Pinging Issues through 5520
Hi Everyone,
Im building a Cisco 5520 with a two physical interfaces and 6 or so sub-interfaces. We have G0/0 (broken down into the sub-interfaces) and G0/1 (not sub-interfaced). I have the ACL's in place and I can ping through the devices from one sub-interface to the physical (outside) interface, but only when the physical is set to security level 90 - when it is at 100 (as the source interface is), it doesnt get through.
This is my config:
ACL's
access-list Outside-OUT extended permit icmp any any log
access-list NMS-IN extended permit ip any any log
access-list Outside-IN extended permit ip any any log
access-list NMS-OUT extended permit ip any any log
access-group NMS-IN in interface NMS
access-group NMS-OUT out interface NMS
access-group Outside-IN in interface Outside
access-group Outside-OUT out interface Outside
Interfaces
interface GigabitEthernet0/0.224
description NMS
vlan 224
nameif NMS
security-level 100
ip address 10.11.120.226 255.255.255.240
interface GigabitEthernet0/1
description Outside
nameif Outside
security-level 90
ip address 10.11.121.1 255.255.255.240
Works like this - as soon as I set G0/1 to security level 100, it doesnt work.
Any ideas?
Thanks,
Dan
However, shouldnt I be able to ping through with relevant ACL's. without the same-security command - as that just seems to bypass the ACL?
These are my ACL's
access-list Outside-OUT extended permit icmp host 10.11.120.227 host 10.11.121.3 echo-reply log
access-list Outside-OUT extended permit icmp any any log
access-list Outside-OUT extended permit ip any any log
access-list NMS-IN extended permit icmp host 10.11.120.227 host 10.11.121.3 echo log
access-list NMS-IN extended permit icmp any any log
access-list NMS-IN extended permit ip any any log
access-list NMS-OUT extended permit icmp host 10.11.121.3 host 10.11.120.227 echo-reply log
access-list NMS-OUT extended permit icmp any any log
access-list NMS-OUT extended permit ip any any log
access-list Outside-IN extended permit icmp host 10.11.121.3 host 10.11.120.227 echo-reply
access-list Outside-IN extended permit icmp any any log
access-list Outside-IN extended permit ip any any log
I get 0 hits on them when the same security command is in place, but it works - when I take the same security command off, I get no hits and it doesnt work????
Dan
Similar Messages
-
Ping issues through NEXUS to Riverbed
Hello all
I am seeing something strange and would be grateful to get some advise on this
I have a set like ASR 1001 - X > NEXUS 5548UP > FEX 2248TP-E > Riverbed Steelhead.
Config on ASR is
interface TenGigabitEthernet0/0/0.100
encapsulation dot1Q 100
ip vrf forwarding TEST
ip address 172.26.2.65 255.255.255.192
end
NEXUS 5548UP config
100 RB_WAN_test active Po1, Po120, Po200, Eth1/1
Eth1/4, Eth1/19, Eth1/20
Eth1/23, Eth1/24, Eth1/31
Eth1/32, Eth100/1/1
101 RB_LAN_test active Po1, Po120, Po200, Eth1/1
Eth1/4, Eth1/19, Eth1/20
Eth1/23, Eth1/24, Eth1/31
Eth1/32, Eth100/1/2
interface Ethernet100/1/1
switchport access vlan 100
spanning-tree bpdufilter enable
interface Ethernet100/1/2
switchport access vlan 101
spanning-tree bpdufilter enable
I swapped out two Riverbed but still cannot ping the in-path ip address.
Anything else that needs to be done to allow this?
Any advise or hints will be most appreciated.
thanksA quality-of-service (QoS) aware lossless fabric avoids the problems associated with head-of-line blocking.
Router# show running-config -
Hello!
So I'm getting an unsual ping issue. It's repeatable on all of my computers whether wireless or through ethernet/powerline, and I can only describe it as hangs in the traffic, where the entire connection will lock up for 500ms-2000ms and cause extreme issues while gaming. I'm attaching a ping test though which I have been using to monitor the issue, and that's done through a simple "ping www.google.co.uk -t" command in cmd.
My pings are fantastic for a BT connection, except when this is happening. This is better than any ping I got with Virgin. I just wish I could get this resolved. I think because I'm using fibre that I am missing all of the ADSL information that's been posted around here. My router home page shows no power levels etc.I would just like to add to this, I am suffering exactly the same problems.
Homehub5, tried wired pc, wireless laptop, and doen ping tests on 2 tablets
UK Server Minimum = 19ms, Maximum = 3166ms, Average = 132ms
BBC.co.uk Minimum = 19ms, Maximum = 3148ms, Average = 78ms
ping.sunet.se Minimum = 57ms, Maximum = 3477ms, Average = 179ms
google.co.uk Minimum = 18ms, Maximum = 3249ms, Average = 109ms
it's all the time, not just at a specific time either.
This problem affects any online gaming to the point the games are completely unplayable.
Speaking with support yesterday, they informed me that the game servers website cache information was wrong and "we have fixed that now because we are able to"
I'm a community moderator for EA Battlelog, and I know for a fact BT do not have access to the EA backend. -
Goos issue through MIGO based on work order problems
Hi All,
Can any one guide me how to overcome the error"Purchasinh Info record not found in purchasing organisation 2434" while doing Goods(consignment materials) Issue through MIGO transaction based on work order. How to create the Purchase Info record??
Any pointer from any side will be highly appreciable...thanks in Advance
Regards
AzizurDear Azis,
Double Click on the serial no of the Component you will get the inforecord fieldin the Purchasing tab. But this is only for Stock Materials.
Please recheck again your components.
Regards,
Shareeq
Edited by: K M AHAMED SHAREEQ HUSSAIN on Oct 13, 2009 2:42 PM -
How to re-run output determination after goods issue through idoc
Hello,
i've got a question about output determination. We are currently in a process to automate picking, packing and goods issue through a 3rd party software. The software creates DELVRY03-Idocs including picking, packing and goods issue-information. Picking, packing and goods issue work just find and after submitting the idoc, the delivery is updated as needed.
The problem arises when it comes to printing the shipping document on the printer belonging to the picking station that just processed the delivery. To determine the correct printer, the external software includes the picking station number inside the idoc. A user exit in idoc_input_delivery puts the number (3 digits) into likp-traid. The customizing for using this field inside output determination is complete and seems to be working.
The problem is: as the number of the picking station is not known before goods issue, the LD00 message must not be generated before goods issue. I used the appropriate condition insinde the message scheme, the message is not generated until goods issue is complete. After processing the DELVRY03-Idoc, the message should be found and generated, but it isn't. When i take a look at the delivery after submitting the idoc, goods issue is complete, picking and packing is done - and no sign of an header message of type LD00. First i thought about a misconfiguration inside my customizing for output determination, but when i access the delivery via vl02n (change delivery), output determination seems to be processed again and without making any changes or actions, LD00 is generated and waiting for processing. After saving the delivery, LD00 is processed and the shipping document is printed exactly where it should be.
So, as my customizing seems to work and everything else around idoc processing doesn't make any problems either, i conclude that, after processing the idoc, R/3 just needs a little kick to re-run the output determination, find the now fitting condition for LD00, find the appropriate entry in the condition table and print the document.
I already tried report rsnast00, but this one just seems to run already created messages.
Any ideas how to automate this little "kick in the butt"?
Thanks in advance!I'm working on a similar issue with ws_delivery_update. I'm not using the IDOC as you are, but I'm using the function in a program of mine to PGI the delivery, but the output isn't being added to the delivery. I've tried to run the function twice as you suggested, but that doesn't seem to work. Do you have any suggestions or ideas on things to try?
Thanks,
Eric -
How can i solve a issue through remeady
how can i solve a issue through remeady..
With Regards
PrasantaHello,
Remedy and other similar products are the tools which track the Action / Time taken for resolving a call. Normally, once an issue is reported, that will be recorded in a tool with an estimated fix time. If the call is not fixed / actioned within the estimated time, it go as breached.
The analyst need to update the call status in the tool. They will need to update the actions taken, call notes ..etc. Once the issue is fixed, you may set the call status as resolved. Once you set the status as resolved, the user who riased the issue will get an e-mail. They will confirm whether the issue is actually closed or not. Depends upon their cconfirmation, the status will be set to Closed or again Reopen.
This is a typical helpdesk tool scenario.
Prase -
Multiple RDS Device CALs Issued through Windows 2003 RDS Hosts
Environment
Windows 2012 R2 RDS license server issuing device CALs
5 Citrix farms (PS4, PS4.5, XA5, XA6, and XA6.5)
Symptoms
- RDS device CALs issued through the PS4/Windows 2003 R2 and PS4.5/Windows 2003 R2 servers show the Citrix server name in the Window 2012 R2 RD license manager console instead of the workstation name (See below).
- The PS4/Windows 2003 R2 and PS4.5/Windows 2003 R2 servers are issuing a large number of device CALs to workstations. For example, we have two PS4/Windows 2003 R2 servers that publish a single application. There are 20 users
of the applications with dedicated workstations that should all have a device CAL, but everyday I see device CALs being issued from these servers (See below).
Any help would be greatly appreciated. Thank you.
ScottHi Scott,
Thank you for posting in Windows Server Forum.
Have you find any Error\Event Id for this case?
From the description it appears that there is some misconfiguration for redirecting the server during load balancing the device CAL among the server and that’s why device is getting misplaced. You can please relook at configuration for License server with following
article.
RD Licensing Configuration on Windows Server 2012
http://blogs.technet.com/b/askperf/archive/2013/09/20/rd-licensing-configuration-on-windows-server-2012.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
Lync Sign in issue through Proxy
Hi All,
Not to be confused when said Lync Sign in issue through Proxy as it is unlikely that this is an issue with the proxy settings. Find it out yourself from the behavior below.
It is in fact a weird issue that I have come across.
Overall there are almost 30 Lync Users accounts.
And they are trying to authenticate to external Lync Server.
28/30 works fine through the proxy. Except for 2 user accounts.
The proxy settings are same for all the users and no individual configurations set.
Now, here is the interesting part. Go out of the network and authenticate this 2 user account to any of the workstation which is not going through Proxy, it works. Come back to the workstation which is going through the proxy and try again, it will work
now.
Now, I am interested in finding how exactly does Microsoft authenticates their Lync users. And what are the step by step procedure of User Authentication for Lync service. And why is this happening?
Just to add some more point here, these happens only with 2 specific accounts.
And if you try using these 2 accounts on any of the 28 working workstations, which is going through the proxy, the first time, it would still fail to get authenticated.
Can someone put a highlight on these behaviors? is there any user specific settings on the lync server?
Thanks for your inputs.You can check the following blogs about Lync authentication process:
http://blog.schertz.name/2012/12/lync-2013-client-autodiscover/
http://blogs.technet.com/b/nexthop/archive/2012/11/28/lync-2010-client-authentication.aspx
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or
suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
You can enable Lync client logging to collect the log file to check the sign in process for these two users can’t sign in externally.
Lisa Zheng
TechNet Community Support -
Does anyone know how to get an episode of a tv programme that never downloaded when I bought a subscription. Episode 1 didn't download and I have all other episodes. I looked at the issues through report a problem but I cannot find an answer.
I bought a series pass and unfortunately epsiode 1 didn't download at all. I was watching the downloads and restarting once they stopped as I allow multiple downloads at athe same timeIt sounds like you may have hidden it, in which case you should be able to unhide it : iTunes Store: Hiding and unhiding purchases. (You can't turn off the hiding of items.)
But you should be keeping and maintaining a backup copy of all of your downloads and not relying on being able to redownload them - any item could be removed from the store by the rights-holders at any time, if they do then you won't be able to redownload them (nor will be able to do redownload items if you move countries). -
I've been having occasional high ping issues for quite a while now. They come and go at irregular times, and I'm not sure how to resolve this. Other computers on the network are showing similar latency.
A traceroute to google's public DNS:
Traceroute to (8.8.8.8)
1 L100.LSANCA-DSL-23.verizon-gni.net (71.104.144.1) 1644 ms 1088 ms 1346 ms
2 G10-2-2823.LSANCA-LCR-08.verizon-gni.net (130.81.45.208) 886 ms 1118 ms 716 ms
3 so-7-0-1-0.LAX01-BB-RTR2.verizon-gni.net (130.81.29.142) 1352 ms 1096 ms 1366 ms
4 0.so-2-2-0.XL4.LAX15.ALTER.NET (152.63.10.121) 1026 ms 1432 ms 1246 ms
5 0.so-1-0-0.XT2.NYC4.ALTER.NET (152.63.64.126) 550 ms 792 ms 590 ms
6 TenGigE0-7-0-0.GW8.NYC4.ALTER.NET (152.63.22.45) 846 ms 884 ms 312 ms
7 Internet-gw.customer.alter.net (152.179.72.66) 134 ms 180 ms 444 ms
8 * (72.14.238.232) 274 ms 94 ms 712 ms
9 * (209.85.252.2) 530 ms 1114 ms 1276 ms
10 * (72.14.239.93) 1294 ms 1406 ms 1418 ms
11 * (72.14.236.200) 1586 ms 690 ms 106 ms
12 * (216.239.49.145) 106 ms 108 ms 354 ms
13 google-public-dns-a.google.com (8.8.8.8) 296 ms 104 ms 148 ms
Transceiver statistics:
Transceiver Revision:
7.2.3.0
Vendor ID Code:
4
Line Mode:
G.DMT Mode
Data Path:
Interleaved
Transceiver Information
Downstream Path
Upstream Path
DSL Speed (Kbits/Sec)
3360
736
Margin (dB)
13.5
10.0
Line Attenuation (dB)
55.0
31.0
Transmit Power (dBm)
17.8
11.8#1 Visit http://www.giganews.com/line_info.html and post up the Traceroute the page shows, if you wish. Be aware that the final hop (bottom-most line of the trace) will contain a hop with your IP address in it. Remove that line. What I'm looking for is a line that mentions "ERX" in it's name towards the end. If for some reason the trace does not complete (two lines full of Stars), keep the trace route intact.
#2 Have you tried connecting your modem to the NID ?
I point to http://www.dslreports.com/faq/1317
#3 What is the brand and model of this DSL modem?
#4 If you have a RJ-45 WAN port router: What is the brand and model of it?
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button. -
When we try to play a song on I tunes a ping runs through the play list and plays a random song
When we try to play a song on I tunes a ping runs through the play list and plays a random song
Nicky sh wrote:
When we try to play a song on I tunes a ping runs through the play list
What is "a ping"?
Do all your songs have a check mark? -
Can you ping iTunes through iWeb?
Greetings Everyone,
I set up my iWeb podcast site and the iTunes Store is receiving all the information accept the program logo. I followed some of the suggestions in this forum including renaming and resizing the logo. I reduced the file size
to a very managable size fo 32 kb and the image size to 320 x 272. The original logo, which was much a bigger picture that was not resized, was accepted by iTunes without a problem. What else can I do in iWeb to make iTunes accept this logo? Can I ping iTunes through iWeb?
Here is my web address, http://web.mac.com/gregradio14.
The iTunes location is, http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=256973284.
I appreciate your assistance.
Thanks,
WUWFManI think that your problem still lies with iWeb. Your XML still lists:
http://web.mac.com/gregradio14/iWeb/Site/Blue%20Plate%20Special/Blue%20Plate%20S pecial_files/podcast-large.jpg
as the link to your iTunes image.
iTunes is just showing what it is told to show.
Erik -
Portal connectivity issue through VPN
Dear Experts,
I have an issue in getting connected to Portal through VPN.
I have maintained hosfile entries in the system also but still i am unable to connect to portal.
when i ping from the same system it is getting pinged.
out of doubt i checked whether i am able to connect to SAP R/3 i am able to connect through VPN.
note: i am able to ping the portal server but unable to connect through browser.
Did i miss something? please help me to resolve this issues.
Regards,
SivaHi,
What is the error or page you are getting when you are trying to connect the portal. Might be some firewall restriction.
Thanks,
Mahe -
Remote access VPN on ASA5520 Ping Issues.
Hi I hope someone might be able to help me. I have setup a remote access VPN on an ASA 5520. The VPN client connects ok, accepts my username and password and then I am in. I get an allocated IP address of 172.16.1.1 from the local pool. The problem is that I cannot then ping the inside LAN which is 192.168.1.1. I've got isakmp nat traversal set to default which is 20. I've been looking at this all day and I think I've gone crossed eyed, a fresh pair of eyes are definitley required, so any help would be gratefully received. My config is
Saved
ASA Version 7.0(8)
hostname Hospira-firewall
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
interface GigabitEthernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 213.212.66.52 255.255.255.248
interface GigabitEthernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
ftp mode passive
same-security-traffic permit intra-interface
access-list NONAT extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list Split standard permit 192.168.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool mypool 172.16.1.1-172.16.1.253 mask 255.255.255.0
no failover
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 192.168.1.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 213.212.66.49 1
route outside 172.16.1.0 255.255.255.0 213.212.66.49 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy hospira internal
group-policy hospira attributes
vpn-simultaneous-logins 400
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split
webvpn
username user password 08S9WUsiSMr3RauN encrypted
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set hospira esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dmap 1 set transform-set hospira
crypto dynamic-map dmap 1 set security-association lifetime seconds 28800
crypto dynamic-map dmap 1 set security-association lifetime kilobytes 4608000
crypto dynamic-map dmap 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dmap
crypto map mymap 2 match address NONAT
crypto map mymap 2 set security-association lifetime seconds 28800
crypto map mymap 2 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
isakmp identity address
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
isakmp nat-traversal 20
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group hospira type ipsec-ra
tunnel-group hospira general-attributes
address-pool mypool
default-group-policy hospira
tunnel-group hospira ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect icmp error
service-policy global_policy global
Cryptochecksum:98f85c39a5cbffe66b0f6585d5083c7c
: end
Many thanksHi Richard ,
- we don't need access-list with RA connection , we have the dynamic map that acts as a template , so your crypto config :
crypto map mymap 1 ipsec-isakmp dynamic dmap
crypto map mymap 2 match address NONAT
crypto map mymap 2 set security-association lifetime seconds 28800
crypto map mymap 2 set security-association lifetime kilobytes 4608000
crypto map mymap interface outside
map with seq 1 is being binded to the dynamic map , now map 2 you are using the nonat access list as the encryption trigger for this map , so this should not be there as it encrypt traffic from the inside subnet to the pool .
please remove the second entry, then test if not working please provide a capture from the inside interface .
HTH
Mohammad. -
My iPhone 5 is suddenly having audio issues through the headphone jack.
So this is a strange situation, and I'll try to explain in depth so that someone might be able to suggest a solution. As reference, I have an iPhone 5 that I purchased in late-February. I've had every other model of iPhone except for the first iPhone, so I am pretty familiar with the device. I used to be on AT&T, and switched to Verizon when I upgraded to the iPhone 5.
Two days ago, I was on a six hour road-trip, and I'd been playing my music like normal through my car's auxillary cable. After stopping for lunch, I went to plug my music again, but once the music started to play, I realized that only the drums were playing at normal levels while the vocals were very, very soft. I switched through a few different songs, and realized that all the songs were being played at different levels; sometimes the backup vocals were normal levels while the instrumentation and lead vocals were quiet, or vice versa. I decided to plug my iPhone in to charge, and when I did this, the audio levels were all normal. However, the iPhone was NOT charging. I removed the charger, and the audio went back to being weak and distorted. I went back and forth at this for a bit, trying to figure out what was going on.
Since then and after some testing, I realize that my iPhone will now only charge anywhere EXCEPT in the car charger (I simply use my USB cable that came with my iPhone and plug it into the power adapter I have in the car). This morning, I tested the audio in my home speaker system, and I had the same audio issues. Only half the song's tracks would be at normal audio levels, while the other half would be at a very quiet, almost nonexistent level. I tried plugging my charger into the phone to see if that'd make a difference, but instead of the audio going back to normal like it does in the car, the music stopped and there was just crackling and very noisy distortion sounds.
I'm super confused and not sure what to do. This has never happened to me with any of my iPhones. I am updating my software right now, and am hoping that that may help somehow. Otherwise, I'm at a loss. Any suggestions as to what I should do would be greatly appreciated!Do the new iMacs have digital audio out through the headphone jack?
Yes.
http://support.apple.com/kb/SP576
Maybe you are looking for
-
Create a new instance in HPUNIX 8.1.7.database without Xwindows
Can Somebody help me? I want to create a new instance in HP-UX 8.1.7 database. There is no Xwindows installed. I think i should do this in SQL plus. If so can sombody give my this script. thanks
-
The Speaker phone option on my iPhone 4s is no longer working! Help!!
The Speaker phone option on my iPhone 4s is no longer working. Whenever I press the speakerphone button I can no longer hear anything and can not get back to the call. I then must end the call in order to hear anything again. Its not the actual fa
-
this has only been a problem with iOS 5.1 and 5.1.1
-
URGENT BIG PROBLEM NEEDING EXPERT!
Hey, I recently bought a ipod mini 4gen 4gb, and when i received It I onlu had a Windows ME computer, when i received it it wasnt charged so I pluged it in my windows ME computer and a screen came up asking me to reformate drive, not paying attention
-
Emacs GTK error. Can't open an X windows.
Hi, Whenever I try to open emacs, I get the following errors: (emacs:8006): Gtk-CRITICAL **: gtk_distribute_natural_allocation: assertion `extra_space >= 0' failed (emacs:8006): Gtk-CRITICAL **: gtk_distribute_natural_allocation: assertion `extra_spa