Sol-8 cant ping host on hme1
ultra-10 running sol 8 with three network interfaces installed (hme0,hme1,hme2). ifconfig -a indicates all three are up, but I cannot rsh or ping hosts on hme1 or hme2 unless I ifconfig hme0 down.
Your configurations are not making much sense.
You have the same vlan interfaces with the same IP addresses on all devices and multiple static routes for 192.168.1.0/24.
This is what you should change -
1) the clients only connect to MSHQ3 so remove all vlan interfaces off all the other switches for the client vlans.
Also remove the server vlan interface off MSHQ3
2) the server vlan only connects to MSHQ4 so remove the server vlan off all other switches and remove all the client vlan interfaces off MSHQ4
3) interconnect all your switches with L3 links because you are routing vlans locally on MSHQ3 and MSHQ4 so there is no need for any L2 links between switches.
Note also in a true routed design MSHQ3 should not connect to MSHQ4 ie. traffic between those devices goes via MSHQ1 and MSHQ2
4) remove all static routes for 192.168.1.0/24 from all devices
5) run OSPF on all devices and only advertise the locally connected subnets off each device.
For the switch interconnects use new IP subnets, don't reuse any of your existing vlan subnets.
If you do all of the above then you have a routed access design with your distribution switches, MSHQ1 and MSHQ2 routing between access layer switches and the router.
If you are trying to achieve something else other than a routed access layer design then please come back and clarify.
But either way what you have now is not good and will not work properly.
Jon
Similar Messages
-
Cisco asa- vpn established but cant ping
I am using 2 cisco asa 5505 routers, i have established vpn between them but i cant ping client internal or outside interface, client can ping my outside interface. Only configuration on client is basic easy vpn settings and interfaces, here is server part configuration on my side:
ASA Version 9.1(1)
hostname ciscoasa
enable password NuLKvvWGg.x9HEKO encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.1.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group iskon
ip address pppoe setroute
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside
subnet 10.1.2.0 255.255.255.0
object network outside
subnet 10.1.3.0 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
access-list 101 extended permit object-group DM_INLINE_PROTOCOL_1 10.1.2.0 255.255.255.0 10.1.3.0 255.255.255.0
access-list 102 extended permit object-group DM_INLINE_PROTOCOL_2 10.1.3.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list global_access extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit 10.1.3.0 255.255.255.0 echo-reply inside
icmp permit any inside
icmp permit any outside
icmp permit 10.1.3.0 255.255.255.0 echo-reply outside
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,any) source static outside outside destination static inside inside no-proxy-arp
object network obj_any
nat (inside,outside) dynamic interface
access-group global_access global
route inside 0.0.0.0 0.0.0.0 10.1.3.1 tunneled
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.1.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set mySET esp-3des esp-md5-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map DYN-MAP 5 set ikev1 transform-set mySET
crypto map MAP 60 ipsec-isakmp dynamic DYN-MAP
crypto map MAP interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
vpdn group iskon request dialout pppoe
vpdn group iskon localname *********
vpdn group iskon ppp authentication pap
vpdn username ***** password *****
dhcpd auto_config outside
dhcpd address 10.1.2.5-10.1.2.132 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy VPN internal
group-policy VPN attributes
split-tunnel-policy tunnelall
split-tunnel-network-list value 101
nem enable
username user password enq05bKrudsJMMBu encrypted privilege 15
username user attributes
vpn-group-policy VPN
vpn-session-timeout none
group-lock value VPN-TUNNEL
tunnel-group VPN-TUNNEL type remote-access
tunnel-group VPN-TUNNEL general-attributes
default-group-policy VPN
tunnel-group VPN-TUNNEL ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:3f2923b78a04ee8cfe9324e3e2733d78SOLVED!!! i just needed to configure nat here is configuration for any1 with same problem
: Saved
ASA Version 9.1(1)
hostname ciscoasa
enable password NuLKvvWGg.x9HEKO encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.1.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group iskon
ip address pppoe setroute
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network ladimirevci
subnet 10.1.2.0 255.255.255.0
object network lekenik
subnet 10.1.3.0 255.255.255.0
access-list 101 extended permit ip 10.1.2.0 255.255.255.0 10.1.3.0 255.255.255.0
access-list 101 extended permit ip object lekenik object ladimirevci
access-list 101 extended permit ip object ladimirevci object lekenik
access-list outside_access_in extended permit ip object ladimirevci object lekenik
access-list outside_access_in extended permit ip object lekenik object ladimirevci
access-list outside_access_in extended permit ip any any
access-list inside_access_in extended permit ip object ladimirevci object lekenik
access-list inside_access_in extended permit ip object lekenik object ladimirevci
access-list inside_access_in extended permit ip any any
access-list nonat extended permit ip 10.1.2.0 255.255.255.0 10.1.3.0 255.255.255.0
access-list 102 extended permit ip 10.1.3.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list global_access extended permit ip object lekenik object ladimirevci
access-list global_access extended permit ip object ladimirevci object lekenik
access-list global_access extended permit ip any any
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo-reply outside
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,any) source static ladimirevci ladimirevci destination static lekenik lekenik
object network obj_any
nat (inside,outside) dynamic interface dns
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group global_access global
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
http 10.1.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set mySET esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map DYN-MAP 5 set pfs
crypto dynamic-map DYN-MAP 5 set ikev1 transform-set mySET
crypto dynamic-map DYN-MAP 5 set reverse-route
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map MAP 60 ipsec-isakmp dynamic DYN-MAP
crypto map MAP interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpool policy
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh scopy enable
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
console timeout 0
management-access inside
vpdn group iskon request dialout pppoe
vpdn group iskon localname vivaindo@iskon-dsl
vpdn group iskon ppp authentication pap
vpdn username vivaindo@iskon-dsl password *****
dhcpd auto_config outside
dhcpd address 10.1.2.5-10.1.2.36 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev2 ssl-clientless
group-policy VPN internal
group-policy VPN attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-lock value VPN-TUNNEL
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 101
nem enable
username user password enq05bKrudsJMMBu encrypted privilege 15
username user attributes
vpn-group-policy VPN
group-lock value VPN-TUNNEL
tunnel-group VPN-TUNNEL type remote-access
tunnel-group VPN-TUNNEL general-attributes
default-group-policy VPN
tunnel-group VPN-TUNNEL ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:ddac35422ebbf57095be7a1d33b0b67d
: end
asdm image disk0:/asdm-712.bin
no asdm history enable -
Cant ping behind cisco router (site2site vpn)
Dears;
After configure site to site vpn between cisco router and fortigate firewall,
site A : 10.0.0.0/24 behind fortigate
site B: 10.10.10.0/24 behind cisco router
the tunnel is up and I can ping 10.0.0.1 from site B and can ping 10.10.10.1 from site A but I cant ping any ip inside 10.0.0.0/24 form site B or network 10.10.10.0/24 from site A
my cisco router configuration is
Current configuration : 2947 bytes
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
boot-start-marker
boot-end-marker
enable secret 4 EE103as6FtdocdBefpgugX6P9eGaDKDyBvwz7AywH5Q
no aaa new-model
memory-size iomem 10
clock timezone cairo 2 0
crypto pki token default removal timeout 0
ip source-route
ip dhcp excluded-address 192.168.16.1
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp pool GUEST
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool LAN
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 8.8.8.8 8.8.4.4
ip cef
controller VDSL 0
ip ssh version 2
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 5
crypto isakmp key 6 *********** address 4.x.x.x no-xauth
crypto ipsec transform-set myset esp-aes esp-sha256-hmac
crypto map kon-map 10 ipsec-isakmp
set peer 4.x.x.x
set transform-set myset
set pfs group5
match address 105
interface Ethernet0
no ip address
no fair-queue
interface ATM0
no ip address
ip mtu 1452
ip tcp adjust-mss 1452
no atm ilmi-keepalive
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
interface FastEthernet0
switchport mode trunk
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
switchport access vlan 2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan2
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username
crypto map kon-map
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 100 deny ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.16.0 0.0.0.255 any
access-list 105 permit ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
banner motd ^C^C
end
when ping from cisco router
konsuler#ping 10.0.0.27 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.27, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
Success rate is 0 percent (0/5)
help pleaseThank you karsten
I can ping interface of router from remote site but cant ping any device behind the router and can ping firewall interface but cant ping any device behind the firewall
-counters in
# sh crypto ipsec sa
increased only while ping 10.0.0.1 or 10.10.10.1 from both sides
r#show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: Dialer1
Uptime: 00:03:12
Session status: UP-ACTIVE
Peer: 4.x.x.x port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.x.x.x
Desc: (none)
IKEv1 SA: local 6.x.x.x/500 remote 4.x.x.x/500 Active
Capabilities:(none) connid:2001 lifetime:22:39:59
IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 10.0.0.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 9 drop 0 life (KB/Sec) 4605776/3407
Outbound: #pkts enc'ed 14 drop 0 life (KB/Sec) 4605775/3407 -
I will include a post of my config. I have the clients connecting through the VPN tunnel on the 180.0.0.0/24 network, 192.168.1.0/24 is the primary network for the office.
I can connect to the VPN and I do recieve the correct address assignment. I belive tunneling may be setup correct in the aspect that I can still connect to the internet while on the VPN, but I can not ping any hosts on the 192.168.1.0 network. In the debug log from the ASDM I can see pings reaching the ASA, but no responce is received on the client.
6
Feb 21 2013
21:54:26
180.0.0.1
53508
192.168.1.1
0
Built inbound ICMP connection for faddr 180.0.0.1/53508 gaddr 192.168.1.1/0 laddr 192.168.1.1/0 (christopher)
Any help would be greatly appreciated, I am currently presuring my CCNP so I would like to get a deeper understanding of how to solve these issues.
-Chris
hostname RegencyRE-ASA
domain-name regencyrealestate.info
enable password 2/VA7dRFkv6fjd1X encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 180.0.0.0 Regency
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
description link to REGENCYSERVER
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
description link to RegencyRE-AP
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.120 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 208.67.220.220
name-server 208.67.222.222
domain-name regencyrealestate.info
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 Regency 255.255.255.224
access-list RegencyRE_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list outside_access_in extended permit icmp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool Regency 180.0.0.1-180.0.0.20 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm location Regency 255.255.255.0 inside
asdm location 192.168.0.0 255.255.0.0 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 12.186.110.2 1
route inside 192.0.0.0 255.0.0.0 192.168.1.102 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
http server enable 8443
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 15
ssh version 2
console timeout 0
dhcprelay server 192.168.1.102 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 69.25.96.13 source outside prefer
ntp server 216.171.124.36 source outside prefer
webvpn
group-policy RegencyRE internal
group-policy RegencyRE attributes
dns-server value 208.67.220.220 208.67.222.222
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RegencyRE_splitTunnelAcl
username adriana password encrypted privilege 0
username christopher password encrypted privilege 15
username irene password encrypted privilege 0
tunnel-group RegencyRE type remote-access
tunnel-group RegencyRE general-attributes
address-pool Regency
default-group-policy RegencyRE
tunnel-group RegencyRE ipsec-attributes
pre-shared-key R3&eNcY1.
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:35bc3a41701f7f8e9dde5fa35532896d
: endLooking at a previous ASA 5520 I configured when I ping hosts I see the following in the logs. I know there is something obvious I am missing.
6
Feb 21 2013
22:01:49
302020
170.0.0.1
13317
172.16.0.253
0
Built inbound ICMP connection for faddr 170.0.0.1/13317 gaddr 172.16.0.253/0 laddr 172.16.0.253/0 (cxv1)
6
Feb 21 2013
22:01:49
302020
172.16.0.253
0
170.0.0.1
13317
Built outbound ICMP connection for faddr 170.0.0.1/13317 gaddr 172.16.0.253/0 laddr 172.16.0.253/0 -
Cant Ping UC320W from 881 but can ping 881 from UC320w
Hi,
Wondering if soembody could help me here. I have a uc320 and router directly connected and I can ping the router from the 320 but cant ping the other way. As a result I only have SIP traffic working outbound but cant get and calls inbound. Im missing something here but cant figure out what
Any ideas ?
Thanks a million
J-PHi,
Thanks for the response. The UC320 has the WAN Interface is statically assigned 192.160.160.2/30 and the gateway is
192.160.160.1 there is no CLI on the 320 so cant provide any config. I can ping the 881 from the 320 no problem but it wont work the other way. Evrything looks like it up and running from show commands etc.
The config of the 881 is below have changed the wan address's etc for obviuos reasons -
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname _Router
boot-start-marker
boot-end-marker
logging message-counter syslog
no aaa new-model
dot11 syslog
ip source-route
ip cef
ip name-server 83.147.160.2
ip name-server 83.147.160.130
no ipv6 cef
multilink bundle-name authenticated
archive
log config
hidekeys
class-map match-any VOIP
match protocol rtp audio
class-map match-any WEB_TRAFFIC
match protocol http
match protocol ftp
match protocol secure-http
match protocol secure-ftp
class-map match-any VIDEO
match protocol rtp video
policy-map QOS_POLICY
class VOIP
priority percent 15
set dscp ef
class WEB_TRAFFIC
bandwidth percent 30
random-detect
set dscp af32
class VIDEO
bandwidth percent 20
set dscp cs4
class class-default
bandwidth percent 30
random-detect
set dscp default
interface FastEthernet0
switchport trunk native vlan 100
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
switchport mode trunk
interface FastEthernet4
bandwidth 5000
no ip address
speed 100
full-duplex
service-policy output QOS_POLICY
interface FastEthernet4.201
description Voice_VLAN
encapsulation dot1Q 201
ip address 172.18.24.x 255.255.255.252
ip nat outside
ip virtual-reassembly
interface FastEthernet4.202
description DATA_VLAN
encapsulation dot1Q 202
ip address 92.51.19.x 255.255.255.252
ip nat outside
ip virtual-reassembly
interface Vlan1
ip address 192.168.160.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan100
ip address 192.160.160.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 92.51.19.X
ip route 172.18.24.x 255.255.255.255 172.18.24.x
no ip http server
no ip http secure-server
ip nat sip-sbc
ip nat inside source static udp 192.160.160.2 5060 interface FastEthernet4.201 5060
ip nat inside source list 1 interface FastEthernet4.201 overload
ip nat inside source list 2 interface FastEthernet4.202 overload
access-list 1 permit 192.160.160.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
banner login
Thanks again
J-P -
Cant ping inside hosts from client vpn. Think its a NAT issue
Hello all, I am running into what I think is a NAT/nat exclusion issue with an IOS IPSEC VPN. I can connect to the VPN with the cisco IPSEC VPN client, and I am able to authenticate. Once I authenticate, I am not able to reach any of the inside hosts. My relevant config is below. Any help would be greatly appreciated.
aaa new-model
aaa authentication login default local
aaa authentication login userauthen group radius
aaa authorization exec default local
aaa authorization network groupauthor local
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group businessVPN
key xxxxxx
dns 192.168.10.2
domain business.local
pool vpnpool
acl 108
crypto isakmp profile VPNclient
match identity group businessVPN
client authentication list userauthen
isakmp authorization list groupauthor
client configuration address respond
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set myset
set isakmp-profile VPNclient
reverse-route
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
interface Loopback0
ip address 10.1.10.2 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
interface Null0
no ip unreachables
interface FastEthernet0/0
ip address 111.111.111.138 255.255.255.252
ip access-group outside_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect outbound out
ip virtual-reassembly
duplex auto
speed auto
crypto map clientmap
interface Integrated-Service-Engine0/0
description cue is initialized with default IMAP group
ip unnumbered Loopback0
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface BVI1
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip nat inside source static tcp 192.168.10.2 25 interface FastEthernet0/0 25
ip nat inside source static tcp 192.168.10.2 443 interface FastEthernet0/0 443
ip nat inside source static tcp 192.168.10.2 3389 interface FastEthernet0/0 3389
ip nat inside source route-map nat interface FastEthernet0/0 overload
ip access-list extended nat
deny ip 192.168.10.0 0.0.0.255 192.168.109.0 0.0.0.255
deny ip 10.1.1.0 0.0.0.255 192.168.109.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
ip access-list extended nonat
permit ip 192.168.10.0 0.0.0.255 192.168.109.0 0.0.0.255
permit ip 10.1.10.0 0.0.0.255 192.168.109.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 192.168.109.0 0.0.0.255
ip access-list extended outside_in
permit tcp object-group Yes_SMTP host 111.111.111.138 eq smtp
permit tcp any any eq 443
permit tcp 20.20.20.96 0.0.0.31 host 111.111.111.138 eq 3389
permit tcp 20.20.20.96 0.0.0.31 host 111.111.111.138 eq 22
permit esp any host 111.111.111.138
permit udp any host 111.111.111.138 eq isakmp
permit udp any host 111.111.111.138 eq non500-isakmp
permit ahp any host 111.111.111.138
permit gre any host 111.111.111.138
access-list 108 permit ip 192.168.109.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 108 permit ip 192.168.109.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 108 permit ip 192.168.109.0 0.0.0.255 10.1.10.0 0.0.0.255
route-map nat permit 10
match ip address nat
bridge 1 route ipI believe the acl applied to the client group is backwards. It should permit traffic from the internal network to the clients pool.
To confirm you can open the Cisco VPN client statistics(after connecting) then go to the route details tab. You should see there the networks that you should be able to reach from the client. Make sure the correct ones are in there.
Regards, -
Cant ping other management IP on Dell S4820 from my production vlan(N200)
Hi All
I just confused or very strange scenario because im try to connect from my core switch S4810(with VLT) ip address of 172.10.2.254-Peer1 and 172.10.2.253 - Peer2, this ip address also my default gateway in my vlan2, my s4810 act as a core switch
All of this are manageable remotely from my production switches(accesS) with management ip address of 172.10.2.3 also I can manage the vlt peer2 of my S4820(secondary) whose ip address 172.10.2.1, but in my vlt peer1 - S4820 (primary) - i cant manage 172.10.2.2, but i can ping from my switch going to that particular switch,
thanks
brent
This topic first appeared in the Spiceworks CommunityHi All
I just confused or very strange scenario because im try to connect from my core switch S4810(with VLT) ip address of 172.10.2.254-Peer1 and 172.10.2.253 - Peer2, this ip address also my default gateway in my vlan2, my s4810 act as a core switch
All of this are manageable remotely from my production switches(accesS) with management ip address of 172.10.2.3 also I can manage the vlt peer2 of my S4820(secondary) whose ip address 172.10.2.1, but in my vlt peer1 - S4820 (primary) - i cant manage 172.10.2.2, but i can ping from my switch going to that particular switch,
thanks
brent
This topic first appeared in the Spiceworks Community -
[iPhone] NSURLConnection cant find host
Hi all,
I'm having a major problem with my application when using anything other than a wifi connection.
I'm just trying to grab the contents of an XML document at a given URL, this works for the best part on wifi.
For some reason it would appear that the following code cant locate the host or occasionally just times out when using Edge/3G but NOT wifi.
The same issues were happening when I just used [NSData dataWithContentsOfURL:url];
Any help is appreciated!
- (NSXMLParser *)read:(NSString *)urlString
NSURL *url = [NSURL URLWithString:urlString];
//NSData *data = [NSData dataWithContentsOfURL:url];
NSMutableURLRequest *theRequest=[NSMutableURLRequest
requestWithURL:url
cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:60.0];
//[theRequest setHTTPMethod:@"GET"];
[theRequest setMainDocumentURL: url];
[theRequest setTimeoutInterval:30.0];
NSError *myError = nil;
NSURLResponse *serverResponse;
NSData *data;
data = [NSURLConnection sendSynchronousRequest:theRequest returningResponse:&serverResponse error:&myError];
NSXMLParser *parser = [[NSXMLParser alloc] initWithData:data];
return parser;I've seen similar problems with NSImage and NSXMLParser with chuncked HTTP responses. Instead I've has to proxy the requests through another server that did not chunk the response, or use NSURLConnection objects and manually concatenate the responses with didReceiveData. If there is an easy workaround for this, please share!
-
From VM cannot ping host or gateway
Hi all,
I have installed Hyper-V 2012 R2 core of a brand new Dell Poweredge R720 server in core mode, no GUI.
Then a VM with Windows 2012 R2 VM with GUi has been created with Hyper-V manager, no problems there.
I used the Virtual Switch Manager to create a Virtual LAN adapter and selected the network card as an external type because I want to share the Hyper-V host network card.
I start the virtual machine, go into network connections, configure a static IP is the same subnet as the Hyper-V host, default gateway, DNS server etc.
When I try to ping the Hyper-V host or the router's default gateway, I get that it is unreachable.
If I try to ping the VM from the host same thing, unreachable.
I made sure to disable the Firewall in the Hyper-V host as well as the Virtual Machine for testing purposes.
What is the problem here?
I read somewhere on google that although the hyper-v host network config may appear fine, it might be messed up.
Also if you have more than 1 physical network adapter how to I select the correct index for the NIC in Hyperv manager Virtual switch manager?
Any responses will be greatly appreciated.
Thanks and regards
AlfredI'll ask again for the output of ipconfig /all from the two machines you are testing. It is a challenge to assist in debugging network issues when we can't see how the network is configured.
.:|:.:|:. tim
Hi Tim,
sorry for the delay in answering and also thanks for your reply.
I have worked out what the problem was.
When I created the Virtual Switch in Hyper-V manager, I picked the wrong physical network card.
In the Poweredge R720 there are 8 physical nics and I picked the one called Broadcom NetXtreme Gigabit Ethernet (not connected and hence the apipa IP address), when it should have been Broadcom NetXtreme Gigabit Ethernet #5.
I had to go into powershell and execute get-netadapter to get the lists of NICs and their status.
Then I decided to create a NIC team to increase the bandwidth and create a virtual nic to assign to my VMs.
Now everything is working OK:
This is the output of my ipconfig /all on the core server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : xxxhyperv1
Primary Dns Suffix . . . . . . . : xxxxxx.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxxxx.local
Ethernet adapter vEthernet (Virtual Switch 1):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::15be:46cd:a1c7:e2e2%35(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.20.44(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DHCPv6 IAID . . . . . . . . . . . : 603503634
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-7E-5F-99-00-0A-F7-3E-FD-6
DNS Servers . . . . . . . . . . . : 192.168.20.5
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter SLOT 2 Port 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #4
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter SLOT 2 Port 4:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #3
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter SLOT 2 Port 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter SLOT 2 Port 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{92F333A4-9638-4721-AD23-E23B6FAA6541}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Thanks and regards
Ipnotech -
Cant ping windows computers with new E4200 LAN/wLAN
just replaced a WRT54G with E4200. Most functions work well. 4 wireless computers (1 Macbook, 3 Win 7), 1 wireless android, 1 wired Win7 computer, 1 ethernet connected hard drive, 1 ethernet connected printer. All computers can ping router, access hard drive, access internet, ping android and ping Macbook.
However, router, nor any computer, can't ping Win7 computers. Apparently IP based connections between WinX computers is blocked. My real applications are to Remote Desktop Connect from 1 Win7 computer to another, or to run a DLNA music server on 1 Win7 computer, accessed by another. (the LAN connected computer is the server, accessed by a wLAN client. All worked fine on WRT54G router, but can't connect thru E4200. When these apps failed, I tried PING, and that failed as well.
All computer's IP addresses are properly served from E4200 via DHCP, and are visible thru the router's DHCP Reservation panel.
Cisco Tech support suggested turning off the router firewall, and then turning off all of the internet filters, but neither of these ideas helped.
Any thoughtsDid you reconfigure the firewall on the Windows computer? You have connected the computers to a new router, i.e. a new network and it should be by default untrusted.
-
Dear All,
1. I want to install SolMan on Solaris 10. Please guide me from start..
2. I want to install SolMan and ECC6 on the same host. What is the procedure I need to follow( I mean from creating the LV ..)
Please guide.1. I want to install SolMan on Solaris 10. Please guide me from start..
Use the official installation guides, they contain everything you need
http://service.sap.com/instguides
2. I want to install SolMan and ECC6 on the same host. What is the procedure I need to follow( I mean from creating the LV ..)
This is also covered in the guides.
Are you going to use VxFS? If you´re on Solaris 10 try ZFS - MUCH easier to configure and handle!
Markus -
RV042 quick VPN client cant ping lan network
Hi guys,
I've just created a client2gateway IPSec tunnel on RV042 and use Quick VPN client on remote PC trying to connect this router.
Quick VPN showed the tunnel was establised. But I couldn't ping the Lan network behind the router RV042.
Can anyone help me ?
Thanks.Hi,
I modified the client2gateway mode to Client access mode.
Now I can ping (from QuickVPN client) to 172.16.1.0/24 network behind the router RV042.
But if I put another subnet as 10.92.x.0 behind this router, I still can't ping. Since Client access configuration is too simple, I cannot find a way to modify the subnet.
Seems 172.16.1.0 is default. Am I right? -
TCPIP additional addresses cant ping, can't see.
I'm trying to add an ip address to my netware server on a 172.16 network to make it visible on a 172.21 vlan for backup purposes. I have added an additional primary ipaddress on the interface and it seems happy but I can't ping the 172.21 address from a computer on either the 172.16 vlan or the 172.21 vlan. And I can't see the backup agent from a backup server running symantec backupexec 2010. I don't seem to be able to set a default route for this ip address on the 172.21 vlan. Is this even possible?
Originally Posted by AndersG
Donackle,
> And I can't see the backup agent from a backup
> server running symantec backupexec 2010. I don't seem to be able to set
> a default route for this ip address on the 172.21 vlan. Is this even
> possible?
Have you set up packet forwarding on your server? Ie changed to "Router"
from "End Node" inn INETCFG.
- Anders Gustafsson (Sysop)
The Aaland Islands (N60 E20)
Novell has a new enhancement request system,
or what is now known as the requirement portal.
If customers would like to give input in the upcoming
releases of Novell products then they should go to
http://www.novell.com/rms
It is. I can ping the 172.16 address, but not the 172.21.. -
10.6 VPN client - 10.5.8 VPN server - Cant ping past server on l2tp or pptp
Since installing 10.6 on my macbook and my mini, i can authenticate to MacPro 10.5.8 server over either l2tp or pptp. I cannot access any clients or ping any ip past the server on the local net.
I can connect and ping from win machine at work and ping and connect to all machines on local net.
Server vpn log shows authentification and connected with 10.6 machines. 10.5.8 machines work fine. Win machines work fine. Only 10.6 machines have issues.
Any help would be appreciatedAfter a complete rebuild of the sever, I have determined that the problem is related to setting client information. I rebuilt the server, added the vpn, and it worked with L2TP from 10.6 machines. I went back and added the client information exactly the way it worked with 10.5 machines and the vpn would fail. I have removed the information from the client information screen on the server, and it is workin fine with both 10.5 and 10.6 machines.
-
Xconnect problem. cant ping from CE to CE
Hi Guys,
I'm having issues with my xconnect tunnel. i couldn't ping from CE to CE. is theres something that i missed in my config?
CE2#sh run int Gi0/0.1104
Building configuration...
Current configuration : 201 bytes
interface GigabitEthernet0/0.1104
encapsulation dot1Q 1104
ip vrf forwarding admin
ip address 10.210.64.193 255.255.255.252
ip router isis Admin
end
PE2#sh run int Gi0/0.1104
Building configuration...
Current configuration : 222 bytes
interface GigabitEthernet0/0.1104
description Admin:EoMPLS to PE1
encapsulation dot1Q 1104
xconnect 10.215.0.133 1104 encapsulation mpls
service-policy input police_1M
service-policy output shape_1M
end
PE2#sh xconnect all
Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State
UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP ac Gi0/0.1105 1105(Eth VLAN) UP mpls 10.215.0.109:1105 UP
UP ac Gi0/0.1107 1107(Eth VLAN) UP mpls 10.215.0.109:1107 UP
UP ac Gi0/0.1104 1104(Eth VLAN) UP mpls 10.215.0.133:1104 UP
UP ac Gi0/0.1106 1106(Eth VLAN) UP mpls 10.215.0.133:1106 UP
PE2#ping 10.215.0.133
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.215.0.133, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
===========================================================================
CE1#sh run int Fa0/1.1104
Building configuration...
Current configuration : 255 bytes
interface FastEthernet0/1.1104
description Admin:EoMPLS to CE2
encapsulation dot1Q 1104
ip address 10.210.64.194 255.255.255.252
ip router isis area_0054
clns mtu 1467
clns router isis area_0054
isis circuit-type level-2-only
end
PE1#sh run int Gi0/1.1104
Building configuration...
Current configuration : 224 bytes
interface GigabitEthernet0/1.1104
description Admin:EoMPLS to PE2
encapsulation dot1Q 1104
xconnect 10.214.254.107 1104 encapsulation mpls
service-policy input police_1M
service-policy output shape_1M
end
PE1#ping 10.214.254.107
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.214.254.107, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 msI still couldnt reach it.. but i can see it on my ldp neighbor.
PE2#$ping mpls ipv4 10.215.0.133/32 source 10.214.254.107 reply mode ipv4
Sending 5, 100-byte MPLS Echos to 10.215.0.133/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
Success rate is 0 percent (0/5)
PE2#sh mpls ldp neigh
Peer LDP Ident: 10.215.0.133:0; Local LDP Ident 10.214.254.107:0
TCP connection: 10.215.0.133.13109 - 10.214.254.107.646
State: Oper; Msgs sent/rcvd: 15109/15097; Downstream
Up time: 18:11:49
LDP discovery sources:
Targeted Hello 10.214.254.107 -> 10.215.0.133, active, passive
Addresses bound to peer LDP Ident:
10.215.0.133 172.16.8.97 172.16.8.101 10.210.64.117
10.210.64.253 10.210.64.105 10.210.64.193 10.210.64.189
10.210.64.85 10.210.64.81
Maybe you are looking for
-
Problem updating Volume in Sales Scheduling Agreement
Hi gurus, we have problem with Sales Scheduling Agreement. It's about volume of material. First, I create a Scheduling Agreement for material A, what is 100 CCM of volume in its register master material. I create several forecast delivery schedule. A
-
It used to be that i could make changes such as sorting of folder bookmark listings in "organize bookmarks" and they would occur immediately in my Firefox browser. Now, for some reason, every time i make these changes in the Organize Bookmarks screen
-
i had to consolidate my library to transfere my music on itunes to my new computer(which didn't work, so i still use the old computer) and when i pulg it back into my old computer, i can't get the pictures that were once on my ipod to show up on my i
-
Appleworks Formula error on import to Numbers
I have devised a spreadsheet for my VAT and TAX in Appleworks (6.2.9 It has worked fine for years. I recently decided that I should try and get it working in Numbers (09) to future proof it. I am having a problem with one of the formulae: =IF(X4Y4+AA
-
Problem with starting a sqlplus-process via java.lang.Process
Hi, I want to start a sqlplus-Process from a java-application via java.lang.Process. Works great with XP. On a W2K-Machine, the process is started (I can see it in the Taskmanager), but it doesn't connect to the db - the OS-process hangs, also the ja