Can not ping between remote vpn site ???

Similar Messages

• Using VMware Not ping between two nodes.

  Dear All,
  I am installing the Linux and Installing the RAC using VMWare. Shared disk and all things were done. But not ping between the two nodes.
  Regards
  Prasannavenkatesh.K

  I have previously made entry in /etc/hosts file.
  now i am able to ping all the nodes no problem
  thnks
  now i have a problem in installing oracle crs in RAC1
  I login to RAC1 as the oracle user and start the Oracle CRS installer
  and while the specify the cluster configuration screen, i came across the error
  "The installer has detected the existence of 10g oracle
  clusterware on the remote node rac2 however, 10g oracle doesn't exist in the local node If
  u wish to upgrade and existing 10g release 2 ,then u must start the installer on a mode "
  thnks in anticipation
  prassana

• Can not ping one of the IP in DMZ3(VLAN4) but can ping IP in DMZ2(VLAN2)

                    Any expert advise please.
  There are three DMZ in datacentre firewall (5510)..dmz1 and 2 and 3
  Here is the thing between Data centre and our office network.(firewall 5510)
  I logged in one of our machine Domaincontroller (10.102.28.53) in office network I can ping IP: 10.1.2.52 (VLAN2-DMZ2) in datacentre.
  I can not ping 192.168.4.230 (vlan4 dmz3) in datacentre from this machine 10.102.28.53
  Thanks.

  make sure that the the firmware version of your router is the updated one.It should be firmware version:1.50.9.you can go to www.linksys.com/download and look for wrt54gs v6-->click downloads for this product-->click firmware-click download firmware and save it on your desktop...you can also go to linksys.com/kb and search for upgrade firmware and it will give you the steps on how to upgrade the firmware of your router.
  Hope it helps!!

• Once I'm in a site I can not open anything in that site, Such as paying a credit card was able to click on the calendar & pick a date, now all I get when I click on the calendar is a blank page.

  Everything works great with Internet Explore So I know the problem is FFox. Going on for about 2 weeks now. For example trying to make a calendar with shutterfly. Once I click on upload, to find my photos I get a blank page, Banking site, click on the a check # was able to see the pd check front & back now all I get is a blank page. Can not open anything within a site. Already made sure Java & Adobe Flash is up to date.

  Hi There Linc Davis,
  Wow, you are the best.
  Yip this is what the website looks like. Great job Linc Davis.
  Not surprised that the "Shop" tab is missing. Darn.
  Well can you try to access it's "sister" website: astralmusic.com and astralmusicshop.com?
  Since you are awesome with the "Flash" can you investigate if this website has a issue withis this "Flash" too?
  Please Linc Davis

• Good afternoon! We purchased the product Adobe master collection 5.5 AOO Litsense RU. Distribyutiv program has been lost, and now we can not find it on the site. There we find different versions of the program other than Russian. Please tell me where to d

  Good afternoon! We purchased the product Adobe master collection 5.5 AOO Litsense RU. Distribyutiv program has been lost, and now we can not find it on the site. There we find different versions of the program other than Russian. Please tell me where to download it?

  Voronello volume license installation files are available under the end user or deploy to account at https://licensing.adobe.com/.

• Can not ping oracle linux vm in Virtual Box from my host

  Hy
  I have setup oracle linux 7 on virtual box including vboxadditions.
  But I can not ping this maschine from outside ( it works for my other vm oel 5.8 )
  I did systemctl stop filewall.service
  Here my Network konfiguration inside my oel7 vm:
  /etc/sysconfig/network-scripts/ifcfg-enp0s8
  TYPE=Ethernet
  BOOTPROTO=none
  DEFROUTE=yes
  IPV4_FAILURE_FATAL=no
  IPV6INIT=no
  IPV6_AUTOCONF=yes
  IPV6_DEFROUTE=yes
  IPV6_FAILURE_FATAL=no
  NAME=public
  UUID=388ee413-55e9-45e1-be1d-4f5eedc402f3
  ONBOOT=yes
  IPADDR0=10.20.50.101
  PREFIX0=24
  IPV6_PEERDNS=yes
  IPV6_PEERROUTES=yes
  HWADDR=08:00:27:5F:87:91
  Can anyone help?
  Thanks
  Peter Schlaeger

  Hi,
  Before discussing the network configuration of Oracle Linux 7 (By the way; it seams correct), lets talk about the VirtualBox network configuration, So the Network adapter of your VM can be attached to {NAT, Bridged Adapter, Internal Network, Host-only Adapter, ...}, what is the Adapter attached to your NIC?
  Make sure the Network Adapter is the same as the your other VM (OL 5.8).
  Best regards

• Can not ping internal network from ASA

  I can not ping internal computer from ASA. Comp IP address 192.168.187.15, gateway is 192.168.187.14 which is ASA internal interface. I've got an IP Phone connected to the same ASA with Ip address 192.168.185.15 and internal ASA interface 192.168.185.14 and everything works fine. We are doing testing, do not be surprised of configuration.
  ASA Version 8.2(1)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  dns-guard
  interface GigabitEthernet0/0
  nameif ouside3
  security-level 0
  ip address 10.254.17.25 255.255.255.248
  interface GigabitEthernet0/1
  nameif outside
  security-level 0
  ip address 10.254.17.9 255.255.255.248
  interface GigabitEthernet0/2
  nameif Lan
  security-level 100
  ip address 192.168.185.14 255.255.255.0
  interface GigabitEthernet0/3
  nameif comp
  security-level 50
  ip address 192.168.187.14 255.255.255.0
  interface Management0/0
  nameif management
  security-level 100
  no ip address
  management-only
  boot system disk0:/asa821-k8.bin
  ftp mode passive
  access-list 110 extended permit ip any any
  access-list nat extended permit ip any any
  access-list allow_ping extended permit icmp any any echo-reply
  access-list allow_ping extended permit icmp any any source-quench
  access-list allow_ping extended permit icmp any any unreachable
  access-list allow_ping extended permit icmp any any time-exceeded
  access-list allow_ping extended permit udp any any eq isakmp
  access-list allow_ping extended permit esp any any
  access-list allow_ping extended permit ah any any
  access-list allow_ping extended permit gre any any
  access-list nonat extended permit ip any any
  access-list nat2 extended permit ip any any
  access-list nonat2 extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu ouside3 1500
  mtu outside 1500
  mtu Lan 1500
  mtu comp 1500
  mtu management 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (Lan) 0 access-list nonat
  nat (Lan) 1 access-list nat
  nat (comp) 0 access-list nonat
  nat (comp) 1 access-list nat
  access-group allow_ping in interface outside
  router eigrp 2008
  neighbor 10.254.17.10 interface outside
  network 10.254.17.8 255.255.255.248
  network 192.168.185.0 255.255.255.0
  network 192.168.187.0 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 10.254.17.10 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 management
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set myset esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map mymap 10 match address 110
  crypto map mymap 10 set peer 10.254.17.10
  crypto map mymap 10 set transform-set myset
  crypto map mymap interface outside
  crypto map mymap2 20 match address 110
  crypto map mymap2 20 set peer 10.254.17.18
  crypto map mymap2 20 set transform-set myset
  crypto map mymap2 interface comp
  crypto map mymap3 30 match address 110
  crypto map mymap3 30 set peer 10.254.17.26
  crypto map mymap3 30 set transform-set myset
  crypto map mymap3 interface ouside3
  crypto isakmp identity address
  crypto isakmp enable ouside3
  crypto isakmp enable outside
  crypto isakmp enable comp
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 28800
  no crypto isakmp nat-traversal
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  priority-queue outside
  threat-detection basic-threat

  This is what I get, looks like ASA does not reply. Why?
  ciscoasa# sh capture cpi
  5 packets captured
  1: 05:20:14.494908 192.168.187.15 > 192.168.187.14: icmp: echo request
  2: 05:20:19.526935 192.168.187.15 > 192.168.187.14: icmp: echo request
  3: 05:20:25.026320 192.168.187.15 > 192.168.187.14: icmp: echo request
  4: 05:20:30.525699 192.168.187.15 > 192.168.187.14: icmp: echo request
  5: 05:20:36.025084 192.168.187.15 > 192.168.187.14: icmp: echo request

• I can not iMessage between my iPad and iphone

  I have iPad 2 and iPhone 4 and I can not iMessage between them

  First off, have you updated your software to the latest version (iOs5)?  If so, compose a new message from your phone with the recipient being your apple id (email address).  Try sending that and see if it shows up on your ipad. 

• I can Ping FW inside interface but can not connect to remote resources

  dear all
  i configer my asa 5520 through ASDM to enable VPN Connection , i follow the cisco steps and it works fine and the anyconnect version 3.1 in Windows 8 - one day troubleshoot for this point only - can connect and have an IP address from the range , but i have something wrong in NAT may be because all guides talking about old ASDM ( NAT Exempt) but i am confeused to apply it on the new ASDM.
  i can ping the inside interface  from my labtop which using anyconnect , but i can not access anything else inside my network
  Please anyone has a solution , please describe it using ASDM , thanks for help
  This is my configuration
  interface GigabitEthernet0/1
  description
  nameif SRV_ZONE
  security-level 50
  ip address 192.168.1.1 255.255.255.0
  interface GigabitEthernet0/2
  description
  nameif TRUST_ZONE
  security-level 100
  ip address 172.17.200.1 255.255.255.0
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif MGMT
  security-level 0
  ip address 10.10.10.1 255.255.255.0
  dns server-group DefaultDNS
  domain-name xxx.xxx.xxx
  object network obj-192.168.1.11
  host 192.168.1.11
  object network obj-xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object service obj-tcp-source-eq-25
  service tcp source eq smtp
  object network obj-192.168.1.12
  host 192.168.1.12
  object network obj-xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object network obj-192.168.1.0
  subnet 192.168.1.0 255.255.255.0
  object service obj-tcp-eq-25
  service tcp destination eq smtp
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network obj-0.0.0.0
  host 0.0.0.0
  object network obj_any-01
  subnet 0.0.0.0 0.0.0.0
  object network obj-172.17.8.8
  host 172.17.8.8
  object network obj-172.17.0.0
  subnet 172.17.0.0 255.255.0.0
  object network obj_any-02
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-03
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-04
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-05
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-06
  subnet 0.0.0.0 0.0.0.0
  object network obj.172.17.8.115
  host 172.17.8.115
  object network obj.xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object service http
  service tcp source eq www destination eq www
  object network obj.xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object service https
  service tcp source eq https destination eq https
  object service newservice
  service tcp source eq pop3 destination eq pop3
  object network mail
  host 172.17.8.8
  description mail     
  object network 192.168.1.11
  host 192.168.1.11
  description smtp     
  object service smtpnew
  service tcp source eq 587 destination eq 587
  object network VPN_RANGE
  description VPN ACCESS RANGE  
  object network VPN_PoOL
  subnet 172.17.16.0 255.255.255.0
  description vpn
  object-group network DM_INLINE_NETWORK_1
  network-object host 192.168.1.11
  network-object host 192.168.1.12
  object-group network Eighth_Floor
  network-object 172.17.8.0 255.255.255.0
  object-group service WEB_SERVICES
  service-object tcp destination eq www
  object-group network ENT_SERVERS
  network-object host 192.168.1.11
  network-object host 192.168.1.1
  object-group network DM_INLINE_NETWORK_2
  network-object 172.17.200.0 255.255.255.0
  network-object 172.17.8.0 255.255.255.0
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq www
  port-object eq https
  port-object eq smtp
  object-group service web tcp
  port-object eq www
  port-object eq xxx
  port-object eq ftp
  port-object eq xxx
  port-object eq xxx
  object-group service xxx_Web_and_Email
  service-object object http
  service-object tcp destination eq pop3
  service-object tcp destination eq smtp
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object udp
  protocol-object tcp
  object-group protocol DM_INLINE_PROTOCOL_2
  protocol-object ip
  object-group protocol DM_INLINE_PROTOCOL_3
  protocol-object ip
  access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 172.17.0.0 255.255.0.0
  access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 any
  access-list justice_splitTunnelAcl standard permit 10.100.100.0 255.255.255.0
  access-list xxx-VPN_splitTunnelAcl remark vpn
  access-list xxx-VPN_splitTunnelAcl standard permit 172.17.16.0 255.255.255.0
  access-list xxx-VPN_splitTunnelAcl standard permit any
  access-list cap extended permit tcp any host xxx.xxx.xxx.xxx eq smtp log
  access-list cap1 extended permit tcp host 192.168.1.11 any eq smtp
  access-list SRV_ZONE_nat_outbound extended permit tcp 192.168.1.0 255.255.255.0 any eq smtp
  access-list SRV_ZONE_nat_outbound extended permit ip host 192.168.1.11 any
  access-list TRUST_ZONE_access_in extended permit ip host 172.17.88.108 any
  access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_2 10.10.3.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.10.50.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit ip 172.17.8.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit ip 172.17.200.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit ip 172.17.0.0 255.255.0.0 host 192.168.1.12
  access-list TRUST_ZONE_cryptomap extended permit ip xxx.xxx.xxx.xxx 255.255.255.248 any
  access-list outside_access_in extended permit tcp any host 192.168.1.11 eq smtp
  access-list outside_access_in extended permit tcp any host 172.17.8.8 eq www
  access-list outside_access_in extended permit tcp any host 192.168.1.12 object-group web
  access-list outside_access_in extended permit tcp any host 172.17.8.8 eq pop3
  access-list outside_access_in extended permit ip 172.17.16.0 255.255.255.0 any inactive
  access-list vpn remark vpn
  access-list vpn standard permit 172.17.16.0 255.255.255.0
  pager lines 24
  logging enable
  logging trap informational
  logging asdm informational
  logging host TRUST_ZONE 172.17.8.100
  mtu INT_ZONE 1500
  mtu SRV_ZONE 1500
  mtu TRUST_ZONE 1500
  mtu MGMT 1500
  ip local pool VPN_POOL 172.17.16.100-172.17.16.254 mask 255.255.255.0
  ip verify reverse-path interface INT_ZONE
  ip verify reverse-path interface SRV_ZONE
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any SRV_ZONE
  icmp permit any TRUST_ZONE
  asdm image disk0:/asdm-635.bin
  no asdm history enable
  arp timeout 14400
  nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.11 obj-xxx.xxx.xxx.xxx service any obj-tcp-source-eq-25
  nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.12 obj-xxx.xxx.xxx.xxx
  nat (SRV_ZONE,INT_ZONE) source dynamic obj-192.168.1.0 interface service obj-tcp-eq-25 obj-tcp-eq-25
  nat (INT_ZONE,SRV_ZONE) source static any any destination static 192.168.1.11 obj-172.17.8.8 service obj-tcp-source-eq-25 obj-tcp-source-eq-25
  nat (TRUST_ZONE,INT_ZONE) source static VPN_PoOL VPN_PoOL destination static VPN_PoOL VPN_PoOL
  object network obj_any
  nat (SRV_ZONE,INT_ZONE) dynamic obj-0.0.0.0
  object network obj_any-01
  nat (SRV_ZONE,MGMT) dynamic obj-0.0.0.0
  object network obj-172.17.8.8
  nat (TRUST_ZONE,INT_ZONE) static xxx.xxx.xxx.xxx service tcp www www
  object network obj-172.17.0.0
  nat (TRUST_ZONE,SRV_ZONE) static 172.17.0.0
  object network obj_any-02
  nat (TRUST_ZONE,INT_ZONE) dynamic interface
  object network obj_any-03
  nat (TRUST_ZONE,SRV_ZONE) dynamic interface
  object network obj_any-04
  nat (TRUST_ZONE,INT_ZONE) dynamic obj-0.0.0.0
  object network obj_any-05
  nat (TRUST_ZONE,SRV_ZONE) dynamic obj-0.0.0.0
  object network obj_any-06
  nat (TRUST_ZONE,MGMT) dynamic obj-0.0.0.0
  object network obj.172.17.8.115
  nat (TRUST_ZONE,INT_ZONE) static obj.xxx.xxx.xxx.xxx service tcp www www
  object network mail
  nat (TRUST_ZONE,INT_ZONE) static obj-xxx.xxx.xxx.xxx service tcp pop3 pop3
  nat (TRUST_ZONE,INT_ZONE) after-auto source static obj-172.17.8.8 obj-xxx.xxx.xxx.xxx service https https
  access-group outside_access_in in interface INT_ZONE
  access-group DMZ_access_in in interface SRV_ZONE
  access-group TRUST_ZONE_access_in in interface TRUST_ZONE
  route INT_ZONE 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
  route TRUST_ZONE 10.10.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 10.11.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 10.12.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 10.13.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 172.17.0.0 255.255.0.0 172.17.200.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication enable console LOCAL
  aaa authentication http console LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication serial console LOCAL
  http server enable
  http 172.17.8.0 255.255.255.0 TRUST_ZONE
  http 172.17.8.155 255.255.255.255 TRUST_ZONE
  http 172.17.8.45 255.255.255.255 TRUST_ZONE
  http 10.10.10.2 255.255.255.255 MGMT
  http 192.168.1.12 255.255.255.255 SRV_ZONE
  http 0.0.0.0 0.0.0.0 INT_ZONE
  http 172.17.200.0 255.255.255.0 TRUST_ZONE
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map pol 1 match address TRUST_ZONE_cryptomap
  crypto dynamic-map pol 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map INT_ZONE_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map TRUST_ZONE_map0 1 ipsec-isakmp dynamic pol
  crypto map TRUST_ZONE_map0 interface TRUST_ZONE
  crypto map INT_ZONE_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map INT_ZONE_map0 interface INT_ZONE
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment self
  fqdn SEC-xxx-FW1
  subject-name CN=SEC-xxx-FW1
  no client-types
  proxy-ldc-issuer
  crl configure
  crypto ca trustpoint ASDM_TrustPoint1
  enrollment self
  subject-name CN=SEC-xxx-FW1
  keypair sslvpnkeypair
  crl configure
  crypto ca certificate chain ASDM_TrustPoint0
  certificate 31
      57f4e52e 6b851966 77515d62 c209a0df 1c32ce94 bb90cbce 497cfd04 6745ea85
      efb75f85 2ae1ad35 344d94ab 915e01ab d3292626 ac697a52 b4ed6632 d3ed2332 ae
    quit
  crypto ca certificate chain ASDM_TrustPoint1
  certificate e6054352
      c64f3661 30f14c3d 06b5f039 9f14560d 3b154fd1 42782268 7531689e 8e547d91
      85e88415 e326f653 74733a6c a3f5c935 f7e83f56 f6
    quit
  crypto isakmp enable INT_ZONE
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 INT_ZONE
  ssh 172.17.8.0 255.255.255.0 TRUST_ZONE
  ssh 10.10.10.2 255.255.255.255 MGMT
  ssh timeout 5
  console timeout 0
  management-access TRUST_ZONE
  vpn load-balancing
  interface lbpublic INT_ZONE
  interface lbprivate INT_ZONE
  priority-queue INT_ZONE
    tx-ring-limit 256
  threat-detection basic-threat
  threat-detection scanning-threat
  threat-detection statistics host number-of-rate 3
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl trust-point ASDM_TrustPoint1 INT_ZONE
  webvpn
  enable INT_ZONE
  svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
  svc enable
  tunnel-group-list enable
  group-policy xxx-VPN internal
  group-policy xxx-VPN attributes
  dns-server value xx.xx.xx.xx xx.xx.xx.xx
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value xxx-VPN_splitTunnelAcl
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol webvpn
  group-policy GPNEW internal
  group-policy GPNEW attributes
  dns-server value 172.17.8.41
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  default-domain value xxx.xxx.xxx
  address-pools value VPN_POOL
  username VPNAM password xxx encrypted
  username VPNAM attributes
  service-type remote-access
  vpn-group-policy xxx-VPN
  tunnel-group xxx-VPN type remote-access
  tunnel-group xxx-VPN general-attributes
  dhcp-server 172.17.8.41
  tunnel-group xxx-VPN ipsec-attributes
  pre-shared-key *****
  tunnel-group pol type ipsec-l2l
  tunnel-group pol ipsec-attributes
  pre-shared-key *****
  trust-point ASDM_TrustPoint0
  tunnel-group SSLClientProfile type remote-access
  tunnel-group SSLClientProfile general-attributes
  address-pool VPN_POOL
  default-group-policy GPNEW
  tunnel-group SSLClientProfile webvpn-attributes
  group-alias SSLVPNClient enable
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect ip-options
    inspect pptp
  service-policy global_policy global
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:78a941e3f509dec8f3570c60061eedaa
  : end

  thanks god
  i solve the problem
  the problem is in NAT
  i creat an object with the ip address host from VPN pool and name it vpn
  then i do the nat from inside to that host as the following picture...
  trust zone is the inside zone
  vpn is the outside vpn host...
  thanks and hope it helps anyone else...

• PIX 501 config - access to internal network not working from remote VPN users - everything on the inside is OK

  One other thing - I had a problem with the key pairing so I rebuilt the rsa 1024 and the unit started working. Unfortunately I reloaded without the config in place and now I cannot get it to work again. Any help will be greatly apprecaited although I did review a dozen other posts of people having similar problems and for some reason there is never any conclusion as to the solution and I am not sure why.           
  Some other info from the client end:
  I just ran the stats on the client and packets are being encrypted BUT none are decrypted.
  Also Tunnel received 0 and sent 115119
  Encryption is 168-bit 3-DES
  Authentication is HMAC-SHA1
  also even though the allow LAN is selected in the Cisco VPN client it states the local LAN is disabled in the client stats
  also Transparent tunneling is selcted but in the stats it states it is inactive
  I am connecting with the Cisco VPN Client Ver 5.0.07.0440
  This config works. It is on the internal net 192.168..40.x and all users obtain dhcp and surf the web. It has required ports opened.The problem is that you can connect remotely via the VPN and you receive an IP address from the remote-vpn pool but you cannot see any machines on the internal network. The pix is at 40.2 and you cannot ping the pix and the pix from the remote PC connecting via the VPN and youcannot ping the remote PC from the PIX console when the remote is connected and receives the first IP address in the VPN pool of 192.168.40.25
  I need to  see the internal network and map network drives. I have another friend that is running the same config and it works but his computer is on a linksys wireless and has an IP of 192.168.1.x and the IP he receives from the VPN pool is 192.168.1.25 so I do not know if the same network is allowing this config to work even if there is an error in the config. In my present case I obtain the ip of 192.168.40.25 from the VPN pool and my connecting pc on 192.168.1.x    I really am not sure how the VPN virtual adapter works. I am assuming it routes all traffic from your connecting PC to and from the virtual adapater but I really do not know for sure.
  Other people have had similar issues with accessing the internal network from the VPN. One solution was the split-tunnel, another was the natting and another had to do with the encrption where there and an issue with the encrypt and ecrypt which was stopping the communicaton via the VPN.
  I still cannot seem to find the issue with this config and any help will be greatly appreciated.
  This is the config
  interface ethernet0 100full
  interface ethernet1 100full
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  enable password somepassword
  hostname hostname
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  object-group network internal_trusted_net
    network-object 192.168.40.0 255.255.255.0
  object-group icmp-type icmp_outside
    icmp-object echo-reply
    icmp-object unreachable
    icmp-object time-exceeded
    icmp-object source-quench
  access-list OutToIn permit icmp any xxx.xxx.xxx.0 255.255.255.248 object-group icmp_outside
  access-list no_nat_inside permit ip 192.168.40.0 255.255.255.0 192.168.40.0 255.255.255.0
  access-list split_tunnel permit ip 192.168.40.0 255.255.255.0 192.168.40.0 255.255.255.0
  access-list OutToIn permit ip any any
  access-list outbound permit ip any any
  (NOTE: I had many more entries in the access list but removed them. Even with the above two allowing everything it does not work)
  pager lines 24
  mtu outside 1500
  mtu inside 1500
  ip address outside xxx.xxx.xxx.xxx 255.255.255.248
  ip address inside 192.168.40.2 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool vpn_client_pool 192.168.40.25-192.168.40.30
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  I had this statement missing from the previous posted config but even with the nat (inside) 0 access-list no_nat_inside  it still does not work.
  nat (inside) 0 access-list no_nat_inside
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  access-group acl_outside_in in interface outside
  access-group outbound in interface inside
  route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server RADIUS protocol radius
  aaa-server LOCAL protocol local
  http server enable
  http 192.168.40.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community $XXXXXX$
  no snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  crypto ipsec transform-set 3des_strong esp-3des esp-sha-hmac
  crypto dynamic-map clientmap 50 set transform-set 3des_strong
  crypto map vpn 50 ipsec-isakmp dynamic clientmap
  crypto map vpn client configuration address initiate
  crypto map vpn client configuration address respond
  crypto map vpn client authentication LOCAL
  crypto map vpn interface outside
  isakmp enable outside
  isakmp identity address
  isakmp client configuration address-pool local vpn_client_pool outside
  isakmp nat-traversal 20
  isakmp policy 10 authentication pre-share
  isakmp policy 10 encryption 3des
  isakmp policy 10 hash sha
  isakmp policy 10 group 2
  isakmp policy 10 lifetime 86400
  vpngroup remote-vpn split-tunnel split_tunnel
  vpngroup remote-vpn idle-time 10800
  vpngroup remote-vpn password ANOTHER PASSWORD
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 outside
  ssh 192.168.40.0 255.255.255.0 inside
  ssh timeout 30
  console timeout 60
  dhcpd address 192.168.40.100-192.168.40.131 inside
  dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
  dhcpd lease 3600
  dhcpd ping_timeout 750
  dhcpd enable inside
  username AUSER password PASSWORD privilege 15
  terminal width 80
  ****************** End of config
  I have been searching docs and other people's postings trying to obtain the info to make this work. It appears pretty much boiler plate but I believe my problem is in the natting. I am using a range in the internal network for the VPN pool and I have tried switching this to other networks but this has not helped. Unfortunately I have been unable to get the PDM to work and I believe this is a PC config thing and I did not want to waste the time on it. I read a post where a person using the PDM interface with the same problem (not being able to access the internal network)  was able to go to a section in the VPN wizard and set the Address Exeption Translation. They said they originally set the VPN subnet when they did not have to. Many of the other blogs I read also stated that if the natting is not proper  for the VPN pool- that it will not work but I am confused by the examples. They show as I do the complete range for an access-list called no_nat_inside but I believe it should only have the VPN pool IP range and not the entire network since the others do require natting - not sure if my thought process is correct here. Any help will be greatly apprecaited. Also this morning I just tried a boiler plate example from CISCO and it also did not do what I need for it to do. And I also connect a PC to obtain an IP to see if I can see it - no good. The PC can ping the PIX and viceversa but no one can ping the remote PC that connects via the CISCO Remote VPN client even though it receive an address from the vpnpool. Also include LAN is checked off on the client. This was mentioned in anther post.
  Thank you once again.

  Hi,
  PIX501 is a very very old Cisco firewall that has not been sold for a long time to my understanding. It also doesnt support even close to new software levels.
  If you wanted to replace the PIX501 the corresponding model nowadays would be ASA5505 which is the smallest Cisco ASA firewall with 8 switch port module. There is already a new ASA5500-X Series (while ASA5505 is of the original ASA 5500 Series) but they have not yet introduced a replacing model for this model nor have they stopped selling this unit. I have a couple of them at home. Though naturally they are more expensive than your usual consumer firewalls.
  But if you wanted to replace your PIX firewall then I would probably suggest ASA5505. Naturally you could get some other models too but the cost naturally rises even more. I am not sure at what price these are sold as used.
  I used some PIX501 firewalls at the start of my career but have not used them in ages since ASA5505 is pretty much the firewall model we use when we need a firewall/vpn device for a smaller network/branch site.
  Here is a PDF of the original ASA5500 Series.
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf
  Here is a PDF of the new ASA5500-X Series
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/at_a_glance_c45-701635.pdf
  I am afraid that its very hard for me atleast to troubleshoot this especially since I have not seen any outputs yet. Also the very old CLI and lack of GUI (?) make it harder to see what the problem is.
  Could you provide the requested outputs?
  From the PIX after connection test
  show crypto ipsec sa
  Screen captures of the VPN Client routing and statistics sections.
  - Jouni

• Communication between multiple VPN Sites

  Hello,
  i used 3 CEs and 2 PEs, build a hub and spoke MPLS VPN topology as follow, two the overlapped addresses 100.100.100.100 reside separately in VPN1 of R1 and VPN2 of R2. But traffic initiated by 100.100.100.100 from VPN1 toward VPN3 was always redirected through R5 to VPN2. Is there any solution of this issue?
  thanks!

  Hi
  You can not have overlapping addresses in a scenario like this, where You are leaking between vpn:s.
  When traffic is arrived towards 100.100.100.100 on r4 et0/0 there are no way for r4 to know wich of the 2 (r1 or r2) that the traffic is intended to go.
  /Mikael

• Can not deploy  a remote storage node

  Hello,
  I have started successfully two SNA at two node, because we can ping to each other. But when I use admin console to to deploy the first remote storage node, it always shows the error "Connection refused to host: localhost". I use the command line to deploy a remote storage node. There is the same problem.
  Dose some one know how to solve it? Thank you advanced.
  Here is the error log:
  in createPlan: Oracle NoSQL DB 11gR2.1.2.123 oracle.kv.impl.fault.OperationFaultException: Plan 16[Plan-16] finished in state ERROR. Problem during plan execution: Connection refused to host: localhost; nested exception is: java.net.ConnectException: Connection refused
  caused by:
  oracle.kv.impl.admin.AdminFaultException
  Oracle NoSQL DB 11gR2.1.2.123 oracle.kv.impl.fault.OperationFaultException: Plan 16[Plan-16] finished in state ERROR. Problem during plan execution: Connection refused to host: localhost; nested exception is:
       java.net.ConnectException: Connection refused
  Oracle NoSQL DB 11gR2.1.2.123 oracle.kv.impl.fault.OperationFaultException: Plan 16[Plan-16] finished in state ERROR. Problem during plan execution: Connection refused to host: localhost; nested exception is:
       java.net.ConnectException: Connection refused oracle.kv.impl.fault.OperationFaultException: Plan 16[Plan-16] finished in state ERROR. Problem during plan execution: Connection refused to host: localhost; nested exception is:
       java.net.ConnectException: Connection refused
       at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:601)
       at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
       at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
       at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:110)
       at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:178)
       at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:132)
       at $Proxy8.getSerialVersion(Unknown Source)
       at oracle.kv.impl.util.registry.RemoteAPI.(RemoteAPI.java:32)
       at oracle.kv.impl.sna.StorageNodeAgentAPI.(StorageNodeAgentAPI.java:51)
       at oracle.kv.impl.sna.StorageNodeAgentAPI.wrap(StorageNodeAgentAPI.java:58)
       at oracle.kv.impl.util.registry.RegistryUtils.getStorageNodeAgent(RegistryUtils.java:243)
       at oracle.kv.impl.admin.plan.task.DeploySN.call(DeploySN.java:94)
       at oracle.kv.impl.admin.plan.task.DeploySN.call(DeploySN.java:35)
       at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
       at java.util.concurrent.FutureTask.run(FutureTask.java:138)
       at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
       at java.lang.Thread.run(Thread.java:662)
  Caused by: java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
       java.net.ConnectException: Connection refused
       ... 18 more
  Caused by: java.net.ConnectException: Connection refused
       at java.net.PlainSocketImpl.socketConnect(Native Method)
       at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
       at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
       at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
       at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
       at java.net.Socket.connect(Socket.java:529)
       at java.net.Socket.connect(Socket.java:478)
       at java.net.Socket.(Socket.java:375)
       at java.net.Socket.(Socket.java:189)
       at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:22)
       at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:128)
       at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:595)
       ... 17 more
       at oracle.kv.impl.admin.AdminServiceFaultHandler.getThrowException(AdminServiceFaultHandler.java:84)
       at oracle.kv.impl.fault.ProcessFaultHandler.rethrow(ProcessFaultHandler.java:205)
       at oracle.kv.impl.fault.ProcessFaultHandler.execute(ProcessFaultHandler.java:144)
       at oracle.kv.impl.admin.CommandServiceImpl.executePlan(CommandServiceImpl.java:234)
       at oracle.kv.impl.admin.CommandServiceAPI.executePlan(CommandServiceAPI.java:162)
       at oracle.kv.impl.admin.webapp.server.AdminUIServiceImpl.createPlan(AdminUIServiceImpl.java:554)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569)
       at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)
       at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
       at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538)
       at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:476)
       at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
       at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)
       at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
       at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:934)
       at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:404)
       at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
       at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:869)
       at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
       at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114)
       at org.eclipse.jetty.server.Server.handle(Server.java:341)
       at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)
       at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1065)
       at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:823)
       at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:220)
       at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
       at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:515)
       at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
       at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)
       at java.lang.Thread.run(Thread.java:662)
  (from Plans.PlanCallback)

  920601 wrote:
  Thanks, Charles. I use network host name or network host IP address instead of localhost and it well resolved my former problem. I can deploy the remote SN. But there is a new problem when I deploy the store. It looks like that these Replication Node at different SN can not communicate with each other, because of mis-match IP address format.
  Note that the node "community01/10.193.128.223" is the first deployed node who holds the administration process, "mi-desktop/127.0.1.1:5011" is another node. I don't understand why the second node uses its loopback adress. Can you help me to find out the solution?
  Here is the original error log.
  "mi-desktop/127.0.1.1:5011 the address associated with this node, is a loopback address. It conflicts with an existing use, by a different node of the address:community01/10.193.128.223:5011 which is not a loopback address. Such mixing of addresses within a group is not allowed, since the nodes will not be able to communicate with each other."I'm not sure I have any good advice, but I would check your /etc/hosts to see if mi-desktop maps to the loopback address (127.0.0.1). If it does, then you need to use a name that does not map to the loopback.
  Charles Lamb

• Traffic not returning to remote VPN connections

  I've successfully setup remote VPN connections to my ASA using vpnc as the client and everything behaves as expected. I'm trying to test the official Cisco client and I'm unable to make the same SSH connections across the VPN as I was using vpnc.
  The ASA shows connections the IKE and IPSec connections forming, and shows connections being built for the SSH traffic across the VPN.
  tcpdump shows the host listening on SSH behind the ASA receiving the traffic and sending ACKs in reply. They don't appear to be arriving back
  at the remote client though, and SSH connections timeout without connecting.
  Any idea what might be stopping the return traffic? I thought it might be some policy the ASA is pushing out to the Cisco client but not to vpnc but I can't spot anything obvious.

  Is the internal SSH host you are connecting to sending ACKS (as you've stated), or SYN/ACKs?
  It might be nice to know if the TCP three way handshake is being completed, and subsequent packets are the issue, or if it's the initial TCP setup that is the issue.
  Perhaps there would be some benefit in confirming whether these packets are making it through the IPSec tunnel, though the ASA un-encapsulated, or not through the ASA at all.
  You could use Wireshark to look for un-encapsulated packets exiting the ASA.
  You could use Wireshark to capture the "pre-encapsulated" traffic being sent to the far side, and the "post-decapsulation" traffic returning from the far side, by capturing on the Cisco VPN Client virtual interface (Windows installation).
  Perhaps examine IPSec SA details on the ASA and look for errors.
  Perhaps logging on the internal interface ACL (log any packets denied) to identify whether the returning packets are being dropped.

• Can not open a particular web site

  Hi, I always tried to open one web site and it used to open well in Firefox and IE. but since last few days it stopped opening both in FF and IE. It gives error as
  1. The connection has timed out The server at www.eng-tips.com is taking too long to respond.
  2.If you are unable to load any pages, check your computer's network
  connection.
  3.If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
  I Google with all above questions and tried most of the solutions, nothing works. Wondering why it stooped opening suddenly ? I tried to open it from other locations just to check if its down but its fine and working but can not open from my home internet. Any suggestions? Thanks in advance.

  Did you [https://support.mozilla.org/en-US/kb/Error%20loading%20web%20sites#w_try-clearing-firefoxs-cookies-and-cache Try clearing Firefox's cookies and cache] ?
  if this is not helpful see : [https://support.mozilla.org/en-US/kb/Error%20loading%20web%20sites Error loading web sites]
  http://kb.mozillazine.org/Error_loading_any_website
  thank you
  Please mark "Solved" the answer that really solve the problem, to help others with a similar problem.

• Can not ping, samba or else to the client which connected to the same WRVS4400N router

  I buy a WRVS4400N router. Setup to surf internet successfully.
  But each client can't ping, samba, file sharing to each connect to WRVS4400N.
  In the router admin page. We can see each client connect to the router.
  I have one SSID only. And setup the
  Wireless Isolation (between SSID w/o VLAN)
  and
  Wireless Isolation (within SSID)
  both to disable.
  And have reboot it several times.

  Please post the output of:
  lspci -knn|grep -iA2 net
  How are you attempting to search & connect to your router?
  Please post the exact commands used and the exact terminal output resulting from these commands.