From VM cannot ping host or gateway

Similar Messages

• Clients cannot ping the default gateway when connected to SSID

  Here is my environment,
  My controller is vWLC installed in ESXi which has to vNet Cards configured with all vlans(4095), then it is connected to a 3560 switch with trunk. The configuration of the switch interface is as belows:
  LS3560CG#sh run int fa0/1
  Building configuration...
  Current configuration : 138 bytes
  interface FastEthernet0/1
  description To_WLC
  switchport trunk encapsulation dot1q
  switchport mode trunk
  spanning-tree portfast
  end
  The IP of management interface of WLC is 10.10.10.90, VLAN is 10, DHCP primary is 10.10.10.1 which is in the 3560, the DHCP pool is configured as blows:
  LS3560CG#sh run int fa0/1
  Building configuration...
  Current configuration : 138 bytes
  interface FastEthernet0/1
  description To_WLC
  switchport trunk encapsulation dot1q
  switchport mode trunk
  spanning-tree portfast
  end
  The SSID is BYOD and I can connect the SSID and get the IP address such as 10.10.10.118/24, but for now, i cannot ping 10.10.10.1, but i can ping 10.10.10.90:
  Can anyone help me with this? Thanks

  Hi Scott
  Correct! I have resolved this a few minutes earlier. I have assigned the vSwitch to Promiscuous Mode but forgot to switch it to "Accept", the default value is "Reject"
  Thanks so much!

• I can SSH from the outside but cannot ping ISP gateway from 2911

  Hello all,
  I came across a rather strange issue. I am able to SSH to the device from my home but while I am consoled in, I cannot ping the ISP gateway or any other IP's. As expected, all trace-routes fail without hitting the gateway as the first hop. I have been reading about the NVI0 interface and I decided to use it. Most of the sample cofigs on here use the "old" ip nat inside / outside on the appropriate interfaces. What do you guys suggest?
  Here is the running config. It is rather simple since i did not add all the access-lists except the ones I thought necessary to test the circuit. Please point out any mistakes or errors. Thanks in advance!
  Current configuration : 1679 bytes
  ! Last configuration change at 04:05:17 UTC Fri Sep 12 2014
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname StandbyGZ-2911
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$BRaM$igChPMXLeHjgYR7EGk/Nb/
  no aaa new-model
  no ipv6 cef
  no ip source-route
  ip cef
  no ip domain lookup
  ip domain name StandbyGZ.local
  ip name-server 211.136.20.203
  ip name-server 211.139.136.68
  multilink bundle-name authenticated
  license udi pid CISCO2911/K9 sn FGL174410H9
  username StandbyGZ secret 5 $1$CXWC$m6kqTGbf0HDLCvkfU7.RA/
  ip ssh version 2
  interface GigabitEthernet0/0
   no ip address
   shutdown
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   description UPLINK TO CHINA MOBILE
   ip address 183.x.x.x 255.255.255.128
   ip access-group REMOTE-ADMIN-ACL in
   no ip redirects
   ip nat enable
   duplex auto
   speed auto
  interface GigabitEthernet0/2
   description CONNECTION TO LAN SWITCH 3650-CORE
   ip address 10.10.1.254 255.255.254.0
   no ip redirects
   ip nat enable
   duplex auto
   speed auto
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat source list LAN-NAT-ACL interface GigabitEthernet0/1 overload
  ip route 0.0.0.0 0.0.0.0 183.x.x.x
  ip access-list standard LAN-NAT-ACL
   permit 10.10.0.0 0.0.1.255
  ip access-list extended REMOTE-ADMIN-ACL
   permit tcp host 68.107.195.213 any eq 22 log
  control-plane
  line con 0
   exec-timeout 0 0
   logging synchronous
  line aux 0
  line vty 0 4
   exec-timeout 0 0
   logging synchronous
   login local
   transport input ssh
   transport output ssh
  scheduler allocate 20000 1000
  end
  StandbyGZ-2911# sh ip int br
  Interface                            IP-Address        OK?   Method      Status                  Protocol
  GigabitEthernet0/0         unassigned        YES    NVRAM     administratively  down down
  GigabitEthernet0/1         183.x.x.x             YES    NVRAM     up                         up
  GigabitEthernet0/2         10.10.1.254       YES    NVRAM     up                         up
  NVI0                                 183.x.x.x             YES    unset          up                         up
  StandbyGZ-2911#sh ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, + - replicated route
  Gateway of last resort is 183.233.184.129 to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via 183.233.184.129
        10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C        10.10.0.0/23 is directly connected, GigabitEthernet0/2
  L        10.10.1.254/32 is directly connected, GigabitEthernet0/2
        183.233.0.0/16 is variably subnetted, 2 subnets, 2 masks
  C        183.x.x.x/25 is directly connected, GigabitEthernet0/1
  L        183.x.x.x/32 is directly connected, GigabitEthernet0/1

  Hi Chris,
  That is what how I am used to configure the NAT, but IOS 12.3 and on introduced interface NVI0, which according to cisco documentation should make applying the NAT statements "easier". IP nat enable has to be enabled on all interfaces and then NVI0 makes the "inside" and "outside" decisions. I was hoping that someone could clarify the real use of that NVI0 interface and if it causes problems. Apparently it cannot be removed from the config. 

• Cannot ping two devices through remote access-SSH

  one of our gold partner called me and advised that he cannot ping or SSh to two of the 4948 switch.however if he logged to the core switch the 6500 he can sub telnet to the 4900.but he cannot telnet directly through SSH to the 4900.i have checked the config for SSH on both device and this is configure correctly.can any one help and tell me why we cant ping or SSH to these two devices directly rather than telneting to the core device it self before telneting to the 4900s.This is very urgent

  Hi
  Just to clarify. This is how i understand what you have set up
  You have a management vlan for the switches. The layer 3 SVI for this vlan is on your core switch.
  The other switches you have all have IP addresses for management from the same management vlan.
  Each switch should have a default gateway set and this default gateway should be the Layer 3 SVI on your core switch. (If you are running a pair of core switches you may well be using HSRP so your switches default gateway would be the virtual IP.
  The vlan that your switch layer 3 management is in, is this the same vlan as the management vlan ie.
  what vlan interface is the default gateway in ?
  if you cannot ping the default gateway from the switch this sounds like you have your vlans messed up.
  Could you provide configs of the 4948, the core switch and another switch that works
  Jon

• Cannot ping RRAS Client from RRAS server.

  I have recently created an RRAS pptp connection for an outside network. The RRAS client connects fine and can ping the RRAS server and every device on the RRAS servers local network. The RRAS server cannot ping the remote pptp client nor can any device on
  the RRAS servers local network. RRAS is configured to be within the same subnet as the RRAS servers local network. On connection it pulls from a static IP pool.
  Any help is truly appreciated

  The server is behind a nat device and for testing purposes i have disabled the firewall on both devices. Also I am having an issue where the pptp connection just stops accepting and sending data to the rras server but if you look at the active connections
  the client never disconnects.  I have attached ipconfig information
  CLIENT
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : Fellows-PC
     Primary Dns Suffix  . . . . . . . :
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
  PPP adapter Welsh:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Welsh
     Physical Address. . . . . . . . . :
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 172.16.128.66(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.255
     Default Gateway . . . . . . . . . :
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Local Area Connection:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
     Physical Address. . . . . . . . . : BC-5F-F4-75-C5-AD
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::5418:aba9:4af2:1e12%11(Preferred)
     IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Wednesday, March 26, 2014 8:35:58 AM
     Lease Expires . . . . . . . . . . : Saturday, March 29, 2014 8:35:58 AM
     Default Gateway . . . . . . . . . : 192.168.1.1
     DHCP Server . . . . . . . . . . . : 192.168.1.1
     DHCPv6 IAID . . . . . . . . . . . : 247226356
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-C3-16-85-BC-5F-F4-75-C5-AD
     DNS Servers . . . . . . . . . . . : 75.75.75.75
                                         75.75.76.76
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{DF8CAC0D-588D-495A-9185-78C9992DC12F}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1c88:1312:b8c2:97a9(Pref
  erred)
     Link-local IPv6 Address . . . . . : fe80::1c88:1312:b8c2:97a9%12(Preferred)
     Default Gateway . . . . . . . . . : ::
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter isatap.{D8973397-8880-4110-A7F9-4D1F6A1C2E8C}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  SERVER
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : IMS
     Primary Dns Suffix  . . . . . . . :
     Node Type . . . . . . . . . . . . : Unknown
     IP Routing Enabled. . . . . . . . : Yes
     WINS Proxy Enabled. . . . . . . . : Yes
  PPP adapter RAS Server (Dial In) Interface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
     Physical Address. . . . . . . . . : 00-53-45-00-00-00
     DHCP Enabled. . . . . . . . . . . : No
     IP Address. . . . . . . . . . . . : 172.16.128.65
     Subnet Mask . . . . . . . . . . . : 255.255.255.255
     Default Gateway . . . . . . . . . :
  Ethernet adapter Local Area Connection:
     Media State . . . . . . . . . . . : Media disconnected
     Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
   VBD Client)
     Physical Address. . . . . . . . . : 00-10-18-8D-BC-42
  Ethernet adapter Local Area Connection 2:
     Media State . . . . . . . . . . . : Media disconnected
     Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
   VBD Client) #2
     Physical Address. . . . . . . . . : 00-10-18-8D-BC-40
  Ethernet adapter Local Area Connection 4:
     Media State . . . . . . . . . . . : Media disconnected
     Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS
   VBD Client)
     Physical Address. . . . . . . . . : 84-2B-2B-68-6A-FA
  Ethernet adapter Local Area Connection 3:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS
   VBD Client) #2
     Physical Address. . . . . . . . . : 84-2B-2B-68-6A-F9
     DHCP Enabled. . . . . . . . . . . : No
     IP Address. . . . . . . . . . . . : 172.16.128.1
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 172.16.128.254
     DNS Servers . . . . . . . . . . . : 172.16.128.254
                                         75.75.75.75
     NetBIOS over Tcpip. . . . . . . . : Disabled

• Cannot ping IAS RADIUS from WLC 2504

  I'm having some weird issues where I cannot ping from the WLC to the IAS RADIUS server.  All of my clients cannot connect, but from the switch, router, RADIUS server, and hard wired clients, I can ping to the WLC and RADIUS server.  The only thing that cannot ping the RADIUS server is the WLC itself.  Nothing in the FW is blocking connectivity.  Any ideas?
  (Cisco Controller) >show radius summ
  Vendor Id Backward Compatibility................. Disabled
  Call Station Id Case............................. lower
  Call Station Id Type............................. IP Address
  Aggressive Failover.............................. Disabled
  Keywrap.......................................... Disabled
  Fallback Test:
      Test Mode.................................... Off
      Probe User Name.............................. cisco-probe
      Interval (in seconds)........................ 300
  MAC Delimiter for Authentication Messages........ none
  MAC Delimiter for Accounting Messages............ hyphen
  Authentication Servers
  Idx  Type  Server Address    Port    State     Tout  RFC3576  IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr
  1    NM    10.10.50.63       1645    Enabled   5     Enabled   Disabled - none/unknown/group-0/0 none/none
  2    NM    10.10.50.130      1645    Enabled   5     Enabled   Disabled - none/unknown/group-0/0 none/none
  Accounting Servers
  Idx  Type  Server Address    Port    State     Tout  RFC3576  IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr
  1      N     10.10.50.63       1646    Enabled   5     N/A       Disabled - none/unknown/group-0/0 none/none
  2      N     10.10.50.130      1646    Enabled   5     N/A       Disabled - none/unknown/group-0/0 none/none

  It's in the arp cache through the default router
  (Cisco Controller) >show interface detailed management
  Interface Name................................... management
  MAC Address...................................... d0:c2:82:df:5b:c0
  IP Address....................................... 10.30.72.250
  IP Netmask....................................... 255.255.255.0
  IP Gateway....................................... 10.30.72.1
  External NAT IP State............................ Disabled
  External NAT IP Address.......................... 0.0.0.0
  VLAN............................................. untagged
  Quarantine-vlan.................................. 0
  Active Physical Port............................. 1
  Primary Physical Port............................ 1
  Backup Physical Port............................. Unconfigured
  Primary DHCP Server.............................. 10.10.10.65
  Secondary DHCP Server............................ Unconfigured
  DHCP Option 82................................... Disabled
  ACL.............................................. Unconfigured
  AP Manager....................................... Yes
  Guest Interface.................................. No
  L2 Multicast..................................... Disabled
  (Cisco Controller) >show arp switch
  Number of arp entries................................ 19
      MAC Address        IP Address     Port   VLAN   Type
  50:57:A8:D6:DE:C0   10.10.19.1       1      5      Host
  50:57:A8:D6:DE:C0   10.10.20.138     1      5      Host
  50:57:A8:D6:DE:C0   10.10.50.63      1      5      Host
  64:00:F1:08:A0:D0   10.30.72.1       1      0      Host
  50:57:A8:9E:B5:CD   10.30.72.40      1      0      Host
  50:57:A8:A1:7B:C5   10.30.72.44      1      0      Host
  50:57:A8:9E:99:78   10.30.72.48      1      0      Host
  50:57:A8:3B:66:E3   10.30.72.49      1      0      Host
  00:07:7D:43:23:DA   10.30.72.58      1      0      Host
  50:57:A8:9E:B6:1D   10.30.72.59      1      0      Host
  50:57:A8:9E:95:C5   10.30.72.60      1      0      Host
  50:57:A8:A1:7C:0D   10.30.72.61      1      0      Host
  00:07:7D:65:36:DD   10.30.72.62      1      0      Host
  50:57:A8:44:57:0C   10.30.72.63      1      0      Host
  50:57:A8:CA:CC:01   10.30.72.64      1      0      Host

• Cannot ping the gateway

  Hi
  Network:
  One firewall where the IP address is the gateway for all the internal computers and server
  From one if the internal computers I can ping the the gateway
  From the server I can ping all the internal computers but I cannot ping the gateway
  On the server I can ping:
  -  127.0.0.1, 
  - the IP address on the server
  - All the internal computers
  A hint would be nice
  Best Regards
  John B

  Arp -a
  Interface: 10.0.0.2 on Interface 0x1000003
    Internet Address      Physical Address      Type
    10.0.0.1              10-7b-ef-3a-58-09     dynamic  
    10.0.0.26             00-01-e6-b4-e1-fe     dynamic  
  Ipconfig /all
  Windows 2000 IP Configuration
   Host Name . . . . . . . . . . . . : krogh01
   Primary DNS Suffix  . . . . . . . : Krogh.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Krogh.local
  Ethernet adapter Inside:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7760 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-0B-CD-1C-7C-D9
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.1
   DNS Servers . . . . . . . . . . . : 10.0.0.2
                                       212.242.40.3
                                       212.242.40.51
  Ping 10.0.0.1
  Pinging 10.0.0.1 with 32 bytes of data:
  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.
  Ping statistics for 10.0.0.1:
      Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 0ms, Maximum =  0ms, Average =  0ms
  Ping 10.0.0.26
  Pinging 10.0.0.26 with 32 bytes of data:
  Reply from 10.0.0.26: bytes=32 time=1ms TTL=64
  Reply from 10.0.0.26: bytes=32 time<10ms TTL=64
  Reply from 10.0.0.26: bytes=32 time<10ms TTL=64
  Reply from 10.0.0.26: bytes=32 time<10ms TTL=64
  Ping statistics for 10.0.0.26:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 0ms, Maximum =  1ms, Average =  0ms
  I can ping every computer on internal network without any problems, it is only the gateway I have problem with.
  I have now made a ping session from a computer on the internal network:
  Microsoft Windows [version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation. Alle rettigheder forbeholdes.
  C:\Users\lh>ipconfig /all
  Windows IP-konfiguration
     Værtsnavn. . . . . . . . . . . . . . . . . . : NUC-lone
     Primært DNS-suffiks. . . . . . . . . . . . . : Krogh.local
     Nodetype . . . . . . . . . . . . . . . . . . : Hybrid
     IP-routing aktiveret . . . . . . . . . . . . : Nej
     WINS-proxy aktiveret . . . . . . . . . . . . : Nej
     Søgeliste for DNS-suffiks. . . . . . . . . . : Krogh.local
  Ethernet-netværkskort LAN-forbindelse:
     Forbindelsesspecifikt DNS-suffiks. . . . . . :
     Beskrivelse. . . . . . . . . . . . . . . . . : Intel(R) Ethernet Connection I
  218-V
     Fysisk adresse . . . . . . . . . . . . . . . : C0-3F-D5-61-7A-3A
     DHCP aktiveret . . . . . . . . . . . . . . . : Ja
     Automatisk konfiguration aktiveret . . . . . : Ja
     Link-local-IPv6-adresse . . . . . : fe80::5c7a:dcbe:f8:7de7%11(Foretrukken)
     IPv4-adresse . . . . . . . . . . . . . . . . : 10.0.0.113(Foretrukken)
     Undernetmaske. . . . . . . . . . . . . . . . : 255.255.255.0
     Rettigheden opnået . . . . . . . . . . . . . : 12. december 2014 03:15:59
     Rettigheden udløber. . . . . . . . . . . . . : 19. december 2014 08:05:30
     Standardgateway. . . . . . . . . . . . . . . : 10.0.0.1
     DHCP-server. . . . . . . . . . . . . . . . . : 10.0.0.1
     DHCPv6 IAID . . . . . . . . . . . : 247480277
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-40-6D-C9-C0-3F-D5-61-7A-3A
     DNS-servere. . . . . . . . . . . . . . . . . : 10.0.0.2
  212.242.40.3
  212.242.40.51
     NetBIOS over Tcpip . . . . . . . . . . . . . : Aktiveret
  Tunnel-netværkskort isatap.{B46FAFD6-A60A-48D9-967D-4081FAE7F6AE}:
     Medietilstand. . . . . . . . . . . . . . . . : Mediet afbrudt
     Forbindelsesspecifikt DNS-suffiks. . . . . . :
     Beskrivelse. . . . . . . . . . . . . . . . . : Microsoft ISATAP-netværkskort
     Fysisk adresse . . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP aktiveret . . . . . . . . . . . . . . . : Nej
     Automatisk konfiguration aktiveret . . . . . : Ja
  Tunnel-netværkskort Teredo Tunneling Pseudo-Interface:
     Medietilstand. . . . . . . . . . . . . . . . : Mediet afbrudt
     Forbindelsesspecifikt DNS-suffiks. . . . . . :
     Beskrivelse. . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interf
  ace
     Fysisk adresse . . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP aktiveret . . . . . . . . . . . . . . . : Nej
     Automatisk konfiguration aktiveret . . . . . : Ja
  C:\Users\lh>ping 10.0.0.1
  Pinger 10.0.0.1 med 32 byte data:
  Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
  Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
  Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
  Svar fra 10.0.0.1: byte=32 tid=1ms TTL=64
  Ping-statistikker for 10.0.0.1:
      Pakker: Sendt = 4, modtaget = 4, tabt = 0 (0% tab),
  Beregnet tid for rundtur i millisekunder:
      Minimum = 1ms, Maksimum = 1ms, Gennemsnitlig = 1ms
  C:\Users\lh>
  A hint would be nice :-)
  Best Regards
  John B

• Guest VLAN cannot ping gateway

  Hi Sir,
       I have an issue wherein my guest vlan cannot ping its gateway thus it cant go through the web auth page. I have been given an ip address with corresponding gateway, subnet and dns for the guest vlan. I have allowed all the vlans in the trunk port for wlc and ap connection.
       wat do you think is the problem? hope you could help on this.
  thanks.
  Regards,
  Neri

  Hi Neri
  The way this should work is that the client connects to the guest network and gets an IP address from DHCP. The DHCP configuration should include the default gateway and must include a DNS address.
  When the client opens a web browser the browser tries to connect to the configured home page. This means that a DNS lookup is sent out and the controller intercepts it and forwards it on. Providing there is a response from the DNS server the controller will cause the client browser to re-direct to the web authentication login page.
  It is therefore essential that the controller can see the DNS server. Forget the PING for now - DNS is a must. You can prove the rest of the system by ensuring the guest client has an IP address. Open the client browser and try and connect to http://1.1.1.1 (assuming your virtual interface on the controller is 1.1.1.1). If you get re-directed to the web authentication login page then the issue is a DNS issue.
  Regards
  Roger

• I cannot ping any VIP from within the ACE or from rservers

  I cannot ping any VIP from within the ACE or from rservers.  Is this expected?  I have rservers in other serverfarms that need to be able to communicate with the VIP of other serverfarms.  Any help is greatly appreciated.

  Thanks for you reply.  here is the config.  I removed other rserver and serverfarm config that does not have to do with this issue.
  logging enable
  logging fastpath
  logging standby
  logging console 4
  logging timestamp
  logging trap 4
  logging history 4
  logging buffered 4
  logging persistent 4
  logging monitor 4
  logging device-id hostname
  logging host 172.26.254.185 udp/514
  logging host 172.26.221.25 udp/514
  access-list INBOUND line 8 extended permit ip any any
  access-list INBOUND line 16 extended permit icmp any any
  access-list INBOUND line 24 extended permit tcp any any
  access-list INBOUND line 32 extended permit udp any any
  access-list ORADB line 8 extended permit tcp any any
  probe http CITRIX
    interval 30
    passdetect interval 15
    passdetect count 6
    open 1
  probe tcp HYPERION
    port 19000
    interval 2
    faildetect 2
    passdetect interval 2
    passdetect count 2
    receive 2
    open 1
  probe icmp PROBE_SERVICE_ICMP
    interval 5
    passdetect interval 5
  probe tcp W15SPSWFET001_PROBE
    interval 5
    passdetect interval 5
    connection term forced
    open 1
  parameter-map type connection TIMEOUT
    set timeout inactivity 43200
  parameter-map type http test
    persistence-rebalance
    set header-maxparse-length 2006
  rserver host w0bairwatch003
    description MDM-SEG
    ip address 172.20.60.73
    inservice
  rserver host w0bairwatch004
    description MDM-SEG
    ip address 172.20.60.74
    inservice
  rserver host w0bairwatch005
    description MDM-DEVICE
    ip address 172.20.60.75
    inservice
  rserver host w0bairwatch006
    description MDM-DEVICE
    ip address 172.20.60.76
    inservice
  rserver host w0bhamobile001
    description Lotus Notes Traveler Server
    ip address 172.20.60.57
    inservice
  rserver host w0bhamobile002
    description Lotus Notes Traveler Server
    ip address 172.20.60.58
    inservice
  serverfarm host MDMDEVICE
    predictor leastconns
    probe PROBE_SERVICE_ICMP
    rserver w0bairwatch005
      inservice
    rserver w0bairwatch006
  serverfarm host MDMSEG
    predictor leastconns
    probe PROBE_SERVICE_ICMP
    rserver w0bairwatch003
      inservice
    rserver w0bairwatch004
      inservice
  serverfarm host TRAVLR
    predictor leastconns
    probe PROBE_SERVICE_ICMP
    rserver w0bhamobile001
      inservice
    rserver w0bhamobile002
      inservice
  class-map match-all MDMDEVICE-VIP
    2 match virtual-address 172.20.48.35 any
  class-map match-all MDMSEG-VIP
    2 match virtual-address 172.20.48.33 any
  class-map type management match-any REMOTE_ACCESS
    description Remote access traffic match
    201 match protocol ssh any
    202 match protocol telnet any
    203 match protocol icmp any
    204 match protocol https any
    205 match protocol http any
    206 match protocol xml-https any
    207 match protocol snmp any
  class-map match-all TRAVLR-VIP
    2 match virtual-address 172.20.48.34 any
  policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
    class REMOTE_ACCESS
      permit
  policy-map type loadbalance first-match MDMDEVICE
    class class-default
      serverfarm MDMDEVICE
  policy-map type loadbalance first-match MDMSEG
    class class-default
      serverfarm MDMSEG
  policy-map type loadbalance first-match TRAVLR
    class class-default
      serverfarm TRAVLR
  policy-map multi-match CLIENTS-VIPS
    class MDMDEVICE-VIP
      loadbalance vip inservice
      loadbalance policy MDMDEVICE
      loadbalance vip icmp-reply active
    class MDMSEG-VIP
      loadbalance vip inservice
      loadbalance policy MDMSEG
      loadbalance vip icmp-reply active
    class TRAVLR-VIP
      loadbalance vip inservice
      loadbalance policy TRAVLR
      loadbalance vip icmp-reply active
  interface vlan 48
    ip address 172.20.48.10 255.255.255.0
    access-group input INBOUND
    access-group output INBOUND
    service-policy input REMOTE_MGMT_ALLOW_POLICY
    service-policy input CLIENTS-VIPS
    no shutdown
  interface vlan 60
    ip address 172.20.60.10 255.255.255.0
    access-group input INBOUND
    access-group output INBOUND
    service-policy input REMOTE_MGMT_ALLOW_POLICY
    no shutdown
  ip route 0.0.0.0 0.0.0.0 172.20.48.1

• Linksys E1000 cannot ping gateway unless I unplug/replug WAN

  I have been using this router for the last six months and never had a single problem. Then yesterday out of nowhere internet stopped working and I was not able ping my ISP gateway (both wired and wireless) [Received: Destination host not reachable on both Windows Vista / 7]. Rebooted the router but still no luck. Unplugged / Replugged the net connection from the WAN port and then finally ping was successful.
  Now the weird this is every time I power on the router the Internet does not work and ISP Gateway seems not reachable, but if I unplug/replug the WAN connection the ping reply starts and internet works without any problem.
  I have updated the firmware to the latest version (2.1.02 build 5May 6, 2011), disabled SPI  firewall and tried changing the MTU value but still no luck.
  Another unusual thing I have noticed is that during the router boot up the WAN port LED blinks a lot faster than usual. After I unplug/replug the wan connection the blinking rate seems to be normal.

  My ISP Gateway uses a completely different IP address 172.16.x.x, while my router has the default IP setup 192.168.1.1. The thing is I am able to ping the router IP, but not the ISP Gateway IP unless I unplug/replug WAN.
  I googled around quite a bit yesterday and found that others have also had similar problem.
  http://homecommunity.cisco.com/t5/Wireless-Routers/Power-Outage-Linksys-E1000-router-lights-blinking...

• Ontap 8.3 lif cannot ping gateway

  Hi all, I have c-mode cluster with 1 node (DR filer).  It's on subnet 172.16.230.0/24. Gateway is 172.16.230.1/24I created an intercluster LIF (172.16.230.35)  to comm. with filer (production ) in another subnet. (10.1.198.0/24).I can ping 10.1.198.35. But I cannot ping the gateway 172.16.230.1 from the intercluster LIF on the DR-filer.I can also not ping from 10.1.198.35 (prod. filer) to 172.16.230.35 (dr filer) If I connect a laptop in the same subnet and give it 172.16.230.18, I can ping both ways. Thus, ping to 10.1.198.35, 172.16.230.1 and vice versa.  Just as expected. So routing seems correct. BUT, if i ping from the laptop to the LIF (172.16.230.35) of the filer,  I have no response, altough it's on the same subnet. So it looks like 'something' is preventing the LIF on the Dr-filer to respond to the ping(?)  I spend hours of searching the internet but I'm completly lost now. If somebody could give me only a direction to search in, it would be great! Thanks!  

  Solved! Weird cabling issue... :-(

• Cannot ping gateway

  hi,
  i have wlc directly connected to core switch in same subnet and same vlan,
  core switch connected to othe edege switches and APs connected to them.
  I cannot ping wlc from core switch, i dont know how but connected APs are working fine
  and users are also able to browse.
  Pls suggest on this

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  (Cisco Controller) >show interface detailed management
  Interface Name................................... management
  MAC Address...................................... 88:43:e1:31:19:8b
  IP Address....................................... 172.16.10.2
  IP Netmask....................................... 255.255.255.0
  IP Gateway....................................... 172.16.10.253
  External NAT IP State............................ Disabled
  External NAT IP Address.......................... 0.0.0.0
  VLAN............................................. untagged
  Quarantine-vlan.................................. 0
  Active Physical Port............................. LAG (29)
  Primary Physical Port............................ LAG (29)
  Backup Physical Port............................. Unconfigured
  Primary DHCP Server.............................. 10.5.5.1
  Secondary DHCP Server............................ Unconfigured
  DHCP Option 82................................... Disabled
  ACL.............................................. Unconfigured
  AP Manager....................................... No
  Guest Interface.................................. No
  L2 Multicast..................................... Enabled
  core#show mac-address address 88:43:e1:31:19:8b
  Unicast Entries
  vlan   mac address     type        protocols               port
  -------+---------------+--------+---------------------+--------------------
  4001    8843.e131.198b   dynamic ip                    GigabitEthernet5/5

• FlexVPN Cannot Ping From Spoke LAN only

  Topology:
  Hub:
  (hub lan: 10.0.1.0/24) > (lan int [ip nat inside], g0/0: 10.0.1.1) > (flex interface, loopback100: 172.31.100.1) > (flex virtual interface, Virtual-Template1: ip unnumbered loopback100) > (wan int [ip nat outside], dialer0 - g0/1) > ISP
  Spoke:
  (hub lan: 10.0.3.0/24) > (lan int [ip nat inside], vlan1: 10.0.3.1) > (flex interface, Tunnel0 ip address negotiated, tunnel source vlan 1) > (wan int, dialer0 [ip nat inside] - f0/4) > ISP
  I have full reachability from both routers. 
  Hub router can ping 172.31.100.x, 10.0.3.1 and hosts on 10.0.3.0/24 via standard ping, or extended and sourced from 10.0.1.1 or g0/0
  Spoke router can ping 172.31.100.1, 10.0.1.1 and hosts on 10.0.1.0/24 via standard ping, or extended and sourced from 10.0.3.1 or vlan1
  Partial reachability from lan hosts
  Hub hosts can ping 172.31.100.x and 10.0.3.1, but not hosts on 10.0.3.0/24 (Possibly because host cannot reply to echo request?)
  Spoke hosts cannot ping 172.31.100.1, 10.0.1.1 or hosts on 10.0.1.0/24
  Any help would be appreciated

  We've been working with these confs for a while, so they aren't as clean as they could be, but here they are
  ---HUB---
  version 15.2
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname HUB
  boot-start-marker
  boot system flash:c1900-universalk9-mz.SPA.152-4.M5.bin
  boot-end-marker
  security authentication failure rate 3 log
  security passwords min-length 6
  enable secret xxxxx
  aaa new-model
  aaa group server radius FLEXVPN_AUTH-C_SERVER_GROUP
  server-private 10.0.1.15 key xxxxx
  aaa authentication login default local
  aaa authentication login xxxxxVPN_VPN_XAUTH local
  aaa authentication login FLEXVPN_AUTH-C_LIST group FLEXVPN_AUTH-C_SERVER_GROUP
  aaa authorization exec default local
  aaa authorization network default local
  aaa authorization network xxxxxVPN_VPN_GROUP local
  aaa authorization network FLEXVPN_AUTH-Z_LIST local
  aaa session-id common
  clock timezone CST -6 0
  clock summer-time CDT recurring
  clock calendar-valid
  no ip source-route
  no ip gratuitous-arps
  ip cef
  no ip bootp server
  ip domain name xxxxx.net
  ip name-server 166.102.165.13
  ip name-server 166.102.165.11
  ip name-server 8.8.8.8
  ip name-server 8.8.4.4
  ip name-server 4.2.2.1
  no ipv6 cef
  multilink bundle-name authenticated
  vpdn enable
  vpdn-group VPN_GROUP
  key chain EIGRP_KEY_CHAIN
  key 1
    key-string xxxxx
  crypto pki trustpoint FLEXVPN_RA_TP
  enrollment terminal
  serial-number none
  fqdn vpn.xxxxx.net
  ip-address none
  subject-name cn=vpn.xxxxx.net
  revocation-check crl
  eckeypair FLEXVPN_RA_TP-Key
  crypto pki certificate chain FLEXVPN_RA_TP
  certificate 460000.. nvram:xxxxx#2.cer
  certificate ca 59A43A15.. nvram:xxxxx#BC60CA.cer
  license udi pid CISCO1921/K9 sn xxxxx
  archive
  path ftp://xxxxx
  write-memory
  username xxxxx privilege 15 password xxxxx
  redundancy
  crypto ikev2 authorization policy default
  pool FLEX_SPOKES_POOL
  route set interface
  crypto ikev2 authorization policy FLEXVPN_RA_LOCAL_POLICY
  pool FLEXVPN_RA_POOL
  dns 10.0.1.15
  netmask 255.255.255.0
  def-domain xxxxx.net
  route set access-list FLEXVPN_RA_ACL
  crypto ikev2 proposal SHA1-only
  encryption aes-cbc-256
  integrity sha1
  group 5
  crypto ikev2 policy SHA1-only
  match fvrf any
  proposal SHA1-only
  crypto ikev2 keyring FLEX_KEY
  peer ALL
    address 0.0.0.0 0.0.0.0
    pre-shared-key local xxxxx
    pre-shared-key remote xxxxx
  crypto ikev2 profile FLEX_IKEv2
  match identity remote address 0.0.0.0
  authentication remote pre-share
  authentication local pre-share
  keyring local FLEX_KEY
  aaa authorization group psk list default default
  virtual-template 1
  crypto ikev2 profile FLEXVPN_RA_IKEv2_PROFILE
  match identity remote key-id xxxxx.net
  identity local dn
  authentication remote eap query-identity
  authentication local rsa-sig
  pki trustpoint FLEXVPN_RA_TP
  dpd 60 2 on-demand
  aaa authentication eap FLEXVPN_AUTH-C_LIST
  aaa authorization group eap list FLEXVPN_AUTH-Z_LIST FLEXVPN_RA_LOCAL_POLICY
  virtual-template 10
  crypto ikev2 dpd 30 5 on-demand
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  crypto logging session
  crypto isakmp client configuration group xxxxxVPN
  key xxxxx
  pool xxxxxVPN_POOL
  acl xxxxxVPN_ACL
  netmask 255.255.255.0
  crypto isakmp profile xxxxxVPN_IKE_PROFILE
     match identity group xxxxxVPN
     client authentication list xxxxxVPN_VPN_XAUTH
     isakmp authorization list xxxxxVPN_VPN_GROUP
     client configuration address respond
     virtual-template 100
  crypto ipsec transform-set xxxxxVPN_SET esp-3des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set IKEv2 esp-gcm
  mode transport
  crypto ipsec profile xxxxxVPN_IPSEC_PROFILE
  set transform-set xxxxxVPN_SET
  set isakmp-profile xxxxxVPN_IKE_PROFILE
  crypto ipsec profile FLEXVPN_RA_IPSEC_PROFILE
  set ikev2-profile FLEXVPN_RA_IKEv2_PROFILE
  crypto ipsec profile default
  set transform-set IKEv2
  set ikev2-profile FLEX_IKEv2
  interface Loopback100
  ip address 172.31.100.1 255.255.255.255
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  ip address 10.0.1.1 255.255.255.0
  no ip unreachables
  ip nat inside
  ip virtual-reassembly in
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  no ip address
  duplex auto
  speed auto
  pppoe enable group global
  pppoe-client dial-pool-number 1
  interface Virtual-Template1 type tunnel
  description FlexVPN hub-to-spokes
  ip unnumbered Loopback100
  ip mtu 1400
  ip nhrp network-id 1
  ip nhrp redirect
  ip tcp adjust-mss 1360
  tunnel path-mtu-discovery
  tunnel protection ipsec profile default
  interface Virtual-Template10 type tunnel
  ip unnumbered GigabitEthernet0/0
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile FLEXVPN_RA_IPSEC_PROFILE
  interface Dialer0
  mtu 1492
  ip address negotiated
  no ip unreachables
  ip nat outside
  ip virtual-reassembly in
  encapsulation ppp
  ip tcp adjust-mss 1450
  dialer pool 1
  dialer idle-timeout 0
  dialer persistent
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname [email protected]
  ppp chap password xxxxx
  ppp pap sent-username [email protected] password xxxxx
  no cdp enable
  router eigrp 1
  distribute-list EIGRP_SUMMARY_PFLIST out Virtual-Template1
  network 10.0.1.0 0.0.0.255
  network 172.30.200.0 0.0.0.255
  network 172.31.100.1 0.0.0.0
  passive-interface GigabitEthernet0/0
  ip local pool xxxxxVPN_POOL 172.30.255.1 172.30.255.254
  ip local pool FLEX_SPOKES_POOL 172.31.100.10 172.31.100.254
  ip local pool FLEXVPN_RA_POOL 172.30.200.1 172.30.200.254
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip dns server
  ip nat inside source list 1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  ip route 172.30.200.0 255.255.255.0 Null0
  ip access-list standard FLEXVPN_RA_ACL
  permit 10.0.1.0 0.0.0.255
  permit 10.0.2.0 0.0.0.255
  permit 10.0.3.0 0.0.0.255
  permit 10.0.4.0 0.0.0.255
  ip access-list standard MGMT_ACL
  permit 172.30.200.0 0.0.0.255
  permit 172.31.254.0 0.0.0.255
  permit 10.0.1.0 0.0.0.255
  ip access-list extended xxxxxVPN_ACL
  permit ip 172.30.255.0 0.0.0.255 any
  permit ip 10.0.1.0 0.0.0.255 any
  permit ip 172.31.254.0 0.0.0.255 any
  ip prefix-list EIGRP_SUMMARY_PFLIST seq 10 permit 10.0.1.0/24
  ip prefix-list EIGRP_SUMMARY_PFLIST seq 20 permit 172.30.200.0/24
  ip prefix-list EIGRP_SUMMARY_PFLIST seq 30 permit 172.31.100.1/32
  access-list 1 permit 10.0.1.0 0.0.0.255
  route-map EIGRP_SUMMARY_RMAP permit 10
  match ip address prefix-list EIGRP_SUMMARY_PFLIST
  control-plane
  banner motd  Cxxxxx
  line con 0
  line aux 0
  line 2
  no activation-character
  no exec
  transport preferred none
  transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
  stopbits 1
  line vty 0 4
  access-class MGMT_ACL in
  privilege level 15
  transport input telnet ssh
  line vty 5 15
  transport input all
  scheduler allocate 20000 1000
  ntp update-calendar
  ntp server 1.pool.ntp.org
  ntp server 0.pool.ntp.org prefer
  end
  ---SPOKE---
  version 15.2
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname SPOKE
  boot-start-marker
  boot system flash:c880data-universalk9-mz.152-4.M5.bin
  boot-end-marker
  security authentication failure rate 3 log
  security passwords min-length 6
  enable secret xxxxx
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa authorization network default local
  aaa session-id common
  memory-size iomem 10
  clock timezone CST -6 0
  clock summer-time CDT recurring
  clock calendar-valid
  no ip source-route
  no ip gratuitous-arps
  no ip bootp server
  ip domain name xxxxx.net
  ip name-server 8.8.8.8
  ip name-server 8.8.4.4
  ip name-server 4.2.2.1
  ip cef
  no ipv6 cef
  multilink bundle-name authenticated
  key chain EIGRP_KEY_CHAIN
  key 1
    key-string xxxxx
  license udi pid CISCO881-SEC-K9 sn FTX1740854N
  archive
  path ftp://xxxxx
  write-memory
  username xxxxx privilege 15 password xxxxx
  crypto ikev2 authorization policy default
  route set interface
  crypto ikev2 keyring FLEX_KEY
  peer ALL
    address 0.0.0.0 0.0.0.0
    pre-shared-key local xxxxx
    pre-shared-key remote xxxxx
  crypto ikev2 profile FLEX_IKEv2
  match identity remote address 0.0.0.0
  authentication remote pre-share
  authentication local pre-share
  keyring local FLEX_KEY
  aaa authorization group psk list default default
  virtual-template 1
  crypto ikev2 dpd 30 5 on-demand
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  crypto ipsec transform-set IKEv2 esp-gcm
  mode transport
  crypto ipsec profile default
  set transform-set IKEv2
  set ikev2-profile FLEX_IKEv2
  interface Loopback101
  ip address 172.31.101.3 255.255.255.255
  interface Tunnel0
  description FlexVPN tunnel
  ip address negotiated
  ip mtu 1400
  ip nhrp network-id 1
  ip nhrp shortcut virtual-template 1
  ip nhrp redirect
  ip tcp adjust-mss 1360
  delay 1000
  tunnel source Vlan1
  tunnel destination x.x.x.x
  tunnel path-mtu-discovery
  tunnel protection ipsec profile default
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface FastEthernet4
  ip address dhcp
  no ip unreachables
  ip nat outside
  ip virtual-reassembly in
  duplex auto
  speed auto
  interface Virtual-Template1 type tunnel
  description FlexVPN spoke-to-spoke
  ip unnumbered Loopback101
  ip nhrp network-id 1
  ip nhrp shortcut virtual-template 1
  ip nhrp redirect
  tunnel protection ipsec profile default
  interface Vlan1
  ip address 10.0.3.1 255.255.255.0
  ip helper-address 10.0.1.15
  no ip unreachables
  ip nat inside
  ip virtual-reassembly in
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip dns server
  ip nat inside source list INTERNET_BOUND_ACL interface FastEthernet4 overload
  ip route 0.0.0.0 0.0.0.0 dhcp
  ip access-list standard INTERNET_BOUND_ACL
  permit 10.0.3.0 0.0.0.255
  ip access-list standard MGMT_ACL
  permit 172.30.255.0 0.0.0.255
  permit 172.31.100.0 0.0.0.255
  permit 10.0.1.0 0.0.0.255
  permit 10.0.3.0 0.0.0.255
  permit 172.30.200.0 0.0.0.255
  access-list 99 permit 10.0.3.0
  control-plane
  banner motd  xxxxx
  line con 0
  no modem enable
  line aux 0
  line vty 0 4
  access-class MGMT_ACL in
  privilege level 15
  transport input telnet ssh
  ntp update-calendar
  ntp server 0.pool.ntp.org prefer
  ntp server 1.pool.ntp.org
  end

• IPV6 clients cannot ping each other while getting IP from DHCP server running in windows 2008

  I have two windows 7 clients and a windows 2008 server connected to a switch with static IP 172:16:5::1/64.
  DHCP server is configured with static IP 172:16:5::20/64
  when i statically assign IP to windows 7 clients like 172:16:5::21 & ::22, they can ping each other. if they get ip from DHCP server, they cannot ping each other.
  if i configure the gateway (172:16:5::1) in the clients manually, they can ping each other.
  is there any way we can make dhcp server to give gateway to the clients along with IP?

  From what I have gathered:
  IPv6 won't route because the DHCP server is setup in 'stateless' mode and the switches do not support IPv6. (
  "But if your routers are not IPv6 supported (yet), you can
  reconfigure DHCPv6 to Disable Stateless mode, and that'll issue IPv6 addresses that
  will eliminate the Ping problem." -
  http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html)
  So you must change to 'disable stateless' mode. Which the only way I can THINK to do this is to uninstall DHCP and reinstall DHCP and select 'disable stateless' during the installation (which I haven't confirmed). (In
  case, “Disable DHCPv6 stateless mode for this server” option was selected duringrole installation" -
  http://blogs.technet.com/b/teamdhcp/archive/2009/03/03/dhcpv6-understanding-of-address-configuration-in-automatic-mode-and-installation-of-dhcpv6-server.aspx)
  zz.. but my understanding of DHCP is fragmented, please take what I find with a grain of salt. I am off to reinstall DHCP :] .. fun.
  Mediocre Access 2010 | (Baby) Beginner C Sharp | OK at Active Directory (2012) | Fragmented understanding of DNS/DHCP | Laughable experience with Group Policy | Expert question asker on MSDN Forums

• Cisco ASA 5505 Cannot ping local traffic and local hosts cannot get out

  I have, what I believe to be, a simple issue - I must be missing something.
  Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209).
  There is a PC (10.51.253.210) plugged into e0/1.
  I know the PC is configured correctly with Windows firewall tuned off.
  The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.
  I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue.
  Basically, the VPN is up and running but PC 10.51.253.210 cannot get out.
  Any ideas? Sanitized Config is below. Thanks !
  ASA Version 7.2(4)
  hostname *****
  domain-name *****
  enable password N7FecZuSHJlVZC2P encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif Inside
  security-level 100
  ip address 10.51.253.209 255.255.255.248
  interface Vlan2
  nameif Outside
  security-level 0
  ip address ***** 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  shutdown
  interface Ethernet0/3
  shutdown
  interface Ethernet0/4
  shutdown
  interface Ethernet0/5
  shutdown
  interface Ethernet0/6
  shutdown
  interface Ethernet0/7
  shutdown
  ftp mode passive
  dns server-group DefaultDNS
  domain-name *****
  access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.1.7.0 255.255.255.0
  access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.10.250
  access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.200
  access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.9
  access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.14
  access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.15
  access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.16
  access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.1.9.0 255.255.255.0
  access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.10.9.0 255.255.255.0
  access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 ***** 255.255.255.240
  access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.1.7.0 255.255.255.0
  access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.10.250
  access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.200
  access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.9
  access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.14
  access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.15
  access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.16
  access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.1.9.0 255.255.255.0
  access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.10.9.0 255.255.255.0
  access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 ***** 255.255.255.240
  pager lines 24
  mtu Outside 1500
  mtu Inside
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any Outside
  no asdm history enable
  arp timeout 14400
  global (Outside) 1 interface
  nat (Inside) 0 access-list No_NAT
  route Outside 0.0.0.0 0.0.0.0 ***** 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  aaa authentication enable console LOCAL
  aaa authentication serial console LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  no snmp-server location
  no snmp-server contact
  snmp-server community *****
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set DPS_Set esp-3des esp-md5-hmac
  crypto map DPS_Map 10 match address Outside_VPN
  crypto map DPS_Map 10 set peer *****
  crypto map DPS_Map 10 set transform-set *****
  crypto map DPS_Map interface Outside
  crypto isakmp enable Outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 28800
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 Outside
  ssh timeout 60
  console timeout 0
  management-access Inside
  username test password P4ttSyrm33SV8TYp encrypted
  tunnel-group ***** type ipsec-l2l
  tunnel-group ***** ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:8d0adca63eab6c6c738cc4ab432f609d
  : end
  1500

  Hi Martin,
  Which way you are trying. Sending traffic via site to site is not working or traffic which you generate to outside world is not working?
  But you say ASA connected interface to PC itself is not pinging that is strange. But try setting up the specific rules for the outgoing connection and check. Instead of not having any ACL.
  If it is outside world the you may need to check on the NAT rules which is not correct.
  If it is site to site then you may need to check few other things.
  Please do rate for the helpful posts.
  By
  Karthik