10.6.8 can ping /trace but no connection online
hi there i was using my macbook this morning and closed it all down and went out all day, came home powerd up my macbook pro again and none of my online services worked (dropbox, skype, google drive) then i tried to collect my email and the same, so i thought i would try the browser same..
so i fired up terminal and stated pinging the outside work (www.bbc.co.uk) i got good healthy pings back so i decided to do traceroute and that was the same, mmm i thought...
so i pinged the default gateway on my router the same all good and then the same again with the dns servers still the same ... so i disabled my wireless connection and fired up the my other dektop mac and tested that that's working fine... then i connected a ethernet cable to my macbook same thing i can ping /trace ok but i can not get and outside connection. very strange so i thought i know i will chnage the dns servers to google 8.8.8.8 and 4.4.4.4 same thing mmmm so i fired up disk utility and checked the permissions all fine... so if my other mac is working fine and this one is not ok i though i will create a new user account on the macbook and test that nope still the same.. *scatchers chin* so i opend terminal again and ran these commands "sudo killall mDNSResponder" and also this one sudo "dscacheutil -flushcache"
Nope nothing seems to work i have rebooted and ran the latest combo update to see if that repairs anything no nothing i am at a loss now, i really need my macbook working on the old back up desktop is a nightmare and i have the feeling that i will have to start backing everything up and reinstalling LONG JOB!
i would appriciate any advice or pointers that you can give me to fix this and get it working before i have to reinstall it
thanks
tim
one thing i have just tested i can copy files from my mac desktop to my macbook fine mmm!
Similar Messages
-
Cisco ASA 5505 can ping gateway but can't ping internet
Good day to all!
Sorry if I post this on the wrong group, I am having a bit of a problem on configuring an ASA 5505 firewall. And I scoured google but can't seem to find a specific link to my issues.
It is on a routed mode, have successfully configured inside and outside vlans. Hosts inside vlan can ping each other. Hosts on outside vlan can also ping each other. Problem is, when I am pinging 8.8.8.8, I received ????? Please see config below.
Any help greatly appreciated.
TIA!
: Saved
ASA Version 8.4(3)
hostname ciscoasan
enable password bD3fGYMFeJJTATOJ encrypted
passwd 2KF1w9ErdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
description INSIDE
nameif inside
security-level 100
ip address 10.10.10.2 255.255.255.0
interface Vlan2
description OUTSIDE
nameif outside
security-level 0
ip address 203.127.68.2 255.255.255.240
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
access-list outside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
object network obj_any
nat (inside,outside) dynamic interface
nat (inside,outside) after-auto source dynamic any interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 203.127.68.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.10.10.0 255.255.255.0 inside
http authentication-certificate inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 10.10.10.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:6b3e0ce99eda3d2563cf9f392f8001b7
: endHi badingdong,
Remove these lines:
no nat (inside,outside) after-auto source dynamic any interface
no access-group outside_access_in in interface outside
If you have more inside subnets need access to internet, please make sure that you have a static route in place as shown below.
route inside 10.0.0.0 255.0.0.0 10.10.10.1
Also make sure that you have a correct DNS server is assigned on your internal hosts.
Thanks
Rizwan Rafeek -
Workstations can ping servers, but servers cannot ping workstations
We are setting up a new network using two Dell servers, one T420 and the other T320, both which are running Windows Server 2008 R2. Upon setting up the domain, we have come to find out that all workstations can ping the terminal and domain controller but
the servers cannot ping the workstations. Also the workstations will not stay on the domain, they change back to unidentified network upon restarting. Any help would be great, Thanks in advance.1.Make sure that each server has static network settings. Do not use DHCP to configure the network settings of your servers. Also make sure to provide exclusions for the range of static addresses for your servers.
2.DC should have its own address as primary and 127.0.0.1 as secondary (assumes single DNS server)
3.Make sure that a domain controller providing DNS services is up and running when any computer reboots. If single DC it may take 5 minutes or more for DNS to start up when rebooted. (always best to have at least two DC's for redundancy / disaster recovery)
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
Wireless connection setup with no problem for printing (static IPs all around with WEP). Opened port on CA firewall but not on router(?) Can print across wireless network but cannot connect to web services. Thinking that I need to enter DNS(s) but cannot find anywhere to enter them.
Hi,
Open your browser and type in the ip adress of your printer. This will bring you to an internal page of the aio. On the networking tab you shouild be able to set your dns.
Say "Thanks" by clicking the Kudos Star in the post that helped you.
Although I work for HP my posts and replies are my own
Please mark the post that solves your problem as "Accepted Solution" -
WRT54GL - ruter can ping/trace LAN no access (solved?)
Hi. I encountered a strange problem today, resulting in my computers going offline. They could still talk to the ruter and would get valid ips/etc, but no internet. (tracert www.google.com would fail, no ping, etc) The ruter, however, could trace and ping everything out there. My computers also had working internet with the ruter disconnected. I searched this forum and found that lots of ppl had similar problems on WRT54G version, and that apparantly downgrading to a previous firmware version would help. ( i had the latest firmware ) I could not find it, but i googeled some and found an article with some open source firmware: http://www.extremetech.com/article2/0,1697,1934574,00.asp I downloaded and installed this firmware: http://www.thibor.co.uk/ Did factory reset after installing. Not only did it solve my problems, but the firmware is superior to the stuff that came with the ruter. I do hope that this can be of some use to someone out there wanting to strangle or kill the two horned ruter right now
Its working now.. just had to remove the '!' (exclamation mark) from
gateway="default gw 192.168.1.1"
ROUTES=(!gateway)
I think that it was added by the gnome-network-manager app. -
WRT54G can ping internet, but connected devices cannot.
When I do a factory reset of our WRT54G router and configure it for our setup, everything works fine for a while (undetermined, random amount of time). We use it primarily for wireless access, and connect an iphone, ipad, mac, pc devices to it with no problem and can access the internet fine.
After some period of time, all devices can still connect to the WRT54G via wireless, but cannot access the internet either by browser or ping/tracert commands. Meanwhile, the WRT54G diagnostics can successfully perform pings and tracerts to both IP address and URLs (so DNS *is* working fine)
I connected a computer to the WRT54G via cat5 cable while the wireless devices could not access the internet, and the wired computer could *not* access the internet either. However, from the admin section of the WRT54G we could ping/tracert with no problems.
Any ideas what causes this to drop and what we can do (other than factory reset) to fix it, and perhaps to prevent it?
..Rick..This isn't a home setup. My wrt54G is connected to a DMZ switch which is connected to our gateway router and then out to the 100mpbs pipe.
All of our LAN is working fine, and as I mentioned in the original post, the WRT54G can always ping an external site (both via URL and IP address), as well as being able to do a traceroute.
When the connected devices can no longer get to the internet through the router, the router can still do the pings and traceroutes, so I conclude that there is no interruption in internet service. It stops at the WRT54G. It always accepts wireless connections. -
I cannot connect to my new google+ account using Firefox 6. When I try to access google+ I get a message that I need to update Firefox, which I have done twice. I can access gmail and everything else that google has to offer - I think. Please help.
Thank youOpen System Preferences > Network > Advanced > Proxies
Deselect any checked boxes on the left then click OK.
If none of those boxes were selected, it might be a Safari extension causing the proxy dialog.
From the Safari menu bar click Safari > Preferences then select the Extensions tab. Turn that OFF, quit and relaunch Safari to test.
If that helped, turn one extension on then quit and relaunch Safari to test until you find the incompatible extension then click uninstall. -
IPad can see wifi but no connection
iPad2 wifi can see network and tick against it. However, Safari con not open page and just hangs. Anyone have any idea please. Iphone works fine on same wifi.
Many thanks.A few more things that you can try.
Turn WiFi off - restart the iPad - turn WiFi on again and then try to connect again. Restart the iPad by holding down on the sleep button until the red slider appears and then slide to shut off. To power up hold the sleep button until the Apple logo appears and let go of the button. Try to join again.
Go to Settings>General>Reset>Reset Network Settings. Then select your WiFi network again and try to join again.
Go to Settings>WiFi>Tap on the arrow next to your network name and then tap on Forget this Network in the next window. Then back out of the setting and go back to WiFi and let the iPad find your home network and then tap on the network name and try joining it again.
Do the same thing as above except don't tap on Forget this Network - tap on Renew Lease at the bottom. -
The drive is a Lacie 4 tb model. 2 (2) tb drives, cofigured raid 0.
Please follow these instructions:
Lion: Connecting to legacy (pre-Lion) AFP services - and Mac OS X (server):
https://discussions.apple.com/thread/3258472 -
Airport card can see networks but can't connect all of a sudden
I have an older MacBook running 10.6.8 (snow leopard) and it's been working fine. All of a sudden, it can see networks, but cannot connect. I get an alert with an exclamation point and "no Internet connection". My iPad can connect just fine; same network, same location as usual, so I know it's not an issue with the network/router (my husband's computer works fine as well). If my airport card went, I wouldn't be able to see any networks at all, right? Is there anything I can do? My AppleCare has run out, due to the age of my computer and I don't want to put hundreds into fixing it, either (nor can I afford it). Has anyone had this happen? Any suggestions? Thanks!
Hello sarcastabtch,
The following article should be helpful in restoring your internet connection via WiFi.
Wi-Fi: How to troubleshoot Wi-Fi connectivity
http://support.apple.com/kb/HT4628
Cheers,
Allen -
Zimbra Server - can receive email but not send
I need to connect to a Zimbra Server for secure email - I can receive email but not connect. I get a connection refused error for sending email.
I am using a G4 mac, Mac Mail, OS X 10.4.11, AT&T dsl service.
Can anyone tell me what settings need to be changed to make the connection for outgoing email?
Thanks!
JohnI don't have a Zimbra server to try to connect to, but I see directions for setting up Zimbra for Mac's Mail elsewhere, like near the bottom of this page...
http://its.lafayette.edu/help/email/zimbraclientupdate
I see this one uses Port 465, which is different than the last one I checked. -
I can Ping FW inside interface but can not connect to remote resources
dear all
i configer my asa 5520 through ASDM to enable VPN Connection , i follow the cisco steps and it works fine and the anyconnect version 3.1 in Windows 8 - one day troubleshoot for this point only - can connect and have an IP address from the range , but i have something wrong in NAT may be because all guides talking about old ASDM ( NAT Exempt) but i am confeused to apply it on the new ASDM.
i can ping the inside interface from my labtop which using anyconnect , but i can not access anything else inside my network
Please anyone has a solution , please describe it using ASDM , thanks for help
This is my configuration
interface GigabitEthernet0/1
description
nameif SRV_ZONE
security-level 50
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/2
description
nameif TRUST_ZONE
security-level 100
ip address 172.17.200.1 255.255.255.0
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif MGMT
security-level 0
ip address 10.10.10.1 255.255.255.0
dns server-group DefaultDNS
domain-name xxx.xxx.xxx
object network obj-192.168.1.11
host 192.168.1.11
object network obj-xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object service obj-tcp-source-eq-25
service tcp source eq smtp
object network obj-192.168.1.12
host 192.168.1.12
object network obj-xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object service obj-tcp-eq-25
service tcp destination eq smtp
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-0.0.0.0
host 0.0.0.0
object network obj_any-01
subnet 0.0.0.0 0.0.0.0
object network obj-172.17.8.8
host 172.17.8.8
object network obj-172.17.0.0
subnet 172.17.0.0 255.255.0.0
object network obj_any-02
subnet 0.0.0.0 0.0.0.0
object network obj_any-03
subnet 0.0.0.0 0.0.0.0
object network obj_any-04
subnet 0.0.0.0 0.0.0.0
object network obj_any-05
subnet 0.0.0.0 0.0.0.0
object network obj_any-06
subnet 0.0.0.0 0.0.0.0
object network obj.172.17.8.115
host 172.17.8.115
object network obj.xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object service http
service tcp source eq www destination eq www
object network obj.xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object service https
service tcp source eq https destination eq https
object service newservice
service tcp source eq pop3 destination eq pop3
object network mail
host 172.17.8.8
description mail
object network 192.168.1.11
host 192.168.1.11
description smtp
object service smtpnew
service tcp source eq 587 destination eq 587
object network VPN_RANGE
description VPN ACCESS RANGE
object network VPN_PoOL
subnet 172.17.16.0 255.255.255.0
description vpn
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.1.11
network-object host 192.168.1.12
object-group network Eighth_Floor
network-object 172.17.8.0 255.255.255.0
object-group service WEB_SERVICES
service-object tcp destination eq www
object-group network ENT_SERVERS
network-object host 192.168.1.11
network-object host 192.168.1.1
object-group network DM_INLINE_NETWORK_2
network-object 172.17.200.0 255.255.255.0
network-object 172.17.8.0 255.255.255.0
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
port-object eq https
port-object eq smtp
object-group service web tcp
port-object eq www
port-object eq xxx
port-object eq ftp
port-object eq xxx
port-object eq xxx
object-group service xxx_Web_and_Email
service-object object http
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 172.17.0.0 255.255.0.0
access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 any
access-list justice_splitTunnelAcl standard permit 10.100.100.0 255.255.255.0
access-list xxx-VPN_splitTunnelAcl remark vpn
access-list xxx-VPN_splitTunnelAcl standard permit 172.17.16.0 255.255.255.0
access-list xxx-VPN_splitTunnelAcl standard permit any
access-list cap extended permit tcp any host xxx.xxx.xxx.xxx eq smtp log
access-list cap1 extended permit tcp host 192.168.1.11 any eq smtp
access-list SRV_ZONE_nat_outbound extended permit tcp 192.168.1.0 255.255.255.0 any eq smtp
access-list SRV_ZONE_nat_outbound extended permit ip host 192.168.1.11 any
access-list TRUST_ZONE_access_in extended permit ip host 172.17.88.108 any
access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_2 10.10.3.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.10.50.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit ip 172.17.8.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit ip 172.17.200.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit ip 172.17.0.0 255.255.0.0 host 192.168.1.12
access-list TRUST_ZONE_cryptomap extended permit ip xxx.xxx.xxx.xxx 255.255.255.248 any
access-list outside_access_in extended permit tcp any host 192.168.1.11 eq smtp
access-list outside_access_in extended permit tcp any host 172.17.8.8 eq www
access-list outside_access_in extended permit tcp any host 192.168.1.12 object-group web
access-list outside_access_in extended permit tcp any host 172.17.8.8 eq pop3
access-list outside_access_in extended permit ip 172.17.16.0 255.255.255.0 any inactive
access-list vpn remark vpn
access-list vpn standard permit 172.17.16.0 255.255.255.0
pager lines 24
logging enable
logging trap informational
logging asdm informational
logging host TRUST_ZONE 172.17.8.100
mtu INT_ZONE 1500
mtu SRV_ZONE 1500
mtu TRUST_ZONE 1500
mtu MGMT 1500
ip local pool VPN_POOL 172.17.16.100-172.17.16.254 mask 255.255.255.0
ip verify reverse-path interface INT_ZONE
ip verify reverse-path interface SRV_ZONE
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any SRV_ZONE
icmp permit any TRUST_ZONE
asdm image disk0:/asdm-635.bin
no asdm history enable
arp timeout 14400
nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.11 obj-xxx.xxx.xxx.xxx service any obj-tcp-source-eq-25
nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.12 obj-xxx.xxx.xxx.xxx
nat (SRV_ZONE,INT_ZONE) source dynamic obj-192.168.1.0 interface service obj-tcp-eq-25 obj-tcp-eq-25
nat (INT_ZONE,SRV_ZONE) source static any any destination static 192.168.1.11 obj-172.17.8.8 service obj-tcp-source-eq-25 obj-tcp-source-eq-25
nat (TRUST_ZONE,INT_ZONE) source static VPN_PoOL VPN_PoOL destination static VPN_PoOL VPN_PoOL
object network obj_any
nat (SRV_ZONE,INT_ZONE) dynamic obj-0.0.0.0
object network obj_any-01
nat (SRV_ZONE,MGMT) dynamic obj-0.0.0.0
object network obj-172.17.8.8
nat (TRUST_ZONE,INT_ZONE) static xxx.xxx.xxx.xxx service tcp www www
object network obj-172.17.0.0
nat (TRUST_ZONE,SRV_ZONE) static 172.17.0.0
object network obj_any-02
nat (TRUST_ZONE,INT_ZONE) dynamic interface
object network obj_any-03
nat (TRUST_ZONE,SRV_ZONE) dynamic interface
object network obj_any-04
nat (TRUST_ZONE,INT_ZONE) dynamic obj-0.0.0.0
object network obj_any-05
nat (TRUST_ZONE,SRV_ZONE) dynamic obj-0.0.0.0
object network obj_any-06
nat (TRUST_ZONE,MGMT) dynamic obj-0.0.0.0
object network obj.172.17.8.115
nat (TRUST_ZONE,INT_ZONE) static obj.xxx.xxx.xxx.xxx service tcp www www
object network mail
nat (TRUST_ZONE,INT_ZONE) static obj-xxx.xxx.xxx.xxx service tcp pop3 pop3
nat (TRUST_ZONE,INT_ZONE) after-auto source static obj-172.17.8.8 obj-xxx.xxx.xxx.xxx service https https
access-group outside_access_in in interface INT_ZONE
access-group DMZ_access_in in interface SRV_ZONE
access-group TRUST_ZONE_access_in in interface TRUST_ZONE
route INT_ZONE 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
route TRUST_ZONE 10.10.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 10.11.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 10.12.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 10.13.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 172.17.0.0 255.255.0.0 172.17.200.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
http server enable
http 172.17.8.0 255.255.255.0 TRUST_ZONE
http 172.17.8.155 255.255.255.255 TRUST_ZONE
http 172.17.8.45 255.255.255.255 TRUST_ZONE
http 10.10.10.2 255.255.255.255 MGMT
http 192.168.1.12 255.255.255.255 SRV_ZONE
http 0.0.0.0 0.0.0.0 INT_ZONE
http 172.17.200.0 255.255.255.0 TRUST_ZONE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map pol 1 match address TRUST_ZONE_cryptomap
crypto dynamic-map pol 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map INT_ZONE_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map TRUST_ZONE_map0 1 ipsec-isakmp dynamic pol
crypto map TRUST_ZONE_map0 interface TRUST_ZONE
crypto map INT_ZONE_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map INT_ZONE_map0 interface INT_ZONE
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn SEC-xxx-FW1
subject-name CN=SEC-xxx-FW1
no client-types
proxy-ldc-issuer
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment self
subject-name CN=SEC-xxx-FW1
keypair sslvpnkeypair
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 31
57f4e52e 6b851966 77515d62 c209a0df 1c32ce94 bb90cbce 497cfd04 6745ea85
efb75f85 2ae1ad35 344d94ab 915e01ab d3292626 ac697a52 b4ed6632 d3ed2332 ae
quit
crypto ca certificate chain ASDM_TrustPoint1
certificate e6054352
c64f3661 30f14c3d 06b5f039 9f14560d 3b154fd1 42782268 7531689e 8e547d91
85e88415 e326f653 74733a6c a3f5c935 f7e83f56 f6
quit
crypto isakmp enable INT_ZONE
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 INT_ZONE
ssh 172.17.8.0 255.255.255.0 TRUST_ZONE
ssh 10.10.10.2 255.255.255.255 MGMT
ssh timeout 5
console timeout 0
management-access TRUST_ZONE
vpn load-balancing
interface lbpublic INT_ZONE
interface lbprivate INT_ZONE
priority-queue INT_ZONE
tx-ring-limit 256
threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics host number-of-rate 3
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint1 INT_ZONE
webvpn
enable INT_ZONE
svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy xxx-VPN internal
group-policy xxx-VPN attributes
dns-server value xx.xx.xx.xx xx.xx.xx.xx
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value xxx-VPN_splitTunnelAcl
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol webvpn
group-policy GPNEW internal
group-policy GPNEW attributes
dns-server value 172.17.8.41
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
default-domain value xxx.xxx.xxx
address-pools value VPN_POOL
username VPNAM password xxx encrypted
username VPNAM attributes
service-type remote-access
vpn-group-policy xxx-VPN
tunnel-group xxx-VPN type remote-access
tunnel-group xxx-VPN general-attributes
dhcp-server 172.17.8.41
tunnel-group xxx-VPN ipsec-attributes
pre-shared-key *****
tunnel-group pol type ipsec-l2l
tunnel-group pol ipsec-attributes
pre-shared-key *****
trust-point ASDM_TrustPoint0
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
address-pool VPN_POOL
default-group-policy GPNEW
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
inspect pptp
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:78a941e3f509dec8f3570c60061eedaa
: endthanks god
i solve the problem
the problem is in NAT
i creat an object with the ip address host from VPN pool and name it vpn
then i do the nat from inside to that host as the following picture...
trust zone is the inside zone
vpn is the outside vpn host...
thanks and hope it helps anyone else... -
DNS Issues - Can ping server name and IPs but not FQDNs.
Hi All,
Hopefully some one can help me here, I am having an issue where one of my domain attached servers cannot ping any FQDNs in the environment but it can ping the host names and the IPs and look up the host names from a reverse look up.
We have done the following troubleshooting:
Flushed and registered DNS cache.
Restarted the DNS client and net logon services on the effected server
Preformed standard checks and commands such as:
Checked the event logs and found there were warnings for DNS registration.
Compared the DNS settings in the network adapters across the rest of the servers in the environment and found that they were all the same. DNS Suffixes are added in the correct order and are set to register.
Pinging FQDNs which is not giving any results.
Tracert FQDNs which is also not giving any results.
Nslookup which is querying the DNS server directly and giving results as expected
Ran the command which reported successful: dcdiag /test:registerindns /dnsdomain:sub.domain.net /v
Checked and updated the permissions on DNS for the affected server to give the server full control of its own DNS entry.
Replaced the DNS Client service DLL with one from a server that is working as expected.
Also worth noting is that the affected server (as well as every other server in the environment) has 2 NICs, one that communicates with DNS and AD and the other does not have any DNS IPs set.
Not this is not the first time this happened, a reboot fixed the issue before but it seems to be a reoccurring problem now.
If any one can shed some light on this issue I would be grateful.
Regards,
Steve.Hi Steve,
First, we should confirm if this issue is caused by DNS.
When you ping the FQDN, does the server show the correct corresponding IP address?
If no, there should be some error messages. If it is possible, please post the screenshot of this issue.
To check the process about how does server resolve the FQDN, please follow the steps below:
clear local DNS cache with command ipconfig /flushdns
perform the network capture
ping the specified FQDN
Check the DNS traffic
To download Network Monitor, please click the link below:
http://www.microsoft.com/en-hk/download/details.aspx?id=4865
Besides, have you tried to update the NIC driver to the latest version?
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Can't connect via Screen Share or Web Server, but can ping and ssh
Bit of an odd problem here.
My Mountain Lion Mac Pro (called "Trogdor" for convenience) is connected to my work university network. I can ping it from anywhere-- elsewhere on the network, from home behind a firewall. Can connect over ssh from everywhere. I can also connect to other computers (on the same network or at home behind a firewall) from Trogdor via ssh, Screen Sharing, etc.
But I can't Screen Share into Trogdor, and I can't connect to Trogdor's built-in web server, either system-wide (in /Library/WebServer) or for my username (~/Sites). (I can connect to the web server from Trogdor.)
Note that I can do both of these for other computers on the same network (same subnet, etc), so it's not a network issue. I can't do these from anywhere: same network or from home. I have this problem whether I use Trogdor's hostname or its IP address. (I can look up its hostname using the IP address with the "host" tool in Terminal, and vice versa.)
So it sounds like a port issue, right? Except I don't think I've ever messed with my port settings directly. How do I diagnose the problem? Should I scan my ports? Can I return port settings to default?
Thanks!
Message was edited by: supercresBit of an odd problem here.
My Mountain Lion Mac Pro (called "Trogdor" for convenience) is connected to my work university network. I can ping it from anywhere-- elsewhere on the network, from home behind a firewall. Can connect over ssh from everywhere. I can also connect to other computers (on the same network or at home behind a firewall) from Trogdor via ssh, Screen Sharing, etc.
But I can't Screen Share into Trogdor, and I can't connect to Trogdor's built-in web server, either system-wide (in /Library/WebServer) or for my username (~/Sites). (I can connect to the web server from Trogdor.)
Note that I can do both of these for other computers on the same network (same subnet, etc), so it's not a network issue. I can't do these from anywhere: same network or from home. I have this problem whether I use Trogdor's hostname or its IP address. (I can look up its hostname using the IP address with the "host" tool in Terminal, and vice versa.)
So it sounds like a port issue, right? Except I don't think I've ever messed with my port settings directly. How do I diagnose the problem? Should I scan my ports? Can I return port settings to default?
Thanks!
Message was edited by: supercres -
Can't see PC's on network, but can ping them, connect to server etc
Hi All
I'm experiencing something pretty bizarre.
I have a small network at my office. There are 3 PC's, and 2 Macs, one of them a Mac Mini running 10.6.5. All computers are set to the same workgroup. All the PCs can see all the Macs, no problem.
Yet my Mac Mini can (most of the time) only see the other Mac. (When I use Go > Network).
I can ping all the PC's from the Mac Mini. But they won't show up in the network view.
The annoying thing is sometimes I can see all the PC's (theres no pattern to it!) and I have connected to a printer on one of the PC's. With that particular PC, if I use 'Connect to Server' I get
'Select the volumes you want to mount on "packing-pc" but there are no volumes in the list.
Whats really bugging me is that sometimes all the pcs are there when I view the network, and sometimes they aren't.
ANyone got any ideas please? I'm pulling my hair out! I wanna ditch my PC at work but until I can print reliably (to the PC with the printer attached) I can't!
Thanks in anticipation!
MarkI'm wondering if this is connected?
http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/2c98eb8c- 8234-4060-b8a7-e484ca29df72
Maybe you are looking for
-
WLC 5508 - EAP-TLS - Windows 8.1 Third Party PKI
Hello, Does anybody know what could prevent a Windows 8/8.1 system to connect to a WLC via EAP-TLS? Windows 7/XP do not have any problems here.The radius server accepts the request, but WIndows 8 still tries to authenticate. Software is updated to 7.
-
Upgrade from 4.7 to ecc 6.0
hi it would be great help if you tell me about the upgrade from 4.7 to ecc 6.0 am an sd functional consutlant so wat would be my role in this upgrade and are the transaction codes and menu path same or have some changes in it and could please tell me
-
Os error in external tables in oracle 9i
hi, iam geting the following err when selecting the external table. ORA-29913: error in executing ODCIEXTTABLEOPEN callout ORA-29400: data cartridge error KUP-04063: unable to open log file log.log OS error The system cannot find the file specified.
-
Custom Unattended Process Model Based Upon Duration of Test
I am looking to develop a test system that: Runs the Batch Process Model Displays a Custom UUT Serial Number dialog once upon start This dialog will also display the desired test duration and various instrument settings Loops on the MainSequence for
-
Layered .psd artifacts in .pdf from Illustrator
http://forums.adobe.com/thread/852893?tstart=0 I'd posted this in the PhotoShop forums, and Chris recommended I post it here. We placed layered .psd files onto vector art in Illustrator, then saved it as a high-res .pdf. Sometimes we get CMYK edges