Bringing up a third interface - cannot ping servers

Hi All,
I have a CSS 11503 that already had 2 interfaces up and running fine. The frontend is on vlan 26 and backend server vlan is on vlan 836. Now, I have some servers on vlan 301 that needed load balancing and brought up the third interface.
Here is my config
interface 1/1
bridge vlan 836
interface 1/2
bridge vlan 26
interface 2/1 (this is the new interface)
bridge vlan 301
circuit VLAN836
ip address 10.10.235.5 255.255.255.128
circuit VLAN26
ip address 10.10.26.5 255.255.255.0
circuit VLAN301
ip address 10.44.0.5 255.255.252.0
Here is the "show ip route" output
BCMDC-CSS1# sh ip route
prefix/length next hop if type proto age metric
10.1.20.0/22 10.1.22.150 2 mgmt local -- --
0.0.0.0/0 10.10.26.1 1022 remote static 5342983 0
10.44.0.0/22 10.44.0.5 1021 local local 7122 0
10.10.26.0/24 10.10.26.5 1022 local local 5343307 0
10.10.235.0/25 10.10.235.5 1023 local local 5343288 0
Show arp contains all the servers I want to ping and here is the arp table on the CSS
10.44.0.1 00-00-0c-07-ac-1f dynamic 2/1
10.44.0.2 00-d0-02-f3-a8-00 dynamic 2/1
10.44.0.3 00-09-12-ed-6f-00 dynamic 2/1
10.44.0.20 00-11-25-9d-e4-98 dynamic 2/1
10.44.0.21 00-11-25-9d-ee-d7 dynamic 2/1
10.44.0.30 00-11-25-9d-e6-86 dynamic 2/1
10.44.0.31 00-14-5e-3c-71-38 dynamic 2/1
10.44.0.32 00-11-25-4a-82-a1 dynamic 2/1
10.44.0.33 00-14-5e-3e-60-e1 dynamic 2/1
10.44.0.34 00-11-25-9e-e5-ce dynamic 2/1
10.44.0.35 00-11-25-9c-66-c9 dynamic 2/1
10.44.0.40 00-1a-64-4f-21-bc dynamic 2/1
10.44.0.41 00-1a-64-4f-23-6e dynamic 2/1
10.44.0.50 00-1a-64-4f-2f-74 dynamic 2/1
10.44.0.51 00-1a-64-4f-22-72 dynamic 2/1
10.44.0.60 00-1a-64-4f-1c-ba dynamic 2/1
10.44.0.61 00-1a-64-4f-13-06 dynamic 2/1
I cannot ping any of the 10.44.0.x address. The interface is up and it is connected to a 6509 switch as an accessport on vlan301 and it shows up and up.
There are no ACLs configured. I am just trying to ping the servers before I can write the content rules.
Any ideas?

OK. I figured out that I cannot ping the servers. But, I cannot ping the circuit vlan 301 IP from the router which is 10.44.0.5.
However, I can ping vlan 836 circuit IP like 10.10.235.5 Here is the ping result from the router where the css is connected to
gw1>ping 10.10.235.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.235.5, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
gw1>ping 10.44.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.44.0.5, timeout is 2 seconds:
Success rate is 0 percent (0/5)

Similar Messages

Cannot ping/telnet/ssh to GigabitEthernet interface of Cisco AP2602

I have a Cisco 2602 (ios ver 15.0)
I can connect trough it's SSID normally but I can't access to the AP itself. From the AP cannot ping to gateway, even though the AP can be seen on cdp from the switch.
But my other AP Cisco 1140 (ios 12.4) can be accessed with the same configuration on the switch (switchport mode trunk, allowed vlan 1 & 2)
vlan 1 is for user, vlan 2 for management...
Below is the configuration of the gigabitethernet interface of the AP 2602
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.2
encapsulation dot1Q 2
ip address 10.32.2.98 255.255.255.0
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
interface BVI1
no ip address
no ip route-cache
ip default-gateway 10.32.2.1
please help

With autonomous access point, the management has to be the native vlan. The issue is that your vlan 1 is native and that is for users, but your management is on vlan 2 which is management. This will not work as it is a requirement to keep management on a native vlan. You would have to move the users to a different vlan since vlan 1 is typically tagged so that you can define on the trunk port on the switch that vlan 2 is native.
-Scott

Smartcare cannot ping cimc interface

Hi All
Smartcare applicance can ping everything defauolt route etc but not cimc interface
Not a local route issue ?

Duplicate posts. :P
Go here: https://supportforums.cisco.com/discussion/12140361/smartcare-cannot-ping-cimc-interface

Workstations can ping servers, but servers cannot ping workstations

We are setting up a new network using two Dell servers, one T420 and the other T320, both which are running Windows Server 2008 R2. Upon setting up the domain, we have come to find out that all workstations can ping the terminal and domain controller but
the servers cannot ping the workstations. Also the workstations will not stay on the domain, they change back to unidentified network upon restarting. Any help would be great, Thanks in advance.

1.Make sure that each server has static network settings. Do not use DHCP to configure the network settings of your servers. Also make sure to provide exclusions for the range of static addresses for your servers.
2.DC should have its own address as primary and 127.0.0.1 as secondary (assumes single DNS server)
3.Make sure that a domain controller providing DNS services is up and running when any computer reboots. If single DC it may take 5 minutes or more for DNS to start up when rebooted. (always best to have at least two DC's for redundancy / disaster recovery)
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Cannot ping an interface

Hi all,
I have decided to add a separate vlan/wlan to the network. This interface uses port 1 (My management interface uses port 2). I have connected the port to a router, which is connected to a gateway.
I checked and the routing is done correctly. When I connect a pc to the router, I have access to internet. However, when I connect to the wlan that's associated with the vlan on port 1, I not only cannot access internet, but also cannot ping the router.
I can ping the interface when I connect to the wlan. However, I cannot ping the router.
The same thing happens when I connect my pc to the router. I cannot ping the interface as well.
Is there something that I am missing? It seems that there is a connectivity issue in the connection between port 1 and the router. Should I try using a crossover cable and see if it solves my problem?
Thanks!
Tibet

Your diagram is very clear. You have few options here
Option 1
WLC port 1 & Router LAN port onto your switch (rather directly connecting router to WLC). In this way WLC connected switch port should be configured as trunk port & router connected switchport should be configured as access port for the vlan belongs to 10.0.0.0/24 network.
If you are thinking about creating multiple WLANs (in futrue) with your router as LAN gateway, then you should configure router connected switchport as trunkport & subinterface on your router LAN interface.
Option 2
Aggregate WLC port 1-2 into one single port channel & create a single trunk link between WLC & Switch. In this way you will get more bandwith for your user traffic.(usually mgt does not want dedicated 1G link). Then configure Router LAN interface connected switchport as access port (if you only require single WLAN) or trunk port (if you require multiple WLAN)
I prefer option 2 because of its flexibility & scalability. Let us know your choice & then accordingly we can help you to get this done.
Also post your WLC "show sysinfo" as well.
HTH
Rasika
**** Pls rate all useful responses ****

WRT610N to TP-LINK SWITCH cannot ping printer on switch

I hope you can tell me what I have done wrong.
dslmodem ---> wrt610N ---->TP-LINK(5port) ---- HP 2600N printer, another to IOmega HD
I cannot see either the printer nor the HD. I cannot ping them.
The cables from the TP to the printer are blue, CAT5 cables. Does blue mean twisted pair?
The HP and IOmega have static IP addresses at 192.168.1.2 and 192.168.1.3 each.
The DHCP settings on the router allocate DHCP from 100-254 to avoid conflicts.
The firewall on the WRT610N is disabled.
Physical limitations permit only one CAT5 cable to the TPLINK box.
If I avoid the box and do this;
dslmodem ---> wrt610N ---->HP 2600N printer
I can ping it from both a Windows 7 and/or XP machine.
However, with the switch in place, I cannot ping it from the router nor any PC's connected to it. The PCs can ping each other.
Could someone please tell me what I am doing wrong?
Thank you in advance.

The device is a TPLINK TL-SF1005D unmanaged 5 port switch. No visible settings or buttons.
The address handed out on other side of the TPLINK is 169.254.138.233
My network is 192.168.1.*
Hmm. This does not bode well.
Should I set up a routing table entry to talk to this switch?
The wire from the router is hooked to port 1 on the switch. Should it not pick up the right submask, entry from the router?
Thanks for all your help?
------------------------------------DUMP------------------------------------------------------
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\abbu>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : abbu-VAIO
   Primary Dns Suffix . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8059 PCI-E Gigabit Ether
net Controller
   Physical Address. . . . . . . . . : 54-42-49-02-CA-BC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d08e:934c:6554:8ae9%12(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.138.233(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 385885374
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-32-51-44-54-42-49-02-CA-BC
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . : lan
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : 2C-81-58-FD-87-69
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.lan:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6DD0B22D-C026-4940-9700-1362E8BA5673}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
C:\Users\abbu>

Cannot ping RRAS Client from RRAS server.

I have recently created an RRAS pptp connection for an outside network. The RRAS client connects fine and can ping the RRAS server and every device on the RRAS servers local network. The RRAS server cannot ping the remote pptp client nor can any device on
the RRAS servers local network. RRAS is configured to be within the same subnet as the RRAS servers local network. On connection it pulls from a static IP pool.
Any help is truly appreciated

The server is behind a nat device and for testing purposes i have disabled the firewall on both devices. Also I am having an issue where the pptp connection just stops accepting and sending data to the rras server but if you look at the active connections
the client never disconnects. I have attached ipconfig information
CLIENT
Windows IP Configuration
   Host Name . . . . . . . . . . . . : Fellows-PC
   Primary Dns Suffix . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
PPP adapter Welsh:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Welsh
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 172.16.128.66(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : BC-5F-F4-75-C5-AD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5418:aba9:4af2:1e12%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, March 26, 2014 8:35:58 AM
   Lease Expires . . . . . . . . . . : Saturday, March 29, 2014 8:35:58 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 247226356
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-C3-16-85-BC-5F-F4-75-C5-AD
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{DF8CAC0D-588D-495A-9185-78C9992DC12F}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1c88:1312:b8c2:97a9(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::1c88:1312:b8c2:97a9%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{D8973397-8880-4110-A7F9-4D1F6A1C2E8C}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
SERVER
Windows IP Configuration
   Host Name . . . . . . . . . . . . : IMS
   Primary Dns Suffix . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
PPP adapter RAS Server (Dial In) Interface:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.16.128.65
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client)
   Physical Address. . . . . . . . . : 00-10-18-8D-BC-42
Ethernet adapter Local Area Connection 2:
   Media State . . . . . . . . . . . : Media disconnected
   Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client) #2
   Physical Address. . . . . . . . . : 00-10-18-8D-BC-40
Ethernet adapter Local Area Connection 4:
   Media State . . . . . . . . . . . : Media disconnected
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS
VBD Client)
   Physical Address. . . . . . . . . : 84-2B-2B-68-6A-FA
Ethernet adapter Local Area Connection 3:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS
VBD Client) #2
   Physical Address. . . . . . . . . : 84-2B-2B-68-6A-F9
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.16.128.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.16.128.254
   DNS Servers . . . . . . . . . . . : 172.16.128.254
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Disabled

Cannot ping VIP in One-Arm mode

Hello.
I can ping the ip addresses of the vlan and access via management, the real-servers are Active along with the VIP service (ie. show service-policy) but I cannot ping the VIP interface and traces do not show any traffic hitting it because the 6500 the ACE (vc4710ace-mz.A1_8_0a) is connecting to has no ARP entry for the VIP.
It's in One-Arm mode; one gig-link to core, vlan 141.
I've attached the config.
Anyone got any ideas what I'm missing, please?

Hi,
the default gateway of your servers is the upstream router.
Have a look at following link: http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_One_Arm_Mode_with_Source_NAT_on_the_Cisco_Application_Control_Engine_Configuration_Example
Nevermind the picture, it should look more like this: http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Using_an_Existing_Chained_Certificate_and_Key_in_One_Arm_Mode_Configuration_Example
HTH,
Dario

Cannot ping IAS RADIUS from WLC 2504

I'm having some weird issues where I cannot ping from the WLC to the IAS RADIUS server. All of my clients cannot connect, but from the switch, router, RADIUS server, and hard wired clients, I can ping to the WLC and RADIUS server. The only thing that cannot ping the RADIUS server is the WLC itself. Nothing in the FW is blocking connectivity. Any ideas?
(Cisco Controller) >show radius summ
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Disabled
Keywrap.......................................... Disabled
Fallback Test:
    Test Mode.................................... Off
    Probe User Name.............................. cisco-probe
    Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ none
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address    Port    State     Tout RFC3576 IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr
1    NM    10.10.50.63       1645    Enabled   5     Enabled   Disabled - none/unknown/group-0/0 none/none
2    NM    10.10.50.130      1645    Enabled   5     Enabled   Disabled - none/unknown/group-0/0 none/none
Accounting Servers
Idx Type Server Address    Port    State     Tout RFC3576 IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr
1      N     10.10.50.63       1646    Enabled   5     N/A       Disabled - none/unknown/group-0/0 none/none
2      N     10.10.50.130      1646    Enabled   5     N/A       Disabled - none/unknown/group-0/0 none/none

It's in the arp cache through the default router
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... d0:c2:82:df:5b:c0
IP Address....................................... 10.30.72.250
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.30.72.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.10.10.65
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Disabled
(Cisco Controller) >show arp switch
Number of arp entries................................ 19
    MAC Address        IP Address     Port   VLAN   Type
50:57:A8:D6:DE:C0   10.10.19.1       1      5      Host
50:57:A8:D6:DE:C0   10.10.20.138     1      5      Host
50:57:A8:D6:DE:C0   10.10.50.63      1      5      Host
64:00:F1:08:A0:D0   10.30.72.1       1      0      Host
50:57:A8:9E:B5:CD   10.30.72.40      1      0      Host
50:57:A8:A1:7B:C5   10.30.72.44      1      0      Host
50:57:A8:9E:99:78   10.30.72.48      1      0      Host
50:57:A8:3B:66:E3   10.30.72.49      1      0      Host
00:07:7D:43:23:DA   10.30.72.58      1      0      Host
50:57:A8:9E:B6:1D   10.30.72.59      1      0      Host
50:57:A8:9E:95:C5   10.30.72.60      1      0      Host
50:57:A8:A1:7C:0D   10.30.72.61      1      0      Host
00:07:7D:65:36:DD   10.30.72.62      1      0      Host
50:57:A8:44:57:0C   10.30.72.63      1      0      Host
50:57:A8:CA:CC:01   10.30.72.64      1      0      Host

Cannot ping by name

I have one system on my network that cannot ping any workstations or servers by name but can ping by IP Address. I get error Ping request could not find host tt-data. Please check the name and try again.
I tried the following troubleshooting steps but nothing fixed it
-Tried a static ip and dns address
-Added an entry in the host file and tried to ping the server name and it failed as I got same error as above
-Reinstalled network card driver as well as updated it
-Did an ipconfig /flushdns and ipconfig /registerdns
-Stop and Started Browser, Computer and DNS Client services
-Rebooted pc multiple times
-No errors in application or system logs
-Windows firewall service started but all profiles disabled
-Stopped windows firewall
-Cannot ping localhost
-netsh interface ipv4 reset
I am not sure what the issue is as I am stumpped as DNS is clearly not working but I do not understand why the host file entries are not working either when you ping by name but IP Addresses work fine. All other workstations work fine so it has to be something
on this machine.
Any assistance would be greatly appreciated.

Well you might follow the steps on this article to reset TCP/IP on the host, otherwise I am stumped.
http://support.microsoft.com/kb/299357
Use a manual method to reset TCP/IP for Windows Vista and Windows 7
Note This section is intended for advanced computer users. If you are not comfortable with advanced troubleshooting, ask someone for help or contact Support. For information about how to contact Support, see the Microsoft Help and Support contact information
Web site:
http://support.microsoft.com/contactus
The reset command is available in the IP context of the NetShell utility. Follow these steps to use the reset command to reset TCP/IP manually:
To open a command prompt, click Start and then type CMD in the Search programs and files.
Right-click CMD.exe icon in Programs and choose Run as administrator.
When the User Account Control box pop up, click Yes.
At the command prompt, copy and paste (or type) the following command and then press ENTER:
netsh int ip reset c:\resetlog.txt
Note If you do not want to specify a directory path for the log file, use the following command:
netsh int ip reset resetlog.txt
Reboot the computer.
When you run the reset command, it rewrites two registry keys that are used by TCP/IP. This has the same result as removing and reinstalling the protocol. The reset command rewrites the following two registry keys:
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
SYSTEM\CurrentControlSet\Services\DHCP\Parameters\
To run the manual command successfully, you must specify a file name for the log, in which the actions that netsh takes will be recorded. When you run the manual command, TCP/IP is reset and the actions that were taken are recorded in the log file, known as
resetlog.txt in this article.
The first example, c:\resetlog.txt, creates a path where the log will reside. The second example, resetlog.txt, creates the log file in the current directory. In either case, if the specified log file already exists, the new log will be appended to the end
of the existing file.

Cannot ping the gateway

Hi
Network:
One firewall where the IP address is the gateway for all the internal computers and server
From one if the internal computers I can ping the the gateway
From the server I can ping all the internal computers but I cannot ping the gateway
On the server I can ping:
- 127.0.0.1,
- the IP address on the server
- All the internal computers
A hint would be nice
Best Regards
John B

Arp -a
Interface: 10.0.0.2 on Interface 0x1000003
Internet Address      Physical Address      Type
10.0.0.1              10-7b-ef-3a-58-09     dynamic
10.0.0.26             00-01-e6-b4-e1-fe     dynamic
Ipconfig /all
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : krogh01
Primary DNS Suffix . . . . . . . : Krogh.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Krogh.local
Ethernet adapter Inside:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7760 Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-0B-CD-1C-7C-D9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.2
                                     212.242.40.3
                                     212.242.40.51
Ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.0.0.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
Ping 10.0.0.26
Pinging 10.0.0.26 with 32 bytes of data:
Reply from 10.0.0.26: bytes=32 time=1ms TTL=64
Reply from 10.0.0.26: bytes=32 time<10ms TTL=64
Reply from 10.0.0.26: bytes=32 time<10ms TTL=64
Reply from 10.0.0.26: bytes=32 time<10ms TTL=64
Ping statistics for 10.0.0.26:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms
I can ping every computer on internal network without any problems, it is only the gateway I have problem with.
I have now made a ping session from a computer on the internal network:
Microsoft Windows [version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle rettigheder forbeholdes.
C:\Users\lh>ipconfig /all
Windows IP-konfiguration
   Værtsnavn. . . . . . . . . . . . . . . . . . : NUC-lone
   Primært DNS-suffiks. . . . . . . . . . . . . : Krogh.local
   Nodetype . . . . . . . . . . . . . . . . . . : Hybrid
   IP-routing aktiveret . . . . . . . . . . . . : Nej
   WINS-proxy aktiveret . . . . . . . . . . . . : Nej
   Søgeliste for DNS-suffiks. . . . . . . . . . : Krogh.local
Ethernet-netværkskort LAN-forbindelse:
   Forbindelsesspecifikt DNS-suffiks. . . . . . :
   Beskrivelse. . . . . . . . . . . . . . . . . : Intel(R) Ethernet Connection I
218-V
   Fysisk adresse . . . . . . . . . . . . . . . : C0-3F-D5-61-7A-3A
   DHCP aktiveret . . . . . . . . . . . . . . . : Ja
   Automatisk konfiguration aktiveret . . . . . : Ja
   Link-local-IPv6-adresse . . . . . : fe80::5c7a:dcbe:f8:7de7%11(Foretrukken)
   IPv4-adresse . . . . . . . . . . . . . . . . : 10.0.0.113(Foretrukken)
   Undernetmaske. . . . . . . . . . . . . . . . : 255.255.255.0
   Rettigheden opnået . . . . . . . . . . . . . : 12. december 2014 03:15:59
   Rettigheden udløber. . . . . . . . . . . . . : 19. december 2014 08:05:30
   Standardgateway. . . . . . . . . . . . . . . : 10.0.0.1
   DHCP-server. . . . . . . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 247480277
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-40-6D-C9-C0-3F-D5-61-7A-3A
   DNS-servere. . . . . . . . . . . . . . . . . : 10.0.0.2
212.242.40.3
212.242.40.51
   NetBIOS over Tcpip . . . . . . . . . . . . . : Aktiveret
Tunnel-netværkskort isatap.{B46FAFD6-A60A-48D9-967D-4081FAE7F6AE}:
   Medietilstand. . . . . . . . . . . . . . . . : Mediet afbrudt
   Forbindelsesspecifikt DNS-suffiks. . . . . . :
   Beskrivelse. . . . . . . . . . . . . . . . . : Microsoft ISATAP-netværkskort
   Fysisk adresse . . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiveret . . . . . . . . . . . . . . . : Nej
   Automatisk konfiguration aktiveret . . . . . : Ja
Tunnel-netværkskort Teredo Tunneling Pseudo-Interface:
   Medietilstand. . . . . . . . . . . . . . . . : Mediet afbrudt
   Forbindelsesspecifikt DNS-suffiks. . . . . . :
   Beskrivelse. . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interf
ace
   Fysisk adresse . . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiveret . . . . . . . . . . . . . . . : Nej
   Automatisk konfiguration aktiveret . . . . . : Ja
C:\Users\lh>ping 10.0.0.1
Pinger 10.0.0.1 med 32 byte data:
Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
Ping-statistikker for 10.0.0.1:
    Pakker: Sendt = 4, modtaget = 4, tabt = 0 (0% tab),
Beregnet tid for rundtur i millisekunder:
    Minimum = 1ms, Maksimum = 1ms, Gennemsnitlig = 1ms
C:\Users\lh>
A hint would be nice :-)
Best Regards
John B

Intervlan Routing Issues - Cannot Ping

I'm at a loss here folks and really need some help.
Looking for some obvious things I may be overseeing? Here is the situation quite simply. Turning up a new site in Mexico to connect to our network. They have their own carrier, modem, and we use one switch and a Sonicwall TZ215 with vpn tunnel. I configured it all in the US here and shipped it down there with a console cable. Now I'm finishing up some additional config. I'll post the config below.
Physical Layout:
Sonicwall XO --> Port 24 on Cisco 2960-X
Avaya IP Appliance --> Port 22 on Cisco 2960-X
Test Laptop --> Port 2 on Cisco 2960-X
I had them down there plug in the Avaya (10.30.21.253) to port 22 because I need to access it and check its config. The problem is, I can ping that IP from the switch itself, but from my laptop I can't ping it. Nor can I ping it over the WAN here in the US. The screwed up part is I can ping that gateway fine from any node on the network (10.30.21.254). I can also ping any of the vlan gateways ending in .245 on the switch. The tunnel networks work fine.
Now..if I put my laptop on vlan 121, I can ping the avaya appliance just fine. On the vlan111 network, I cannot. IP routing is enabled. I've also got the correct return route configured on the sonicwall (if that matters in this test scenario)
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SWMEXICO
boot-start-marker
boot-end-marker
enable secret 5
no aaa new-model
clock timezone UTC -6 0
clock summer-time UTC recurring
switch 1 provision ws-c2960x-24ps-l
ip routing
ip dhcp excluded-address 10.30.11.1 10.30.11.10
ip dhcp excluded-address 10.30.21.250 10.30.21.253
ip dhcp pool PC's
network 10.30.11.0 255.255.255.0
default-router 10.30.11.254
dns-server 200.33.148.202 200.33.148.196
lease 6
ip dhcp pool Phones
network 10.30.21.0 255.255.255.0
default-router 10.30.21.254
option 176 ascii "mcipadd=10.30.21.253,mcport=1719,tftpsrvr=10.30.21.253"
lease 6
vtp mode transparent
crypto pki trustpoint TP-self-signed-768520448
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-768520448
revocation-check none
rsakeypair TP-self-signed-768520448
crypto pki certificate chain TP-self-signed-768520448
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37363835 32303434 38301E17 0D313530 32303330 39303833
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3736 38353230
34343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BBC0766E B4096302 C78534E0 B696E915 E16F419D 87089157 FD46E78D A024F11A
4B1F887B AB5907A7 36E924C2 D82B0992 0FE5E50D F924CBE3 00CC022C 5FB171BF
44333CD4 294CB9B6 CB817BAF 96319C2D F39A0862 587B2D93 D0FE1164 803AEBA5
E6272B11 205E7B9B 4966617F D3C85B85 1AE6A4B8 5F4AB109 EE588E95 D1F9838B
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 1680141A 266167F1 91A7542E 44F9E2C8 EE876903 9EAB1330 1D060355
1D0E0416 04141A26 6167F191 A7542E44 F9E2C8EE 8769039E AB13300D 06092A86
4886F70D 01010505 00038181 00B1B665 621AD0DA D837ED5F 95B58666 3FBF57F9
FFE660DE 3CD3332B 666B3445 1657898A E733D56F 18A93549 73F4CFD4 B6EA6A0C
E89EF404 4BDA652D 103DFA54 527A31A8 0DC44B59 1E3F61EA 55912C4C ECB24619
BD56A7EA 97A82939 7CFA329A BD72CA6B 1865DE28 FD511C8D 57574351 F53772B7
8B3A39DF 4A5690A1 DCAEA37B AF
quit
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 30
name Servers
vlan 99
name Sonicwall
vlan 101
name Management
vlan 111
name PC's
vlan 121
name Phones
vlan 145
name Printers
interface FastEthernet0
no ip address
no ip route-cache
interface GigabitEthernet1/0/1
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/2
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/3
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/4
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/5
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/6
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/7
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/8
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/9
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/10
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/11
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/12
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/13
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/14
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/15
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/16
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/17
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/18
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/19
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/20
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/21
switchport access vlan 111
switchport mode access
switchport voice vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/22
description Avaya IP04
switchport access vlan 121
spanning-tree portfast
interface GigabitEthernet1/0/23
description Server
switchport access vlan 30
switchport mode access
spanning-tree portfast
interface GigabitEthernet1/0/24
description Link to Sonicwall
switchport trunk native vlan 99
switchport trunk allowed vlan 30,99,101,111,121,145
switchport mode trunk
interface GigabitEthernet1/0/25
interface GigabitEthernet1/0/26
interface GigabitEthernet1/0/27
interface GigabitEthernet1/0/28
interface Vlan1
no ip address
shutdown
interface Vlan30
description Servers
ip address 10.30.0.254 255.255.255.0
interface Vlan99
description Sonicwall
ip address 10.30.99.253 255.255.255.0
interface Vlan101
description Management
ip address 10.30.1.254 255.255.255.0
interface Vlan111
description PC's
ip address 10.30.11.254 255.255.255.0
interface Vlan121
description Phones
ip address 10.30.21.254 255.255.255.0
interface Vlan145
description Printers
ip address 10.30.45.254 255.255.255.0
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.30.99.254
*********************************************************^C
line con 0
line vty 0 4
password
login
line vty 5 15
login
end
SWMEXICO#
Also, on the side, when I ping from a host for example, how does the traffic go..does it goto the sonicwall first because of the ip route statement, then the sonicwall returns the traffic back to the switch and the ping traffic to the host? Or does local traffic not even traverse the sonicwall

Hey Jon,
Here is the sh int vlan121 that you asked about.
SWME01#sh ip interface vlan 121
Vlan121 is up, line protocol is up
Internet address is 10.30.21.254/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
Output features: Input interface drop, Check hwidb
SWME01#

Cisco ASA 5505 Cannot ping local traffic and local hosts cannot get out

I have, what I believe to be, a simple issue - I must be missing something.
Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209).
There is a PC (10.51.253.210) plugged into e0/1.
I know the PC is configured correctly with Windows firewall tuned off.
The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.
I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue.
Basically, the VPN is up and running but PC 10.51.253.210 cannot get out.
Any ideas? Sanitized Config is below. Thanks !
ASA Version 7.2(4)
hostname *****
domain-name *****
enable password N7FecZuSHJlVZC2P encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif Inside
security-level 100
ip address 10.51.253.209 255.255.255.248
interface Vlan2
nameif Outside
security-level 0
ip address ***** 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
ftp mode passive
dns server-group DefaultDNS
domain-name *****
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.1.7.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.10.250
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.200
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.9
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.14
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.15
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.16
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.1.9.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.10.9.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 ***** 255.255.255.240
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.1.7.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.10.250
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.200
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.9
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.14
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.15
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.16
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.1.9.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.10.9.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 ***** 255.255.255.240
pager lines 24
mtu Outside 1500
mtu Inside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
no asdm history enable
arp timeout 14400
global (Outside) 1 interface
nat (Inside) 0 access-list No_NAT
route Outside 0.0.0.0 0.0.0.0 ***** 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
http server enable
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set DPS_Set esp-3des esp-md5-hmac
crypto map DPS_Map 10 match address Outside_VPN
crypto map DPS_Map 10 set peer *****
crypto map DPS_Map 10 set transform-set *****
crypto map DPS_Map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Outside
ssh timeout 60
console timeout 0
management-access Inside
username test password P4ttSyrm33SV8TYp encrypted
tunnel-group ***** type ipsec-l2l
tunnel-group ***** ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8d0adca63eab6c6c738cc4ab432f609d
: end
1500

Hi Martin,
Which way you are trying. Sending traffic via site to site is not working or traffic which you generate to outside world is not working?
But you say ASA connected interface to PC itself is not pinging that is strange. But try setting up the specific rules for the outgoing connection and check. Instead of not having any ACL.
If it is outside world the you may need to check on the NAT rules which is not correct.
If it is site to site then you may need to check few other things.
Please do rate for the helpful posts.
By
Karthik

ASA 5505 8.2 - SSL VPN - Cannot Ping inside host's

Hello All,
I'm an ASA Newb.
I feel like I have tried everything posted and still no success.
PROBLEM: When connected to the SSL VPN I cannot ping any internal host's. I cannot ping anything on this inside?
Result of the command: "show running-config"
: Saved
ASA Version 8.2(5)
hostname MCASA01
domain-name mydomain.org
enable password xxbtzv6P4Hqevn4N encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.2.0 VLAN
name 192.168.5.0 VPNPOOL
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 3
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ddns update hostname MC_DNS
dhcp client update dns server both
ip address 192.168.1.1 255.255.255.0
interface Vlan2
no forward interface Vlan1
nameif outside
security-level 0
ip address 11.11.11.202 255.255.255.252
interface Vlan3
no nameif
security-level 50
ip address 192.168.2.1 255.255.255.0
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name mydomain.org
access-list SPLIT-TUNNEL standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNPOOL 192.168.5.1-192.168.5.10 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 74.7.217.201 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
http authentication-certificate inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=vpn.mydomain.org,OU=IT,O="mydomain",C=US,St=CA,L=Chino
keypair digicert.key
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 00b63edadf5efa057ea49da56b179132e8
    3082051c 30820404 a0030201 02021100 b63edadf 5efa057e a49da56b 179132e8
    300d0609 2a864886 f70d0101 05050030 72310b30 09060355 04061302 4742311b
    30190603 55040813 12477265 61746572 204d616e 63686573 74657231 10300e06
    03550407 13075361 6c666f72 64311a30 18060355 040a1311 434f4d4f 444f2043
    41204c69 6d697465 64311830 16060355 0403130f 45737365 6e746961 6c53534c
    20434130 1e170d31 33313130 35303030 3030305a 170d3134 30323033 32333539
    35395a30 52312130 1f060355 040b1318 446f6d61 696e2043 6f6e7472 6f6c2056
    616c6964 61746564 3111300f 06035504 0b130846 72656520 53534c31 1a301806
    03550403 13117670 6e2e6d65 74726f63 656c6c2e 6f726730 82012230 0d06092a
    864886f7 0d010101 05000382 010f0030 82010a02 82010100 a0d97d51 fcd18293
    eaf8e9b2 d632b2e3 e4d92eb1 5b639766 52677a26 2aa7d09d 437be3b6 dfb8649c
    4d715278 e1745955 27e8aab2 9c9da997 694a73e8 c1c426f3 a519adba acc2ad94
    aa0e09af 6db7bfc6 bad90bf2 b057dc56 c69a4276 1b826c83 6cd7ae09 af39bd7d
    4abe60b4 9b04613a 287a1ae6 9d117d05 c7cdc15f 09d588b0 fcc05c47 c1cb6d67
    c3701389 d3b7691d b05ff82c b0be475d 746a4916 0bbf11a6 7ee1b7ec bd05e1d2
    dda305a6 918bfd35 17447b04 bca1e6d9 10955649 d8211878 168c4c21 279a6584
    4b560a9f 414aea15 91e21581 a71d6b98 86d9eac3 47ea3a1d a172c71a ecf77aaa
    536d73e4 bc53eb68 c7bfacdd fab87ea5 121baf55 067dbd19 02030100 01a38201
    cb308201 c7301f06 03551d23 04183016 8014dacb eaad5b08 5dccfffc 2654ce49
    e555c638 f4f8301d 0603551d 0e041604 14fabb1d f439c41f e59207c7 202c2fda
    b46bcacc ee300e06 03551d0f 0101ff04 04030205 a0300c06 03551d13 0101ff04
    02300030 34060355 1d25042d 302b0608 2b060105 05070301 06082b06 01050507
    0302060a 2b060104 0182370a 03030609 60864801 86f84204 01304f06 03551d20
    04483046 303a060b 2b060104 01b23101 02020730 2b302906 082b0601 05050702
    01161d68 74747073 3a2f2f73 65637572 652e636f 6d6f646f 2e636f6d 2f435053
    30080606 67810c01 0201303b 0603551d 1f043430 323030a0 2ea02c86 2a687474
    703a2f2f 63726c2e 636f6d6f 646f6361 2e636f6d 2f457373 656e7469 616c5353
    4c43412e 63726c30 6e06082b 06010505 07010104 62306030 3806082b 06010505
    07300286 2c687474 703a2f2f 6372742e 636f6d6f 646f6361 2e636f6d 2f457373
    656e7469 616c5353 4c43415f 322e6372 74302406 082b0601 05050730 01861868
    7474703a 2f2f6f63 73702e63 6f6d6f64 6f63612e 636f6d30 33060355 1d11042c
    302a8211 76706e2e 6d657472 6f63656c 6c2e6f72 67821577 77772e76 706e2e6d
    6574726f 63656c6c 2e6f7267 300d0609 2a864886 f70d0101 05050003 82010100
    2484b72c 56161585 c9caa1a3 43cbc754 d3b43cef 7902a775 d40d064f 6918d52f
    0aaaea0c ad873124 11b68847 406812da fd0c5d71 6e110898 1ebddcab ddf980e4
    b95be4e2 0633cc23 7a4cbc27 f1f5e4e8 1de3c127 2b28a364 f1f26764 98afe871
    45547855 c0ceaf39 256f46db 4ac412a7 2b594817 a967ba5a 24986b24 57002ce4
    f046c6b3 5f7c9cc2 e6cd8ede 8fbcac60 b87fd497 71328783 8b148f7f affec249
    191c460b 3d46d352 0651f35e 96a60fbe 7b22e057 06aa7722 da447cd3 0ea72e7f
    5ec8c13c b550f502 b020efdc 35f62b89 52d7e6e3 14ade632 802dee70 1cdbf7ad
    a39a173b 916406e4 887ba623 4813b925 8a63a300 fd016981 a8d70651 a736267a
quit
no crypto isakmp nat-traversal
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside vpnclient-wins-override
dhcpd address 192.168.1.100-192.168.1.200 inside
dhcpd dns 66.180.96.12 64.238.96.12 interface inside
dhcpd lease 86400 interface inside
dhcpd ping_timeout 4000 interface inside
dhcpd domain mydomain.org interface inside
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 64.147.116.229 source outside
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy VPNGP internal
group-policy VPNGP attributes
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
username GaryC password TGbvzEO3d6HlfU66 encrypted privilege 15
username GaryC attributes
vpn-group-policy VPNGP
tunnel-group MCVPN type remote-access
tunnel-group MCVPN general-attributes
address-pool VPNPOOL
default-group-policy VPNGP
tunnel-group MCVPN webvpn-attributes
group-alias MCVPN enable
group-url https://11.11.11.202/MCVPN enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1e950c041cc2c25116d30e5c884abbfc
: end
My goal is to allow Remote Users to RDP(3389) through VPN.
Thank you,
Gary
Message was edited by: Gary Culwell

Hello Jon,
Thank you so much for your response. Clients will not be connect to a specific RDP server. I was hoping if we were to establish a VPN Client tunnel I would like that tunnel to provide full local are access. So the way the clients are used to is while in the field they use RDP to connect to their desktops on the internal LAN.
Would you say this would work:
route inside 192.168.1.0 255.255.255.0 192.168.1.1 1
Do you have examples?
Thank you,
Gary

Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host

Hi:
Need your great help for my new ASA 5505 (8.4)
I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
ASA Version 8.4(3)
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.29.8.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 177.164.222.140 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns server-group DefaultDNS
domain-name ABCtech.com
same-security-traffic permit inter-interface
object network obj_any
subnet 172.29.8.0 255.255.255.0
object service RDP
service tcp source eq 3389
object network orange
host 172.29.8.151
object network WAN_173_164_222_138
host 177.164.222.138
object service SMTP
service tcp source eq smtp
object service PPTP
service tcp source eq pptp
object service JT_WWW
service tcp source eq www
object service JT_HTTPS
service tcp source eq https
object network obj_lex
subnet 172.29.88.0 255.255.255.0
description Lexington office network
object network obj_HQ
subnet 172.29.8.0 255.255.255.0
object network guava
host 172.29.8.3
object service L2TP
service udp source eq 1701
access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended deny tcp any any eq 135
access-list inside_access_in extended deny tcp any eq 135 any
access-list inside_access_in extended deny udp any eq 135 any
access-list inside_access_in extended deny udp any any eq 135
access-list inside_access_in extended deny tcp any any eq 1591
access-list inside_access_in extended deny tcp any eq 1591 any
access-list inside_access_in extended deny udp any eq 1591 any
access-list inside_access_in extended deny udp any any eq 1591
access-list inside_access_in extended deny tcp any any eq 1214
access-list inside_access_in extended deny tcp any eq 1214 any
access-list inside_access_in extended deny udp any any eq 1214
access-list inside_access_in extended deny udp any eq 1214 any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any eq www any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
89
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
w
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
tps
access-list outside_access_in extended permit gre any host 177.164.222.138
access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
01
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit icmp any any
access-list inside_access_out extended permit ip any any
access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
.88.0 255.255.255.0
access-list inside_in extended permit icmp any any
access-list inside_in extended permit ip any any
access-list inside_in extended permit udp any any eq isakmp
access-list inside_in extended permit udp any eq isakmp any
access-list inside_in extended permit udp any any
access-list inside_in extended permit tcp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat (inside,outside) source static orange interface service RDP RDP
nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
lex route-lookup
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
WW
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
_HTTPS
nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Guava protocol nt
aaa-server Guava (inside) host 172.29.8.3
timeout 15
nt-auth-domain-controller guava
user-identity default-domain LOCAL
http server enable
http 172.29.8.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 173.190.123.138
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 172.29.8.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside vpnclient-wins-override
dhcprelay server 172.29.8.3 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
group-policy ABCtech_VPN internal
group-policy ABCtech_VPN attributes
dns-server value 172.29.8.3
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Tunnel_User
default-domain value ABCtech.local
group-policy GroupPolicy_10.8.8.1 internal
group-policy GroupPolicy_10.8.8.1 attributes
vpn-tunnel-protocol ikev1 ikev2
username who password eicyrfJBrqOaxQvS encrypted
tunnel-group 10.8.8.1 type ipsec-l2l
tunnel-group 10.8.8.1 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 10.8.8.1 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
tunnel-group ABCtech type remote-access
tunnel-group ABCtech general-attributes
address-pool ABC_HQVPN_DHCP
authentication-server-group Guava
default-group-policy ABCtech_VPN
tunnel-group ABCtech ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 173.190.123.138 type ipsec-l2l
tunnel-group 173.190.123.138 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 173.190.123.138 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect pptp
inspect ftp
inspect netbios
smtp-server 172.29.8.3
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:6a26676668b742900360f924b4bc80de
: end

Hello Wayne,
Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
Regards,
Julio
Security Trainer

Bringing up a third interface - cannot ping servers

Similar Messages

Maybe you are looking for