Traceroute but no Ping

I'm having trouble with my MBA with internet connection to any application. Using the Network utlity it will run a Traceroute, but cannot Ping any address.  The Netstat shows it is connected to a foreign address, but nothing gets passed to any of my applications.  I've turned off the system firewalland remove other apps that might interfere, to no avail.  I just found a Flash virus called Games.exe and am working to get rid of it.  Any other ideas what might be causing this problem?
Thanks!

How are you connecting to the Internet?
Who is your ISP?
Give this a try. Open Network System Preferences, select your connection method (Ethernet or WiFi), then click on the Advanced button.
Click on the DNS tab.
Note what is listed in the DNS Servers: list. It should be a grayed out address of your router IP address.
If it is not, please post what it says.
If it is just your router address, then click the Add button ( + ) and enter these servers:
208.67.222.222 and 208.67.220.220
Then, try to connect to the internet.
EDIT: sorry, I missed this before posting:
I've connected via a USB dongle directly to the cellular network and via my wireless network at home.
If that is the case, it is very likely that the MacBook Air is not getting the correct DNS servers passed to it from the router. Adding the OpenDNS servers as I described above should help.

Similar Messages

  • RV220W IPsec tunnel connected, but no ping is working

    Hello,
    I have a problem with my RV220w router and IPsec connections.
    The tunnel is connected, but no ping is working. I have not changed any Settings on the Client Site or Router Site. The last succsessful tunnel wit this configuration is a half year ago.
    The local and remote network have different ip-address.
    I have both firmware versions 1.0.4.17 and 1.0.5.8 tested.
    A tunnel over PPTP is working fine. The ping works successful.
    Has anyone an idea?
    kind regards
    Martin Schubert
    Configuration:
    Client Software:
    - Windows 7 64Bit
    - ShrewSoft VPNClient 2.2.2
    n:version:4
    n:network-ike-port:500
    n:network-mtu-size:1380
    n:client-addr-auto:1
    n:network-natt-port:4500
    n:network-natt-rate:15
    n:network-frag-size:540
    n:network-dpd-enable:0
    n:client-banner-enable:1
    n:network-notify-enable:1
    n:client-dns-used:1
    n:client-dns-auto:1
    n:client-dns-suffix-auto:1
    n:client-splitdns-used:1
    n:client-splitdns-auto:1
    n:client-wins-used:0
    n:client-wins-auto:1
    n:phase1-dhgroup:5
    n:phase1-life-secs:86400
    n:phase1-life-kbytes:0
    n:vendor-chkpt-enable:0
    n:phase2-life-secs:3600
    n:phase2-life-kbytes:0
    n:policy-nailed:0
    n:policy-list-auto:0
    n:phase1-keylen:0
    n:phase2-keylen:0
    s:client-auto-mode:pull
    s:client-iface:direct
    s:network-natt-mode:enable
    s:network-frag-mode:enable
    s:auth-method:mutual-psk-xauth
    s:ident-client-type:fqdn
    s:ident-server-type:fqdn
    s:ident-client-data:remote.com
    s:ident-server-data:local.com
    s:phase1-exchange:aggressive
    s:phase1-cipher:aes
    s:phase1-hash:sha2-256
    s:phase2-transform:esp-aes
    s:phase2-hmac:sha2-256
    s:ipcomp-transform:disabled
    n:phase2-pfsgroup:5
    s:policy-level:auto
    s:policy-list-include:192.168.1.0
    Router:
    IpsecIKEPolicy[1]["Direction"] = "1"
    IpsecIKEPolicy[1]["EncryptionAlgorithm"] = "5"
    IpsecIKEPolicy[1]["LocalIdentifier"] = "local.com"
    IpsecIKEPolicy[1]["ExchangeMode"] = "1"
    IpsecIKEPolicy[1]["RemoteIdentifier"] = "remote.com"
    IpsecIKEPolicy[1]["Presharedkey"] = "is secret"
    IpsecIKEPolicy[1]["IKEPolicyName"] = "abc"
    IpsecIKEPolicy[1]["LocalIdentifierType"] = "1"
    IpsecIKEPolicy[1]["SALifeTime"] = "28800"
    IpsecIKEPolicy[1]["DPDDetectionPeriod"] = "10"
    IpsecIKEPolicy[1]["ModeConfigStatus"] = "0"
    IpsecIKEPolicy[1]["XAUTHType"] = "2"
    IpsecIKEPolicy[1]["DPDFailureCount"] = "3"
    IpsecIKEPolicy[1]["AuthAlgorithm"] = "3"
    IpsecIKEPolicy[1]["AuthType"] = "0"
    IpsecIKEPolicy[1]["DHGroup"] = "5"
    IpsecIKEPolicy[1]["DPD"] = "0"
    IpsecIKEPolicy[1]["_ROWID_"] = "1"
    IpsecIKEPolicy[1]["RemoteIdentifierType"] = "1"
    IpsecVPNPolicy[1]["EnableKeepAlive"] = "0"
    IpsecVPNPolicy[1]["LocalSubnetMask"] = "255.255.255.0"
    IpsecVPNPolicy[1]["EncryptionAlgorithm"] = "5"
    IpsecVPNPolicy[1]["AuthAlgorithm"] = "3"
    IpsecVPNPolicy[1]["RemoteNetworkType"] = "0"
    IpsecVPNPolicy[1]["LocalGateway"] = "0"
    IpsecVPNPolicy[1]["RVGStatus"] = "0"
    IpsecVPNPolicy[1]["VPNPolicyName"] = "abc"
    IpsecVPNPolicy[1]["LocalStartAddress"] = "192.168.1.0"
    IpsecVPNPolicy[1]["Status"] = "1"
    IpsecVPNPolicy[1]["Netbios"] = "0"
    IpsecVPNPolicy[1]["AutoPolicyType"] = "1"
    IpsecVPNPolicy[1]["KeepAlivePeriod"] = "10"
    IpsecVPNPolicy[1]["PFSKeyGroup"] = "5"
    IpsecVPNPolicy[1]["SPIOut"] = "0x"
    IpsecVPNPolicy[1]["KeepAliveFailureCount"] = "3"
    IpsecVPNPolicy[1]["LocalNetworkType"] = "3"
    IpsecVPNPolicy[1]["SALifeTime"] = "3600"
    IpsecVPNPolicy[1]["IKEPolicyName"] = "abc"
    IpsecVPNPolicy[1]["FailbackTime"] = "30"
    IpsecVPNPolicy[1]["RemoteEndPoint"] = "remote.com"
    IpsecVPNPolicy[1]["NodeId"] = "1"
    IpsecVPNPolicy[1]["SALifeTimeType"] = "0"
    IpsecVPNPolicy[1]["PolicyType"] = "1"
    IpsecVPNPolicy[1]["SPIIn"] = "0x"
    IpsecVPNPolicy[1]["RemoteEndPointType"] = "1"
    IpsecVPNPolicy[1]["_ROWID_"] = "1"
    IpsecVPNPolicy[1]["Rollover"] = "0"

    At the glance,
    First, what are your netmasks for those networks? I suppose they are 255.255.255.0.
    Second, check your Remote Security Group and Local Security Group on B and C for their tunnel. Maybe permutation?
    Third, check Routing table (Setup->More->Advanced Routing then at the bottom Show Routing Table).
    Should be something like - on B:
    10.0.0.0
    255.255.255.0
    GW for B
    10
    ipsec0
    and on C:
    10.0.1.0
    255.255.255.0
    GW  for C
    10
    ipsec0

  • Extend Wireless Network using a Telstra technicolor Gateway wireless Router to Airpot extreme but Airport will only except join not extend and I can not get a network on the Airpor Extreme ethernet ports but can ping Airport extreme from Technicolor Rout/

    Extend Wireless Network using a Telstra technicolor Gateway wireless Router to Airpot extreme but Airport will only except "join a wireless network (which it does) not "extend a wireless network" (Led turns yellow and I can not get a network working on the Airpor Extreme ethernet ports but can ping Airport extreme from Technicolor Router.
    Airport gets it address DHCP.

    Funny how I can ping the Extreme but the Hard Ethernet ports dont seem to work correctly.
    When the AirPort Extreme is configured to "Join" a wireless network, the Ethernet ports are not enabled.
    Oddly, the AirPort Express has a special feature that will allow it to to "Join" virtually any wireless network.....and the Ethernet port can be enabled. So, an Express would work for your purpose to provide an Ethernet connection to the media player. This assumes that the Express is located where it can receive a strong wireless signal from your main router.
    Note that the Express will not provide any additional wireless coverage when it "Joins".

  • Cant Ping UC320W from 881 but can ping 881 from UC320w

    Hi,
    Wondering if soembody could help me here. I have a uc320 and router directly connected and I can ping the router from the 320 but cant ping the other way. As a result I only have SIP traffic working outbound but cant get and calls inbound. Im missing something here but cant figure out what
    Any ideas ?
    Thanks a million
    J-P

    Hi,
    Thanks for the response. The UC320 has the WAN Interface is statically assigned 192.160.160.2/30 and the gateway is
    192.160.160.1 there is no CLI on the 320 so cant provide any config. I can ping the 881 from the 320 no problem but it wont work the other way. Evrything looks like it up and running from show commands etc.
    The config of the 881 is below  have changed the wan address's etc for obviuos reasons -
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname _Router
    boot-start-marker
    boot-end-marker
    logging message-counter syslog
    no aaa new-model
    dot11 syslog
    ip source-route
    ip cef
    ip name-server 83.147.160.2
    ip name-server 83.147.160.130
    no ipv6 cef
    multilink bundle-name authenticated
    archive
    log config
      hidekeys
    class-map match-any VOIP
    match protocol rtp audio
    class-map match-any WEB_TRAFFIC
    match protocol http
    match protocol ftp
    match protocol secure-http
    match protocol secure-ftp
    class-map match-any VIDEO
    match protocol rtp video
    policy-map QOS_POLICY
    class VOIP
        priority percent 15
      set dscp ef
    class WEB_TRAFFIC
        bandwidth percent 30
         random-detect
      set dscp af32
    class VIDEO
        bandwidth percent 20
      set dscp cs4
    class class-default
        bandwidth percent 30
         random-detect
      set dscp default
    interface FastEthernet0
    switchport trunk native vlan 100
    switchport mode trunk
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    switchport mode trunk
    interface FastEthernet4
    bandwidth 5000
    no ip address
    speed 100
    full-duplex
    service-policy output QOS_POLICY
    interface FastEthernet4.201
    description Voice_VLAN
    encapsulation dot1Q 201
    ip address 172.18.24.x 255.255.255.252
    ip nat outside
    ip virtual-reassembly
    interface FastEthernet4.202
    description DATA_VLAN
    encapsulation dot1Q 202
    ip address 92.51.19.x 255.255.255.252
    ip nat outside
    ip virtual-reassembly
    interface Vlan1
    ip address 192.168.160.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    interface Vlan100
    ip address 192.160.160.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 92.51.19.X
    ip route 172.18.24.x 255.255.255.255 172.18.24.x
    no ip http server
    no ip http secure-server
    ip nat sip-sbc
    ip nat inside source static udp 192.160.160.2 5060 interface FastEthernet4.201 5060
    ip nat inside source list 1 interface FastEthernet4.201 overload
    ip nat inside source list 2 interface FastEthernet4.202 overload
    access-list 1 permit 192.160.160.0 0.0.0.255
    access-list 2 permit 192.168.1.0 0.0.0.255
    banner login 
    Thanks again
    J-P

  • Cannot ping Real IP, but can ping Virtual IP, what is the issue?

    Hi
    I have load balancing for some servers on CSM, i can ping to VIP but cannot ping to Real IP of servers behind CSM. I need it for some testing and management pupose, Can anyone help to spot the issue? thanx
    Topology
    MSFC--FWSM--CSM--servers

    in routed mode, by default, the CSM does not allow client to connect directly to the servers.
    To allow this traffic you need to create a vserver for the subnet with a predictor forward serverfarm
    ie:
    serverfarm route
    no nat server
    predictor forward
    vserver vlanX
    vip x.x.x.0 /24 any
    serverfarm route
    inservice
    Gilles.

  • Multiple nics but no ping

    Hello-
    I suck at Linux and networking, especially when someone takes away all the extras....  That said I really like Arch because I'm finally learning what I really need (or am missing) and what it's used for.  I'm currently running Arch64 in a box with 3 nics as a host for VirtualBox.  All of the nics appear to setup with their static IP correctly and even respond to pings from outside.  Unfortunately, when I try to test connectivity with the following command, I just get errors:
    ping 4.2.2.2 -I eth2
    eth1 is my default for the system and I want eth0 and eth2 assigned to the virtual servers using 'internal networking'.  But I can't seem to get anything through eth0 or eth2.  Here's my rc.conf file followed by 'route' output, not sure what else I can provide to help.  Thanks in advance!
    -Jeff
    # /etc/rc.conf - Main Configuration for Arch Linux
    # LOCALIZATION
    # LOCALE: available languages can be listed with the 'locale -a' command
    # HARDWARECLOCK: set to "UTC" or "localtime"
    # USEDIRECTISA: use direct I/O requests instead of /dev/rtc for hwclock
    # TIMEZONE: timezones are found in /usr/share/zoneinfo
    # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
    # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
    # CONSOLEMAP: found in /usr/share/kbd/consoletrans
    # USECOLOR: use ANSI color sequences in startup messages
    LOCALE="en_US.utf8"
    HARDWARECLOCK="localtime"
    USEDIRECTISA="yes"
    TIMEZONE="Canada/Pacific"
    KEYMAP="us"
    CONSOLEFONT=
    CONSOLEMAP=
    USECOLOR="yes"
    # HARDWARE
    # MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
    # MOD_BLACKLIST: Prevent udev from loading these modules
    # MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
    # NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
    MOD_AUTOLOAD="yes"
    #MOD_BLACKLIST=() #deprecated
    MODULES=(3c59x atl1 mii slhc tulip snd-mixer-oss snd-pcm-oss snd-hwdep snd-page-alloc snd-pcm snd-timer snd snd-hda-intel soundcore)
    # Scan for LVM volume groups at startup, required if you use LVM
    USELVM="no"
    # NETWORKING
    # HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
    HOSTNAME="windsor"
    # Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
    # Interfaces to start at boot-up (in this order)
    # Declare each interface then list in INTERFACES
    #   - prefix an entry in INTERFACES with a ! to disable it
    #   - no hyphens in your interface names - Bash doesn't like it
    # DHCP:     Set your interface to "dhcp" (eth0="dhcp")
    # Wireless: See network profiles below
    eth0="eth0 172.20.20.5 netmask 255.255.255.0 broadcast 172.20.20.255"
    eth1="eth1 172.20.20.10 netmask 255.255.255.0 broadcast 172.20.20.255"
    eth2="eth2 172.20.20.15 netmask 255.255.255.0 broadcast 172.20.20.255"
    INTERFACES=(lo eth1 eth0 eth2)
    # Routes to start at boot-up (in this order)
    # Declare each route then list in ROUTES
    #   - prefix an entry in ROUTES with a ! to disable it
    gateway="default gw 172.20.20.1"
    ROUTES=(gateway)
    # Enable these network profiles at boot-up.  These are only useful
    # if you happen to need multiple network configurations (ie, laptop users)
    #   - set to 'menu' to present a menu during boot-up (dialog package required)
    #   - prefix an entry with a ! to disable it
    # Network profiles are found in /etc/network.d
    # This now requires the netcfg package
    #NETWORKS=(main)
    # DAEMONS
    # Daemons to start at boot-up (in this order)
    #   - prefix a daemon with a ! to disable it
    #   - prefix a daemon with a @ to start it up in the background
    DAEMONS=(syslog-ng network netfs sshd crond)
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    172.20.20.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
    172.20.20.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
    172.20.20.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
    0.0.0.0         172.20.20.1     0.0.0.0         UG    0      0        0 eth1

    It sounds from Tomks post that it's now confirmed that I don't know what I'm doing...  Putting all the nics on separate subnets would not be an issue, i was just being lazy and trying to use the existing dmz with no modifications.  What's the best way to configure the extra nics?  If I put them all on separate subnets, would I need to specify the other gateways in rc.conf?
    Here's the output previously requested:
    My traceroute  [v0.72]
    windsor (0.0.0.0)                                      Wed Jun  4 14:55:30 2008
    Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                           Packets               Pings
    Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
    1. ???
    2. ge-4-9-ur01.fremont.ca.sfba.comc  0.0%    18    9.4  10.4   7.3  19.4   3.4
    3. pos-0-7-0-0-ar01.sfsutro.ca.sfba  0.0%    18   12.4  14.5  10.8  24.1   3.5
    4. COMCAST-IP.edge1.SanJose1.Level3  0.0%    18   13.5  15.7  13.1  27.7   3.5
    5. xe-10-1-0.edge1.SanJose1.Level3.  5.6%    18   14.8  17.6  12.2  40.6   7.6
    6. vlan79.csw2.SanJose1.Level3.net   0.0%    18   23.3  21.8  13.3  27.9   4.0
    7. ge-11-0.core1.SanJose1.Level3.ne  0.0%    18   14.6  16.2  12.4  30.3   4.7
    8. vnsc-bak.sys.gtei.net             0.0%    18   14.8  17.0  12.2  36.0   5.7

  • Cisco asa- vpn established but cant ping

    I am using 2 cisco asa 5505 routers, i have established vpn between them but i cant ping client internal or outside interface, client can ping my outside interface. Only configuration on client is basic easy vpn settings and interfaces, here is server part configuration on my side:
    ASA Version 9.1(1)
    hostname ciscoasa
    enable password NuLKvvWGg.x9HEKO encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.1.2.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group iskon
    ip address pppoe setroute
    ftp mode passive
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network inside
    subnet 10.1.2.0 255.255.255.0
    object network outside
    subnet 10.1.3.0 255.255.255.0
    object-group protocol DM_INLINE_PROTOCOL_1
    protocol-object ip
    protocol-object icmp
    protocol-object udp
    protocol-object tcp
    object-group protocol DM_INLINE_PROTOCOL_2
    protocol-object ip
    protocol-object icmp
    protocol-object udp
    protocol-object tcp
    access-list 101 extended permit object-group DM_INLINE_PROTOCOL_1 10.1.2.0 255.255.255.0 10.1.3.0 255.255.255.0
    access-list 102 extended permit object-group DM_INLINE_PROTOCOL_2 10.1.3.0 255.255.255.0 10.1.2.0 255.255.255.0
    access-list global_access extended permit ip any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit 10.1.3.0 255.255.255.0 echo-reply inside
    icmp permit any inside
    icmp permit any outside
    icmp permit 10.1.3.0 255.255.255.0 echo-reply outside
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (any,any) source static outside outside destination static inside inside no-proxy-arp
    object network obj_any
    nat (inside,outside) dynamic interface
    access-group global_access global
    route inside 0.0.0.0 0.0.0.0 10.1.3.1 tunneled
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 10.1.2.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec ikev1 transform-set mySET esp-3des esp-md5-hmac
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map DYN-MAP 5 set ikev1 transform-set mySET
    crypto map MAP 60 ipsec-isakmp dynamic DYN-MAP
    crypto map MAP interface outside
    crypto ca trustpool policy
    crypto ikev1 enable outside
    crypto ikev1 policy 1
    authentication pre-share
    encryption des
    hash md5
    group 2
    lifetime 86400
    crypto ikev1 policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    management-access inside
    vpdn group iskon request dialout pppoe
    vpdn group iskon localname *********
    vpdn group iskon ppp authentication pap
    vpdn username ***** password *****
    dhcpd auto_config outside
    dhcpd address 10.1.2.5-10.1.2.132 inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    group-policy VPN internal
    group-policy VPN attributes
    split-tunnel-policy tunnelall
    split-tunnel-network-list value 101
    nem enable
    username user password enq05bKrudsJMMBu encrypted privilege 15
    username user attributes
    vpn-group-policy VPN
    vpn-session-timeout none
    group-lock value VPN-TUNNEL
    tunnel-group VPN-TUNNEL type remote-access
    tunnel-group VPN-TUNNEL general-attributes
    default-group-policy VPN
    tunnel-group VPN-TUNNEL ipsec-attributes
    ikev1 pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect ip-options
      inspect icmp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:3f2923b78a04ee8cfe9324e3e2733d78

    SOLVED!!! i just needed to configure nat here is configuration for any1 with same problem
    : Saved
    ASA Version 9.1(1)
    hostname ciscoasa
    enable password NuLKvvWGg.x9HEKO encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.1.2.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group iskon
    ip address pppoe setroute
    ftp mode passive
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network ladimirevci
    subnet 10.1.2.0 255.255.255.0
    object network lekenik
    subnet 10.1.3.0 255.255.255.0
    access-list 101 extended permit ip 10.1.2.0 255.255.255.0 10.1.3.0 255.255.255.0
    access-list 101 extended permit ip object lekenik object ladimirevci
    access-list 101 extended permit ip object ladimirevci object lekenik
    access-list outside_access_in extended permit ip object ladimirevci object lekenik
    access-list outside_access_in extended permit ip object lekenik object ladimirevci
    access-list outside_access_in extended permit ip any any
    access-list inside_access_in extended permit ip object ladimirevci object lekenik
    access-list inside_access_in extended permit ip object lekenik object ladimirevci
    access-list inside_access_in extended permit ip any any
    access-list nonat extended permit ip 10.1.2.0 255.255.255.0 10.1.3.0 255.255.255.0
    access-list 102 extended permit ip 10.1.3.0 255.255.255.0 10.1.2.0 255.255.255.0
    access-list global_access extended permit ip object lekenik object ladimirevci
    access-list global_access extended permit ip object ladimirevci object lekenik
    access-list global_access extended permit ip any any
    pager lines 24
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    icmp permit any echo-reply outside
    asdm image disk0:/asdm-712.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (any,any) source static ladimirevci ladimirevci destination static lekenik lekenik
    object network obj_any
    nat (inside,outside) dynamic interface dns
    access-group inside_access_in in interface inside
    access-group outside_access_in in interface outside
    access-group global_access global
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 0.0.0.0 0.0.0.0 inside
    http 10.1.2.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    no sysopt connection permit-vpn
    crypto ipsec ikev1 transform-set mySET esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map DYN-MAP 5 set pfs
    crypto dynamic-map DYN-MAP 5 set ikev1 transform-set mySET
    crypto dynamic-map DYN-MAP 5 set reverse-route
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
    crypto map MAP 60 ipsec-isakmp dynamic DYN-MAP
    crypto map MAP interface outside
    crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map inside_map interface inside
    crypto ca trustpool policy
    crypto ikev1 enable inside
    crypto ikev1 enable outside
    crypto ikev1 policy 1
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 5
    ssh scopy enable
    ssh 0.0.0.0 0.0.0.0 inside
    ssh timeout 60
    console timeout 0
    management-access inside
    vpdn group iskon request dialout pppoe
    vpdn group iskon localname vivaindo@iskon-dsl
    vpdn group iskon ppp authentication pap
    vpdn username vivaindo@iskon-dsl password *****
    dhcpd auto_config outside
    dhcpd address 10.1.2.5-10.1.2.36 inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ssl encryption rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
    group-policy DfltGrpPolicy attributes
    vpn-tunnel-protocol ikev2 ssl-clientless
    group-policy VPN internal
    group-policy VPN attributes
    vpn-tunnel-protocol ikev1 l2tp-ipsec
    group-lock value VPN-TUNNEL
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value 101
    nem enable
    username user password enq05bKrudsJMMBu encrypted privilege 15
    username user attributes
    vpn-group-policy VPN
    group-lock value VPN-TUNNEL
    tunnel-group VPN-TUNNEL type remote-access
    tunnel-group VPN-TUNNEL general-attributes
    default-group-policy VPN
    tunnel-group VPN-TUNNEL ipsec-attributes
    ikev1 pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
      inspect icmp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:ddac35422ebbf57095be7a1d33b0b67d
    : end
    asdm image disk0:/asdm-712.bin
    no asdm history enable

  • Can't connect via Screen Share or Web Server, but can ping and ssh

    Bit of an odd problem here.
    My Mountain Lion Mac Pro (called "Trogdor" for convenience) is connected to my work university network. I can ping it from anywhere-- elsewhere on the network, from home behind a firewall. Can connect over ssh from everywhere. I can also connect to other computers (on the same network or at home behind a firewall) from Trogdor via ssh, Screen Sharing, etc.
    But I can't Screen Share into Trogdor, and I can't connect to Trogdor's built-in web server, either system-wide (in /Library/WebServer) or for my username (~/Sites). (I can connect to the web server from Trogdor.)
    Note that I can do both of these for other computers on the same network (same subnet, etc), so it's not a network issue. I can't do these from anywhere: same network or from home. I have this problem whether I use Trogdor's hostname or its IP address. (I can look up its hostname using the IP address with the "host" tool in Terminal, and vice versa.)
    So it sounds like a port issue, right? Except I don't think I've ever messed with my port settings directly. How do I diagnose the problem? Should I scan my ports? Can I return port settings to default?
    Thanks!
    Message was edited by: supercres

    Bit of an odd problem here.
    My Mountain Lion Mac Pro (called "Trogdor" for convenience) is connected to my work university network. I can ping it from anywhere-- elsewhere on the network, from home behind a firewall. Can connect over ssh from everywhere. I can also connect to other computers (on the same network or at home behind a firewall) from Trogdor via ssh, Screen Sharing, etc.
    But I can't Screen Share into Trogdor, and I can't connect to Trogdor's built-in web server, either system-wide (in /Library/WebServer) or for my username (~/Sites). (I can connect to the web server from Trogdor.)
    Note that I can do both of these for other computers on the same network (same subnet, etc), so it's not a network issue. I can't do these from anywhere: same network or from home. I have this problem whether I use Trogdor's hostname or its IP address. (I can look up its hostname using the IP address with the "host" tool in Terminal, and vice versa.)
    So it sounds like a port issue, right? Except I don't think I've ever messed with my port settings directly. How do I diagnose the problem? Should I scan my ports? Can I return port settings to default?
    Thanks!
    Message was edited by: supercres

  • Can't see PC's on network, but can ping them, connect to server etc

    Hi All
    I'm experiencing something pretty bizarre.
    I have a small network at my office. There are 3 PC's, and 2 Macs, one of them a Mac Mini running 10.6.5. All computers are set to the same workgroup. All the PCs can see all the Macs, no problem.
    Yet my Mac Mini can (most of the time) only see the other Mac. (When I use Go > Network).
    I can ping all the PC's from the Mac Mini. But they won't show up in the network view.
    The annoying thing is sometimes I can see all the PC's (theres no pattern to it!) and I have connected to a printer on one of the PC's. With that particular PC, if I use 'Connect to Server' I get
    'Select the volumes you want to mount on "packing-pc" but there are no volumes in the list.
    Whats really bugging me is that sometimes all the pcs are there when I view the network, and sometimes they aren't.
    ANyone got any ideas please? I'm pulling my hair out! I wanna ditch my PC at work but until I can print reliably (to the PC with the printer attached) I can't!
    Thanks in anticipation!
    Mark

    I'm wondering if this is connected?
    http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/2c98eb8c- 8234-4060-b8a7-e484ca29df72

  • Can't connect but can ping & use AP Util

    A couple issues:
    TC shows up in finder, can ping it (static ip, as are all my ip's) and use the airport utility. It worked fine for a day or so, now with no changes, this is where I'm at. I get an error about it not existing. I've tried to 'connect As' even 'connect to server' in Finder trying names and ip - no joy.
    TC is set up with only Ethernet (cable) WiFi is turned off. File sharing with accounts (all are OK) My MacBook Pro and Mini can't connect.
    I find it odd that the Air Port utility connects to it just fine. Does it use the AFP or UDP/TCP?
    I'm going to reboot the TC and see. But if I need to reboot it every day or so, its worthless to me.
    Topology (another issue) is:
    router/switch Gb --> switch 2 100b ---> TC
    When I tried to make the TC be the middle (to keep a Gb network) it didn't work. (yes, I know about the uplink ports; even tried the standard ports)
    (oh other kinda non issue: Printers don't show up in the AirPort utility, but remote 'puters print fine)
    Message was edited by: MudShark

    This TC is going back. What a POS! Now it won't even connect to the LAN. Had it for less then a week and its been down more then up. NOT impressed.

  • Losing internet connection but can ping severs

    Hi. Something weird has been happening with my powerbook the last month. Safari, mail and skype cant access the internet suddenly. Rebooting my router does nothing, neither does logging out/in, but rebooting the pb resolves. When this happens I can still ping www addresses and ip addresses but all apps seem to lose connectivity. Anyone got a suggestion?

    This resolved itself. Maybe it was a problem with my ISP

  • Arch router / connection share dns lookup works, but no ping [solved]

    I lost some config and forgot how to set this up. I have a dual nic arch box with some clients behind it. dnsmasq serves dhcp and dns on the LAN side (192.168.10.0/24). WAN port of arch box (192.168.1.201) talks to actual modem (192.168.1.1).
    router
    root@router ~ # ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:25:90:95:08:40 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.201/24 brd 192.168.1.255 scope global enp2s0
    valid_lft forever preferred_lft forever
    inet6 fe80::225:90ff:fe95:840/64 scope link
    valid_lft forever preferred_lft forever
    3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:25:90:95:08:41 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.1/24 brd 192.168.10.255 scope global enp3s0
    valid_lft forever preferred_lft forever
    inet6 fe80::225:90ff:fe95:841/64 scope link
    valid_lft forever preferred_lft forever
    root@router ~ # ip route
    default via 192.168.1.1 dev enp2s0
    192.168.1.0/24 dev enp2s0 proto kernel scope link src 192.168.1.201
    192.168.10.0/24 dev enp3s0 proto kernel scope link src 192.168.10.1
    root@router ~ # sysctl net.ipv4.ip_forward=1
    net.ipv4.ip_forward = 1
    root@router~ # ping archlinux.org
    PING archlinux.org (66.211.214.131) 56(84) bytes of data.
    64 bytes from gudrun.archlinux.org (66.211.214.131): icmp_seq=1 ttl=47 time=70.0 ms
    64 bytes from gudrun.archlinux.org (66.211.214.131): icmp_seq=2 ttl=47 time=70.0 ms
    client
    root@lucid-desktop:~# ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    2: can0: <NOARP> mtu 16 qdisc noop state DOWN qlen 64
    link/can
    3: can1: <NOARP> mtu 16 qdisc noop state DOWN qlen 64
    link/can
    4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:1f:f2:09:19:89 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.101/24 brd 192.168.10.255 scope global eth0
    root@lucid-desktop:~# ip route
    192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.101
    169.254.0.0/16 dev eth0 scope link metric 1000
    default via 192.168.10.1 dev eth0 metric 100
    root@lucid-desktop:~# nslookup archlinux.org
    Server: 192.168.10.1
    Address: 192.168.10.1#53
    Non-authoritative answer:
    Name: archlinux.org
    Address: 66.211.214.131
    root@lucid-desktop:~# ping archlinux.org
    PING archlinux.org (66.211.214.131) 56(84) bytes of data.
    *crickets*
    root@lucid-desktop:~# wget archlinux.org
    --2013-04-02 07:51:19-- http://archlinux.org/
    Resolving archlinux.org... 66.211.214.131
    Connecting to archlinux.org|66.211.214.131|:80...
    Do I need iptables on? This is all with it off.
    edit: yup
    iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
    Last edited by tladuke (2013-06-06 19:37:44)

    The problem has been resolved. It was the line provider that made a mistake bij giving the wrong line speed at the second pvc.
    After they made the correct changes the connection was made between the 2 routers over the IPVPN
    Router config Check
    Router firmware Check
    First pvc Check
    Second pvc but now check
    Ipvpn and data flow check
    Connection has ben made check

  • HP officejet 6600 connected to wifi but no ping

    Hi we have an officejet 6600 printer installed with the latest firmware. Since last weekend we cannot ping the printer any more. Not from mac (without firewall software) nor from pc. The printer is connected to the wireless network. Het gets an IP address from DHCP, but cannot be pinged.
    Unplugging power cables and restarting doesn't help. Only the HP print and scan software detects the printer on the network. Connecting to it with the standard software of the firmware installer doesn't work.
    Can you help me with resolving this problem ?

    Can you open the printer's EWS in a browser?  Type the printer's IP into a browser and see if the printer page comes up.  (if you are using IE you must prefix the IP address with http://).  The printer and scan doctor will sometimes find the driver of the printer and show that in the enumeration list.  That doesn't necessarily mean it found the printer connected to the network.  Did you get to the "Fix Printing" "Fix Scanning" screen with the Print and Scan Doctor?  If not, then the printer is probably not connected to the network.
    Mike
    Say "Thanks" by clicking the Kudos Star in the post that helped you.
    I am an HP employee.

  • RV082 to SA540 tunnel but no ping - HELP

    I'll try my best to explani and give details.
    SA540 v.2.1.71    at host
    RV082 v4.2.1.02  at remote site.
    Trying to setup tunnel between the 2.  WHEN this works, I'll have 20 remote sites tunneling into the SA540 host.
    SA540:
    SA540 says site to site vpn is up and IPsec SA Established.
    192.168.1.0
    Gateway Policies
    Client Policies
    Exchange Mode:
    Main
    Aggressive
    ID Type:
    Local WAN IP
    FQDN
    Local WAN ID:
    Local WAN IP
    local.com
    Remote WAN ID:
    N/A
    remote.com
    Encryption Algorithm:
    AES-128
    AES-128
    Authentication Algorithm:
    SHA-1
    SHA-1
    Authentication Method:
    Pre-shared Key
    Pre-shared Key
    Key-Group:
    DH-Group 2 (1024 bit)
    DH-Group 2 (1024 bit)
    Life Time:
    8 hours
    8 hours
    VPN Wizard default values for VPN:
    Encryption Algorithm:
    AES-128
    Authentication Algorithm:
    SHA-1
    Life Time:
    1 hour
    PFS Key Group:
    DH-Group 2(1024 bit)
    NETBIOS:
    Enabled (Gateway Policies)
    Disabled (Client Policies)
    WAN Security Checks
    Block Ping to WAN interface
    Enable Stealth Mode
    Block TCP flood
    RV082:
    RV082 says gateway to gateway is Connected.
    192.168.2.0
    same settings w/ Aggressive, Keep Alive and NAT Traversal checked.
    Firewall Setting Status
    SPI (Stateful Packet Inspection) :
    On
    DoS (Denial of Service) :
    On
    Block WAN Request :
    Off
    Remote Management :
    On
    FROM RV082 diagnostics on router, I cannot ping 192.168.1.1 router or 192.168.1.70 server inside host.
    FROM SA540 host diagnostics, I CAN ping 192.168.2.1 when I check Ping through VPN tunnel, but I canNOT ping an XP computer at 192.168.2.100 which has firewall turned off.
    What am I missing? 
    Goal is to establish full tunneling and computer/server access between sites.
    Any help is greatly appreciated.

    I have added the permit any any on the outside and vpn interfaces of both ASAs. I also change the source and destination of the nat exempt rule to any any.

  • RV082 to SA540 vpn but no ping, something wrong

    I'll try my best to explani and give details.
    SA540 v.2.1.71 at host
    RV082 v4.2.1.02 at remote site.
    Trying to setup tunnel between the 2. WHEN this works, I'll have 20 remote sites tunneling into the SA540 host.
    SA540:
    SA540 says site to site vpn is up and IPsec SA Established.
    192.168.1.0
    Gateway Policies
    Client Policies
    Exchange Mode:
    Main
    Aggressive
    ID Type:
    Local WAN IP
    FQDN
    Local WAN ID:
    Local WAN IP
    local.com
    Remote WAN ID:
    N/A
    remote.com
    Encryption Algorithm:
    AES-128
    AES-128
    Authentication Algorithm:
    SHA-1
    SHA-1
    Authentication Method:
    Pre-shared Key
    Pre-shared Key
    Key-Group:
    DH-Group 2 (1024 bit)
    DH-Group 2 (1024 bit)
    Life Time:
    8 hours
    8 hours
    VPN Wizard default values for VPN:
    Encryption Algorithm:
    AES-128
    Authentication Algorithm:
    SHA-1
    Life Time:
    1 hour
    PFS Key Group:
    DH-Group 2(1024 bit)
    NETBIOS:
    Enabled (Gateway Policies)
    Disabled (Client Policies)
    WAN Security Checks
    Block Ping to WAN interface
    Enable Stealth Mode
    Block TCP flood
    RV082:
    RV082 says gateway to gateway is Connected.
    192.168.2.0
    same settings w/ Aggressive, Keep Alive and NAT Traversal checked.
    Firewall Setting Status
    SPI (Stateful Packet Inspection) :
    On
    DoS (Denial of Service) :
    On
    Block WAN Request :
    Off
    Remote Management :
    On
    FROM RV082 diagnostics on router, I cannot ping 192.168.1.1 router or 192.168.1.70 server inside host.
    FROM SA540 host diagnostics, I CAN ping 192.168.2.1 when I check Ping through VPN tunnel, but I canNOT ping an XP computer at 192.168.2.100 which has firewall turned off.
    What am I missing?
    Goal is to establish full tunneling and computer/server access between sites.
    Any help is greatly appreciated.

    I have added the permit any any on the outside and vpn interfaces of both ASAs. I also change the source and destination of the nat exempt rule to any any.

Maybe you are looking for