Can not ping internal network from ASA

Similar Messages

• Can't access internal network from VPN using PIX 506E

  Hello,
  I seem to be having an issue with my PIX configuration. I can ping the VPN client from the the internal network, but can cannot access any resources from the vpn client. My running configuration is as follows:
  Building configuration...
  : Saved
  PIX Version 6.3(5)
  interface ethernet0 auto
  interface ethernet1 auto
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  enable password N/JZnmeC2l5j3YTN encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  hostname SwantonFw2
  domain-name *****.com
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  access-list outside_access_in permit icmp any any
  access-list allow_ping permit icmp any any echo-reply
  access-list allow_ping permit icmp any any unreachable
  access-list allow_ping permit icmp any any time-exceeded
  access-list INSIDE-IN permit tcp interface inside interface outside
  access-list INSIDE-IN permit udp any any eq domain
  access-list INSIDE-IN permit tcp any any eq www
  access-list INSIDE-IN permit tcp any any eq ftp
  access-list INSIDE-IN permit icmp any any echo
  access-list INSIDE-IN permit tcp any any eq https
  access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.255.0 192.168.240.0 255.255.255.0
  access-list swanton_splitTunnelAcl permit ip any any
  access-list outside_cryptomap_dyn_20 permit ip any 192.168.240.0 255.255.255.0
  no pager
  mtu outside 1500
  mtu inside 1500
  ip address outside 192.168.1.150 255.255.255.0
  ip address inside 192.168.0.35 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool VPN_Pool 192.168.240.1-192.168.240.254
  pdm location 0.0.0.0 255.255.255.0 outside
  pdm location 192.168.1.26 255.255.255.255 outside
  pdm location 192.168.240.0 255.255.255.0 outside
  pdm logging informational 100
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_outbound_nat0_acl
  nat (inside) 1 192.168.0.0 255.255.255.0 0 0
  access-group outside_access_in in interface outside
  access-group INSIDE-IN in interface inside
  route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
  timeout xlate 0:05:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout sip-disconnect 0:02:00 sip-invite 0:03:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server TACACS+ max-failed-attempts 3
  aaa-server TACACS+ deadtime 10
  aaa-server RADIUS protocol radius
  aaa-server RADIUS max-failed-attempts 3
  aaa-server RADIUS deadtime 10
  aaa-server LOCAL protocol local
  http server enable
  http 192.168.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  no snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map client authentication LOCAL
  crypto map outside_map interface outside
  isakmp enable outside
  isakmp identity address
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption des
  isakmp policy 20 hash md5
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  vpngroup swanton address-pool VPN_Pool
  vpngroup swanton dns-server 192.168.1.1
  vpngroup swanton split-tunnel swanton_splitTunnelAcl
  vpngroup swanton idle-time 1800
  vpngroup swanton password ********
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.0.36-192.168.0.254 inside
  dhcpd dns 8.8.8.8 8.8.4.4
  dhcpd lease 3600
  dhcpd ping_timeout 750
  dhcpd auto_config outside
  dhcpd enable inside
  username scott password hwDnqhIenLiwIr9B encrypted privilege 15
  username norm password ET3skotcnISwb3MV encrypted privilege 2
  username tarmbrecht password Zre8euXN6HxXaSdE encrypted privilege 2
  username jlillevik password 9JMTvNZm3dLhQM/W encrypted privilege 2
  username ruralogic password 49ikl05C8VE6k1jG encrypted privilege 15
  username bzeiter password 1XjpdpkwnSENzfQ0 encrypted privilege 2
  username mwalla password l5frk9obrNMGOiOD encrypted privilege 2
  username heavyfab1 password 6.yy0ys7BifWsa9k encrypted privilege 2
  username heavyfab3 password 6.yy0ys7BifWsa9k encrypted privilege 2
  username heavyfab2 password 6.yy0ys7BifWsa9k encrypted privilege 2
  username djet password wj13fSF4BPQzUzB8 encrypted privilege 2
  username cmorgan password y/NeUfNKehh/Vzj6 encrypted privilege 2
  username cmayfield password Pe/felGx7VQ3I7ls encrypted privilege 2
  username jeffg password zQEQceRITRrO4wJa encrypted privilege 2
  terminal width 80
  Cryptochecksum:9005f35a85fa5fe31dab579bbb1428c8
  : end
  [OK]
  Any help will be greatly appreciated

  Bj,
  Are you trying to access network resources behind the inside interface?
  ip address inside 192.168.0.35 255.255.255.0
  If so, please make the following changes:
  1- access-list SWANTON_VPN_SPLIT permit ip 192.168.0.0 255.255.255.0 192.168.240.0 255.255.255.0
  2- no vpngroup swanton split-tunnel swanton_splitTunnelAcl
          vpngroup swanton split-tunnel SWANTON_VPN_SPLIT
  3- no access-list outside_cryptomap_dyn_20 permit ip any 192.168.240.0 255.255.255.0
  4- isakmp nat-traversal 30
  Let me know how it goes.
  Portu.
  Please rate any helpful posts   

• Can not ping oracle linux vm in Virtual Box from my host

  Hy
  I have setup oracle linux 7 on virtual box including vboxadditions.
  But I can not ping this maschine from outside ( it works for my other vm oel 5.8 )
  I did systemctl stop filewall.service
  Here my Network konfiguration inside my oel7 vm:
  /etc/sysconfig/network-scripts/ifcfg-enp0s8
  TYPE=Ethernet
  BOOTPROTO=none
  DEFROUTE=yes
  IPV4_FAILURE_FATAL=no
  IPV6INIT=no
  IPV6_AUTOCONF=yes
  IPV6_DEFROUTE=yes
  IPV6_FAILURE_FATAL=no
  NAME=public
  UUID=388ee413-55e9-45e1-be1d-4f5eedc402f3
  ONBOOT=yes
  IPADDR0=10.20.50.101
  PREFIX0=24
  IPV6_PEERDNS=yes
  IPV6_PEERROUTES=yes
  HWADDR=08:00:27:5F:87:91
  Can anyone help?
  Thanks
  Peter Schlaeger

  Hi,
  Before discussing the network configuration of Oracle Linux 7 (By the way; it seams correct), lets talk about the VirtualBox network configuration, So the Network adapter of your VM can be attached to {NAT, Bridged Adapter, Internal Network, Host-only Adapter, ...}, what is the Adapter attached to your NIC?
  Make sure the Network Adapter is the same as the your other VM (OL 5.8).
  Best regards

• Extend Wireless Network using a Telstra technicolor Gateway wireless Router to Airpot extreme but Airport will only except join not extend and I can not get a network on the Airpor Extreme ethernet ports but can ping Airport extreme from Technicolor Rout/

  Extend Wireless Network using a Telstra technicolor Gateway wireless Router to Airpot extreme but Airport will only except "join a wireless network (which it does) not "extend a wireless network" (Led turns yellow and I can not get a network working on the Airpor Extreme ethernet ports but can ping Airport extreme from Technicolor Router.
  Airport gets it address DHCP.

  Funny how I can ping the Extreme but the Hard Ethernet ports dont seem to work correctly.
  When the AirPort Extreme is configured to "Join" a wireless network, the Ethernet ports are not enabled.
  Oddly, the AirPort Express has a special feature that will allow it to to "Join" virtually any wireless network.....and the Ethernet port can be enabled. So, an Express would work for your purpose to provide an Ethernet connection to the media player. This assumes that the Express is located where it can receive a strong wireless signal from your main router.
  Note that the Express will not provide any additional wireless coverage when it "Joins".

• Intermittent Internet Connection and VPN clients can't ping internal LAN but connected after installating cisco ASA5512x

  Hi!
  I wish someone can help me on this, I'm a new guy on cisco firewalls and I'm currently implementing cisco asa 5512x, here are the details:
  ISP ->  Firewall -> Core switch -> Internal LAN
  after installing the cisco asa and terminating the appropriate lan for the outside and inside interfaces, internet seems intermittent and cisco vpn client can connect with internet connection but can't ping internal LAN.
  here's my configuration from my firewall.
  ASA Version 8.6(1)2
  hostname ciscofirewall
  enable password 2KFQnbNIdI.2KYOU encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface GigabitEthernet0/0
  nameif outside
  security-level 0
  ip address 203.x.x.x 255.255.255.0
  interface GigabitEthernet0/1
  nameif inside
  security-level 100
  ip address 10.152.11.15 255.255.255.0
  interface GigabitEthernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/4
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/5
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  ftp mode passive
  dns domain-lookup outside
  dns domain-lookup inside
  dns server-group DefaultDNS
  name-server 4.2.2.2 -------> public DNS
  name-server 8.8.8.8 -------> public
  name-server 203.x.x.x   ----> Clients DNS
  name-server 203.x.x.x  -----> Clients DNS
  same-security-traffic permit intra-interface
  object network net_access
  subnet 10.0.0.0 255.0.0.0
  object network citrix_server
  host 10.152.11.21
  object network NETWORK_OBJ_10.10.10.0_28
  subnet 10.10.10.0 255.255.255.240
  object network NETWORK_OBJ_10.0.0.0_8
  subnet 10.0.0.0 255.0.0.0
  object network InterconHotel
  subnet 10.152.11.0 255.255.255.0
  access-list net_surf extended permit ip any any
  access-list net_surf extended permit ip object NETWORK_OBJ_10.10.10.0_28 object InterconHotel
  access-list outside_access extended permit tcp any object citrix_server eq www
  access-list outside_access extended permit ip object NETWORK_OBJ_10.10.10.0_28 any
  access-list outsidevpn_splitTunnelAcl standard permit 10.152.11.0 255.255.255.0
  access-list LAN_Users remark LAN_clients
  access-list LAN_Users standard permit any
  access-list vpnpool extended permit ip 10.10.10.0 255.255.255.248 any
  pager lines 24
  logging enable
  logging asdm informational
  mtu management 1500
  mtu outside 1500
  mtu inside 1500
  ip local pool vpnpool 10.10.10.1-10.10.10.6 mask 255.255.255.248
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat (inside,outside) source static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28 destination static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28 no-proxy-arp route-lookup
  object network net_access
  nat (inside,outside) dynamic interface
  object network citrix_server
  nat (inside,outside) static 203.177.18.234 service tcp www www
  object network NETWORK_OBJ_10.10.10.0_28
  nat (any,outside) dynamic interface
  object network InterconHotel
  nat (inside,outside) dynamic interface dns
  access-group outside_access in interface outside
  access-group net_surf out interface outside
  route outside 0.0.0.0 0.0.0.0 203.x.x.x 1
  route outside 10.10.10.0 255.255.255.248 10.152.11.15 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication telnet console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 10.0.0.100 255.255.255.255 inside
  http 10.10.10.0 255.255.255.240 outside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map inside_map interface inside
  crypto ikev1 enable outside
  crypto ikev1 enable inside
  crypto ikev1 policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 120
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  client-update enable
  telnet 10.152.11.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  webvpn
  enable outside
  anyconnect-essentials
  group-policy outsidevpn internal
  group-policy outsidevpn attributes
  dns-server value 203.x.x.x 203.x.x.x
  vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client
  split-tunnel-policy tunnelall
  split-tunnel-network-list value outsidevpn_splitTunnelAcl
  default-domain value interconti.com
  address-pools value vpnpool
  username test1 password i1lji/GiOWB67bAs encrypted privilege 5
  username test1 attributes
  vpn-group-policy outsidevpn
  username mnlha password WlzjmENGEEZmT9LA encrypted
  username mnlha attributes
  vpn-group-policy outsidevpn
  username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
  tunnel-group outsidevpn type remote-access
  tunnel-group outsidevpn general-attributes
  address-pool (inside) vpnpool
  address-pool vpnpool
  authentication-server-group (outside) LOCAL
  default-group-policy outsidevpn
  tunnel-group outsidevpn ipsec-attributes
  ikev1 pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
    inspect http
    inspect ipsec-pass-thru
  class class-default
    user-statistics accounting
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  hpm topN enable
  Cryptochecksum:edc30dda08e5800fc35b72dd6e1d88d7
  : end
  thanks. please help.

  I think you should change your nat-exemption rule to smth more general, like
  nat (inside,outside) source static any any destination static NETWORK_OBJ_10.10.10.0_28  NETWORK_OBJ_10.10.10.0_28 no-proxy-arp route-lookup
  'cause your inside networks are not the same as your vpn-pool subnet.
  Plus, if you're trying to reach inside subnets, different from 10.152.11.0 255.255.255.0 (ip from wich subnet is assignet to your inside interface, and for wich above nat exception should be enough), you should check if routing is configured from that subnets to your vpn-pool-subnet through the ASA.

• Can not ping between remote vpn site ???

  site A is l2l vpn,  site B is network-extend vpn,  both connect to same vpn device 5510 at central office and work well.  I can ping from central office to both remote sites,  But i can not ping between these two vpn sites ?  Tried debug icmp, i can see the icmp from side A does reach central office but then disappeared! not sending to side B ??  Please help ...
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group network SITE-A
   network-object 192.168.42.0 255.255.255.0
  object-group network SITE-B
   network-object 192.168.46.0 255.255.255.0
  access-list OUTSIDE extended permit icmp any any 
  access-list HOLT-VPN-ACL extended permit ip object-group CBO-NET object-group SITE-A 
  nat (outside,outside) source static SITE-A SITE-A destination static SITE-B SITE-B
  crypto map VPN-MAP 50 match address HOLT-VPN-ACL
  crypto map VPN-MAP 50 set peer *.*.56.250 
  crypto map VPN-MAP 50 set ikev1 transform-set AES-256-SHA
  crypto map VPN-MAP interface outside
  group-policy REMOTE-NETEXTENSION internal
  group-policy REMOTE-NETEXTENSION attributes
   dns-server value *.*.*.*
   vpn-idle-timeout none
   vpn-tunnel-protocol ikev1 
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value REMOTE-NET2
   default-domain value *.org
   nem enable
  tunnel-group REMOTE-NETEXTENSION type remote-access
  tunnel-group REMOTE-NETEXTENSION general-attributes
   authentication-server-group (inside) LOCAL
   default-group-policy REMOTE-NETEXTENSION
  tunnel-group REMOTE-NETEXTENSION ipsec-attributes
   ikev1 pre-shared-key *****
  tunnel-group *.*.56.250 type ipsec-l2l
  tunnel-group *.*.56.250 ipsec-attributes
   ikev1 pre-shared-key *****
  ASA-5510# show route | include 192.168.42 
  S    192.168.42.0 255.255.255.0 [1/0] via *.*.80.1, outside
  ASA-5510# show route | include 192.168.46
  S    192.168.46.0 255.255.255.0 [1/0] via *.*.80.1, outside
  ASA-5510# 
  Username     : layson-ne           Index        : 10
  Assigned IP  : 192.168.46.0           Public IP    : *.*.65.201
  Protocol     : IKEv1 IPsecOverNatT
  License      : Other VPN
  Encryption   : 3DES                   Hashing      : SHA1
  Bytes Tx     : 11667685               Bytes Rx     : 1604235
  Group Policy : REMOTE-NETEXTENSION    Tunnel Group : REMOTE-NETEXTENSION
  Login Time   : 08:19:12 EST Thu Feb 12 2015
  Duration     : 6h:53m:29s
  Inactivity   : 0h:00m:00s
  NAC Result   : Unknown
  VLAN Mapping : N/A                    VLAN         : none
  ASA-5510# show vpn-sessiondb l2l
  Session Type: LAN-to-LAN
  Connection   : *.*.56.250
  Index        : 6                      IP Addr      : *.*.56.250
  Protocol     : IKEv1 IPsec
  Encryption   : 3DES AES256            Hashing      : SHA1
  Bytes Tx     : 2931026707             Bytes Rx     : 256715895
  Login Time   : 02:02:41 EST Thu Feb 12 2015
  Duration     : 13h:10m:03s

  Hi Rico,
  You need to dynamic-nat (to available IP address) for both side for each remote subset to access the other remote side subnet and so they can access each other subnet as if both originating the traffic from your central location.
  example:
  Lets say this IP (10.10.10.254) is unused IP at central office, permitted to access remote tunnel "A" and site "B".
  object-group network SITE-A
   network-object 192.168.42.0 255.255.255.0
  object-group network SITE-B
   network-object 192.168.46.0 255.255.255.0
  nat (outside,outside) source dynamic SITE-A 10.10.10.254 destination
  static SITE-B SITE-B
  nat (outside,outside) source dynamic SITE-B  10.10.10.254 destination
  static SITE-A SITE-A
  Hope this helps
  Thanks
  Rizwan Rafeek

• Can not ping one of the IP in DMZ3(VLAN4) but can ping IP in DMZ2(VLAN2)

                    Any expert advise please.
  There are three DMZ in datacentre firewall (5510)..dmz1 and 2 and 3
  Here is the thing between Data centre and our office network.(firewall 5510)
  I logged in one of our machine Domaincontroller (10.102.28.53) in office network I can ping IP: 10.1.2.52 (VLAN2-DMZ2) in datacentre.
  I can not ping 192.168.4.230 (vlan4 dmz3) in datacentre from this machine 10.102.28.53
  Thanks.

  make sure that the the firmware version of your router is the updated one.It should be firmware version:1.50.9.you can go to www.linksys.com/download and look for wrt54gs v6-->click downloads for this product-->click firmware-click download firmware and save it on your desktop...you can also go to linksys.com/kb and search for upgrade firmware and it will give you the steps on how to upgrade the firmware of your router.
  Hope it helps!!

• I can not map a network drive in window 8.1 via VPN

   Dear sir / madam,
  I face a big problem. My company use VPN Connection. After my company upgrade the window from Window 7 to Window8.1 , we find that we can not reconnect the network drive. please find the details below:
  1. I success to map drive and then logout / switch user.
  2. wait two /three hours
  3. i find the drive  is disconnected.
  4. when I try to reconnect, window can not find again. then I try to use netstat
  C:\Windows\system32>netstat
    TCP    172.28.97.31:58206     test-server:http       TIME_WAIT
  Then, i try to use cmd
  5 it show reconnect successful by net use command. However , I need waste many time  and I can not find the drive in window.
  if I restart window, i can reconnect it quickly and find the drive in window.
  the server is window server 2008 r2 and located at difference site.
  if the server and PC located at same site, it is no problem.
  both the server and PC are joined in same domain.
  it is dell server and Lenovo M82 PC
  please help me to solve the problem
  (window 7 also have this problem. However, i can click the drive and it can reconnect quictly.i cannot do this in window 8.1.......it loop again)
  thanks

  Hi,
  Is there any error message throwed when you reconnect the mapped drive? Can you directly access the UNC path of the mapped drive? What VPN programs do you use? Please check if the VPN client connect correctly.
  You could refer to the thread below to check if the AD account is restricted by VPN.
  Can't access mapped drives through VPN when away from office
  http://social.technet.microsoft.com/Forums/windows/en-US/a0ca41aa-08b8-4e46-a314-ffb7e401bd7a/cant-access-mapped-drives-through-vpn-when-away-from-office?forum=w7itpronetworking
  Best Regards,
  Mandy 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• I can not map a network drive in window 8.1 under VPN

  Dear sir / madam,
  I face a big problem. My company use VPN Connection. After my company upgrade the window from Window 7 to Window8.1 , we find that we can not reconnect the network drive. please find the details below:
  1. I success to map drive and then logout / switch user.
  2. wait two /three hours
  3. i find the drive  is disconnected.
  4. when I try to reconnect, window can not find again. then I try to use netstat
  C:\Windows\system32>netstat
    TCP    172.28.97.31:58206     test-server:http       TIME_WAIT
  Then, i try to use cmd , net use /delete and then try to reconnect  test-server
  5 it show reconnect successful by net use command. However , I need waste many time  and I can not find the drive in window.
  if I restart window, i can reconnect it quickly and find the drive in window.
  the server are window server 2008 r2 and server 2012, they located at difference site.
  if the server and PC located at same site, it is no problem.
  both the server and PC are joined in same domain.
  it is dell server and Lenovo M82 PC( Intel Lan 82579LM/V Driver)
  please help me to solve the problem
  (window 7 also have this problem. However, i can click the drive and it can reconnect quictly.i cannot do this in window 8.1.......it loop again)
  thanks

  Hi,
  How did you map the network drive? Manually via GUI? Command? GPP? If you're using one of the above solutions, then try other solutions as a alternative way to check the result.
  According to your description, If Windows remains unable to reconnect mapped Network Drive at login, then I would suggest you created a batch file with net use command, use it as an logon script, this provides an alternate way to reconnect drives on
  a re-logon.
  example
  @echo off
  net use * /delete /yes
  net use x: \\server_name\shared_directory_name
  You can find detailed information in the following link
  https://helpdesk.egnyte.com/hc/en-us/articles/201638304-Mapping-a-drive-using-a-net-use-command-and-logon-scripts-for-domain-users
  http://technet.microsoft.com/en-us/library/bb490717.aspx
  NOTE
  This
  response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you.
  Microsoft
  does not control these sites and has not tested any software or information found on these sites.
  Yolanda Zhu
  TechNet Community Support

• I am unable to re-install itunes. The installer starts ok and then indicates that it can not access a network !!

  I am unable to re-install itunes. The installer starts ok and then indicates that it can not access a network !!  I have tried to uninstall but get the sme error message. I have used 3rd party software to uninstal but still have no joy. My pc is running Vista.
  Can you anyone offer a working solution ?

  Many thanks.
  Let's try the fixit from the following Microsoft document with that one:
  Fix problems with programs that can't be installed or uninstalled

• I can not access Itunes Store from my computer. When I run the dianostic I get a red light that says "Secure Link to the Itunes Store Failed".

  I can not access Itunes Store from my computer.
  When I run the diagnostic tool for network connectivity, my network connects but I get a Red light that says "SECURE LINK TO THE ITUNES STORE FAILED".
  Can anyone help me on this problem?

  ITunes won't connect all I get is the "accessing iTunes store......". With the bar scrolling but no connection.
  With those symptoms, I'd try the following document:
  Apple software on Windows: May see performance issues and blank iTunes Store
  (If there's a SpeedBit LSP showing up in Autoruns, it's usually best to just uninstall your SpeedBit Video Accelerator.)

• Nas can not access secure parts from Macbook pro

  Black Armor 220 nas can not access secure parts from Macbook pro, although access sucess Public parts (no password), is any setting in Lion or else needed setup?
  Late 2006 model , 15'

  is any network sharing files Setting for secure files sharing in a NAS(wifi with mac via internet gateway), or to be able access Public files (but not secure), the password must be the problem?

• Who worked with ICS' Model 4896 GPIB? I can not count the data from the module. Can prompt as it to make. It is desirable with examples (data read-out from the module and data transmission between channels. It is in advance grateful.

  I can not count the data from the module. Can prompt as it to make. It is desirable with examples (data read-out from the module and data transmission between channels. It is in advance grateful.

  Hello. Most of the engineers in developer exchange are more familiar
  with NI products. Contacting ICS for technical support is a better
  course of action.

• The report can not retrieve the data from the DB

  Dear all,
  I am facing a problem is that i have ready designed reports in Crystal. While refreshing the report in Crystal, it gives an error that it can not retrive the information from the database. But, if i am using the application which the report is attached, it is giving me the results and showing the report in Crystal. Even, for testing if i add a new field, i have to run it from the application, but directly from the Crsytal Reports, it displays an error.
  I hope you will help me in the issue.

  Could you please provide more information:
  What is the database? (Oracle, SQL Server, xml, etc.)
  What type of connectivity? (ODBC, Native, OLE DB, etc)
  Are application and Crystal Reports are running from the same machine?
  What is the error message? Any error numbers?

• Can not delete Twitter mentions from the Hub

  Can not delete Twitter mentions from the Hub. When I delete, they reappear in a few minutes.

  I had the same problem,so i just deleted Twitter altogethet. Like was said before it must be bug among many they seem to have,including password compromises