ip any any log critical at the end of the acl list because then it doesn't show up as an option to apply to the DAP since the acls have to be either permit or deny, not a mix.Also, if I just create an ACL access-list DENY-VPN extended deny ip any any log critical and apply it to the DAP *after* the SALES-VPN ACLs thinking all traffic would flow down as in go through all the permit acls first, and then hit the deny acl after, it just blocks all traffic.It almost seems that some traffic that isn't specifically being permitted by the permit acls is still getting through which is obviously not wanted. However, if I try to rdp into a server that isn't specifically permitted in the SALES-VPN acls it doesn't work so I'm kind of at a loss..

View 5 Replies View Related

Cisco VPN :: ASA5510 - Possible To Transfer Licensing?

Mar 18, 2013

I currently have an ASA 5510, and a ASA 5505 both configured with VPN and TLS licensing.I would like to migrate to a pair of ASA 5525-X, would it be possible to transfer the licensing or would I need to re-purchase?

View 4 Replies View Related

Cisco Firewall :: ASA5510 - IOS Upgrade From 8.0(3) To 8.2.5

Sep 13, 2012

we have ASA 5510 which we need to upgrade from 8.0(3) to 8.2.5. can we directly switch to 8.2.5 from 8.0(3) , if not what all versions we need to go from.
 
What all point needs to check before that following is show flash output.
 
97  14635008   
Jan 01 2003 14:12:16  asa803-k8.bin   98  4096 
May 14 2008 21:22:10  tmp    2  4096
Apr 20 2008 02:21:46  log    6  4096
Apr 20 2008 02:22:16  crypto_archive   99  6851212
[Code] .....

View 4 Replies View Related

Cisco WAN :: Throttling Traffic Through ASA5510

Apr 17, 2013

Although this is not a common issue, we have experienced occasions where our internet utilization has been maxed out (slowing everyone else down). Utilizing some features in the ASA, such as Top Usage Stats, along with PRTG monitoring,  have always tracked the culprit down to being a single user -- be it someone downloading movies to a portable device, or downloading ISO's. (And for some strange reason it seems to always be a wireless user.)  We are using an ASA 5510 for our firewall, and I was wondering if its possible to prevent a single client from consuming a disproportionally large percentage of our internet bandwidth? If the ASA 5510 doesn't have the ability to do this on it's own, are there any recommendations for add-on solutions?

View 1 Replies View Related

Cisco Firewall :: ASA5510 Allow Traffic From DMZ To LAN

Sep 18, 2011

My device has 3 interfaces configured: inside, outside, DMZ.  Right now I can access the DMZ from the Internet and I can access the DMZ from the LAN using an exempt nat statement.  I am having a few issues setting up DMZ > LAN access however.  The servers running on the DMZ need to send information to my LAN such as syslog traffic for example.  Will DMZ traffic be NATed or should this somehow be excluded?  Bascially all LAN devices should get to the DMZ devices by their actual IP and vice versa.  Are there any special statements I need to add to the ASA such as nat or ACLs to make this work?  My LAN is 10.10.6.0/24 and DMZ is 192.168.254.0/24.

View 1 Replies View Related

Cisco Firewall :: ASA5510 Cannot Seem To Get From Inside To Outside

Oct 20, 2011

I have a ASA 5510 with asa8.4(2) and asdm6.4(5)205.  Have a new basic config, nothing special at this time.  I just cannot seem to get from the inside to the outside.  From the outside interface I can ping, so I have a good Internet connection. [code]

View 3 Replies View Related

Cisco WAN :: ASA5510 LAN To DMZ Communication Not Working

Oct 12, 2011

I have created a new DMZ and a LAN on my ASA5510.My Ethernet DMZ port is connected directly to a server (192.168.220.10) This server is able to get to the internet properly.Gateway ASA router: 192.168.220.222..My Ethernet LAN port is connected to a L3 switch, This L3 switch is connected to a server (192.168.210.11). This server is able to get to the internet properly.My issues is that I cannot communicate from my 192.168.210.11 server to my DMZ server 192.168.220.10. From my 192.168.210.11 server I can ping my gateway 192.168.210.1 and 192.168.210.222. But I cannot ping 192.168.220.222. [code]

View 7 Replies View Related

Cisco VPN :: IPsec L2L VPN Between A ASA5510 And ASA5505

Jul 25, 2011

I have set up a IPsec L2L VPN between a ASA5510 and a ASA5505 which is working just fine.Every now and then our management station receives the following syslog message: Session disconnected. Session Type: IPsec, Duration: 2h:23m:23s, Bytes xmt: 3283338, Bytes rcv: 8637607, Reason: Phase 2 Error.I have already searched the forum for this message to exclude all the possible reasons for this message:
 
- the complete crypto maps are the same on both ends (lifetime, psk, pfs etc)

- the ACL's used in the crypto maps are exactly the opposite of each other

View 2 Replies View Related

Cisco VPN :: 837 Router To ASA5510 IPsec VPN

Mar 19, 2012

I have a 5510 running 8.42 code with multiple site to site tunnels coming into it.  Sites vary from ASA 5505's, 1841 and 1921 routers which all work perfectly.  That being said I think the ASA side is good.  I have an 837 running 12.4 code, Cisco IOS Software, C837 Software (C837-K9O3SY6-M), Version 12.4(5b), I'm trying to configure it for site to site VPN back to the ASA.  When I ping from the E0 interface I get the following debug output and nothing else.  I've made a lot of changes to no avail in getting closer to a successful configuration. [code]

View 1 Replies View Related

Cisco Firewall :: ASA5510 8.4 DMZ Cannot Get To Internet

Apr 24, 2012

WE have a DMZ on ASA5510 8.4, it can access anything internal  interface but cannot get out to internet or outside interface. I try to ping from a host in the DMZ to 8.8.8.8 and get this in the log 6Apr 25 201208:24:431100038.8.8.80172.10.1.1501Routing failed to locate next hop for ICMP from outside:8.8.8.8/0 to inside:172.10.1.150/1. [code]

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved