Traceroute but no Ping
I'm having trouble with my MBA with internet connection to any application. Using the Network utlity it will run a Traceroute, but cannot Ping any address. The Netstat shows it is connected to a foreign address, but nothing gets passed to any of my applications. I've turned off the system firewalland remove other apps that might interfere, to no avail. I just found a Flash virus called Games.exe and am working to get rid of it. Any other ideas what might be causing this problem?
Thanks!
How are you connecting to the Internet?
Who is your ISP?
Give this a try. Open Network System Preferences, select your connection method (Ethernet or WiFi), then click on the Advanced button.
Click on the DNS tab.
Note what is listed in the DNS Servers: list. It should be a grayed out address of your router IP address.
If it is not, please post what it says.
If it is just your router address, then click the Add button ( + ) and enter these servers:
208.67.222.222 and 208.67.220.220
Then, try to connect to the internet.
EDIT: sorry, I missed this before posting:
I've connected via a USB dongle directly to the cellular network and via my wireless network at home.
If that is the case, it is very likely that the MacBook Air is not getting the correct DNS servers passed to it from the router. Adding the OpenDNS servers as I described above should help.
Similar Messages
-
RV220W IPsec tunnel connected, but no ping is working
Hello,
I have a problem with my RV220w router and IPsec connections.
The tunnel is connected, but no ping is working. I have not changed any Settings on the Client Site or Router Site. The last succsessful tunnel wit this configuration is a half year ago.
The local and remote network have different ip-address.
I have both firmware versions 1.0.4.17 and 1.0.5.8 tested.
A tunnel over PPTP is working fine. The ping works successful.
Has anyone an idea?
kind regards
Martin Schubert
Configuration:
Client Software:
- Windows 7 64Bit
- ShrewSoft VPNClient 2.2.2
n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:0
n:client-banner-enable:1
n:network-notify-enable:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-dns-suffix-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:client-wins-used:0
n:client-wins-auto:1
n:phase1-dhgroup:5
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
n:phase1-keylen:0
n:phase2-keylen:0
s:client-auto-mode:pull
s:client-iface:direct
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk-xauth
s:ident-client-type:fqdn
s:ident-server-type:fqdn
s:ident-client-data:remote.com
s:ident-server-data:local.com
s:phase1-exchange:aggressive
s:phase1-cipher:aes
s:phase1-hash:sha2-256
s:phase2-transform:esp-aes
s:phase2-hmac:sha2-256
s:ipcomp-transform:disabled
n:phase2-pfsgroup:5
s:policy-level:auto
s:policy-list-include:192.168.1.0
Router:
IpsecIKEPolicy[1]["Direction"] = "1"
IpsecIKEPolicy[1]["EncryptionAlgorithm"] = "5"
IpsecIKEPolicy[1]["LocalIdentifier"] = "local.com"
IpsecIKEPolicy[1]["ExchangeMode"] = "1"
IpsecIKEPolicy[1]["RemoteIdentifier"] = "remote.com"
IpsecIKEPolicy[1]["Presharedkey"] = "is secret"
IpsecIKEPolicy[1]["IKEPolicyName"] = "abc"
IpsecIKEPolicy[1]["LocalIdentifierType"] = "1"
IpsecIKEPolicy[1]["SALifeTime"] = "28800"
IpsecIKEPolicy[1]["DPDDetectionPeriod"] = "10"
IpsecIKEPolicy[1]["ModeConfigStatus"] = "0"
IpsecIKEPolicy[1]["XAUTHType"] = "2"
IpsecIKEPolicy[1]["DPDFailureCount"] = "3"
IpsecIKEPolicy[1]["AuthAlgorithm"] = "3"
IpsecIKEPolicy[1]["AuthType"] = "0"
IpsecIKEPolicy[1]["DHGroup"] = "5"
IpsecIKEPolicy[1]["DPD"] = "0"
IpsecIKEPolicy[1]["_ROWID_"] = "1"
IpsecIKEPolicy[1]["RemoteIdentifierType"] = "1"
IpsecVPNPolicy[1]["EnableKeepAlive"] = "0"
IpsecVPNPolicy[1]["LocalSubnetMask"] = "255.255.255.0"
IpsecVPNPolicy[1]["EncryptionAlgorithm"] = "5"
IpsecVPNPolicy[1]["AuthAlgorithm"] = "3"
IpsecVPNPolicy[1]["RemoteNetworkType"] = "0"
IpsecVPNPolicy[1]["LocalGateway"] = "0"
IpsecVPNPolicy[1]["RVGStatus"] = "0"
IpsecVPNPolicy[1]["VPNPolicyName"] = "abc"
IpsecVPNPolicy[1]["LocalStartAddress"] = "192.168.1.0"
IpsecVPNPolicy[1]["Status"] = "1"
IpsecVPNPolicy[1]["Netbios"] = "0"
IpsecVPNPolicy[1]["AutoPolicyType"] = "1"
IpsecVPNPolicy[1]["KeepAlivePeriod"] = "10"
IpsecVPNPolicy[1]["PFSKeyGroup"] = "5"
IpsecVPNPolicy[1]["SPIOut"] = "0x"
IpsecVPNPolicy[1]["KeepAliveFailureCount"] = "3"
IpsecVPNPolicy[1]["LocalNetworkType"] = "3"
IpsecVPNPolicy[1]["SALifeTime"] = "3600"
IpsecVPNPolicy[1]["IKEPolicyName"] = "abc"
IpsecVPNPolicy[1]["FailbackTime"] = "30"
IpsecVPNPolicy[1]["RemoteEndPoint"] = "remote.com"
IpsecVPNPolicy[1]["NodeId"] = "1"
IpsecVPNPolicy[1]["SALifeTimeType"] = "0"
IpsecVPNPolicy[1]["PolicyType"] = "1"
IpsecVPNPolicy[1]["SPIIn"] = "0x"
IpsecVPNPolicy[1]["RemoteEndPointType"] = "1"
IpsecVPNPolicy[1]["_ROWID_"] = "1"
IpsecVPNPolicy[1]["Rollover"] = "0"At the glance,
First, what are your netmasks for those networks? I suppose they are 255.255.255.0.
Second, check your Remote Security Group and Local Security Group on B and C for their tunnel. Maybe permutation?
Third, check Routing table (Setup->More->Advanced Routing then at the bottom Show Routing Table).
Should be something like - on B:
10.0.0.0
255.255.255.0
GW for B
10
ipsec0
and on C:
10.0.1.0
255.255.255.0
GW for C
10
ipsec0 -
Extend Wireless Network using a Telstra technicolor Gateway wireless Router to Airpot extreme but Airport will only except "join a wireless network (which it does) not "extend a wireless network" (Led turns yellow and I can not get a network working on the Airpor Extreme ethernet ports but can ping Airport extreme from Technicolor Router.
Airport gets it address DHCP.Funny how I can ping the Extreme but the Hard Ethernet ports dont seem to work correctly.
When the AirPort Extreme is configured to "Join" a wireless network, the Ethernet ports are not enabled.
Oddly, the AirPort Express has a special feature that will allow it to to "Join" virtually any wireless network.....and the Ethernet port can be enabled. So, an Express would work for your purpose to provide an Ethernet connection to the media player. This assumes that the Express is located where it can receive a strong wireless signal from your main router.
Note that the Express will not provide any additional wireless coverage when it "Joins". -
Cant Ping UC320W from 881 but can ping 881 from UC320w
Hi,
Wondering if soembody could help me here. I have a uc320 and router directly connected and I can ping the router from the 320 but cant ping the other way. As a result I only have SIP traffic working outbound but cant get and calls inbound. Im missing something here but cant figure out what
Any ideas ?
Thanks a million
J-PHi,
Thanks for the response. The UC320 has the WAN Interface is statically assigned 192.160.160.2/30 and the gateway is
192.160.160.1 there is no CLI on the 320 so cant provide any config. I can ping the 881 from the 320 no problem but it wont work the other way. Evrything looks like it up and running from show commands etc.
The config of the 881 is below have changed the wan address's etc for obviuos reasons -
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname _Router
boot-start-marker
boot-end-marker
logging message-counter syslog
no aaa new-model
dot11 syslog
ip source-route
ip cef
ip name-server 83.147.160.2
ip name-server 83.147.160.130
no ipv6 cef
multilink bundle-name authenticated
archive
log config
hidekeys
class-map match-any VOIP
match protocol rtp audio
class-map match-any WEB_TRAFFIC
match protocol http
match protocol ftp
match protocol secure-http
match protocol secure-ftp
class-map match-any VIDEO
match protocol rtp video
policy-map QOS_POLICY
class VOIP
priority percent 15
set dscp ef
class WEB_TRAFFIC
bandwidth percent 30
random-detect
set dscp af32
class VIDEO
bandwidth percent 20
set dscp cs4
class class-default
bandwidth percent 30
random-detect
set dscp default
interface FastEthernet0
switchport trunk native vlan 100
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
switchport mode trunk
interface FastEthernet4
bandwidth 5000
no ip address
speed 100
full-duplex
service-policy output QOS_POLICY
interface FastEthernet4.201
description Voice_VLAN
encapsulation dot1Q 201
ip address 172.18.24.x 255.255.255.252
ip nat outside
ip virtual-reassembly
interface FastEthernet4.202
description DATA_VLAN
encapsulation dot1Q 202
ip address 92.51.19.x 255.255.255.252
ip nat outside
ip virtual-reassembly
interface Vlan1
ip address 192.168.160.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan100
ip address 192.160.160.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 92.51.19.X
ip route 172.18.24.x 255.255.255.255 172.18.24.x
no ip http server
no ip http secure-server
ip nat sip-sbc
ip nat inside source static udp 192.160.160.2 5060 interface FastEthernet4.201 5060
ip nat inside source list 1 interface FastEthernet4.201 overload
ip nat inside source list 2 interface FastEthernet4.202 overload
access-list 1 permit 192.160.160.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
banner login
Thanks again
J-P -
Cannot ping Real IP, but can ping Virtual IP, what is the issue?
Hi
I have load balancing for some servers on CSM, i can ping to VIP but cannot ping to Real IP of servers behind CSM. I need it for some testing and management pupose, Can anyone help to spot the issue? thanx
Topology
MSFC--FWSM--CSM--serversin routed mode, by default, the CSM does not allow client to connect directly to the servers.
To allow this traffic you need to create a vserver for the subnet with a predictor forward serverfarm
ie:
serverfarm route
no nat server
predictor forward
vserver vlanX
vip x.x.x.0 /24 any
serverfarm route
inservice
Gilles. -
Hello-
I suck at Linux and networking, especially when someone takes away all the extras.... That said I really like Arch because I'm finally learning what I really need (or am missing) and what it's used for. I'm currently running Arch64 in a box with 3 nics as a host for VirtualBox. All of the nics appear to setup with their static IP correctly and even respond to pings from outside. Unfortunately, when I try to test connectivity with the following command, I just get errors:
ping 4.2.2.2 -I eth2
eth1 is my default for the system and I want eth0 and eth2 assigned to the virtual servers using 'internal networking'. But I can't seem to get anything through eth0 or eth2. Here's my rc.conf file followed by 'route' output, not sure what else I can provide to help. Thanks in advance!
-Jeff
# /etc/rc.conf - Main Configuration for Arch Linux
# LOCALIZATION
# LOCALE: available languages can be listed with the 'locale -a' command
# HARDWARECLOCK: set to "UTC" or "localtime"
# USEDIRECTISA: use direct I/O requests instead of /dev/rtc for hwclock
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
LOCALE="en_US.utf8"
HARDWARECLOCK="localtime"
USEDIRECTISA="yes"
TIMEZONE="Canada/Pacific"
KEYMAP="us"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
# HARDWARE
# MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
# MOD_BLACKLIST: Prevent udev from loading these modules
# MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
# NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
MOD_AUTOLOAD="yes"
#MOD_BLACKLIST=() #deprecated
MODULES=(3c59x atl1 mii slhc tulip snd-mixer-oss snd-pcm-oss snd-hwdep snd-page-alloc snd-pcm snd-timer snd snd-hda-intel soundcore)
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# NETWORKING
# HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
HOSTNAME="windsor"
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
# DHCP: Set your interface to "dhcp" (eth0="dhcp")
# Wireless: See network profiles below
eth0="eth0 172.20.20.5 netmask 255.255.255.0 broadcast 172.20.20.255"
eth1="eth1 172.20.20.10 netmask 255.255.255.0 broadcast 172.20.20.255"
eth2="eth2 172.20.20.15 netmask 255.255.255.0 broadcast 172.20.20.255"
INTERFACES=(lo eth1 eth0 eth2)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 172.20.20.1"
ROUTES=(gateway)
# Enable these network profiles at boot-up. These are only useful
# if you happen to need multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
# Network profiles are found in /etc/network.d
# This now requires the netcfg package
#NETWORKS=(main)
# DAEMONS
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
DAEMONS=(syslog-ng network netfs sshd crond)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
0.0.0.0 172.20.20.1 0.0.0.0 UG 0 0 0 eth1It sounds from Tomks post that it's now confirmed that I don't know what I'm doing... Putting all the nics on separate subnets would not be an issue, i was just being lazy and trying to use the existing dmz with no modifications. What's the best way to configure the extra nics? If I put them all on separate subnets, would I need to specify the other gateways in rc.conf?
Here's the output previously requested:
My traceroute [v0.72]
windsor (0.0.0.0) Wed Jun 4 14:55:30 2008
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. ???
2. ge-4-9-ur01.fremont.ca.sfba.comc 0.0% 18 9.4 10.4 7.3 19.4 3.4
3. pos-0-7-0-0-ar01.sfsutro.ca.sfba 0.0% 18 12.4 14.5 10.8 24.1 3.5
4. COMCAST-IP.edge1.SanJose1.Level3 0.0% 18 13.5 15.7 13.1 27.7 3.5
5. xe-10-1-0.edge1.SanJose1.Level3. 5.6% 18 14.8 17.6 12.2 40.6 7.6
6. vlan79.csw2.SanJose1.Level3.net 0.0% 18 23.3 21.8 13.3 27.9 4.0
7. ge-11-0.core1.SanJose1.Level3.ne 0.0% 18 14.6 16.2 12.4 30.3 4.7
8. vnsc-bak.sys.gtei.net 0.0% 18 14.8 17.0 12.2 36.0 5.7 -
Cisco asa- vpn established but cant ping
I am using 2 cisco asa 5505 routers, i have established vpn between them but i cant ping client internal or outside interface, client can ping my outside interface. Only configuration on client is basic easy vpn settings and interfaces, here is server part configuration on my side:
ASA Version 9.1(1)
hostname ciscoasa
enable password NuLKvvWGg.x9HEKO encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.1.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group iskon
ip address pppoe setroute
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside
subnet 10.1.2.0 255.255.255.0
object network outside
subnet 10.1.3.0 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
access-list 101 extended permit object-group DM_INLINE_PROTOCOL_1 10.1.2.0 255.255.255.0 10.1.3.0 255.255.255.0
access-list 102 extended permit object-group DM_INLINE_PROTOCOL_2 10.1.3.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list global_access extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit 10.1.3.0 255.255.255.0 echo-reply inside
icmp permit any inside
icmp permit any outside
icmp permit 10.1.3.0 255.255.255.0 echo-reply outside
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,any) source static outside outside destination static inside inside no-proxy-arp
object network obj_any
nat (inside,outside) dynamic interface
access-group global_access global
route inside 0.0.0.0 0.0.0.0 10.1.3.1 tunneled
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 10.1.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set mySET esp-3des esp-md5-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map DYN-MAP 5 set ikev1 transform-set mySET
crypto map MAP 60 ipsec-isakmp dynamic DYN-MAP
crypto map MAP interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
vpdn group iskon request dialout pppoe
vpdn group iskon localname *********
vpdn group iskon ppp authentication pap
vpdn username ***** password *****
dhcpd auto_config outside
dhcpd address 10.1.2.5-10.1.2.132 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy VPN internal
group-policy VPN attributes
split-tunnel-policy tunnelall
split-tunnel-network-list value 101
nem enable
username user password enq05bKrudsJMMBu encrypted privilege 15
username user attributes
vpn-group-policy VPN
vpn-session-timeout none
group-lock value VPN-TUNNEL
tunnel-group VPN-TUNNEL type remote-access
tunnel-group VPN-TUNNEL general-attributes
default-group-policy VPN
tunnel-group VPN-TUNNEL ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:3f2923b78a04ee8cfe9324e3e2733d78SOLVED!!! i just needed to configure nat here is configuration for any1 with same problem
: Saved
ASA Version 9.1(1)
hostname ciscoasa
enable password NuLKvvWGg.x9HEKO encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.1.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group iskon
ip address pppoe setroute
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network ladimirevci
subnet 10.1.2.0 255.255.255.0
object network lekenik
subnet 10.1.3.0 255.255.255.0
access-list 101 extended permit ip 10.1.2.0 255.255.255.0 10.1.3.0 255.255.255.0
access-list 101 extended permit ip object lekenik object ladimirevci
access-list 101 extended permit ip object ladimirevci object lekenik
access-list outside_access_in extended permit ip object ladimirevci object lekenik
access-list outside_access_in extended permit ip object lekenik object ladimirevci
access-list outside_access_in extended permit ip any any
access-list inside_access_in extended permit ip object ladimirevci object lekenik
access-list inside_access_in extended permit ip object lekenik object ladimirevci
access-list inside_access_in extended permit ip any any
access-list nonat extended permit ip 10.1.2.0 255.255.255.0 10.1.3.0 255.255.255.0
access-list 102 extended permit ip 10.1.3.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list global_access extended permit ip object lekenik object ladimirevci
access-list global_access extended permit ip object ladimirevci object lekenik
access-list global_access extended permit ip any any
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo-reply outside
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,any) source static ladimirevci ladimirevci destination static lekenik lekenik
object network obj_any
nat (inside,outside) dynamic interface dns
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group global_access global
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
http 10.1.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set mySET esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map DYN-MAP 5 set pfs
crypto dynamic-map DYN-MAP 5 set ikev1 transform-set mySET
crypto dynamic-map DYN-MAP 5 set reverse-route
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map MAP 60 ipsec-isakmp dynamic DYN-MAP
crypto map MAP interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpool policy
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh scopy enable
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
console timeout 0
management-access inside
vpdn group iskon request dialout pppoe
vpdn group iskon localname vivaindo@iskon-dsl
vpdn group iskon ppp authentication pap
vpdn username vivaindo@iskon-dsl password *****
dhcpd auto_config outside
dhcpd address 10.1.2.5-10.1.2.36 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev2 ssl-clientless
group-policy VPN internal
group-policy VPN attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-lock value VPN-TUNNEL
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 101
nem enable
username user password enq05bKrudsJMMBu encrypted privilege 15
username user attributes
vpn-group-policy VPN
group-lock value VPN-TUNNEL
tunnel-group VPN-TUNNEL type remote-access
tunnel-group VPN-TUNNEL general-attributes
default-group-policy VPN
tunnel-group VPN-TUNNEL ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:ddac35422ebbf57095be7a1d33b0b67d
: end
asdm image disk0:/asdm-712.bin
no asdm history enable -
Can't connect via Screen Share or Web Server, but can ping and ssh
Bit of an odd problem here.
My Mountain Lion Mac Pro (called "Trogdor" for convenience) is connected to my work university network. I can ping it from anywhere-- elsewhere on the network, from home behind a firewall. Can connect over ssh from everywhere. I can also connect to other computers (on the same network or at home behind a firewall) from Trogdor via ssh, Screen Sharing, etc.
But I can't Screen Share into Trogdor, and I can't connect to Trogdor's built-in web server, either system-wide (in /Library/WebServer) or for my username (~/Sites). (I can connect to the web server from Trogdor.)
Note that I can do both of these for other computers on the same network (same subnet, etc), so it's not a network issue. I can't do these from anywhere: same network or from home. I have this problem whether I use Trogdor's hostname or its IP address. (I can look up its hostname using the IP address with the "host" tool in Terminal, and vice versa.)
So it sounds like a port issue, right? Except I don't think I've ever messed with my port settings directly. How do I diagnose the problem? Should I scan my ports? Can I return port settings to default?
Thanks!
Message was edited by: supercresBit of an odd problem here.
My Mountain Lion Mac Pro (called "Trogdor" for convenience) is connected to my work university network. I can ping it from anywhere-- elsewhere on the network, from home behind a firewall. Can connect over ssh from everywhere. I can also connect to other computers (on the same network or at home behind a firewall) from Trogdor via ssh, Screen Sharing, etc.
But I can't Screen Share into Trogdor, and I can't connect to Trogdor's built-in web server, either system-wide (in /Library/WebServer) or for my username (~/Sites). (I can connect to the web server from Trogdor.)
Note that I can do both of these for other computers on the same network (same subnet, etc), so it's not a network issue. I can't do these from anywhere: same network or from home. I have this problem whether I use Trogdor's hostname or its IP address. (I can look up its hostname using the IP address with the "host" tool in Terminal, and vice versa.)
So it sounds like a port issue, right? Except I don't think I've ever messed with my port settings directly. How do I diagnose the problem? Should I scan my ports? Can I return port settings to default?
Thanks!
Message was edited by: supercres -
Can't see PC's on network, but can ping them, connect to server etc
Hi All
I'm experiencing something pretty bizarre.
I have a small network at my office. There are 3 PC's, and 2 Macs, one of them a Mac Mini running 10.6.5. All computers are set to the same workgroup. All the PCs can see all the Macs, no problem.
Yet my Mac Mini can (most of the time) only see the other Mac. (When I use Go > Network).
I can ping all the PC's from the Mac Mini. But they won't show up in the network view.
The annoying thing is sometimes I can see all the PC's (theres no pattern to it!) and I have connected to a printer on one of the PC's. With that particular PC, if I use 'Connect to Server' I get
'Select the volumes you want to mount on "packing-pc" but there are no volumes in the list.
Whats really bugging me is that sometimes all the pcs are there when I view the network, and sometimes they aren't.
ANyone got any ideas please? I'm pulling my hair out! I wanna ditch my PC at work but until I can print reliably (to the PC with the printer attached) I can't!
Thanks in anticipation!
MarkI'm wondering if this is connected?
http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/2c98eb8c- 8234-4060-b8a7-e484ca29df72 -
Can't connect but can ping & use AP Util
A couple issues:
TC shows up in finder, can ping it (static ip, as are all my ip's) and use the airport utility. It worked fine for a day or so, now with no changes, this is where I'm at. I get an error about it not existing. I've tried to 'connect As' even 'connect to server' in Finder trying names and ip - no joy.
TC is set up with only Ethernet (cable) WiFi is turned off. File sharing with accounts (all are OK) My MacBook Pro and Mini can't connect.
I find it odd that the Air Port utility connects to it just fine. Does it use the AFP or UDP/TCP?
I'm going to reboot the TC and see. But if I need to reboot it every day or so, its worthless to me.
Topology (another issue) is:
router/switch Gb --> switch 2 100b ---> TC
When I tried to make the TC be the middle (to keep a Gb network) it didn't work. (yes, I know about the uplink ports; even tried the standard ports)
(oh other kinda non issue: Printers don't show up in the AirPort utility, but remote 'puters print fine)
Message was edited by: MudSharkThis TC is going back. What a POS! Now it won't even connect to the LAN. Had it for less then a week and its been down more then up. NOT impressed.
-
Losing internet connection but can ping severs
Hi. Something weird has been happening with my powerbook the last month. Safari, mail and skype cant access the internet suddenly. Rebooting my router does nothing, neither does logging out/in, but rebooting the pb resolves. When this happens I can still ping www addresses and ip addresses but all apps seem to lose connectivity. Anyone got a suggestion?
This resolved itself. Maybe it was a problem with my ISP
-
Arch router / connection share dns lookup works, but no ping [solved]
I lost some config and forgot how to set this up. I have a dual nic arch box with some clients behind it. dnsmasq serves dhcp and dns on the LAN side (192.168.10.0/24). WAN port of arch box (192.168.1.201) talks to actual modem (192.168.1.1).
router
root@router ~ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:25:90:95:08:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.201/24 brd 192.168.1.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::225:90ff:fe95:840/64 scope link
valid_lft forever preferred_lft forever
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:25:90:95:08:41 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 brd 192.168.10.255 scope global enp3s0
valid_lft forever preferred_lft forever
inet6 fe80::225:90ff:fe95:841/64 scope link
valid_lft forever preferred_lft forever
root@router ~ # ip route
default via 192.168.1.1 dev enp2s0
192.168.1.0/24 dev enp2s0 proto kernel scope link src 192.168.1.201
192.168.10.0/24 dev enp3s0 proto kernel scope link src 192.168.10.1
root@router ~ # sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
root@router~ # ping archlinux.org
PING archlinux.org (66.211.214.131) 56(84) bytes of data.
64 bytes from gudrun.archlinux.org (66.211.214.131): icmp_seq=1 ttl=47 time=70.0 ms
64 bytes from gudrun.archlinux.org (66.211.214.131): icmp_seq=2 ttl=47 time=70.0 ms
client
root@lucid-desktop:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: can0: <NOARP> mtu 16 qdisc noop state DOWN qlen 64
link/can
3: can1: <NOARP> mtu 16 qdisc noop state DOWN qlen 64
link/can
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:1f:f2:09:19:89 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.101/24 brd 192.168.10.255 scope global eth0
root@lucid-desktop:~# ip route
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.101
169.254.0.0/16 dev eth0 scope link metric 1000
default via 192.168.10.1 dev eth0 metric 100
root@lucid-desktop:~# nslookup archlinux.org
Server: 192.168.10.1
Address: 192.168.10.1#53
Non-authoritative answer:
Name: archlinux.org
Address: 66.211.214.131
root@lucid-desktop:~# ping archlinux.org
PING archlinux.org (66.211.214.131) 56(84) bytes of data.
*crickets*
root@lucid-desktop:~# wget archlinux.org
--2013-04-02 07:51:19-- http://archlinux.org/
Resolving archlinux.org... 66.211.214.131
Connecting to archlinux.org|66.211.214.131|:80...
Do I need iptables on? This is all with it off.
edit: yup
iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
Last edited by tladuke (2013-06-06 19:37:44)The problem has been resolved. It was the line provider that made a mistake bij giving the wrong line speed at the second pvc.
After they made the correct changes the connection was made between the 2 routers over the IPVPN
Router config Check
Router firmware Check
First pvc Check
Second pvc but now check
Ipvpn and data flow check
Connection has ben made check -
HP officejet 6600 connected to wifi but no ping
Hi we have an officejet 6600 printer installed with the latest firmware. Since last weekend we cannot ping the printer any more. Not from mac (without firewall software) nor from pc. The printer is connected to the wireless network. Het gets an IP address from DHCP, but cannot be pinged.
Unplugging power cables and restarting doesn't help. Only the HP print and scan software detects the printer on the network. Connecting to it with the standard software of the firmware installer doesn't work.
Can you help me with resolving this problem ?Can you open the printer's EWS in a browser? Type the printer's IP into a browser and see if the printer page comes up. (if you are using IE you must prefix the IP address with http://). The printer and scan doctor will sometimes find the driver of the printer and show that in the enumeration list. That doesn't necessarily mean it found the printer connected to the network. Did you get to the "Fix Printing" "Fix Scanning" screen with the Print and Scan Doctor? If not, then the printer is probably not connected to the network.
Mike
Say "Thanks" by clicking the Kudos Star in the post that helped you.
I am an HP employee. -
RV082 to SA540 tunnel but no ping - HELP
I'll try my best to explani and give details.
SA540 v.2.1.71 at host
RV082 v4.2.1.02 at remote site.
Trying to setup tunnel between the 2. WHEN this works, I'll have 20 remote sites tunneling into the SA540 host.
SA540:
SA540 says site to site vpn is up and IPsec SA Established.
192.168.1.0
Gateway Policies
Client Policies
Exchange Mode:
Main
Aggressive
ID Type:
Local WAN IP
FQDN
Local WAN ID:
Local WAN IP
local.com
Remote WAN ID:
N/A
remote.com
Encryption Algorithm:
AES-128
AES-128
Authentication Algorithm:
SHA-1
SHA-1
Authentication Method:
Pre-shared Key
Pre-shared Key
Key-Group:
DH-Group 2 (1024 bit)
DH-Group 2 (1024 bit)
Life Time:
8 hours
8 hours
VPN Wizard default values for VPN:
Encryption Algorithm:
AES-128
Authentication Algorithm:
SHA-1
Life Time:
1 hour
PFS Key Group:
DH-Group 2(1024 bit)
NETBIOS:
Enabled (Gateway Policies)
Disabled (Client Policies)
WAN Security Checks
Block Ping to WAN interface
Enable Stealth Mode
Block TCP flood
RV082:
RV082 says gateway to gateway is Connected.
192.168.2.0
same settings w/ Aggressive, Keep Alive and NAT Traversal checked.
Firewall Setting Status
SPI (Stateful Packet Inspection) :
On
DoS (Denial of Service) :
On
Block WAN Request :
Off
Remote Management :
On
FROM RV082 diagnostics on router, I cannot ping 192.168.1.1 router or 192.168.1.70 server inside host.
FROM SA540 host diagnostics, I CAN ping 192.168.2.1 when I check Ping through VPN tunnel, but I canNOT ping an XP computer at 192.168.2.100 which has firewall turned off.
What am I missing?
Goal is to establish full tunneling and computer/server access between sites.
Any help is greatly appreciated.I have added the permit any any on the outside and vpn interfaces of both ASAs. I also change the source and destination of the nat exempt rule to any any.
-
RV082 to SA540 vpn but no ping, something wrong
I'll try my best to explani and give details.
SA540 v.2.1.71 at host
RV082 v4.2.1.02 at remote site.
Trying to setup tunnel between the 2. WHEN this works, I'll have 20 remote sites tunneling into the SA540 host.
SA540:
SA540 says site to site vpn is up and IPsec SA Established.
192.168.1.0
Gateway Policies
Client Policies
Exchange Mode:
Main
Aggressive
ID Type:
Local WAN IP
FQDN
Local WAN ID:
Local WAN IP
local.com
Remote WAN ID:
N/A
remote.com
Encryption Algorithm:
AES-128
AES-128
Authentication Algorithm:
SHA-1
SHA-1
Authentication Method:
Pre-shared Key
Pre-shared Key
Key-Group:
DH-Group 2 (1024 bit)
DH-Group 2 (1024 bit)
Life Time:
8 hours
8 hours
VPN Wizard default values for VPN:
Encryption Algorithm:
AES-128
Authentication Algorithm:
SHA-1
Life Time:
1 hour
PFS Key Group:
DH-Group 2(1024 bit)
NETBIOS:
Enabled (Gateway Policies)
Disabled (Client Policies)
WAN Security Checks
Block Ping to WAN interface
Enable Stealth Mode
Block TCP flood
RV082:
RV082 says gateway to gateway is Connected.
192.168.2.0
same settings w/ Aggressive, Keep Alive and NAT Traversal checked.
Firewall Setting Status
SPI (Stateful Packet Inspection) :
On
DoS (Denial of Service) :
On
Block WAN Request :
Off
Remote Management :
On
FROM RV082 diagnostics on router, I cannot ping 192.168.1.1 router or 192.168.1.70 server inside host.
FROM SA540 host diagnostics, I CAN ping 192.168.2.1 when I check Ping through VPN tunnel, but I canNOT ping an XP computer at 192.168.2.100 which has firewall turned off.
What am I missing?
Goal is to establish full tunneling and computer/server access between sites.
Any help is greatly appreciated.I have added the permit any any on the outside and vpn interfaces of both ASAs. I also change the source and destination of the nat exempt rule to any any.
Maybe you are looking for
-
How can i change my background color in "albums" mode back to black in iTunes 11
how can i change my background color in albums mode back to black in iTunes 11?
-
How can I create the recovery discs for my AIO computer? (For Windows 7 systems)
Q.: How can I create the recovery discs for my MSI laptop/AIO computer? (For Windows 7 systems) A.: 1. Locate the "MSI BurnRecovery" shortcut on your desktop or start menu. Run this program. (Note: If UAC is enabled, press "Yes" to allow the program
-
IMovie 09 Shuts Down when deleting slide or song
IMovie is not letting me delete a slide or song any more and when I try to do so it shuts down IMovie 09
-
Transferring Organizational Model
After the organizational model has been generated in CRM, can we transfer the sales structure to ECC (using delta upload), if at all if we modify the generated sales structure in CRM? Also if there are any changes made in ECC sales structure after th
-
Tracing error from FM 'CSAP_MAT_BOM_CREATE'
I used this FM name 'CSAP_MAT_BOM_CREATE' to create BOM. Now I want to find out the errors in partular line. I mean that if I have error in line number 5,11,17 and 25 then I want trac them and show them. How can I do that? Regards, Subhasish