Ping other public IP
Hi
I have ASA 5510 with public IP 110.x.x.50/29
ADSL modem is 110.x.x.49
ASA Outside interface is 110..x.x.50
Internal is 10.1.12.x/24
110.x.x.51 is map to server 10.1.12.1
110.x.x.52 is map to server 10.1.12.2
Firewall is working fine as well as static NAT from the Outside.
My question,
from outside (external) I can ping to Outside interface 110..x.x.50
but how can i able to ping the other public IP (110..x.x.51 and 110..x.x.52) from external???
currently I'm not able to ping it
Hi all,
below is my config ASA.
=========================
ASA Version 9.1(2)
hostname ASHFW01
enable password 8Ry2YjIyt7RRXU24 encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 110.x.x.50 255.255.255.248
interface GigabitEthernet0/1
no nameif
security-level 100
no ip address
interface GigabitEthernet0/1.1
vlan 12
nameif VLAN12
security-level 100
ip address 10.1.12.254 255.255.255.0
interface GigabitEthernet0/1.2
vlan 20
nameif VLAN20
security-level 100
ip address 10.1.20.254 255.255.255.0
interface GigabitEthernet0/1.3
vlan 30
nameif VLAN30
security-level 100
ip address 10.1.30.254 255.255.255.0
interface GigabitEthernet0/1.4
vlan 50
nameif VLAN50
security-level 100
ip address 10.1.50.254 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
dns domain-lookup VLAN12
dns domain-lookup VLAN20
dns domain-lookup VLAN30
dns domain-lookup VLAN50
dns server-group DefaultDNS
name-server 8.8.8.8
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network TerminalServer
host 10.1.12.13
object service smtp
service tcp source eq smtp destination eq smtp
object service smtps
service tcp source eq 587 destination eq 587
object network Exch-SMTP
host 10.1.20.2
object network Exch-POP3
host 10.1.20.2
object network Exch-SMTPS
host 10.1.20.2
object network ExchServer
host 10.1.20.2
object network MgmtSvr
host 10.1.12.30
object network Exch-SMTP1
host 10.1.20.2
object network Exch-HTTP
host 10.1.20.2
object network Portal
host 10.1.12.14
description Portal
object service Portal80
service tcp source eq www destination eq www
description Portal80
object network SalesMobile
host 10.1.12.14
description SalesMobile
object service SalesMobile9090
service tcp source eq 9090 destination eq 9090
description SalesMobile9090
object-group service rdp tcp
port-object eq 3389
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_access_in extended permit tcp any object MgmtSvr object-group rdp
access-list outside_access_in extended permit tcp any object TerminalServer object-group rdp
access-list outside_access_in extended permit tcp any object ExchServer object-group rdp
access-list outside_access_in extended permit tcp any object ExchServer eq www
access-list outside_access_in extended permit tcp any object ExchServer eq https
access-list outside_access_in extended permit tcp any object ExchServer eq smtp
access-list outside_access_in extended permit tcp any object ExchServer eq 587
access-list outside_access_in extended permit tcp any object ExchServer eq pop3
access-list outside_access_in extended permit tcp any object Portal eq www
access-list outside_access_in extended permit tcp any object SalesMobile eq 9090
access-list outside_access_in extended deny ip any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu VLAN12 1500
mtu VLAN20 1500
mtu VLAN30 1500
mtu VLAN50 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any VLAN12
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network TerminalServer
nat (VLAN12,outside) static 110.x.x.51 service tcp 3389 3389
object network Exch-SMTP
nat (VLAN20,outside) static 110.x.x.52 service tcp smtp smtp
object network Exch-POP3
nat (VLAN20,outside) static 110.x.x.52 service tcp https https
object network Exch-SMTPS
nat (VLAN20,outside) static 110.x.x.52 service tcp 587 587
object network ExchServer
nat (VLAN20,outside) static 110.x.x.52 service tcp 3389 3389
object network MgmtSvr
nat (VLAN12,outside) static 110.x.x.53 service tcp 3389 3389
object network Exch-SMTP1
nat (VLAN20,outside) static 110.x.x.52 service tcp pop3 pop3
object network Exch-HTTP
nat (VLAN20,outside) static 110.x.x.52 service tcp www www
object network Portal
nat (VLAN12,outside) static 110.x.x.51 service tcp www www
object network SalesMobile
nat (VLAN12,outside) static 110.x.x.51 service tcp 9090 9090
nat (any,outside) after-auto source dynamic any interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 110.x.x.49 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable 4348
http 192.168.1.0 255.255.255.0 management
http 10.1.12.0 255.255.255.0 VLAN12
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet 0.0.0.0 0.0.0.0 VLAN12
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username necare password BkPn6VQ0VwTy7MY7 encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:4551a847aa860ec2126b9ed1ea6c641f
: end
Similar Messages
-
One router on ASA 5505 Site to Site VPN can't ping other router
I have two Cisco ASA routers and I have a site to site vpn set up between the two. The VPN link works but Site A can't ping anything on Site B. Site B can ping Site A. Site B can ping other pcs on it's own network. Site A has been in place for a while and has other site to site VPNs that work fine, so I think the problem is with Site B. Here is the config for Site B:
Result of the command: "show running-config"
: Saved
ASA Version 8.4(4)1
hostname SaskASA
enable password POgOWyKyb0jgJ1Hm encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.16.1 255.255.254.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.16.0_23
subnet 192.168.16.0 255.255.254.0
object network NETWORK_OBJ_192.168.2.0_23
subnet 192.168.2.0 255.255.254.0
access-list outside_cryptomap extended permit ip 192.168.16.0 255.255.254.0 192.168.2.0 255.255.254.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static NETWORK_OBJ_192.168.16.0_23 NETWORK_OBJ_192.168.16.0_23 destination static NETWORK_OBJ_192.168.2.0_23 NETWORK_OBJ_192.168.2.0_23 no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
nat (inside,outside) after-auto source dynamic any interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable 444
http 192.168.16.0 255.255.254.0 inside
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 207.228.xx.xx
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map interface outside
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcp-client client-id interface outside
dhcpd auto_config outside
dhcpd address 192.168.16.100-192.168.16.200 inside
dhcpd auto_config outside interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy GroupPolicy_207.228.xx.xxinternal
group-policy GroupPolicy_207.228.xx.xx attributes
vpn-tunnel-protocol ikev1 ikev2
username User password shbn5zbLkuHP/mJX encrypted privilege 15
tunnel-group 207.228.xx.xxtype ipsec-l2l
tunnel-group 207.228.xx.xxgeneral-attributes
default-group-policy GroupPolicy_207.228.xx.xx
tunnel-group 207.228.xx.xxipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f06bd1d6d063318339d98417b171175e
: end
Any ideas? Thanks.I looked over the config for Site A, but couldn't find anything unusual. Perhaps I'm overlooking something. Here is the config for site A:
Result of the command: "show running-config"
: Saved
ASA Version 8.2(1)
hostname SiteA
domain-name domain
enable password POgOWyKyb0jgJ1Hm encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.254.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 192.168.2.6
domain-name domain
object-group network DM_INLINE_NETWORK_1
network-object 192.168.14.0 255.255.254.0
network-object 192.168.4.0 255.255.254.0
network-object 192.168.6.0 255.255.254.0
network-object 192.168.8.0 255.255.254.0
object-group network DM_INLINE_NETWORK_2
network-object 192.168.12.0 255.255.254.0
network-object 192.168.14.0 255.255.254.0
network-object 192.168.4.0 255.255.254.0
network-object 192.168.6.0 255.255.254.0
network-object 192.168.8.0 255.255.254.0
access-list outside_1_cryptomap extended permit ip 192.168.2.0 255.255.254.0 object-group DM_INLINE_NETWORK_1
access-list inside_nat0_outbound extended permit ip 192.168.2.0 255.255.254.0 object-group DM_INLINE_NETWORK_2
access-list inside_nat0_outbound extended permit ip any 192.168.15.192 255.255.255.192
access-list inside_nat0_outbound extended permit ip 192.168.2.0 255.255.254.0 192.168.16.0 255.255.254.0
access-list VPNGeo_splitTunnelAcl standard permit any
access-list outside_2_cryptomap extended permit ip 192.168.2.0 255.255.254.0 192.168.6.0 255.255.254.0
access-list outside_3_cryptomap extended permit ip 192.168.2.0 255.255.254.0 192.168.4.0 255.255.254.0
access-list outside_4_cryptomap extended permit ip 192.168.2.0 255.255.254.0 192.168.8.0 255.255.254.0
access-list outside_5_cryptomap extended permit ip 192.168.2.0 255.255.254.0 192.168.16.0 255.255.254.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool GeoVPNPool 192.168.15.200-192.168.15.254 mask 255.255.254.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable 444
http 192.168.2.0 255.255.254.0 inside
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside
http authentication-certificate inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 207.228.xx.xx
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 208.119.xx.xx
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set pfs group1
crypto map outside_map 3 set peer 208.119.xx.xx
crypto map outside_map 3 set transform-set ESP-3DES-SHA
crypto map outside_map 4 match address outside_4_cryptomap
crypto map outside_map 4 set pfs
crypto map outside_map 4 set peer 208.119.xx.xx
crypto map outside_map 4 set transform-set ESP-3DES-SHA
crypto map outside_map 5 match address outside_5_cryptomap
crypto map outside_map 5 set pfs group1
crypto map outside_map 5 set peer 70.64.xx.xx
crypto map outside_map 5 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcp-client client-id interface outside
dhcpd auto_config outside
dhcpd address 192.168.2.100-192.168.2.254 inside
dhcpd auto_config outside interface inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy VPNGeo internal
group-policy VPNGeo attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNGeo_splitTunnelAcl
username user password shbn5zbLkuHP/mJX encrypted privilege 15
username namepassword vP98Lj8Vm5SLs9PW encrypted
username nameattributes
vpn-group-policy VPNGeo
tunnel-group 207.228.xx.xxtype ipsec-l2l
tunnel-group 207.228.xx.xxipsec-attributes
pre-shared-key *
tunnel-group VPNGeo type remote-access
tunnel-group VPNGeo general-attributes
address-pool GeoVPNPool
default-group-policy VPNGeo
tunnel-group VPNGeo ipsec-attributes
pre-shared-key *
tunnel-group 208.119.xx.xxtype ipsec-l2l
tunnel-group 208.119.xx.xxipsec-attributes
pre-shared-key *
tunnel-group 208.119.xx.xx type ipsec-l2l
tunnel-group 208.119.xx.xx ipsec-attributes
pre-shared-key *
tunnel-group 208.119.xx.xxtype ipsec-l2l
tunnel-group 208.119.xx.xxipsec-attributes
pre-shared-key *
tunnel-group 70.64.xx.xxtype ipsec-l2l
tunnel-group 70.64.xx.xxipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:e3adf4e597198f58cd21e508aabdbab9
: end -
Take your complaints to Twitter and other public websites
I've read tons of complaints recently on this board, and very few responses from Comcast. I suggest you take all your compaints to @Comcast on Twitter and other public websites, otherwise, the only readers may be us. I'm beggining to feel like this message board is a way to keep their disgruntled consumers contained. Also, if your issues go unresolved, drop a line to your State commerce/consumer protection agencies. Comcast share prices are near all-time highs, so I am sure they can afford to listen to us.
Same thing here. Only I was charged $227.64 despite a typical $135 bill. I was charged for a movie I never rented. Called and was told due to outages, there was nothing they could do about the weather and the movie would not have been charged had I not seen the movie. Horrible experience. After sever storm outages here in Texas, it seems there is no help, even after calling customer service.
-
Can't ping other server and more.
This is a weird one. I have a few problems going on. I have 2 netware 6.5 servers. My BM3.9 sp1 server is on Netware 6.5sp7 and my other server is Groupwise 7.03 on Netware 6.5sp6. My Groupwise server is strictly used for Groupwise. My BM3.9 server runs everything else for my enviornment; it is our main server for all of our data. I can vpn into and login to my BM server with no problems; however I can't ping or connect to the Groupwise server. Also I can't ping any internal workstations through the vpn. And what is even weirder is that I can't ping the private IP address of the BM3.9 server and yet I can log into it. I have the default address set up on the Groupwise to point to the private address of the BM server. I have the default address setup on the BM server to point to the ISP router that we have in our office. Also I can't browse the internet when I'm connected to the vpn and I do have as my last traffic rule to not encrypt (bypass). I have noticed that when I'm connected to the vpn that my dns settings on my laptop change to the office dns and yet I have not configured dns to be pushed through the vpn. One more thing, I have set up the hosts file on my laptop to point to internal computers. Any help is greatly appreciated.
Thanks in advance.Originally Posted by Mysterious
Sksgl wrote:
> This is a weird one. I have a few problems going on. I have 2 netware
> 6.5 servers. My BM3.9 sp1 server is on Netware 6.5sp7 and my other
> server is Groupwise 7.03 on Netware 6.5sp6. My Groupwise server is
> strictly used for Groupwise. My BM3.9 server runs everything else for
> my enviornment; it is our main server for all of our data. I can vpn
> into and login to my BM server with no problems; however I can't ping or
> connect to the Groupwise server. Also I can't ping any internal
> workstations through the vpn. And what is even weirder is that I can't
> ping the private IP address of the BM3.9 server and yet I can log into
> it. I have the default address set up on the Groupwise to point to the
> private address of the BM server. I have the default address setup on
> the BM server to point to the ISP router that we have in our office.
> Also I can't browse the internet when I'm connected to the vpn and I do
> have as my last traffic rule to not encrypt (bypass). I have noticed
> that when I'm connected to the vpn that my dns settings on my laptop
> change to the office dns and yet I have not configured dns to be pushed
> through the vpn. One more thing, I have set up the hosts file on my
> laptop to point to internal computers. Any help is greatly
> appreciated.
>
> Thanks in advance.
>
>
Wrong traffic rules?
I have gone over and over the traffic rules that are listed in Craig's book and have followed them exactly. My first rule in an admin to all rule that applys to me and the destination is to the network.
Thanks. -
Dynamin VPN/GRE can't ping other side of tunnel
I am new at this VPN stuff and tryiong to setup a GRE Dynamic IP VPN between my offfice and home. Here is what I ahve done thus far:
OFFICE
interface Tunnel0
ip address 172.30.1.1 255.255.255.252
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1
interface FastEthernet0/0
ip address 40.197.68.9 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
HOME
interface Tunnel0
ip address 172.30.1.2 255.255.255.252
ip mtu 1400
ip nhrp map multicast 40.197.68.9
ip nhrp map 172.30.1.1 40.197.68.9
ip nhrp network-id 1
ip nhrp nhs 172.30.1.1
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0
tunnel destination 40.197.68.9
tunnel key 1
interface GigabitEthernet0/0
description Router
ip address 192.168.30.1 255.255.255.252
duplex auto
speed auto
When I ping 172.30.1.1 from the HOME router, I get 0/5 success. Not good! I have not setup any IPSec yet.
Results for HOME router
show ip nhrp nhs detail
Legend: E=Expecting replies, R=Responding, W=Waiting
Tunnel0:
172.30.1.1 E priority = 0 cluster = 0 req-sent 53 req-failed 0 repl-recv 0
sh int t0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 172.30.1.2/30
MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 192.168.30.1 (GigabitEthernet0/0), destination 40.197.68.9
Tunnel Subblocks:
src-track:
Tunnel0 source tracking subblock associated with GigabitEthernet0/0
Set of tunnels with source GigabitEthernet0/0, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IP
Key 0x1, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1472 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:40:28, output 00:00:25, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
106 packets output, 12612 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
sh ip route
Gateway of last resort is 192.168.30.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.30.2
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.110.0.0/24 is directly connected, GigabitEthernet0/1.110
L 10.110.0.1/32 is directly connected, GigabitEthernet0/1.110
C 10.115.0.0/24 is directly connected, GigabitEthernet0/1.115
L 10.115.0.1/32 is directly connected, GigabitEthernet0/1.115
172.16.0.0/30 is subnetted, 1 subnets
S 172.16.2.0 [1/0] via 192.168.30.6
172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.30.1.0/30 is directly connected, Tunnel0
L 172.30.1.2/32 is directly connected, Tunnel0
S 192.168.2.0/24 is directly connected, GigabitEthernet0/0
S 192.168.10.0/24 is directly connected, GigabitEthernet0/0
192.168.30.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.30.0/30 is directly connected, GigabitEthernet0/0
L 192.168.30.1/32 is directly connected, GigabitEthernet0/0
C 192.168.30.4/30 is directly connected, GigabitEthernet0/1.30
L 192.168.30.5/32 is directly connected, GigabitEthernet0/1.30
S 192.168.50.0/24 [1/0] via 192.168.30.6
192.168.69.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.69.0/24 is directly connected, GigabitEthernet0/1.69
L 192.168.69.3/32 is directly connected, GigabitEthernet0/1.69
S 192.168.100.0/24 [1/0] via 192.168.30.6
S 192.168.125.0/24 [1/0] via 192.168.30.6
S 192.168.200.0/24 [1/0] via 192.168.30.6
sh dmvpn
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
1 50.197.68.90 172.30.1.1 NHRP 02:30:17 S
Results for OFFICE router
show ip nhrp nhs detail
sh dmvpn
sh int t0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 172.30.1.1/30
MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 40.197.68.9 (FastEthernet0/0)
Tunnel Subblocks:
src-track:
Tunnel0 source tracking subblock associated with FastEthernet0/0
Set of tunnels with source FastEthernet0/0, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport multi-GRE/IP
Key 0x1, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1472 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:43:56, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
show ip route
S* 0.0.0.0/0 [1/0] via 40.197.68.94
40.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 40.197.68.8/29 is directly connected, FastEthernet0/0
L 40.197.68.9/32 is directly connected, FastEthernet0/0
172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.30.1.0/30 is directly connected, Tunnel0
L 172.30.1.1/32 is directly connected, Tunnel0
S 192.168.2.0/24 [1/0] via 192.168.10.5
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/1
L 192.168.10.1/32 is directly connected, FastEthernet0/1
S 192.168.69.0/24 is directly connected, FastEthernet0/0
Why can't Io ping from the HOME router to the OFFICE router?I fugured this problem out. I needed to setup PKI/IKE and once that was done on both routers, my tunned now passes some data.
-
EJB DC, where to put other public java classes?
I'm wondering what the best way to structure my code is, in this context:
I have an EJB DC that utilizes some custom Java classes that need to be available to clients. For example, the business methods in the EJB may return instances of said custom code classes.
By default, the EJB DC contains a compilation public part called 'client', but you can't add any other entities to it, as you'll remove the default entity. I could manually create the entities in the public part, but I think when I add another EJB to the DC, it will overwrite the entities that I've created....either that, I'm messing with the default config, something I'm not interested in doing. In fact, this [page indicates that you should NOT alter the generated PPs:
http://help.sap.com/saphelp_nw2004s/helpdata/en/02/6755bd296ade42931646f869b1fd15/frameset.htm
So, what's the best way to handle this situation? I can create another public part, but that means that when someone wants to use the EJB's, they have to create two usage relationships - one to the EJB, and one to the PP that contains the helper classes. I think that this is the only way to do it, however.
How have other folks handled this common situation?Hi Ken,
I think you've found it.
I'm not so sure about DC projects, but in the plain J2EE case I would recommend to put all common (public) classes in a separate component (application library) and make references to it both from the EJB application as well as from its clients. This library would also contain the EJB interfaces, so there would not be a need for direct reference from the clients to the EJB application.
I think with DC public parts you are achieving almost the same.
Cheers,
Vladimir
PS: BTW, probably you would be able to get more thoughts on this in the SAP NetWeaver Development Infrastructure (NWDI) forum.
Message was edited by:
Vladimir Pavlov -
Help with public function (accessing to addchild object from other public function)
Hi, i have below piece of my code AS3 (Flash CS4). I would like to get access to addchild Movie Clip object (ZoltyWjazdMC) in function two() which i created by addchild command in public function one(). I know it`s basic question but i can`t find answer for it. Anybody would help me with that?
public function one():void
var ZoltyWjazdMC:MovieClip = new MovieClip();
this.addChild(ZoltyWjazdMC);
ZoltyWjazdMC.addChild(assets.ZoltyWjazd.loader);
this.setChildIndex(ZoltyWjazdMC,1);
ZoltyWjazdMC.alpha = 0;
ZoltyWjazdMC.visible = true;
assets.ZielonyWjazd.alpha = 1;
public function two():void
ZoltyWjazdMC.alpha = 1;
Do i need remove "this" and change it to "stage". Is it necessary?Define your variable var ZoltyWjazdMC:MovieClip outside of function one(). Currently ZoltyWjazdMC is local to function one() so that function two() does not understand what it is!
-
Firefox keeps freezing in office, but not in other public/home network
Firefox keeps freezing starting from yesterday in my office wireless network. When it is opened, the browser screen does not show up, I have to right click on the icon in order to have the screen brought up. Search bar and tab functions respond real slow. However, everything works perfectly fine in public and my home network.
I'd really appreciate your input and help.The Reset Firefox feature can fix many issues by restoring Firefox to its factory default state while saving your essential information.
Note: ''This will cause you to lose any Extensions, Open websites, and some Preferences.''
To Reset Firefox do the following:
#Go to Firefox > Help > Troubleshooting Information.
#Click the "Reset Firefox" button.
#Firefox will close and reset. After Firefox is done, it will show a window with the information that is imported. Click Finish.
#Firefox will open with all factory defaults applied.
Further information can be found in the [[Reset Firefox – easily fix most problems]] article.
Did this fix your problems? Please report back to us! -
Cant ping other management IP on Dell S4820 from my production vlan(N200)
Hi All
I just confused or very strange scenario because im try to connect from my core switch S4810(with VLT) ip address of 172.10.2.254-Peer1 and 172.10.2.253 - Peer2, this ip address also my default gateway in my vlan2, my s4810 act as a core switch
All of this are manageable remotely from my production switches(accesS) with management ip address of 172.10.2.3 also I can manage the vlt peer2 of my S4820(secondary) whose ip address 172.10.2.1, but in my vlt peer1 - S4820 (primary) - i cant manage 172.10.2.2, but i can ping from my switch going to that particular switch,
thanks
brent
This topic first appeared in the Spiceworks CommunityHi All
I just confused or very strange scenario because im try to connect from my core switch S4810(with VLT) ip address of 172.10.2.254-Peer1 and 172.10.2.253 - Peer2, this ip address also my default gateway in my vlan2, my s4810 act as a core switch
All of this are manageable remotely from my production switches(accesS) with management ip address of 172.10.2.3 also I can manage the vlt peer2 of my S4820(secondary) whose ip address 172.10.2.1, but in my vlt peer1 - S4820 (primary) - i cant manage 172.10.2.2, but i can ping from my switch going to that particular switch,
thanks
brent
This topic first appeared in the Spiceworks Community -
WRT160N - Router - wireless laptop unable to PING other devices
One of the laptops connected wirelessly on my WRT160n is uanble to PING or be PINGed by any other device on my network. Could this somehow be due to the router settings(firewall perhaps?) and not the laptop itself?
1) The laptop is able to PING and be PINGed when connected to another wireless router at another location.
2) Other wireless laptops on my WRT160n network are able to PING and be PINGed by other devices.
As a result, I am not able to print or share files on this network.
Any idea where I should start to isolate what may be causing this.
Thanks!The router's firewall does not cause this type of problem. As long as all computers on the network can access the Internet, then the router does not put up a barrier to file and printer sharing, or pinging. The only exception to this rule is if "AP isolation" is set to "enabled" in the router --- then in this case, wireless computers can only access the Internet. By default, AP isolation is disabled, and you should leave it disabled if you want to share files and printers with your wireless computers.
The most common cause for the problem you described is a computer software firewall problem. Go into the computer software firewall on each computer in your network, and set it to "trust" the other computers on your network. Also, verify that you do not have two computer software firewalls (such as Windows Firewall plus another computer software firewall) running simultaneously on the same computer. If you do, turn one of the computer software firewalls off. On any given computer, never run more than one computer software firewall at the same time.
The next most common cause for the problem you described is simply a poor wireless connection. Note that poor wireless connections can occur even if your computer shows "5 bars".
There are many causes for poor wireless connections, and many solutions:
First of all, give your network a unique SSID. Do not use "linksys". If you are using "linksys" you may be trying to connect to your neighbor's router. Also set "SSID Broadcast" to "enabled". This will help your computer find and lock on to your router's signal.
If your problem is that you are getting poor connection between your wireless n router and a wireless n adapter, then, in the router, make sure the "Radio Band" is set to "Wide".
Poor wireless connections are often caused by radio interference from other 2.4 GHz devices. This includes wireless phones, wireless baby monitors, microwave ovens, wireless mice and keyboards, wireless speakers, and your neighbor's wireless network. In rare cases, Bluetooth devices can interfere. Even some 5+ GHz phones also use the 2.4 Ghz band. Unplug these devices, and see if that corrects your problem.
In your router, try a different channel. There are 11 channels in the 2.4 GHz band. Usually channel 1, 6, or 11 works best. Check out your neighbors, and see what channel they are using. Because the channels overlap one another, try to stay at least +5 or -5 channels from your strongest neighbors. For example, if you have a strong neighbor on channel 9, try any channel 1 through 4. For wireless n, make sure your standard and wide bands are at least 2 channels apart. For example try standard band on channel 11, and wide band channel 9.
Also, try to locate the router about 4 to 6 feet above the floor, in an open area. Do not locate it behind your monitor or near other computer equipment or speakers. The antenna should be vertical.
Also, in the computer, go to your wireless software, and go to "Preferred Networks" (sometimes called "Profiles" ). There are probably a few networks listed. Delete any network named "linksys". Also delete any network that you do not recognize, or that you no longer use. If your current network is not listed, enter its info (SSID, encryption (if any), and key (if any) ). Then select your current network and make it your default network, and set it to automatic login. You may need to go to "settings" to do this, or you may need to right click on your network and select "Properties" or "settings".
If the above does not fix your problem, download and install the latest driver for your wireless adapter.
Some users have reported improved wireless performance by switching to WPA encryption.
If you continue to have problems, try the following:
For wireless n routers, try setting the "n Transmission Rate" to 162 Mbps, and the (wireless g) "Transmission Rate" to 54 Mbps.
If you still have trouble, download and install the latest firmware for your router. After a firmware upgrade, you must reset the router to factory defaults, then setup the router again from scratch. If you saved a router configuration file, DO NOT use it.
Hope this helps.
Printer Sharing: If the printer is connected directly to the router (by ethernet wire or wirelessly), then your computers need no special settings to share the printer. The router will share the printer automatically. However, a printer driver will need to be installed on each computer that is using the printer. In some cases, you will need (or want) the printer to be set to a fixed LAN IP address.
If the printer is connected to a computer, printer sharing has same requirements as file sharing (see below).
File Sharing: To share files, all computers must have the same "Workgroup name", all adapters (ethernet and wireless adapters) must be setup for "File and Printer Sharing". Additionally, each computer must have at least one folder designated as "shared".
Pinging: Pinging does not require the settings or setup mentioned in "Printer Sharing" or "File Sharing". So pinging should work even before printer or file sharing is set up.
Message Edited by toomanydonuts on 12-09-2009 04:16 AM -
Mac pinging other computers?
On my home network with nothing enabled such as file sharing etc. I notice on my windows firewall it keeps blocking requests from my mac, when the mac is just idle, the ip's mach so i know it is comming from my mac. Is this a security concern at all? Or is the mac just frequentley pinging my other computers?
Thanks
-MikeI guess then that the obvious question is what do you use the home network for? Do you connect any of the computers to others, or are they all connected directly to a router? Nothing unusual about the configuration, like a DNS entry in the Mac's network settings that refers to one of the Windows PC's or anything like that? Any network connected printers, network storage devices, or things of that nature?
-
ASA configuration is below!
ASA Version 9.1(1)
hostname ASA
domain-name xxx.xx
names
ip local pool VPN_CLIENT_POOL 192.168.12.1-192.168.12.254 mask 255.255.255.0
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.11.1 255.255.255.0
interface GigabitEthernet0/1
description Interface_to_VPN
nameif outside
security-level 0
ip address 111.222.333.444 255.255.255.240
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.5.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name www.ww
same-security-traffic permit intra-interface
object network LAN
subnet 192.168.11.0 255.255.255.0
description LAN
object network SSLVPN_POOL
subnet 192.168.12.0 255.255.255.0
access-list VPN_CLIENT_ACL standard permit 192.168.11.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (outside,inside) source static SSLVPN_POOL SSLVPN_POOL destination static LAN LAN
route outside 0.0.0.0 0.0.0.0 111.222.333.443 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
webvpn
url-list none
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authorization exec LOCAL
http server enable
http 192.168.5.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint ASDM_TrustPoint5
enrollment terminal
email [email protected]
subject-name CN=ASA
ip-address 111.222.333.444
crl configure
crypto ca trustpoint ASDM_TrustPoint6
enrollment terminal
fqdn vpn.domain.com
email [email protected]
subject-name CN=vpn.domain.com
ip-address 111.222.333.444
keypair sslvpn
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint6
telnet timeout 5
ssh 192.168.11.0 255.255.255.0 inside
ssh timeout 30
console timeout 0
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
dhcpd address 192.168.5.2-192.168.5.254 management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint6 outside
webvpn
enable outside
csd image disk0:/csd_3.5.2008-k9.pkg
anyconnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy VPN_CLIENT_POLICY internal
group-policy VPN_CLIENT_POLICY attributes
wins-server none
dns-server value 192.168.11.198
vpn-simultaneous-logins 5
vpn-session-timeout 480
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_CLIENT_ACL
default-domain value mycomp.local
address-pools value VPN_CLIENT_POOL
webvpn
anyconnect ssl dtls enable
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect ssl rekey time 30
anyconnect ssl rekey method ssl
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect dtls compression lzs
anyconnect modules value vpngina
customization value DfltCustomization
group-policy IT_POLICY internal
group-policy IT_POLICY attributes
wins-server none
dns-server value 192.168.11.198
vpn-simultaneous-logins 3
vpn-session-timeout 120
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_CLIENT_ACL
default-domain value company.com
address-pools value VPN_CLIENT_POOL
webvpn
anyconnect ssl dtls enable
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect dtls compression lzs
customization value DfltCustomization
username vpnuser password PA$$WORD encrypted
username vpnuser attributes
vpn-group-policy VPN_CLIENT_POLICY
service-type remote-access
username vpnuser2 password PA$$W encrypted
username vpnuser2 attributes
service-type remote-access
username admin password ADMINPA$$ encrypted privilege 15
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
address-pool VPN_CLIENT_POOL
default-group-policy VPN_CLIENT_POLICY
tunnel-group VPN webvpn-attributes
authentication aaa certificate
group-alias VPN_to_R enable
tunnel-group IT_PROFILE type remote-access
tunnel-group IT_PROFILE general-attributes
address-pool VPN_CLIENT_POOL
default-group-policy IT_POLICY
tunnel-group IT_PROFILE webvpn-attributes
authentication aaa certificate
group-alias IT enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
: endHi,
here's what you need:
same-security-traffic permit intra-interface
access-list VPN_CLIENT_ACL standard permit 192.168.12.0 255.255.255.0
nat (outside,outside) source static SSLVPN_POOL SSLVPN_POOL destination static SSLVPN_POOL SSLVPN_POOL
Patrick -
This message window pops up numerous times while I am working with Thunderbird. When I click the cancel button, it immediately comes up again and again, sometimes eight or nine times before it stops coming up for a bit, and then it starts popping up again.
see https://support.mozilla.org/en-US/kb/add-security-exception
If this is your email provider, you can safely "Confirm Security Exception" and the problem should not continue. Sometimes sites fail to update their certificates (including one of mine!). -
[Solved] Cannot ping my Arch linux pc from other devices
My newly installed arch linux pc is connected to my home network via wifi. I can successfully connect to the Internet. Also, I can successfully ping other devices on my network. However, I am unable to connect to my Arch linux pc from any other device on the network. As I said, I cannot even ping it from these other devices.
Does anyone have an idea as to what would cause this?
Last edited by mc33 (2015-05-12 20:29:06)ewaller wrote:I have a hunch that the router does not know how to find your machine. Routers need to know to find which each IP address that is attached. Yours might not be smart enough to remember that an address that it did not assign talked to it over the wireless. When other computers try to talk to your address, it is clueless that you are on the wireless segment of the network, cannot find it on any wired ports, and (if it is not smart enough to figure out that it is not routable) will send it up stream or (if it is smart) will drop the packet. Try DHCP, or, ensure that the router itself knows that the static address has been assigned to your MAC. To do that, you will need to go into the router setup.
I switched my Arch box to Dhcp. I thought the problem had resolved, but the issue has come back even with Dhcp enabled. I have isolated the problem to the wireless router. If I refresh Dhcp on the router, I can then ping my Arch box from other devices again. Is there anything I can do to the router to resolve this? Again, the wireless router is an Asus RT-N66U. -
Cisco ASA 5505 - Can't Login from Public & Local IP Anymore!
Hello,
We've a Cisco ASA 5505 connected directly to Verizon FiOS Circuit (ONT) box using Ethernet cable. As per the existing documention that I have, the previous configured this as a dedicated router to establish a seperate VPN connection our software provider. They assigned both Public Static and Local Static IP address. When I try to ping the public IP address, it says request time out; so the public IP address is no longer working.
When I ping the local IP address of 192.168.100.11, it responds. The SolarWind tool also shows Always UP signal. How can I login into this router either from remotely or locally to check the configuration, backup and do the fimrware upgrade?
I also tried to connect my laptop directly to the ASA 5505 router LAN port. After 3 minutes, I'm able to connect to Internet without any issues. However I don't know the IP address to use to login.
Any advice would be greatly appreciated. Thank you.
UPDATE: I'm able to find the way! I need to use https to login! I'm able to download ASDM tool and login! Thanks to these resources:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml
http://cyruslab.wordpress.com/2010/09/09/how-to-download-asdm-from-asa5505-and-install-it/Hi Srinath,
If that ASA5505 has factory-default configuration on it , then it probably has 192.168.1.1 ip address on the LAN side and has got dhcp server turned on to provide you ip address dynamically the moment you hook up a machine to it directly or through a switch.
If you've access to ASDM.
You can go the Configuration Tab>>Device Management>>Device Access and turn on the SSH & Telnet from the LAN interface because by default only HTTPS/ASDM is enabled on LAN interface.
You will still need to generate crypto keys and create a username in order to get ssh working
For this you can click at the TOP at TOOLS>> Command Line Interface.
And in the box below type this
crypto key generate rsa modulus 1024
add a username
username <> password <> priv 15
and enable aaa authentication for ssh like this
aaa authentication ssh console LOCAL
Let me know if this helps.
Puneet
Maybe you are looking for
-
I need to know if the Apple mini- DVI to video adapter works for the macbook pro late 2008-2009 or what kind of adapter do i need to connect by composite video and s-video??? Please help me!
-
Apple's Preview App ( Unable to Undo Crop to Image)
Hi Guys i made a mess i cropped an image and selected save instead of save as but it doesn't show an undo option is there anyway of undoing the problem? Like a cached copy of it somewhere? At wits end guys Cheers Garret
-
ThinkVanta​ge Toolbox does not work anymore
Hello, I tried to start ThinkVantage Toolbox for the first time, but I receive two messages: 1) ThinkVantage Toolbox does not work anymore 2) ThinkVantage Toolbox Updater does not work anymore I performed the latest System Update but the problem p
-
Vista wont recognize my TC!
I know I am a PC user. I have my TC connected through ethernet but it wont show up in My Computer or network areas on my PC. I have reset my TC so many times can someone please help?
-
I can't decide, plz help me Which 2x4GB RAM to buy? 1. Geil PC3-14000 1750MHz C9 Enhance PLUS (DDR3 1750MHz, 9-9-9-28, 1.5V) 2. G.Skill F3-12800CL8D-8GBECO (DDR3-1600MHz, 8-8-8-24-2N, 1.35V) I will try to get 1333MHz with lower timings and I would ra