Is blocking echo request to prevent ping sweep the same as having a firewall in stealth mode? And how could someone ping sweep from outside if you had a firewall at all?
View 3 RepliesI'm having problem getting ICMP echo monitoring on outside interface to work. I've set: icmp permit host monitoring_station_adress outside but I still get:
%ASA-3-313001: Denied ICMP type=8, code=0 from monitoring_station_adress on interface outside. I'm trying to directly monitor ip on ASAs interface outside.
I have access-group tied to "in" direction on interface outside. Do I still have to put "permit icmp" rules despite the fact that icmp permit outside command is set?
We are running CiscoPrime LMS 4.1 and I have a problem with PingSweep in Device Discovery. Our company's branches connect to the main site through GETVPN. Discovery through CDP, Routing Table and ARP cannot be used based on the document written by Joseph Clarke [URL] and which is extremely useful. So the only available option is PingSweep.
The loopback interfaces of all the remote GETVPN devices are in the same IP range, so this was configured in Module Settings --> Ping Sweep in the Discovery.
Unfortunately none of the devices get discovered, even though there is icmp connectivity from the server to the loopbacks.
We are testing a new 1Gbps WAN circuit between 2 sites. We have cisco 3750 and 4507 on each end. Every time we run extended ping sweep ranging from 36 to 18024 bytes the packets are being dropped randomly once the size goes above 1500 bytes. Our ISP claims Demark to Demark test are clean and they don't want to acknowledge the problem, they blame our switches. To prove the problem is not on our end we've put different switches at each end, still facing the same issue. Ping success rate is around 98 to 99 percent.
View 11 Replies View RelatedMy IPTV connection works fine so far but as soon as I start watching TV I can't use my WiFi connection anymore. My router is an "Alice Modem 1121" (SIEMENS S1621-Z220-A) with 4 LAN ports and a WiFi interface (4th LAN port provides the IPTV). It is directly connected by wire to my PC's ethernet card for the IPTV and the internet is provided via the WiFi. When I activate the LAN connection the WiFi and internet connction stays up and requests can be sent but nothing returns anymore. Another device (iPod) has no problems with accessing the internet while IPTV is in use. I also have a Netgear WNR1000v3 router which I tried to use as AP instead but it's exactly the same problem. Unlucky the Netgear router is not supported to use dd-wrt firmware yet (I've found a step by step guide to prevent multicast floods with dd-wrt/ebtables). But maybe the Alice Modem can handle this problem on its own. I read some stuff about VLANs and splitting them but I have no clue how that would look like.
The "nas_0_1_34" is for the IPTV.
The problem that I am facing is while accessing internet.I have replaced the LAN card also. It sends request but receives nothing. The cable line is also working fine
View 5 Replies View Relatedi am using asa5540 with 7.0(8). firewall was configured in transparent mode.
now i am looking for block ip phone communication from site to site and head office. i am using cucm 7.1.2b.
all site was connected through ofc. no nat was using.
I have an RV082 (running 2.0.0.19-tm) set up as the gateway to the Internet on my home LAN, and connect to it through several switches / hubs around my house. Randomly, and from various connections around the house (which are all plugged in to different ports of the RV082), a Web request will fail to load, giving a "Server not found" error in the browser. When I look at the log in the RV082, it says, "Connection Refused: Policy Violation".
It seems to be just blocking the DNS requests - everything else appears to go through normally. For example, I get the message "Looking up domain name.com" in the bottom corner of the browser and the request fails, displaying the Mozilla "Server not found" error page. When I click the "Try Again" button the page, it goes through just fine and everything works.
I don't have any services running behind the firewall, and do not use the VPN settings. Here are my current firewall settings:
Firewall : Enable
two 6509 chassis with VSS configuration.One of those chassis have one FWSM installed and the configuration is like this:
Switch: firewall multiple-vlan-interfacesfirewall switch 1 module 3 vlan-group 1firewall vlan-group 1 3-5,7,8,10,200 interface Vlan200 ip address 10.50.50.1 255.255.255.252end
I am not receiving icmp replays from the fswm interfaces if i try to ping 172.20.80.1 from 10.50.50.2.I do not see any debuging info in the logsI successfully ping 10.50.50.2 from the inside networks int the cat6500, but int the network 172.20.80.0, can not ping 10.50.50.2.
I have a strange issue where the first ping always times out, but the following goes through fine.I have Cisco877 and connection to the internet is fine. I connect a PC to one of the Fast Ether ports and I am able to ping the router without any issues. However, the moment I ping an external website [URL], the first ping request fails. after that the following request come through quickly.
View 24 Replies View RelatedI have 2 modules of FWSM in 6500 switch (failover). I need 5 context. When I use in routed mode (like in the picture) , I cannot ping the servers behind the firewall. (I have ping to FW context) In transparent mode, it is not happening.
View 1 Replies View RelatedCurrently in my office have a TPlink wireless router (WR1043N), and Dlink 615 router.Below is my office's network organization.Internet-->TPLinkRouter(192.168.2.0)-->DlinkRouter(192.168.0.0)We want to host a demo website but we are afraid our network being attacked. So we wish to implement a DMZ network to hide our internal network from outside. My question is can i setup a dmz network with the above capabilities by using home routers?
View 5 Replies View RelatedI have a Cisco 1801 Router, but whenever there is anything plugged into the integrated 8 port switch for example two computers, I cannot get them to ping each other. All of the ports are on the same vLAN.
I am a Cisco newbie, so sorry if this question/query is really basic. Is there anyway I can test the integrated switch to see if it is faulty.
I have ASA 5510 with soft version 8.4(5) installed. There are two interfaces:
IP 1.1.1.1/24 - inside
IP 2.2.2.1/24 - outside
I have configured PAT, so network 1.1.1.0/24 gets NATted to 2.2.2.2 address. Everything works fine, except I can't reach 2.2.2.2 via ICMP from the internet.
X.X.X.X 2.2.2.2 Deny inbound icmp src OUTSIDE:X.X.X.X dst OUTSIDE:2.2.2.2 (type 8, code 0)
But I have configured an access list allowing ICMP from any to any: access-list outside_access_in extended permit icmp any any
Thus address 2.2.2.1, which is binded to outside interface itself, is perfectly reachable via ICMP.
I've got two questions:
1) Is there a way to fix it? It will be handy for diagnostic purposes.
2) is it possible to configure the secondary IP address on the interface on ASA? I've read, that there are some complications.
i am having a very wierd problem with my current internet connection , Its wired and while accessing websites seems just fine .. Accessing ANY program on the PC that requires internet does not work .. Examples of those can be steam/origin/any messenger/skype/teamviewer/teamspeak and the list goes on.. They all act like i dont even have an internet connection. I tried pinging in CMD by using Ping Google and i always get a request timed out .. I have also tried tracert Google and after the three * * * Its always a request timed out as well.. I have no idea whats causing and its pretty annoying as i mainly use the internet for skype and steam, Also on a side not this is not a problem with my laptop as i tried connecting to some random unprotected network that was near me and it worked fine
View 5 Replies View RelatedI'm trying following this for setting up 2 routers: [URL]I see the 1.1 is able to ping 1.2 but 1.2 is not able to ping 1.2 why?
View 4 Replies View RelatedI'm using the cisco 837 router as my VPN server. I get connected using Cisco VPN Client Version 5. But when I ping the router ip, i get request timed out. Here is my configuration :
Building configuration...
Current configuration : 3704 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
[Code]...
In order to meet our requirements we had to configure PAT for TCP 80 on 2 external IP addresses to one internal IP in DMZ. TCP port 80 is being translated for both external IP addresses and it works as expected. However, since we have migrated to ASA both external IP addresses don't respond to ICMP echo requests generating following error:
%ASA-3-106014: Deny inbound icmp src outside:<Source IP> dst outside:<Destination IP> (type 8, code 0)
Previously we have been using Cisco router to achieve the same objective and it worked well.I have noticed that when I add "same-security-traffic permit intra-interface" to a configuration the message mentioned above stops appearing in a logs.
As far as I can tell ASA sends packet back through outside interface, despite the fact that appliance advertises its mac address in response to arp request for the same external IP address.Is there any way to make ASA realise that it should respond to ICMP echo requests on external IP addresses that have forwarding setup?
I do realise that ICMP would work in 1-to-1 NAT scenario, but we can't apply 1-to-1 NAT for 2 external IP addresses to point to one internal IP address.
I have a E2000 router/access point. I am able to connect 3 laptops, 1 smartphone and 1 printer wirelessly to the access point. All computers and smartphone can access the Internet. The problem is that none of the devices can connect with each other and thus cannot print. I can ping the router, no problem. Get "request timed out" message when trying to ping from one device to the other. Router firmware is 1.04
View 4 Replies View RelatedI have 5 Static Ip pool all IPs are working fine. I have deploy a IIS Server on Windows2008 and configure the Static IP on that server. earlier it was working fine . but since last month the IP is not pinging from Out Side but internal IP Pool its working. I have checked the SERver firewall and another Setting is Ok. if i changed the Ip from the server the new IP is also not pinging.
View 1 Replies View RelatedCan your wireless router do a ping test to 66.161.11.90 [URL] or any other [URL] for that matter?Mine can't, either with my wireless PB G4 running OS X 10.4 or wired Dell running Windows XP. I tried it with a wrt54g v5 & wrt54g v6 both tests got a 'request timed out' with 100% packet loss. v5 had the latest firmware, v6 is still at 1.00.9
View 3 Replies View RelatedA while ago internet access was slowed right down for an hour or so. I have a phone line that comes into the house and then into gateway (10.0.0.2) then ethernet from that to linksys wifi router (192.168.1.1). So I did the following ping and repeated what you see below a few times to see that these results were broadly consistent, which was the case. One other person is connected to linksys via ethernet cord and they might have been on at the time. Questions are.... are these results consistent with contention caused by other user on the linksys? and why can I ping gateway but not the router? That makes no sense to me! I am not annoyed with the other person if he is hogging the network...I like him. I just wonder whats going on. When the internet works results from pinging are all as one would expect
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Documents and SettingsNASA>ping 192.168.1.1
[Code].....
I have a wired desktop PC (HP dx2480) running XP SP3 connected to a LinkSys Wireless 4-port router, and a laptop (Lenovo X61) running XP SP3 connected wireless to the same home network (192.168.0.x). The LinkSys connects by cable to a DSL router for internet access. Both PC and laptop get DHCP IPs from the Linksys (which I have hard-coded - mapped MAC to IP). They are on the same Windows Workgroup "HOME". Both Desktop and Laptop have same Windows User Logins. My desktop had a virus attack (trojan), which I removed and re-installed XP SP3 (from HP disks). Since then the PC seems to have "network sharing and discovery issues" on the network.
- The wired PC CAN ping the laptop, but laptop CANNOT ping PC.
- Both laptop and PC CAN access the internet.
- The laptop and PC COULD NOT see each other on Windows Workgroup, or see shares. This got resolved once I added IPX/SPX/NetBios Protocol on both the wired and wireless NICs on both PC/laptop respectively. NOTE: Before adding this protocol, I double-checked that File-Printer Sharing was enabled on both NICs, Windows Firewall had File-Print Sharing as exclusion. I tried everything including disabling firewall on both, disabling McAfee scanning on both, disabling Firewall on Linksys, but nothing worked.
- The laptop CAN see the NAS (Seagate GoFlexHome - connected by cable to LinkSys) using Seagate Dashboard software and direct IP. The PC CANNOT access the NAS using the Dashboard software but CAN access through direct IP. The NAS is named "goflex_home", which both can discover as \goflex_home from explorer.
- The laptop CAN see ITunes Home Share from a NAS, but the PC CANNOT see any home shares on the NAS (or from the laptop). I even added Home Sharing TCP/UDP ports as exceptions on the Firewall on the PC, but it still doesn't work.
- Some blog checking the node type on IP addresses given by DHCP. The laptop has Node Type "Hybrid", and the PC has "Unknown". I even went to PC regedit.exe and modified the and Change EnableProxy to 0 or 1 (instead of 2 that was in the PC as default).
- I have used SG TCPOptimizer on both laptop and PC to revert to Windows default?
when I try to connect a laptop to the wi fi it won't connect because the connection has changed from home network to public and sometimes unidentified network . I can get it connected by momentarily unplugging the router and rebooting it , then pressing connect button and it will revert to home network and things are ok . It is a netgear DGN1000 and I tried another router same make and model, same problem. I use an ethernet cable on my desktop no problems.there's 3 laptops come in to occasional use and it's happened to them all . My early attempt was microsoft's fix for sticking in public mode . It is windows 7 pro on the laptops , ultimate on desktop?
View 4 Replies View Relatedi have a new smc router and my local ip address and remote ip addresses are very similar. The remote ip address is updating my dns server but i am unable to ping it. Its something like 122.61.xxx.1 ?
View 8 Replies View RelatedI decided to buy myself a DIR-615 Wireless N 300 Router, its wireless performance is thus far very stable and strong. This router factory firmware loaded is 5.10 HW: E3.I never use Router features like SPI and DoS Protection, and I always use DMZ for unrestricted filtering, I use a software firewall for protection and monitoring traversing packets.
The problem is, D-Link does limited filtering over DMZ, I�m not use to seeing this with other popular router brands, I�m not happy with this implementation of DMZ. Now what�s worse, the Router (not the computer set on DMZ) itself is responding to different TCP stealth scans like TCP NULL, XMAS, FIN.How to correct this without enabling protections like SPI, so the Router won�t respond nor drop these types of packets when a computer is set on DMZ.
I've run into an odd problem - I have connected two 2960s together with copper on FastEthernet interfaces, and STP on the new switch immediately puts that port into blocking mode. I don't understand why this would be, since there is only one connection between the two, in fact, there is only one connection at all on the switch that is blocking.
View 6 Replies View RelatedI live in a shared flat. And all 20 rooms are connected to this switch I believe. Is there any method to prevent the landlord/tech guy monitoring our internet activity (e.g. bandwidith activity, websites we looked at, etc.
View 5 Replies View Relatedhow to prevent one network fro accessing another network by iptable
View 1 Replies View RelatedMy wife is moving into an apartment complex for school and she has a Brother HL-2270DW printer. Since she only has a laptop and moves around the apartment, I would like to use the wireless on the printer. Unfortunately, the internet for the building is just through wireless APs. I have the printer installed on the network, but my concern is that anyone can just search for network printers and install it. While printing on it won't be useful for them, it could be a good way to waste her paper/toner. Is there a way to prevent users from installing it without being able to change the router settings? I did not see any option in the web configuration.
View 3 Replies View RelatedI have a Thomson TG585 v7 router which is in bridge mode. I also have a NetGear DGND3300v2 router which I would like to connect to the Thomson (eventually I will purchase a switch and connect another device along with the NetGear). The problem is that the NetGear only has 4 LAN ports and no WAN ports, which I assume you would need to set this up.
View 4 Replies View Relatedi just need to know is is there any way to prevent network from MACflap.The best way will be when switch will disable the interface where the macflap was detected.I need to set this security feature on 2960s.
View 7 Replies View RelatedRegion : Others
Model : TD-W8968
Hardware Version : V1
Firmware Version : 0.6.0 1.1 v0005.0 Build 120926 Rel.27100n
ISP : Telkom
I haven't played with network and firewall configs for a number of years now, but I want to configure my new TD-W8968 to block all unsolicited internet traffic/hacks.