I can SSH from the outside but cannot ping ISP gateway from 2911
Hello all,
I came across a rather strange issue. I am able to SSH to the device from my home but while I am consoled in, I cannot ping the ISP gateway or any other IP's. As expected, all trace-routes fail without hitting the gateway as the first hop. I have been reading about the NVI0 interface and I decided to use it. Most of the sample cofigs on here use the "old" ip nat inside / outside on the appropriate interfaces. What do you guys suggest?
Here is the running config. It is rather simple since i did not add all the access-lists except the ones I thought necessary to test the circuit. Please point out any mistakes or errors. Thanks in advance!
Current configuration : 1679 bytes
! Last configuration change at 04:05:17 UTC Fri Sep 12 2014
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname StandbyGZ-2911
boot-start-marker
boot-end-marker
enable secret 5 $1$BRaM$igChPMXLeHjgYR7EGk/Nb/
no aaa new-model
no ipv6 cef
no ip source-route
ip cef
no ip domain lookup
ip domain name StandbyGZ.local
ip name-server 211.136.20.203
ip name-server 211.139.136.68
multilink bundle-name authenticated
license udi pid CISCO2911/K9 sn FGL174410H9
username StandbyGZ secret 5 $1$CXWC$m6kqTGbf0HDLCvkfU7.RA/
ip ssh version 2
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet0/1
description UPLINK TO CHINA MOBILE
ip address 183.x.x.x 255.255.255.128
ip access-group REMOTE-ADMIN-ACL in
no ip redirects
ip nat enable
duplex auto
speed auto
interface GigabitEthernet0/2
description CONNECTION TO LAN SWITCH 3650-CORE
ip address 10.10.1.254 255.255.254.0
no ip redirects
ip nat enable
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat source list LAN-NAT-ACL interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 183.x.x.x
ip access-list standard LAN-NAT-ACL
permit 10.10.0.0 0.0.1.255
ip access-list extended REMOTE-ADMIN-ACL
permit tcp host 68.107.195.213 any eq 22 log
control-plane
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
transport input ssh
transport output ssh
scheduler allocate 20000 1000
end
StandbyGZ-2911# sh ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/1 183.x.x.x YES NVRAM up up
GigabitEthernet0/2 10.10.1.254 YES NVRAM up up
NVI0 183.x.x.x YES unset up up
StandbyGZ-2911#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 183.233.184.129 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 183.233.184.129
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.0.0/23 is directly connected, GigabitEthernet0/2
L 10.10.1.254/32 is directly connected, GigabitEthernet0/2
183.233.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 183.x.x.x/25 is directly connected, GigabitEthernet0/1
L 183.x.x.x/32 is directly connected, GigabitEthernet0/1
Hi Chris,
That is what how I am used to configure the NAT, but IOS 12.3 and on introduced interface NVI0, which according to cisco documentation should make applying the NAT statements "easier". IP nat enable has to be enabled on all interfaces and then NVI0 makes the "inside" and "outside" decisions. I was hoping that someone could clarify the real use of that NVI0 interface and if it causes problems. Apparently it cannot be removed from the config.
Similar Messages
-
I have a Mac on my home network and also a Systemline music server on same network. My PC was able to find the server but my MAC cannot. I can ping the server from the mac, but cannot actually connect . Also can't add the mac as a location from server, despite following the Systemline instructions that impy this can be done.
Can anyone please advise what I am doing wrong?Hi LowLuster
Thanks for reply. I am not an expert on these sharing protocols but I think I have turned on SMB sharing but still wont connect. I tried adding netwrik drive by using cntrl K in finder and using smb\\network address but nothing. It is driving me mad!! -
I am getting an error message "Adobe_unable to download, license server communications problem, e_act_not_ready". I have downloaded Adobe Digital Editions and have authenticated the computer, but cannot download a book from the library. What should I do?
Having exact same problem, only it's with a book I've paid for, so it hurts more . Any ideas?
-
Can ssh into client iMac but cannot mount home directory ...
I've got a server running 10.4.11 and a bunch of client iMacs (10.5.n). If I ssh into a client iMac it lets me log in but cannot mount my home directory (which lives on the server). Obviously ssh is getting my credentials from the server but isn't getting (or cannot get) the information to mount my disk. If I log in through the gui on the client it all works fine. I suspect this is less of an error and more of a design. Is there a way to get the clients to mount my home when logging in with ssh? If not then Apple presumably has a reason for disallowing this behaviour. Is there a way around this? Perhaps with mount_afp?
We want to be able to log into many client iMacs at once to run computations on them. Eventually we want to do this on a suite of XServes and XGrid. This is all very easy with linux and nfs and I was expecting the same sort of ability through OS X. I know that I can export everything from the server with nfs (though that may not solve my problem) but I only have the one system and multiple users and I can't really experiment while they are connected.
Suggestions? Comments? If there are obvious examples of this elsewhere please point me toward them.Well it's never worked that way for me. Do you actually use this method to log in?
I've gone through all of the server logs, watching what gets added as I log on to a client. I don't see anything there that suggests it is even attempting to mount the home directory. I also watched on the client and didn't see any errors. When I ssh into a client I see the following message on the terminal, "Could not chdir to home directory /Network/Servers/server.some.place/Volumes/R1/UsersR1/username: Unknown error: 118" This suggests that the client knows where my home should be but doesn't know how to mount it.
I have enabled the basic setup on my server. User accounts have Home URLs like "afp://server.some.place/UsersR1/username" and Full Paths like "/Network/Servers/server.some.place/Volumes/R1/UsersR1" (R1 is a RAID disk). UsersR1 has been made into a Share Point and Server Admin tells me that the disk "will be automatically mounted using the AFP protocol as /Network/Servers/R1 on client machines". This part doesn't seem to be true as when I log into a client through the GUI the actual path that is mounted as my home is /Network/Servers/server.some.place/R1" (pwd in my home directory returns /Network/Servers/server.some.place/Volumes/R1/UsersR1/username which is a actually rather inconvenient).
Under the Advanced tab in the Workgroup Manager, Accounts pane, I've got "Allow simultaneous login on managed computers". This seems to work but also seems only to apply to the GUI, that is I can log onto several clients at once.
How do I ask a client machine what home directory information it is getting from the server for any particular user? Is there some setup on the client machines that will enable automatic mounting of homes through ssh? On the clients, the Directory Utility, which I have used to connect the client to a Directory Server, has a Mounts pane which allows me to "Edit automatic NFS mounts for this computer". I am not exporting any NFS from the server, but perhaps this is the way to make it work?
Perhaps what I want to requires Kerberos? I don't have that enabled.
When I have done this on a cluster of linux machines I exported the home directory from the server with NFS (exportfs) and then, using NIS and automount on the clients it "just worked". It was very simple. If it is supposed to work with Macs and OS X, it may be simple but it's not obvious. -
Hi,
I am using SignTool.exe from a new Process() to verify a codesigned assembly and it returns the exit code 1 whereas it returns exit code 0 while i run the same from Visual Studio Command prompt. Please let me know your thoughts...
Here is my code snippet from VS2012 ultimate on Win7 PC.
p = new Process();
p.StartInfo.FileName = "C:\\Program Files (x86)\\Microsoft SDKs\\Windows\\v7.0A\\Bin\\SignTool.exe";
string args = @"verify";
p.StartInfo.Arguments = args + " "+ "/pa " + "/v "+ name;
p.Start();
p.WaitForExit();
pexitcode = p.ExitCode;
//name = "C:\\Users\\v-maparn\\Documents\\Visual Studio 2012\\Projects\\CodesignVerification\\CodesignVerification\\bin\\Release\\Microsoft.IT.Core.dll"
Thanks,
ManiHi Amy,
Thanks for your reply. I am receiving the exit code 1 by the Process even though the SignTool is able to successfully verify the assembly. I ran the below command from command prompt and received no errors or warnings. I assume the exit code should be 0.
I have also verified that this assembly has digital signature embedded as you can see from the output.
output:
C:\Windows\system32>signtool.exe verify /pa /v "C:\Users\v-maparn\Documents\Visu
al Studio 2012\Projects\CodesignVerification\CodesignVerification\bin\Release\Mi
crosoft.IT.Security.UI.SystemSecurityManagement.SSMUIWebHost.dll"
Verifying: C:\Users\v-maparn\Documents\Visual Studio 2012\Projects\CodesignVerif
ication\CodesignVerification\bin\Release\Microsoft.IT.Security.UI.SystemSecurity
Management.SSMUIWebHost.dll
Signature Index: 0 (Primary Signature)
Hash of file (sha1): 1B58113B218260837A6B850561538A804B034F2A
Signing Certificate Chain:
Issued to: Microsoft Root Certificate Authority
Issued by: Microsoft Root Certificate Authority
Expires: Sun May 09 15:28:13 2021
SHA1 hash: CDD4EEAE6000AC7F40C3802C171E30148030C072
Issued to: Microsoft Code Signing PCA
Issued by: Microsoft Root Certificate Authority
Expires: Mon Aug 31 14:29:32 2020
SHA1 hash: 3CAF9BA2DB5570CAF76942FF99101B993888E257
Issued to: Microsoft Corporation
Issued by: Microsoft Code Signing PCA
Expires: Thu Apr 24 14:33:39 2014
SHA1 hash: 108E2BA23632620C427C570B6D9DB51AC31387FE
The signature is timestamped: Mon Dec 30 02:58:12 2013
Timestamp Verified by:
Issued to: Microsoft Root Certificate Authority
Issued by: Microsoft Root Certificate Authority
Expires: Sun May 09 15:28:13 2021
SHA1 hash: CDD4EEAE6000AC7F40C3802C171E30148030C072
Issued to: Microsoft Time-Stamp PCA
Issued by: Microsoft Root Certificate Authority
Expires: Sat Apr 03 05:03:09 2021
SHA1 hash: 375FCB825C3DC3752A02E34EB70993B4997191EF
Issued to: Microsoft Time-Stamp Service
Issued by: Microsoft Time-Stamp PCA
Expires: Wed Feb 11 14:11:31 2015
SHA1 hash: D967AB4CF991F11DA6E318C880F1AF1A9C8D2C7C
Successfully verified: C:\Users\v-maparn\Documents\Visual Studio 2012\Projects\C
odesignVerification\CodesignVerification\bin\Release\Microsoft.IT.Security.UI.Sy
stemSecurityManagement.SSMUIWebHost.dll
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
C:\Windows\system32>
Thanks,
Mani -
I have a PC (bought in the UK) and an iPad (bought in Australia), but only buy songs from my PC.
It keeps directing me back to the UK store whenever I try to buy something - it is getting so frustrating! Any ideas or ways to fix this much appreciated.
Surely I don't need to create a whole new account?
Thanks. :-)Change your account and billing info to your new Australian info
-
I'm trying to remove old apps off my phone, and they keep showing up. How do I get rid of them?
i was losing temper looking for an answer for this. at the end the trick is that you need to show the side bar then only your library will list the apps menu for you to access & start doing the deletion huhhhhh..
Itunes > view (menu bar) > show side bar > under library select apps > all apps list either active & deleted on your device will be displayed in tile view > then you start to delete by right clicking> finally empty recycle bin > -
Recieving accordion event from the "outside"
hi;
i am using the accordion and need to keep track of events,
specificaly, the only thing i need right now is to know the new
currentPanelIndex of the accordion after someone clicked a panel.
what is the best way to do this?
i already tried hacking the spry.js(hacked into the openPAnel
function), it worked but i do not want to touch the JS file (so i
dont have to do this on every upgrade). i
also tried doing it from the "outside" but i could not get
it to work (after creating the accordion, i took the panels from
the accordion, looped and got the tab from each panel and used
addEventListener(tab,'click',myfunc,false) but in the first
iteration after the call to addEventListener the loop did not
continue ).
any help is appreciated.
thanks,You can extend it from the outside by defining a function
that overrides openPanel() with a function that calls the original
openPanel() and then executes whatever code you want. The function
would look something like this:
function ExtendOpenPanel(acc)
var realFunc = acc.openPanel;
acc.openPanel = function(panel) {
realFunc.call(acc, panel);
/* Add your code or function call here! */
Then call the function after you create the widget:
var acc1 = new Spry.Widget.Accordion("acc1");
ExtendOpenPanel(acc1);
--== Kin ==-- -
I cannot open iCal because of a problem. Can anybody help me? The computer will not allow it to open and sends a message to apple each time. The icon has gone from the dock, but ical works on my iPad and I am afraid to sync it with my computer in case it wipes everything .
I have the exact same problem. I have not changed anything. This is probably a bug or something that has gone bad with Mac OS X (10.7.2). I have not found any solution for this on the web.
MacBook Pro, Mac OS X (10.7.2). -
First, how do I create my own favorite theme template for DVD slideshows? I used to be able to select this from pulldown menu, but cannot now do so. I am directed straight to already existing themes, which take more memory. I have a large slideshow, and need all the space I can get. I just want to use a picture as my DVD cover, and then insert a slideshow. Also, when I try to burn my 8.5gb double sided slideshow, all that burns is the music. It is a large slideshow, a memorial on the life of my now deceased brother. This means a lot to me and to my family, and I am having so much trouble trying to burn it. I have gone into Project View and selected appropriately. The bar shows I have room to burn this DVD, but it does not burn. I have burned so many DVDs in the past, but this one just will not burn. I am so confused at this point. I will say this is the first 8.5gb I have attempted to create and burn. My specs list a 7.7gb or 4.7gb as operable....but there are no 7.7gb dvds. I had to purchase 8.5gb. Help? What am I doing wrong? I have spent so much time on this, and just cannot figure it out.
Final Cut is a separate, higher end video editor. The pro version of iMovie.
Give iPhoto a look at for creating the slideshow. It's easy to assemble the photos in an album in iPhoto, put them in the order you want and then make a slideshow of them. You can select from various themes and transitions between slides and add music from your iTunes library.
When you have the slidshow as you want use the Export button at the bottom of the iPhoto window and export with Size = Medium or Large.
Save the resulting Quicktime movie file in your Movies folder.
Next, open iDVD, choose your theme and drag the QT movie file into the menu window being careful to avoid any drop zones.
Then follow this workflow to help assure the best qualty video DVD:
Once you have the project as you want it save it as a disk image via the File ➙ Save as Disk Image menu option. This will separate the encoding process from the burn process.
To check the encoding mount the disk image, launch DVD Player and play it. If it plays OK with DVD Player the encoding is good.
Then burn to disk with Disk Utility or Toast at the slowest speed available (2x-4x) to assure the best burn quality. Always use top quality media: Verbatim, Maxell or Taiyo Yuden DVD-R are the most recommended in these forums.
The reason I suggest iPhoto is that I find it much easier to use than iMovie (except for the older iMovie 6 HD version). Personal preferences showing here. -
I am trying to restore my Calendar from my Time Machine back up. I can get through the process but at the end I get a message that Calendars cannot be removed or amended as it is required by OS10, there does not appear to be any option to authorise the backup or change. How can I get round this roadblock?
I am trying to restore my Calendar from my Time Machine back up. I can get through the process but at the end I get a message that Calendars cannot be removed or amended as it is required by OS10, there does not appear to be any option to authorise the backup or change. How can I get round this roadblock?
-
Hi chaps. FaceTime question. I can FaceTime by phoning my iPhone 4 from my iPad 2 but cannot phone my iPad from the iPhone. When facetimeing from phone to iPad the phone says it's busy. The iPad rings once and then stops. Any ideas. Regards Jon
Perhaps this discussion will help with your issue,
https://discussions.apple.com/message/16502324#16502324 -
My mail account is set up properly, I can connect to the Internet, but I cannot get mail from the Mail app on my iPad.
Hello echo1946
Start with the first article to troubleshoot the issue of not getting mail on your iPad. When you get online using safari, check to see if you can log into webmail. Also keep in mind, depending on the account that mail sometimes might not come in if it is a POP account as it may have already been download elsewhere.
iOS: Troubleshooting Mail
http://support.apple.com/kb/ts3899
Mail Settings Lookup
https://ssl.apple.com/support/mail-settings-lookup/
iCloud: IMAP
http://support.apple.com/kb/PH2585
Regards,
-Norm G. -
I am able to connect to my Mac Mini on Back to My Mac through iCloud but the keyboard/trackpad on the MBAir or MBP with which I access does not register on the Mini. So I can see the screen but cannot interact with it. Mini works accessing MBP/Air and I can use Mini to input data or interact with screens of those computers.
Regarding your first question about bookmarks, I think you discovered the answer in when you pressed the address bar. The second tab there has your bookmarks.
As for the keyboard, I'm not sure why your Firefox is reacting so slowly; mine seems to show keyboards even when I don't want them. If you have accumulated a lot of history, perhaps that's an issue?
Did you use any third party software to move your Firefox data from internal memory to the storage card? -
So I bought an iphone 4 from ebay and when I got it it was already signed into an icloud account. When I contacted the seller he said he would try to get the password but i haven't heard from him. How can I sign out of her icloud w/out having to have the last users password
Bmscotr5 wrote:
How can I sign out of her icloud w/out having to have the last users password
You cannot.
Removing a device from a previous owner’s account
Try and get a Refund.
Maybe you are looking for
-
-
Hey guys, just bought a new pc: Asus AM3 AMD X2 6400+ 2x Kingston 512MB 533 2x Corsair 1GB 533 XFX GF 8800GT Thermaltake Purepower 2.0 - 600W Running Photoshop CS3 on Windows XP Pro SP2 It is a very fast machine, but when I'm using Photoshop CS3, it
-
All I want to do is resize the select panel to the same size as east panel. Why won't it work? Space.java_____________________________________________ import javax.sound.sampled.*; import java.awt.*; import javax.sound.midi.*; import javax.swing.*; i
-
Everytime I try to install the free Adobe Reader on my Sony Vaio laptop all the icons on the computer are changing to Adobe Icons. The laptop was bought in 2010 and uses Windows 7. Has anyone heard about this problem before, and do you know how to so
-
Planning Quick Win Error: Registration file does not match the app version.
Gents, I have a Fusion 11.1.2 install on a Windows 2003 server environment. After creating the Planning App in Classic mode, I logged back in to Initialize the App... and I got this. This occurred when I tried to log on to the Planning App in Workspa