Can not ping/telnet from PE to CE

Similar Messages

• Can not ping internal network from ASA

  I can not ping internal computer from ASA. Comp IP address 192.168.187.15, gateway is 192.168.187.14 which is ASA internal interface. I've got an IP Phone connected to the same ASA with Ip address 192.168.185.15 and internal ASA interface 192.168.185.14 and everything works fine. We are doing testing, do not be surprised of configuration.
  ASA Version 8.2(1)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  dns-guard
  interface GigabitEthernet0/0
  nameif ouside3
  security-level 0
  ip address 10.254.17.25 255.255.255.248
  interface GigabitEthernet0/1
  nameif outside
  security-level 0
  ip address 10.254.17.9 255.255.255.248
  interface GigabitEthernet0/2
  nameif Lan
  security-level 100
  ip address 192.168.185.14 255.255.255.0
  interface GigabitEthernet0/3
  nameif comp
  security-level 50
  ip address 192.168.187.14 255.255.255.0
  interface Management0/0
  nameif management
  security-level 100
  no ip address
  management-only
  boot system disk0:/asa821-k8.bin
  ftp mode passive
  access-list 110 extended permit ip any any
  access-list nat extended permit ip any any
  access-list allow_ping extended permit icmp any any echo-reply
  access-list allow_ping extended permit icmp any any source-quench
  access-list allow_ping extended permit icmp any any unreachable
  access-list allow_ping extended permit icmp any any time-exceeded
  access-list allow_ping extended permit udp any any eq isakmp
  access-list allow_ping extended permit esp any any
  access-list allow_ping extended permit ah any any
  access-list allow_ping extended permit gre any any
  access-list nonat extended permit ip any any
  access-list nat2 extended permit ip any any
  access-list nonat2 extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu ouside3 1500
  mtu outside 1500
  mtu Lan 1500
  mtu comp 1500
  mtu management 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (Lan) 0 access-list nonat
  nat (Lan) 1 access-list nat
  nat (comp) 0 access-list nonat
  nat (comp) 1 access-list nat
  access-group allow_ping in interface outside
  router eigrp 2008
  neighbor 10.254.17.10 interface outside
  network 10.254.17.8 255.255.255.248
  network 192.168.185.0 255.255.255.0
  network 192.168.187.0 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 10.254.17.10 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 management
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set myset esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map mymap 10 match address 110
  crypto map mymap 10 set peer 10.254.17.10
  crypto map mymap 10 set transform-set myset
  crypto map mymap interface outside
  crypto map mymap2 20 match address 110
  crypto map mymap2 20 set peer 10.254.17.18
  crypto map mymap2 20 set transform-set myset
  crypto map mymap2 interface comp
  crypto map mymap3 30 match address 110
  crypto map mymap3 30 set peer 10.254.17.26
  crypto map mymap3 30 set transform-set myset
  crypto map mymap3 interface ouside3
  crypto isakmp identity address
  crypto isakmp enable ouside3
  crypto isakmp enable outside
  crypto isakmp enable comp
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 28800
  no crypto isakmp nat-traversal
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  priority-queue outside
  threat-detection basic-threat

  This is what I get, looks like ASA does not reply. Why?
  ciscoasa# sh capture cpi
  5 packets captured
  1: 05:20:14.494908 192.168.187.15 > 192.168.187.14: icmp: echo request
  2: 05:20:19.526935 192.168.187.15 > 192.168.187.14: icmp: echo request
  3: 05:20:25.026320 192.168.187.15 > 192.168.187.14: icmp: echo request
  4: 05:20:30.525699 192.168.187.15 > 192.168.187.14: icmp: echo request
  5: 05:20:36.025084 192.168.187.15 > 192.168.187.14: icmp: echo request

• Can not ping oracle linux vm in Virtual Box from my host

  Hy
  I have setup oracle linux 7 on virtual box including vboxadditions.
  But I can not ping this maschine from outside ( it works for my other vm oel 5.8 )
  I did systemctl stop filewall.service
  Here my Network konfiguration inside my oel7 vm:
  /etc/sysconfig/network-scripts/ifcfg-enp0s8
  TYPE=Ethernet
  BOOTPROTO=none
  DEFROUTE=yes
  IPV4_FAILURE_FATAL=no
  IPV6INIT=no
  IPV6_AUTOCONF=yes
  IPV6_DEFROUTE=yes
  IPV6_FAILURE_FATAL=no
  NAME=public
  UUID=388ee413-55e9-45e1-be1d-4f5eedc402f3
  ONBOOT=yes
  IPADDR0=10.20.50.101
  PREFIX0=24
  IPV6_PEERDNS=yes
  IPV6_PEERROUTES=yes
  HWADDR=08:00:27:5F:87:91
  Can anyone help?
  Thanks
  Peter Schlaeger

  Hi,
  Before discussing the network configuration of Oracle Linux 7 (By the way; it seams correct), lets talk about the VirtualBox network configuration, So the Network adapter of your VM can be attached to {NAT, Bridged Adapter, Internal Network, Host-only Adapter, ...}, what is the Adapter attached to your NIC?
  Make sure the Network Adapter is the same as the your other VM (OL 5.8).
  Best regards

• Can not ping one of the IP in DMZ3(VLAN4) but can ping IP in DMZ2(VLAN2)

                    Any expert advise please.
  There are three DMZ in datacentre firewall (5510)..dmz1 and 2 and 3
  Here is the thing between Data centre and our office network.(firewall 5510)
  I logged in one of our machine Domaincontroller (10.102.28.53) in office network I can ping IP: 10.1.2.52 (VLAN2-DMZ2) in datacentre.
  I can not ping 192.168.4.230 (vlan4 dmz3) in datacentre from this machine 10.102.28.53
  Thanks.

  make sure that the the firmware version of your router is the updated one.It should be firmware version:1.50.9.you can go to www.linksys.com/download and look for wrt54gs v6-->click downloads for this product-->click firmware-click download firmware and save it on your desktop...you can also go to linksys.com/kb and search for upgrade firmware and it will give you the steps on how to upgrade the firmware of your router.
  Hope it helps!!

• Can not ping between remote vpn site ???

  site A is l2l vpn,  site B is network-extend vpn,  both connect to same vpn device 5510 at central office and work well.  I can ping from central office to both remote sites,  But i can not ping between these two vpn sites ?  Tried debug icmp, i can see the icmp from side A does reach central office but then disappeared! not sending to side B ??  Please help ...
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group network SITE-A
   network-object 192.168.42.0 255.255.255.0
  object-group network SITE-B
   network-object 192.168.46.0 255.255.255.0
  access-list OUTSIDE extended permit icmp any any 
  access-list HOLT-VPN-ACL extended permit ip object-group CBO-NET object-group SITE-A 
  nat (outside,outside) source static SITE-A SITE-A destination static SITE-B SITE-B
  crypto map VPN-MAP 50 match address HOLT-VPN-ACL
  crypto map VPN-MAP 50 set peer *.*.56.250 
  crypto map VPN-MAP 50 set ikev1 transform-set AES-256-SHA
  crypto map VPN-MAP interface outside
  group-policy REMOTE-NETEXTENSION internal
  group-policy REMOTE-NETEXTENSION attributes
   dns-server value *.*.*.*
   vpn-idle-timeout none
   vpn-tunnel-protocol ikev1 
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value REMOTE-NET2
   default-domain value *.org
   nem enable
  tunnel-group REMOTE-NETEXTENSION type remote-access
  tunnel-group REMOTE-NETEXTENSION general-attributes
   authentication-server-group (inside) LOCAL
   default-group-policy REMOTE-NETEXTENSION
  tunnel-group REMOTE-NETEXTENSION ipsec-attributes
   ikev1 pre-shared-key *****
  tunnel-group *.*.56.250 type ipsec-l2l
  tunnel-group *.*.56.250 ipsec-attributes
   ikev1 pre-shared-key *****
  ASA-5510# show route | include 192.168.42 
  S    192.168.42.0 255.255.255.0 [1/0] via *.*.80.1, outside
  ASA-5510# show route | include 192.168.46
  S    192.168.46.0 255.255.255.0 [1/0] via *.*.80.1, outside
  ASA-5510# 
  Username     : layson-ne           Index        : 10
  Assigned IP  : 192.168.46.0           Public IP    : *.*.65.201
  Protocol     : IKEv1 IPsecOverNatT
  License      : Other VPN
  Encryption   : 3DES                   Hashing      : SHA1
  Bytes Tx     : 11667685               Bytes Rx     : 1604235
  Group Policy : REMOTE-NETEXTENSION    Tunnel Group : REMOTE-NETEXTENSION
  Login Time   : 08:19:12 EST Thu Feb 12 2015
  Duration     : 6h:53m:29s
  Inactivity   : 0h:00m:00s
  NAC Result   : Unknown
  VLAN Mapping : N/A                    VLAN         : none
  ASA-5510# show vpn-sessiondb l2l
  Session Type: LAN-to-LAN
  Connection   : *.*.56.250
  Index        : 6                      IP Addr      : *.*.56.250
  Protocol     : IKEv1 IPsec
  Encryption   : 3DES AES256            Hashing      : SHA1
  Bytes Tx     : 2931026707             Bytes Rx     : 256715895
  Login Time   : 02:02:41 EST Thu Feb 12 2015
  Duration     : 13h:10m:03s

  Hi Rico,
  You need to dynamic-nat (to available IP address) for both side for each remote subset to access the other remote side subnet and so they can access each other subnet as if both originating the traffic from your central location.
  example:
  Lets say this IP (10.10.10.254) is unused IP at central office, permitted to access remote tunnel "A" and site "B".
  object-group network SITE-A
   network-object 192.168.42.0 255.255.255.0
  object-group network SITE-B
   network-object 192.168.46.0 255.255.255.0
  nat (outside,outside) source dynamic SITE-A 10.10.10.254 destination
  static SITE-B SITE-B
  nat (outside,outside) source dynamic SITE-B  10.10.10.254 destination
  static SITE-A SITE-A
  Hope this helps
  Thanks
  Rizwan Rafeek

• 've Password job a year ago to Mobil iPhone 4, and now lost and I can not wipe data from the device or transferred to the new device .. What do I do?

  've Password job a year ago to Mobil iPhone 4, and now lost and I can not wipe data from the device or transferred to the new device .. What do I do?

  iPhones require a SIM for activation.
  Put the device in DFU mode (google it) and restore via iTunes.

• I can not synchronize data from the prelude livelog

  I can not synchronize data from the prelude livelog apparently seems to be all right, more aprasenta the following message: The Open Clip does not support XMP.
  The Prelude can not apply metadata in it.
  please can someone help me

  Hi -
  When it comes to AVCHD footage, Prelude wants to leverage the complex folder structure in order to save metadata. If the file is just the *.MTS file and is not part of the original folder structure, Prelude will report it cannot write metadata to the file. You can transcode the *.MTS to another format and then add metadata.
  We are looking at future solution for what we call "naked MTS file", but unfortunately that is not part of the currently released product version.
  Michael

• Can not transfer contacts from Nokia 1020 Windows ...

  Can not transfer contacts from Nokia 1020 Windows Phone to Mercedes C. Windows Phone states that it is only voice connection when trying to transfer data, and if sharing, Mercedes will not show up as bluetooth device at all. However Merceds show Noika as a device. I tried other phones and they work, smart phones and not smart phones. What to do?

  Hi! Can't upload contacts from my nokia n8 to SkyDrive via nokia suite 3.8.48. i choose Instruments - upload to skydrive. then i log in my live.com account, then click "yes" for accses to my data and... nothing happens. initail "copying to skydrive" blue screen with only "later" button available. reinstalling nokia suite, rebootng my phone doesn't help.
  Thanks!

• TS3899 I still can not send email from my ipad but iPhone works on those accounts

  I still can not send email from my .mac account or a .comcast.net from my ipad. I how 2 people so far that has brought to my attention. We have exchange accounts setup on the ipads for work. I compare the settings from iPad to iPhone from my view it appears identical. I am looking at an iPad 2 and a Mini.
  I turned on and off the ipads and nothing really changed. The emails come into those accounts.
  Any suggestions?
  Thanks
  VickiHTC

  When you say you can't send...as in they never get the email?  Does the email appear to send?  Error message?  When?
  It may be more than one iPad that has a problem....

• I can not send email from my iPad .  Have been using it for over a year, all of a sudden I can only receive email.  I have a wifi connection in my home and have a A T &T cellular data plan?

  I can not send email from my iPad .  Have been using it for over a year, all of a sudden I can only receive email.  I have a wifi connection in my home and have a A T &T cellular data plan?

  I have a 1st gen iPhone that I just updated the software to 2.0.2
  Now whenever I press the mail icon it goes to the mail app for about 4 seconds, does nothing, no loading of folders, old messages, nothing.
  Then it reverts back to the home screen. Tried restarting, haven't tried restoring, thought I'd look here first.
  Anyone???

• Can not delete files from Adobe reader

  can not delete files from adobe reader.

  Can you let us know a little more about what you are trying to do? Adobe Reader opens pdf files but does not store them so, there's nothing to delete.

• I am trying to download xfinity tv go app. I can not find it in my App Store and can not download it from the comcast website. All I get is a blank screen in the App Store. My Apple ID is associated with a Canadian address. How can I find the app?

  I am trying to download xfinity tv go app. I can not find it in my App Store and can not download it from the comcast website. All I get is a blank screen in the App Store. My Apple ID is associated with a Canadian address. How can I find the app?

  Its possible the App is not available in the Canadian store if the link doesn't work for you.
  https://itunes.apple.com/us/app/xfinity-connect/id320788270?mt=8

• When I was talking on phone, suddenly the phone was switched off. i tried to switch it on but it gave the message....connect to itunes for set up.  when I connected it to itunes...it gave the message, itunes can not read data from this iphone, restore it

  when I was talking on phone, suddenly the phone was switched off.
  i tried to switch it on but it gave the message....connect to itunes for set up.
  when I connected it to itunes...it gave the message, itunes can not read data from this iphone, restore it to factory settings. It also said while restoring ypu will lose all media data but you can restore the contacts.
  I restored the factory settings....the phone was on recovery mode...it was verified by itunes and all that..but in the end it again said that iphone has some problem and can not function right now.
  after that when ever i connect it with itunes, it gives the message, it can not activate the iphone further, try again later or contact customer service.
  What to do now?????? Customer service people say..it is hardware problem

  If it's a hardware problem, then the phone will need to be replaced.
  There is no magic that can fix a hardware problem.

• I have changed my apple id, and its ok when i sync my Iphone with Itunes, but ON my Iphone still my old apple-ID is there. I can NOT buy things from Itunes or Upgrade anything now, how to fix this?

  I have changed my apple id, and its ok when i sync my Iphone with Itunes, but ON my Iphone still my old apple-ID is there. I can NOT buy things from Itunes or Upgrade anything now, how to fix this?

  I recently changed my email address and want to change my Apple ID account to match. I have created a new Apple ID to match the new account but now I can't sign into iCloud on our phones or computer with the old Apple ID. I can't make any changes on iCloud on our phones because it directs me to the old account, which I can't sign into. I also can't sign me in on my computer to make any changes. Help!!! Now I have two addresses and can't access the one that directly affects my devices. 

• I can not transfer date from one hard drive to another, I keep getting an error because I have two of the same file names and one file name is in caps and I cant change the file name

  can not transfer date from one hard drive to another, I keep getting an error because I have two of the same file names and one file name is in caps and I cant change the file name. My original external has an error and needs to be reformatted but I dont want to lose this informations its my entire Itunes library.

  Sounds like the source drive is formatted as case sensitive and the destination drive is not. The preferred format for OS X is case insensitive unless there is a compelling reason to go case sensitive.
  Why can't you change the filename? Is it because the source drive is having problems?  If so is this happening with only one or two or a few files? If so the best thing would be to copy those over individually and then rename them on the destination drive.
  If it is more then you can do manually and you can't change the name on the source you will have to reformat the destination as case sensitive.
  Btw this group is for discussion of the Support Communities itself, you;d do better posting to Lion group. I'll see if a host will move it.