Asa 5505 Remote VPN Can't access with my local network

Similar Messages

• ASA 5505 AnyConnect VPN Can RDP to clients but can't ping/icmp

  Hello all,
  I've been searching all day for a solution to this problem. I setup and SSL anyconnect VPN on my Cisco ASA 5505. It works well and connects with out a problem. However, I can't ping any internal clients, but I can RDP to them. It may be something simple and I would appreciate any help. Most of the time people end up posting their config so I will as well.
  MafSecASA# show run
  : Saved
  ASA Version 8.2(1)
  hostname MafSecASA
  domain-name mafsec.com
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.4.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 7.3.3.2 255.255.255.248
  interface Vlan3
  no forward interface Vlan1
  nameif dmz
  security-level 50
  ip address 172.20.1.1 255.255.255.0
  interface Ethernet0/0
  switchport access vlan 2
  speed 100
  duplex full
  interface Ethernet0/1
  speed 100
  duplex full
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  switchport access vlan 3
  ftp mode passive
  clock timezone EST -5
  clock summer-time EDT recurring
  dns server-group DefaultDNS
  domain-name mafsec.com
  same-security-traffic permit intra-interface
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object ip
  protocol-object tcp
  protocol-object udp
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_2
  protocol-object ip
  protocol-object udp
  protocol-object tcp
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_3
  protocol-object ip
  protocol-object icmp
  object-group protocol DM_INLINE_PROTOCOL_4
  protocol-object ip
  protocol-object icmp
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in extended permit ip any any
  access-list inside_access_in remark allow remote users to internal users
  access-list inside_access_in remark allow remote users to internal users
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list outside_access_in extended permit icmp any any
  access-list inside_split_tunnel standard permit 10.4.0.0 255.255.255.0
  access-list inside_split_tunnel standard permit 10.5.0.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list inside_nat0_outbound_1 extended permit ip 10.4.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  access-list inside_nat0_outbound_1 extended permit ip 10.4.0.0 255.255.255.0 10.5.0.0 255.255.255.0
  access-list inside_nat0_outbound_1 extended permit ip 10.5.0.0 255.255.255.0 10.4.0.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu dmz 1500
  ip local pool SSLVPNPool2 10.5.0.1-10.5.0.254 mask 255.255.255.0
  ip verify reverse-path interface outside
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any outside
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound_1
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 7.3.3.6 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication enable console LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 10.4.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 5
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 10.4.0.0 255.255.255.0 inside
  ssh timeout 5
  ssh version 2
  console timeout 0
  dhcpd option 6 ip 8.8.8.8 8.8.4.4
  dhcpd address 10.4.0.15-10.4.0.245 inside
  dhcpd dns 8.8.8.8 8.8.4.4 interface inside
  dhcpd lease 86400 interface inside
  dhcpd option 3 ip 10.4.0.1 interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable outside
  svc image disk0:/anyconnect-win-2.5.3055-k9.pkg 1
  svc image disk0:/anyconnect-macosx-i386-2.5.3055-k9.pkg 2
  svc enable
  tunnel-group-list enable
  group-policy SSLVPN internal
  group-policy SSLVPN attributes
  dns-server value 8.8.8.8 8.8.4.4
  vpn-tunnel-protocol svc
  group-lock none
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value inside_split_tunnel
  vlan none
  address-pools value SSLVPNPool2
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  username user1 password
  username user1 attributes
  service-type remote-access
  username user2 password
  tunnel-group SSLVPNGROUP type remote-access
  tunnel-group SSLVPNGROUP general-attributes
  address-pool SSLVPNPool2
  default-group-policy SSLVPN
  tunnel-group SSLVPNGROUP webvpn-attributes
  group-alias SSLVPN enable
  prompt hostname context
  Cryptochecksum:3b16cbc9bbdfa20e6987857c1916a396
  : end
  Thank in advance for any help!

  Your config actually looks good (you have the ACL that would allow the echo-reply back since you don't have inspection turned on) - are you sure this isn't a windows firewall issue on the PCs?  I'd try pinging a router or switch just to make sure.
  --Jason

• ASA 5505 remote vpn - not receiving packets from ASA

  I am having problem configuring remote vpn between ASA5505 and Cisco VPN client v5. I can successfully establish connection between ASA and Vpn client and receive IP address from ASA. VPN client statistics windows shows that packets are send and encrypted but none of the packets is Received/Decrypted. Any ideas on what I have missed?
  Thanks in advance for any help,M

  crypto isakmp nat-traversal
  Please rate helpful posts.

• ASA Clientless SSL VPN can't access login pages on websites

  When I'm doing a clientless SSL VPN to my ASA and using the ASA to browse websites, I can pretty much go on to just about any website except specificly login websites. I can go on google and yahoo but when I click the "mail" button it just gives me an error message "Connection Failed - Server (site name) unavailable. When I go onto hotmail.com, it says server hotmail.com unavailable. When I browse by entering hotmail's IP address in, it says "Bad Request." Same happens on ebay, youtube, etc. Funny thing is, the ONLY login page I can get onto is Cisco's website's login page. I tried changing DNS servers, nothing changed. Here is my configuration:
  show run
  : Saved
  ASA Version 8.4(4)1
  hostname PatG
  domain-name resolver4.opendns.com
  enable password aDvdtQE/ih5t061i encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address dhcp setroute
  boot system disk0:/asa844-1-k8.bin
  ftp mode passive
  dns domain-lookup inside
  dns domain-lookup outside
  dns server-group Comcast
  name-server 75.75.75.75
  domain-name cdns01.comcast.net
  dns server-group DefaultDNS
  name-server 208.67.220.222
  name-server 208.67.220.220
  domain-name resolver4.opendns.com
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-649-103.bin
  no asdm history enable
  arp timeout 14400
  object network obj_any
  nat (inside,outside) dynamic interface
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server Remote1 protocol radius
  aaa-server Remote1 (inside) host 192.168.1.8
  key *****
  radius-common-pw *****
  user-identity default-domain LOCAL
  aaa authentication ssh console Remote1
  aaa authentication http console Remote1 LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  telnet timeout 5
  ssh 192.168.1.0 255.255.255.0 inside
  ssh 0.0.0.0 0.0.0.0 outside
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  dhcpd domain redtube.com
  dhcpd auto_config outside
  dhcpd option 150 ip 192.168.1.15 192.168.1.5
  dhcpd address 192.168.1.5-192.168.1.36 inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable outside
  tunnel-group-list enable
  group-policy Eng internal
  group-policy Eng attributes
  vpn-tunnel-protocol ssl-clientless
  webvpn
    url-list value EngineerMarks
  group-policy RemoteHTTP internal
  group-policy RemoteHTTP attributes
  vpn-tunnel-protocol ssl-clientless
  webvpn
    url-list value Test
    customization value Extra
  username user1 password mbO2jYs13AXlIAGa encrypted privilege 0
  tunnel-group Browser type remote-access
  tunnel-group Browser general-attributes
  authentication-server-group Remote1
  default-group-policy RemoteHTTP
  tunnel-group TEST type remote-access
  tunnel-group TEST general-attributes
  authentication-server-group Remote1
  default-group-policy RemoteHTTP
  tunnel-group TEST webvpn-attributes
  group-alias testing enable
  group-url https://24.19.162.53/testing enable
  tunnel-group Engineering type remote-access
  tunnel-group Engineering general-attributes
  authentication-server-group Remote1 LOCAL
  default-group-policy Eng
  tunnel-group Engineering webvpn-attributes
  group-alias engineering enable
  group-url https://209.165.200.2/engineering enable
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect http
  policy-map map
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DD                                                                                                                                                             CEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  password encryption aes
  Cryptochecksum:843e718c8d4b23b5f421f82fc0a0c255
  : end
  Can anyone please help me? Thanks

  In your crypto ACLs for the site-to-site tunnels, add the ASA's public IP destined to the remote network, and mirror this ACL on the remote end VPN device.
  Example:
  ASA public IP: 2.2.2.2
  Remote network: 192.168.1.0/24
  access-list vpn_to_remote_network permit ip host 2.2.2.2 192.168.1.0 255.255.255.0
  Mirror the above acl on the remote end router.
  PS. If you found this post helpful, please rate it.

• Cisco ASA 5505 Ipsec VPN and random connection dropping issues.

  Hello,
  We are currently having issues with a ASA 5505 Ipsec VPN. It was configured about 7-8 months ago and has been running very well..up until the last few weeks.  For some reason, the VPN tends to randomly disconnect any user clients connected a lot.  Furthermore, sometimes it actually connects; however does not put us on the local network for some reason and unable to browse file server.  We have tried rebooting the ASA a few times and our ISP Time Warner informed us there are no signs of packet loss but still unable to pinpoint the problem.  Sometimes users close out of VPN client completely, reopen several times and then it works.  However it's never really consistent enough and hasn't been the last few weeks.  No configuration changes have been made to ASA at all.  Furthermore, the Cisco Ipsec VPN client version is: 5.0.70
  Directly below is our current running config (modded for public).  Any help or ideas would be greatly appreciated.  Otherwise, if everything looks good...then I will defer back to our ISP Time Warner:
  : Saved
  ASA Version 8.4(2)
  hostname domainasa
  domain-name adomain.local
  enable password cTfsR84pqF5Xohw. encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 205.101.1.240 255.255.255.248
  ftp mode passive
  clock timezone EST -5
  clock summer-time EDT recurring
  dns domain-lookup inside
  dns domain-lookup outside
  dns server-group DefaultDNS
  name-server 192.168.2.60
  domain-name adomain.local
  same-security-traffic permit intra-interface
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network SBS_2011
  host 192.168.2.60
  object network NETWORK_OBJ_192.168.2.0_24
  subnet 192.168.2.0 255.255.255.0
  object network NETWORK_OBJ_192.168.5.192_
  27
  subnet 192.168.5.192 255.255.255.224
  object network Https_Access
  host 192.168.2.90
  description Spam Hero
  object-group network DM_INLINE_NETWORK_1
  network-object object SPAM1
  network-object object SPAM2
  network-object object SPAM3
  network-object object SPAM4
  network-object object SPAM5
  network-object object SPAM6
  network-object object SPAM7
  network-object object SPAM8
  object-group service RDP tcp
  description Microsoft RDP
  port-object eq 3389
  access-list outside_access_in extended permit tcp object-group DM_INLINE_NETWORK_1 object SBS_2011 eq smtp
  access-list outside_access_in extended permit tcp any object SBS_2011 eq https
  access-list outside_access_in extended permit icmp any interface outside
  access-list outside_access_in remark External RDP Access
  access-list outside_access_in extended permit tcp any object SBS_2011 object-group RDP
  access-list domain_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool test 192.168.10.1-192.168.10.5 mask 255.255.255.0
  ip local pool VPN_Users 192.168.5.194-192.168.5.22
  0 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat (inside,outside) source static NETWORK_OBJ_192.168.2.0_24
  NETWORK_OBJ_192.168.2.0_24
  destination static NETWORK_OBJ_192.168.5.192_
  27 NETWORK_OBJ_192.168.5.192_
  27 no-proxy-arp route-lookup
  object network obj_any
  nat (inside,outside) dynamic interface
  object network SBS_2011
  nat (inside,outside) static interface service tcp smtp smtp
  object network Https_Access
  nat (inside,outside) static interface service tcp https https
  nat (inside,outside) after-auto source dynamic any interface
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 205.101.1.239 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-reco
  rd DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ikev1 enable outside
  crypto ikev1 policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.2.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.2.160-192.168.2.19
  9 inside
  dhcpd dns 192.168.2.60 24.29.99.36 interface inside
  dhcpd wins 192.168.2.60 24.29.99.36 interface inside
  dhcpd domain adomain interface inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy domain internal
  group-policy domain attributes
  wins-server value 192.168.2.60
  dns-server value 192.168.2.60
  vpn-tunnel-protocol ikev1
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value domain_splitTunnelAcl
  default-domain value adomain.local
  username ben password zWCAaitV3CB.GA87 encrypted privilege 0
  username ben attributes
  vpn-group-policy domain
  username sdomain password FATqd4I1ZoqyQ/MN encrypted
  username sdomain attributes
  vpn-group-policy domain
  username adomain password V5.hvhZU4S8NwGg/ encrypted
  username adomain attributes
  vpn-group-policy domain
  service-type admin
  username jdomain password uODal3Mlensb8d.t encrypted privilege 0
  username jdomain attributes
  vpn-group-policy domain
  service-type admin
  tunnel-group domain type remote-access
  tunnel-group domain general-attributes
  address-pool VPN_Users
  default-group-policy domain
  tunnel-group domain ipsec-attributes
  ikev1 pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:e2466a5b754
  eebcdb0cef
  f051bef91d
  9
  : end
  no asdm history enable
  Thanks again

  Hello Belnet,
  What do the logs show from the ASA.
  Can you post them ??
  Any other question..Sure..Just remember to rate all of the community answers.
  Julio

• New Ipod Touch 5g can't access Internet in home network (using Linksys E4200 router). But, OK with other Wifi.

  Just bought new Ipod Touch 5g. I found out it can't access Internet in home network. not really cannot access, but very slow to open any web page, App Store failed to access, etc. But, OK with other Wifi (office & starbucks). Others existing iOS devices (Iphone4 & Ipad2) have no problem like this. I'm using Linksys E4200 router at home. anyone has any idea why?

  Try:
  - Reset the iPod. Nothing will be lost
  Reset iPod touch: Hold down the On/Off button and the Home button at the same time for at
  least ten seconds, until the Apple logo appears.
  - Power off and then back on the router
  - Reset network settings: Settings>GeneralReset>Reset Network Settings
  - iOS: Troubleshooting Wi-Fi networks and connections
  - iOS: Recommended settings for Wi-Fi routers and access points
  - Restore from backup
  - Restore to factory settings/new iPod.
  - Make an appointment at the Genius Bar of an Apple store.
  Apple Retail Store - Genius Bar

• I there, my question is quite simple, I would like to know if the "apple remote control" can be used with a mac mini and , if so, it can be used to control also the "logic pro" functions (e.g. record, start, stop etc). Thks a lot, Danilo

  I there, my question is quite simple, I would like to know if the "apple remote control" can be used with a mac mini and , if so, it can be used to control also the "logic pro" functions (e.g. record, start, stop etc). Thks a lot, Danilo

  Good work, thanks for the report.

• TS1741 I lost my Apple TV remote and can't connect with my remote app. What do I do?

  I lost my Apple TV remote and can't connect with my remote app. What do I do?

  Buy a new remote or borrow one and make remote app work

• I can't connect with wep encrypted network

  Hi,
  I'm trying to connect with this accesspoint:
  Cell 03 - Address: 00:14:C1:30:FE:ED
  Channel:11
  Frequency:2.462 GHz (Channel 11)
  Quality=40/70 Signal level=-70 dBm
  Encryption key:on
  ESSID:"Masters"
  Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
  24 Mb/s; 36 Mb/s; 54 Mb/s
  Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 48 Mb/s
  Mode:Master
  Extra:tsf=000000063d3dc183
  Extra: Last beacon: 136ms ago
  IE: Unknown: 00074D617374657273
  IE: Unknown: 010882848B962430486C
  IE: Unknown: 03010B
  IE: Unknown: 2A0100
  IE: Unknown: 2F0100
  IE: Unknown: 32040C121860
  IE: Unknown: DD060010180201F5
  Of course i tried:
  [root@myhost shnela]# iwconfig wlan0 essid Masters key s:mastuning2000
  [root@myhost shnela]# iwconfig
  lo no wireless extensions.
  wlan0 IEEE 802.11bgn ESSID:"Masters"
  Mode:Ad-Hoc Frequency:2.412 GHz Cell: 66:BA:DC:7E:D2:E5
  Tx-Power=15 dBm
  Retry long limit:7 RTS thr:off Fragment thr:off
  Encryption key:6D61-7374-756E-696E-6732-3030-30
  Power Management:off
  eth0 no wireless extensions.
  But I didn't get ip address:
  [root@myhost shnela]# dhcpcd wlan0
  dhcpcd[1040]: version 5.2.12 starting
  dhcpcd[1040]: wlan0: waiting for carrier
  dhcpcd[1040]: timed out
  or
  [root@myhost shnela]# dhcpcd wlan0
  dhcpcd[1092]: version 5.2.12 starting
  dhcpcd[1092]: wlan0: rebinding lease of 192.168.4.63
  dhcpcd[1092]: wlan0: broadcasting for a lease
  dhcpcd[1092]: timed out
  I tried also netcfg with profle "stancja":
  CONNECTION='wireless'
  DESCRIPTION='A simple WEP encrypted wireless connection'
  INTERFACE='wlan0'
  SECURITY='wep'
  ESSID='Masters'
  KEY='s:mastuning2000'
  IP='dhcp'
  # Uncomment this if your ssid is hidden
  #HIDDEN=yes
  But when I use it, it returns:
  [root@myhost network.d]# netcfg stancja
  :: stancja up [BUSY]
  > WPA Authentication/Association Failed
  I don't know what WPA Autenthication do here...

  Oh.. I'm very sorry. I confused my "iwconfig" output...
  I've similar problem with this particular ap with debian too ( I can connect onnly with wicd).
  I changed frequency and tried change ap addr:
  [root@myhost shnela]# iwconfig wlan0 ap 00:14:C1:30:FE:ED
  [root@myhost shnela]# iwconfig wlan0 freq 2.462G
  [root@myhost shnela]# iwconfig
  lo no wireless extensions.
  wlan0 IEEE 802.11bgn ESSID:"Masters"
  Mode:Managed Frequency:2.462 GHz Access Point: Not-Associated
  Tx-Power=15 dBm
  Retry long limit:7 RTS thr:off Fragment thr:off
  Encryption key:6D61-7374-756E-696E-6732-3030-30
  Power Management:off
  eth0 no wireless extensions.
  [root@myhost shnela]# dhcpcd wlan0
  dhcpcd[1336]: version 5.2.12 starting
  dhcpcd[1336]: wlan0: waiting for carrier
  dhcpcd[1336]: timed out
  I'm stil Not-Associated.
  This is my rc.conf file:
  # /etc/rc.conf - Main Configuration for Arch Linux
  # LOCALIZATION
  # LOCALE: available languages can be listed with the 'locale -a' command
  # DAEMON_LOCALE: If set to 'yes', use $LOCALE as the locale during daemon
  # startup and during the boot process. If set to 'no', the C locale is used.
  # HARDWARECLOCK: set to "", "UTC" or "localtime", any other value will result
  # in the hardware clock being left untouched (useful for virtualization)
  # Note: Using "localtime" is discouraged, using "" makes hwclock fall back
  # to the value in /var/lib/hwclock/adjfile
  # TIMEZONE: timezones are found in /usr/share/zoneinfo
  # Note: if unset, the value in /etc/localtime is used unchanged
  # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
  # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
  # CONSOLEMAP: found in /usr/share/kbd/consoletrans
  # USECOLOR: use ANSI color sequences in startup messages
  LOCALE="en_US.UTF-8"
  DAEMON_LOCALE="no"
  HARDWARECLOCK="localtime"
  TIMEZONE="Europe/Warsaw"
  KEYMAP="en"
  CONSOLEFONT=
  CONSOLEMAP=
  USECOLOR="yes"
  # HARDWARE
  # MODULES: Modules to load at boot-up. Blacklisting is no longer supported.
  # Replace every !module by an entry as on the following line in a file in
  # /etc/modprobe.d:
  # blacklist module
  # See "man modprobe.conf" for details.
  MODULES=()
  # Udev settle timeout (default to 15)
  UDEV_TIMEOUT=30
  # Scan for FakeRAID (dmraid) Volumes at startup
  USEDMRAID="no"
  # Scan for BTRFS volumes at startup
  USEBTRFS="no"
  # Scan for LVM volume groups at startup, required if you use LVM
  USELVM="no"
  # NETWORKING
  # HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
  HOSTNAME="myhost"
  # Use 'ip addr' or 'ls /sys/class/net/' to see all available interfaces.
  # Wired network setup
  # - interface: name of device (required)
  # - address: IP address (leave blank for DHCP)
  # - netmask: subnet mask (ignored for DHCP) (optional, defaults to 255.255.255.0)
  # - broadcast: broadcast address (ignored for DHCP) (optional)
  # - gateway: default route (ignored for DHCP)
  # Static IP example
  # interface=eth0
  # address=192.168.0.2
  # netmask=255.255.255.0
  # broadcast=192.168.0.255
  # gateway=192.168.0.1
  # DHCP example
  # interface=eth0
  # address=
  # netmask=
  # gateway=
  interface=wlan0
  address=
  netmask=
  broadcast=
  gateway=
  # Setting this to "yes" will skip network shutdown.
  # This is required if your root device is on NFS.
  NETWORK_PERSIST="no"
  # Enable these netcfg profiles at boot-up. These are useful if you happen to
  # need more advanced network features than the simple network service
  # supports, such as multiple network configurations (ie, laptop users)
  # - set to 'menu' to present a menu during boot-up (dialog package required)
  # - prefix an entry with a ! to disable it
  # Network profiles are found in /etc/network.d
  # This requires the netcfg package
  #NETWORKS=(main)
  # DAEMONS
  # Daemons to start at boot-up (in this order)
  # - prefix a daemon with a ! to disable it
  # - prefix a daemon with a @ to start it up in the background
  # If something other takes care of your hardware clock (ntpd, dual-boot...)
  # you should disable 'hwclock' here.
  DAEMONS=(hwclock syslog-ng network netfs crond alsa sensors)
  Last edited by shnela (2012-02-12 20:23:50)

• Hello Folks.. I have recently purchased a ipad mini with wifi   Cellular from best buy online.. Model: MD543LL/A. Can I use this ipad in India with any local networks in India? Basically does this ipad support GSM network?

  Hello Folks.. I have recently purchased a ipad mini with wifi   Cellular from best buy online.. Model: MD543LL/A. Can I use this ipad in India with any local networks? Basically does this ipad support GSM network?
  Message was edited by: Murali.KR

  Sorry but that was a completely pointless post.

• I am planning to buy ipad 2 wifi   3g verizon carrier, will be taking it to india need to know if the same can be used with the local providers there or would the ipad be locked and restricted only to verizon

  I am planning to buy ipad 2 wifi   3g verizon carrier, will be taking it to india need to know if the same can be used with the local providers there or would the ipad be locked and restricted only to verizon

  I'm fairly sure the Verizon CDMA iPad 2 had no GSM sim slot. So it won't work with any other carrier except Verizon.
  As far as the AT&T version goes, it should technically work but will not support 4G/LTE cellular bands.
  Given iPad 2's are no longer being sold, I doubt any  that could be bought would have a warranty still. Or have at most very little of it left.
  Why an iPad 2?  its now 3 generations behind the current one.
  Perhaps an iPad 4 would be a better choice.

• Access to the local network of my company.

  Dear Mac users,
  I was wanted to access to the local network and drives of my office, on Windows it was easy for me, plug the cable, press run on start menu then tape the name of the drive (ex: \\dc4). But now on my brand new Mac I can't find how to do that. If anyone can help me please.
  Thanks & regards.
  Florian Poma

  florian.poma wrote:
  I was wanted to access to the local network and drives of my office, on Windows it was easy for me, plug the cable, press run on start menu then tape the name of the drive (ex: \\dc4). But now on my brand new Mac I can't find how to do that. If anyone can help me please.
  Can you access the Internet from your Mac? If not, that's the first thing you need to make work.
  If you can, in the Finder pull down the "Go" menu and select "Network". Do you see anything familiar in the resulting window?
  There's also a chance that your office network servers haven't installed or activated "services for Macintosh" or whatever it's called these days. (I've been away from Windows networking for a while.)

• Can I set up a local network without being connected to internet?

  Can I set up a local network with Airport without being connected to internet?

  Yes. Your AirPort Express router, by default, will create an unsecured wireless network and does not need to be connected to the Internet to do so. Local clients can then connect to this wireless network and be able to "see" each other.

• ASA 5505 VPN can't access inside host

  I have setup remote VPN access on a ASA 5505 but cannot access the host or ASA when I login using the VPN. I can connect with the Cisco VPN client and the VPN light is on on the ASA and it shows that I'm connected. I have the correct Ip address but I cannot ping or connect to any of the internal addresses. I cannot find what I'm missing. I have the VPN bypassing the interface ACLs. Since I can login but not go anywhere I feel certian I missed something.
  part of config below
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.1.1.1 255.255.255.0
  ip local pool xxxx 10.1.1.50-10.1.1.55 mask 255.255.255.0
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 set pfs
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 40 set pfs
  crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
  crypto dynamic-map inside_dyn_map 20 set pfs
  crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
  crypto map inside_map interface inside
  crypto isakmp enable inside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  service-policy global_policy global
  group-policy xxxxxxx internal
  group-policy xxxxxxx attributes
  banner value xxxxx Disaster Recovery Site
  wins-server none
  dns-server value 24.xxx.xxx.xx
  vpn-access-hours none
  vpn-simultaneous-logins 3
  vpn-idle-timeout 30
  vpn-session-timeout none
  vpn-filter none
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelall
  default-domain none
  secure-unit-authentication disable
  user-authentication disable
  user-authentication-idle-timeout none
  ip-phone-bypass disable
  leap-bypass disable
  nem disable
  nac disable
  nac-sq-period 300
  nac-reval-period 36000
  nac-default-acl none
  address-pools value xxxxxx
  smartcard-removal-disconnect enable
  client-firewall none
  webvpn
  functions url-entry
  vpn-nac-exempt none
  no vpn-addr-assign aaa
  no vpn-addr-assign dhcp
  tunnel-group xxxx type ipsec-ra
  tunnel-group xxxx general-attributes
  address-pool xxxx
  default-group-policy xxxx
  tunnel-group blountdr ipsec-attributes
  pre-shared-key *

  I get the banner and IP adress info...
  This is what the client log provides...
  1 13:45:32.942 05/30/08 Sev=Warning/2 CVPND/0xE3400013
  AddRoute failed to add a route: code 87
  Destination 172.20.255.255
  Netmask 255.255.255.255
  Gateway 10.1.2.1
  Interface 10.1.2.5
  2 13:45:32.942 05/30/08 Sev=Warning/2 CM/0xA3100024
  Unable to add route. Network: ac14ffff, Netmask: ffffffff, Interface: a010205, Gateway: a010201.

• ASA 5505 IPSEC VPN connected but can't access to LAN

  ASA : 8.2.5
  ASDM: 6.4.5
  LAN: 10.1.0.0/22
  VPN Pool: 172.16.10.0/24
  Hi, we purcahsed a new ASA 5505 and try to setup IPSEC VPN via ASDM; i just simply run the Wizards, setup vpnpool, split tunnelling,etc.
  I can connect to the ASA by using cisco VPN client and internet works fine on the local PC, but it cannot access to the LAN (can't ping. can't remote desktop). I tried the same thing on our Production ASA(those have both Remote VPN and Site-to-site VPN working), the new profile i created worked fine.
  Below is my configure, do I mis-configure anything?
  ASA Version 8.2(5)
  hostname asatest
  domain-name XXX.com
  enable password 8Fw1QFqthX2n4uD3 encrypted
  passwd g9NiG6oUPjkYrHNt encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.1.1.253 255.255.252.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address XXX.XXX.XXX.XXX 255.255.255.240
  ftp mode passive
  clock timezone PST -8
  clock summer-time PDT recurring
  dns server-group DefaultDNS
  domain-name vff.com
  access-list vpntest_splitTunnelAcl standard permit 10.1.0.0 255.255.252.0
  access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.252.0 172.16.10.0 255.255.255.0
  pager lines 24
  logging enable
  logging timestamp
  logging trap warnings
  logging asdm informational
  logging device-id hostname
  logging host inside 10.1.1.230
  mtu inside 1500
  mtu outside 1500
  ip local pool vpnpool 172.16.10.1-172.16.10.254 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server AD protocol nt
  aaa-server AD (inside) host 10.1.1.108
  nt-auth-domain-controller 10.1.1.108
  http server enable
  http 10.1.0.0 255.255.252.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 10.1.0.0 255.255.252.0 inside
  ssh timeout 20
  console timeout 0
  dhcpd auto_config outside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy vpntest internal
  group-policy vpntest attributes
  wins-server value 10.1.1.108
  dns-server value 10.1.1.108
  vpn-tunnel-protocol IPSec l2tp-ipsec
  password-storage disable
  ip-comp disable
  re-xauth disable
  pfs disable
  ipsec-udp disable
  ipsec-udp-port 10000
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value vpntest_splitTunnelAcl
  default-domain value XXX.com
  split-tunnel-all-dns disable
  backup-servers keep-client-config
  address-pools value vpnpool
  username admin password WeiepwREwT66BhE9 encrypted privilege 15
  username user5 password yIWniWfceAUz1sUb encrypted privilege 5
  username user3 password umNHhJnO7McrLxNQ encrypted privilege 3
  tunnel-group vpntest type remote-access
  tunnel-group vpntest general-attributes
  address-pool vpnpool
  authentication-server-group AD
  authentication-server-group (inside) AD
  default-group-policy vpntest
  strip-realm
  tunnel-group vpntest ipsec-attributes
  pre-shared-key BEKey123456
  peer-id-validate nocheck
  privilege cmd level 3 mode exec command perfmon
  privilege cmd level 3 mode exec command ping
  privilege cmd level 3 mode exec command who
  privilege cmd level 3 mode exec command logging
  privilege cmd level 3 mode exec command failover
  privilege cmd level 3 mode exec command packet-tracer
  privilege show level 5 mode exec command import
  privilege show level 5 mode exec command running-config
  privilege show level 3 mode exec command reload
  privilege show level 3 mode exec command mode
  privilege show level 3 mode exec command firewall
  privilege show level 3 mode exec command asp
  privilege show level 3 mode exec command cpu
  privilege show level 3 mode exec command interface
  privilege show level 3 mode exec command clock
  privilege show level 3 mode exec command dns-hosts
  privilege show level 3 mode exec command access-list
  privilege show level 3 mode exec command logging
  privilege show level 3 mode exec command vlan
  privilege show level 3 mode exec command ip
  privilege show level 3 mode exec command ipv6
  privilege show level 3 mode exec command failover
  privilege show level 3 mode exec command asdm
  privilege show level 3 mode exec command arp
  privilege show level 3 mode exec command route
  privilege show level 3 mode exec command ospf
  privilege show level 3 mode exec command aaa-server
  privilege show level 3 mode exec command aaa
  privilege show level 3 mode exec command eigrp
  privilege show level 3 mode exec command crypto
  privilege show level 3 mode exec command vpn-sessiondb
  privilege show level 3 mode exec command ssh
  privilege show level 3 mode exec command dhcpd
  privilege show level 3 mode exec command vpnclient
  privilege show level 3 mode exec command vpn
  privilege show level 3 mode exec command blocks
  privilege show level 3 mode exec command wccp
  privilege show level 3 mode exec command dynamic-filter
  privilege show level 3 mode exec command webvpn
  privilege show level 3 mode exec command module
  privilege show level 3 mode exec command uauth
  privilege show level 3 mode exec command compression
  privilege show level 3 mode configure command interface
  privilege show level 3 mode configure command clock
  privilege show level 3 mode configure command access-list
  privilege show level 3 mode configure command logging
  privilege show level 3 mode configure command ip
  privilege show level 3 mode configure command failover
  privilege show level 5 mode configure command asdm
  privilege show level 3 mode configure command arp
  privilege show level 3 mode configure command route
  privilege show level 3 mode configure command aaa-server
  privilege show level 3 mode configure command aaa
  privilege show level 3 mode configure command crypto
  privilege show level 3 mode configure command ssh
  privilege show level 3 mode configure command dhcpd
  privilege show level 5 mode configure command privilege
  privilege clear level 3 mode exec command dns-hosts
  privilege clear level 3 mode exec command logging
  privilege clear level 3 mode exec command arp
  privilege clear level 3 mode exec command aaa-server
  privilege clear level 3 mode exec command crypto
  privilege clear level 3 mode exec command dynamic-filter
  privilege cmd level 3 mode configure command failover
  privilege clear level 3 mode configure command logging
  privilege clear level 3 mode configure command arp
  privilege clear level 3 mode configure command crypto
  privilege clear level 3 mode configure command aaa-server
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:447bbbc60fc01e9f83b32b1e0304c6b4
  : end

  I change  a Machine's gateway to this ASA and capture again, now we can see some reply.
  All ohter PCs and switches gateway are point to another ASA, maybe that's the reason why i didn't work?
  what's the recommanded way to make our LAN to have two 2 gateways(for load balance or backup router, etc)?
  add two gateways to all PCs and swtichwes?
  1: 18:15:48.307875 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 68
     2: 18:15:49.777685 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 68
     3: 18:15:51.377147 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 68
     4: 18:15:57.445777 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 68
     5: 18:15:58.856324 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 68
     6: 18:16:00.395090 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 68
     7: 18:16:06.483464 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 68
     8: 18:16:08.082805 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 68
     9: 18:16:09.542406 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 68
    10: 18:16:20.640424 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
    11: 18:16:20.642193 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
    12: 18:16:21.169607 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
    13: 18:16:21.171210 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
    14: 18:16:22.179556 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
    15: 18:16:22.181142 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
    16: 18:16:23.237673 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.230: icmp: echo request
    17: 18:16:23.239291 802.1Q vlan#1 P0 10.1.1.230 > 172.16.10.1: icmp: echo reply
    18: 18:16:27.676402 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 50
    19: 18:16:29.246935 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 50
    20: 18:16:30.676921 802.1Q vlan#1 P0 172.16.10.1.137 > 10.1.1.108.137:  udp 50
    21: 18:16:49.539660 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request
    22: 18:16:54.952602 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request
    23: 18:17:04.511463 802.1Q vlan#1 P0 172.16.10.1 > 10.1.1.233: icmp: echo request