EtherChannel with Packet Tracer
I tried in Packet Tracer to bundle 4 links between 2 switches, each switch is connected to a host.
when I try to ping from host to other, it pings and successful, but when I try to disconnect a cable, which the selected link by the PAgP, it says Request timed out.
and it can't ping till I return that cable back again, what is the problem?
Hello, i have packet tracer 6.2, and i use Switches 3560(L3), my portchannel have two ports, when i reload de Switch1, after to startup the Switch appear this message
%EC-5-CANNOT_BUNDLE2: Fa0/1 is not compatible with Po1 and will be suspended (trunk encap of Fa0/1 is auto Po1 is dot1q)
%EC-5-CANNOT_BUNDLE2: Fa0/2 is not compatible with Po1 and will be suspended (trunk encap of Fa0/2 is auto Po1 is dot1q)
Do you Know what is the problem
CONFIG S1
interface Port-channel 1
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
channel-protocol pagp
channel-group 1 mode auto
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/2
channel-protocol pagp
channel-group 1 mode auto
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
CONFIG S2
interface Port-channel 1
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
channel-protocol pagp
channel-group 1 mode desirable
switchport trunk allowed vlan 10,20
switchport mode trunk
interface FastEthernet0/2
channel-protocol pagp
channel-group 1 mode desirable
switchport trunk allowed vlan 10,20
switchport mode trunk
Thanks
Similar Messages
-
Trying to troubleshoot with Packet Trace
Hi Folks,
Having a bit of issues, i am trying to access a http/https server from the Guest interface (10.10.10.0/24) to the Inside interface (192.168.190.0/24)
I can ping the server, but when i try to access it with http/https.. no luck
So when i am on the 192.168.190.0/24 network i have no problem using http/https to the server.
Inside: Security level 100 (VLAN1)
Guest: Security level 40 (VLAN23)
ASA version: 8.0(4)
ASDM version: 6.1(5)57
I have attached an image when trying to troubleshoot the access list entry from the 10.10.10.1 to 192.168.190.1.
But for some reason the packet is dropped..So i am wondering if i am able to ping the server when i am on the 10 network. Well then the rule shouldn't be wrong right?
Any tips and tricks, i prob missed something
Thanks
ShaneYes sorry about that, you were right the output in the CLI is much better
Yeah and your were right about the .1, my bad Feel stupid..
I tried with 10.10.10.10 to 192.168.190.27 and the packet was allowed
Here is the output from
# packet-tracer input inside tcp 10.10.10.10 12345 192.168.190.27 443
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 3
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.190.0 255.255.255.0 inside
Phase: 5
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
So i see that its drop at Phase 5..
I added another rule on the inside interface
Allow packet from the guest network to 192.168.190.27 which is the https server.
Get the output:
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 3
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.190.0 255.255.255.0 inside
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group Outgoing in interface inside
access-list Outgoing extended permit tcp 10.10.10.0 255.255.255.0 host 192.168.190.27 object-group DM_INLINE_TCP_4
object-group service DM_INLINE_TCP_4 tcp
port-object eq www
port-object eq https
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
match ip inside 192.168.190.0 255.255.255.0 inside 10.10.10.0 255.255.255.0
NAT exempt
translate_hits = 0, untranslate_hits = 1
Additional Information:
Phase: 8
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside) 1 192.168.190.0 255.255.255.0
match ip inside 192.168.190.0 255.255.255.0 inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 9
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,outside) x.x.x.x 192.168.190.27 netmask 255.255.255.255
match ip inside host 192.168.190.27 outside any
static translation to x.x.x.x
translate_hits = 739399, untranslate_hits = 2012692
Additional Information:
Phase: 10
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 11
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 36837297, packet dispatched to next module
Phase: 12
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 192.168.190.27 using egress ifc inside
adjacency Active
next-hop mac address 000c.2946.f8e5 hits 85
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow -
Troubleshooting Public Servers with packet-trace.
Hi, I'm new to Cisco, I've tried googling my problem but cannot find anything.
I am trying to setup Public Servers and my config looks great, but it doesn't work. I tried to packet-trace my config and I get an ALLOW when I use the same port from my source, but if I try with a different port, I get a DROP. I can't find where I can tell it to use any port from the source. Did I missed something?
ASA5510, Firmware : 9.1, ASDM : 7.5
SAME SOURCE PORT (Port 88 to Port 88)
Result of the command: "packet-tracer input outside tcp 123.123.123.1 88 W.W.W.13 88 detailed"
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network MYOFFICE-PVR-PRIVATE-IP
nat (inside,outside) static MYOFFICE-PVR-PUBLIC-IP
Additional Information:
NAT divert to egress interface inside
Untranslate W.W.W.13/88 to A.A.A.254/88
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_0 any object MYOFFICE-PVR-PRIVATE-IP
object-group service DM_INLINE_SERVICE_0
service-object object MYOFFICE-PVR-88
service-object object MYOFFICE-PVR-9000
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacefb350, priority=13, domain=permit, deny=false
hits=3, user_data=0xaa490880, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=88, tag=0
dst ip/id=A.A.A.254, mask=255.255.255.255, port=88, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xaca012b8, priority=1, domain=nat-per-session, deny=true
hits=10478473, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xace37850, priority=0, domain=inspect-ip-options, deny=true
hits=7278021, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map class-default
match any
policy-map global_policy
class class-default
inspect icmp
service-policy global_policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad53bef0, priority=70, domain=inspect-icmp, deny=false
hits=214393, user_data=0xad53b418, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 6
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad4981d0, priority=13, domain=ipsec-tunnel-flow, deny=true
hits=65468, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 7
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside,outside) source dynamic any interface
Additional Information:
Forward Flow based lookup yields rule:
out id=0xacef3c40, priority=6, domain=nat-reverse, deny=false
hits=4577, user_data=0xacef2a38, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=inside
Phase: 8
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xaca012b8, priority=1, domain=nat-per-session, deny=true
hits=10478475, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 9
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xace84c40, priority=0, domain=inspect-ip-options, deny=true
hits=6598652, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=inside, output_ifc=any
Phase: 10
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 6654364, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_inspect_icmp
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_inspect_icmp
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow
DIFFERENT SOURCE PORT (Port 6000 to Port 88)
Result of the command: "packet-tracer input outside tcp 123.123.123.1 6000 W.W.W.13 88 detailed"
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network MYOFFICE-PVR-PRIVATE-IP
nat (inside,outside) static MYOFFICE-PVR-PUBLIC-IP
Additional Information:
NAT divert to egress interface inside
Untranslate W.W.W.13/88 to A.A.A.254/88
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacefccb0, priority=11, domain=permit, deny=true
hits=307712, user_data=0x5, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured ruleNever mind, I got it
object service MYOFFICE-PVR-88
service tcp source range 1 65535 destination eq 88 -
Where can I get scenarios for Packet Tracer?
I want to use PT to get used to commands. I want to start from easy router configuration to advanced (no more than CCNA-level for now). I have Packet Tracer, but where can I get scenarios along with guidance?
Hi There
What study material are you using. Usually the study material will give you lab scenarios to configure.
For CCNA level check out the following
1, Wendell Odoms ICND 1 and ICND 2 books.
(I have never seen these books, but Wendell Odom is a pretty well respected person in the Cisco certification circles and is CCIE. I have one of his CCIE books for my CCNP studies and find it really good.)
2, Todd Lammles CCNA study Guide, 6th edition.
(The 6th edition is geared towards the upgraded CCNA exam. I used the 5th edition of this book as part of my own CCNA studies.This will give you lots of hands on practice and you build up your lab up as you move through the book.)
3, The Byrant Advantage CCNA study guide.
(I have used Chris Bryant's study material for my CCNA and am still using it as part of my CCNP studies. I find it quite good and lab work books are provided.)
Be prepared though for some problems with Packet Tracer. For as good as it is, it does not have all the commands available. So you may come across somethings that you can not configure or get to work correctly.
If you have access to some IOS versions you should check out Dynamips/Dynagen, which is better than any simulator on the market.
Best Regards,
Michael -
Packet Tracer 6.0.1 - Buffer Full
Hey,
I'm experiencing an issue with Packet Tracer 6.0.1. When I try to send any packet over my network I recieve a "Buffer Full" error after so many hops. It gives me the option to clear the buffer but once I do the packet simulation resets. Because of this it's impossible to tell if my network is flawless, because it's impossible to simulate a packet on through the entire journey.
Does anyone have a solution to this "Full Buffer" issue?Looks like this is using wineskin, I couldn't get it to work.
I'm using parallels though, so I just installed the exe provided by Totamann77.
Look at his guide here, it explains what you have to do to run the package.
https://discussions.apple.com/message/22917652#22917652 -
The new updates sound great. Anyone got any documentation on the "Provides new capability with PT Bridge to connect real network equipment to the Packet Tracer environment" bit?
RichPT Bridge is an external java applet allowing Packet Tracer to communicate with real world networks through multiuser cloud. Have a look on http://www.packettracernetwork.com/ for more details (end of the home page)
-
Etherchannel in switch multilayer packet tracer
Hi experts this is my first post,
I´m practicing with SW multilayer in packet tracer, I´ve created a port-channel between 2 multilayer switches with the next commands
channel-group 1 mode desirable
but when i´m trying to assign an ip to this port channel with the command "no switchport" I can not do it and I´m getting this:
Switch(config)#int port-channel 1
Switch(config-if)#no switchport
% Incomplete command.
and also I get this message:
Switch(config-if-range)#no switchport
Command rejected (Port-channel): Either port is L2 and port-channel is L3, or vice-versa
Command rejected (Port-channel): Either port is L2 and port-channel is L3, or vice-versa
So my question is, how can I assign an ip address to a port channel in a multilayer switch in packet tracer? is it possible to do that in PT?
Thanks in advance may be I´m doing something wrong.I just did this same setup in Packet Tracer 6.1.1 and it appears to work.
Default the configurations in each of your existing links, set the individual links as "no switchport" first, then place them into a port-channel, then enter into the port-channel interface and set the IP address.
interface Port-channel 1
no switchport
ip address 10.10.1.1 255.255.255.0
interface FastEthernet0/1
no switchport
channel-group 1 mode desirable
no ip address
duplex auto
speed auto
interface FastEthernet0/2
no switchport
channel-group 1 mode desirable
no ip address
duplex auto
speed auto
Hope that helps. -
Package Packet Tracer 6.0.1.exe for native for Mac OS X
Hello everyone, share a way to package Packet Tracer.exe possibly any .exe to a native app on Mac OS X with WineSkin.
You can download the Packet Tracer 6.0.1 for windows and WineSkin from here:
Download Packet Tacer 6.0.1
Download WineSkin
After download and install WineSkin is necessary to download certain Engines and Wrappers that allow you to run windows on mac and itself packaging libraries. The Engines that must install are:
WS9Wine1.5.27
WS9Wine1.5.2AMDSpeedHack
The Wrapper that we will use is:
WineSkin-2.5.12
For the following steps you can follow this tutorial video made by my
http://rafavg77.wordpress.com/2013/09/07/como-empaquetar-packet-tracer-exe-a-una -app-nativa-en-mac-os-x/
Any question or observation I am open to comments. Best regards.hi,
i have already followed all your instructions and after after many times, i was stuck at the same place.
i want to click the icon so that i can "install this software" but the dialog box opened and "Cisco Packet Tracer 6.0.1 can't be open"
i really hope you saw my message and please guide me on how to proceed.
thanks! -
Bug in packet tracer 5.3
Hi all.
I have a L3 switch in packet tracer. If i put the command "no ip routing" the switch can route.. Its a bug?¿¿?
I add a pkt file... If anyone ping from pc3 to , for example, pc1 ping works using the no ip routing command.
Regards.The "redistribute" command works for all IP routing protocol groups
The format of the command is documented here:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_pi/command/iri-cr-a1.html#GUID-9C67E447-FD2B-47E3-9A2C-334A41829A76
You have to identify the routing protocol (and AS, if applicable) that from which you intent to redistribute before adding any other arguments.
e.g.
redistribute rip (details)
redistribute eigrp 109 (details)
In your case, you omitted that and the command parser tried to interpret "metric" as if it were the name of a routing protocol.
"metric" is a valid argument (which is why the "help" works), but it needs to appear later in the multi-staged redistribute command.
Once could argue that Cisco should enhance the help to be more clever, but if you start with "redistribute ?" that step should be clear. -
Question: Packet Tracer Use
Hello, sorry if this is the wrong place to send a message but couldn't find a suitable email address.
I am at current in full time education studying for a degree in Computer Networks, on the final year. For my dissertation, i have chosen to investigate routing protocols (eigrp, RIPv2, OSPF etc).
Up until July 2013, i was part of the networking academy studying for the CCENT and CCNA qualifications, and as such have a copy of packet tracer.
What i would like to know, is if it is acceptable for me to use Packet Tracer to develop the network(s) for my dissertation and aid me in describing, analysing and comparing the different options for routing protocols?
ThanksWhat i would like to know, is if it is acceptable for me to use Packet Tracer to develop the network(s) for my dissertation and aid me in describing, analysing and comparing the different options for routing protocols?
C'mon, give the newbie/noobie a break!
You have no idea how difficult it is to cut-and-paste someone else's answer and pass it to your faculty advisor as your own. The mere act of posting their school work question(s) on the forum is wrought with difficulty and danger. This means that the OP has to stop playing his console game, get someone (maybe an out-of-work nuclear physicist from Chernobyl) to write the opening thread above before getting his sorry azz off the couch to post this in the esteemed Cisco Support Forum.
And to Neale's question, the answer is YES.
And Neale, if you want a more detailed response (2500 words) that will guarantee you an A+, I am willing to share you my publication (written by me, of course) for a small fee of 250 Bitcoins. Please don't waste time as some of your classmates have already made contact. I've already provided them with a short essay (1500) which contains lines from Homer's The Eliad and translated in Rihannsu. (Don't worry, neither your classmates, faculty advisor nor your professor/instructor will know. They'll all come to the same conclusion that the phrase could be the new "buzz word".) -
After installing a VPN I tried to see if outbound traffic was actually encrypted.
When the VPN is activated, ifconfig shows a new interface "tun0:" so I ran a packet trace against tun0. The trace was started with...
sudo tcpdump -i tun0 -s 0 -w VPNActivetun0.dmp
...and then Mail was started. Once mail had connected to the mail servers the trace was stopped and then formatted with...
tcpdump -s 0 -n -e -X -r VPNActivetun0.dmp
...and it contains lots of clear text including email account passwords being transmitted.
What am I doing wrong ?I've also see that I'm tracing gobs and gobs of non-Internet packets, to and from 10.?.?.?. Do you know how I can filter these out?
Presumably your local network is 10.x.x.x, otherwise you shouldn't see these at all.
However, that said, if your local network is 10.x.x.x then you cannot tell tcpdump to blindly ignore anything to/from 10.x.x.x because that will include the very traffic you're trying to trace.
The best solution is to tell tcpdump specifically which traffic you DO want to see, either via IP address or port number.
For example, if you're trying to see what (if any) SMTP traffic (port 25) is going to/from your machine:
<pre class=command>sudo tcpdump -i en1 port 25</pre>
To see traffic going to/from a specific IP address:
<pre class=command>sudo tcpdump -i en1 host 1.2.3.4</pre>
You can also use the keywords and and not to further refine what traffic to look for. e.g. to watch all non-http traffic going to 1.2.3.4:
<pre class=command>sudo tcpdump -i en1 host 1.2.3.4 and not port 80</pre> -
Configure the dynamic vlan using packet tracer
How can i configure the dynamic vlan using packet tracer?
Posted by WebUser Amienudin Alam Syah Husein from Cisco Support Community AppI guess this forum platform has been misconfigured, questions coming from the mysterious Web User on various R&S topics keep ending up here.
Let's flood their forum with some tricky CC related questions, in return!
Sent from Cisco Technical Support iPad App -
How to install packet tracer on mac os x 10.7.5
Hi, I nedd to install the cisco packet tracer on my mac
Hi everyone, I found this new version of Packet Tracer 6.0.1 and packaged native for mac, just unzip, mount the dmg and drag and drop to your Applications.
Greetings to everyone.
Please share: D
http://rafavg77.wordpress.com/2013/09/06/cisco-packet-tracer-6-0-1-para-mac-os-x / -
Problem setting vty password in packet tracer
I'm trying to configure a vty password in packet tracer and I think I'm doing something wrong. These are the commands I'm using:
line vty 0
password test
end
When I do showrun I can see the command, but when I try to get access to the vty line, it never ask's me for the password. What am I doing wrong.
Screen shot included. Thanks.As far as I know, you can't assign an IP address to an individual interface, but you can assign an administrative IP address to the switch itself. This screen shot is the commands that I used to assign an ip address, subnet mask & gateway. And I have done this on real 2960g.
-
Dynamic NAT ASA 8.4 Packet Tracer not working
Hi guys,
I've tried to ping and go to a site from 192.168.1.6 to 10.10.10.12, but it's not working. I've followed a couple dynamic NAT tutorials, but I can't figure out what I'm missing. The config is below, and I'd appreciate any help.
Thanks!
ASA Version 8.4(2)
hostname ciscoasa
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.2 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 10.10.10.2 255.0.0.0
object network inside-subnet
subnet 192.168.1.0 255.255.255.0
object network inside-subnet
nat (inside,outside) dynamic interface
telnet timeout 5
ssh timeout 5
dhcpd address 192.168.1.5-192.168.1.35 inside
dhcpd auto_config outsideThanks guys. I'm one step closer. I can ping from 192.168.1.0 to 10.0.0.0, but I can't open a webpage. I try visiting 10.0.0.6/index.html in packet tracer and get a "Request time out" message. I tried to mirror the ACL for www, but it's not working.
Does anyone have a suggestion? My updated config is below.
Thanks!
ASA Version 8.4(2)
hostname ciscoasa
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 10.0.0.1 255.0.0.0
object network inside-subnet
subnet 192.168.1.0 255.255.255.0
object network outside-subnet
subnet 10.0.0.0 255.0.0.0
access-list TEST extended permit icmp any any echo-reply
access-list TEST extended permit tcp any any eq www
access-list http extended permit tcp any any eq www
access-list http2 extended permit udp any any eq www
access-group TEST in interface outside
object network inside-subnet
nat (inside,outside) dynamic interface
telnet timeout 5
ssh timeout 5
dhcpd auto_config outside
dhcpd address 192.168.1.5-192.168.1.35 inside
dhcpd enable inside
Maybe you are looking for
-
Macbook mini-DVI - DVI - HDMI not working with My 32" Vizio
Okay so my Macbook mini-DVI - DVI - HDMI is not working with My 32" Vizio. I've connected an 18 pin plus one slot DVI to HDMI cable to my 32" Vizio HDTV, this cable is connected to my macbook via a Mini-DVI to DVI cable, this one has 24 pins plus one
-
Changes of Infoset not reflected in query
Hi, We have made some changes in the infoset, which is assigned to multiple user group. this infoset is used by 1 query which is also assigned to above user group. If we execute the query in user group 'X' it is working.....however if we execute the
-
Rebate conditions with mulitple validity dates
Hello, I have an urgent requirement. My customer wants to define different rebate rate by date in one agreement like normal pricing condition types. for an example, The validity date of the agreement is 1/1/2008 ~ 3/31/2008 Rebate conditons are as f
-
In my 4th Gen iPod, podcasts would not repeat unless I went to settings and clicked on the repeat function. My 7th Gen iPod repeats all podcasts automatically, which I find annoying, and I want to play podcasts one at a time. Is there a way to turn
-
HT4859 tryin restore my iphone but no luck the progress bar stays in same spot!
tryin restore iphone but no luck thhe progress bar dosent move! help!