Troubleshooting Public Servers with packet-trace.

Similar Messages

• Trying to troubleshoot with Packet Trace

  Hi Folks,
  Having a bit of issues, i am trying to access a http/https server from the Guest interface (10.10.10.0/24) to the Inside interface (192.168.190.0/24)
  I can ping the server, but when i try to access it with http/https.. no luck
  So when i am on the 192.168.190.0/24 network i have no problem using http/https to the server.
  Inside: Security level 100  (VLAN1)
  Guest: Security level 40    (VLAN23)
  ASA version: 8.0(4)
  ASDM version: 6.1(5)57
  I have attached an image when trying to troubleshoot the access list entry from the 10.10.10.1 to 192.168.190.1.
  But for some reason the packet is dropped..So i am wondering if i am able to ping the server  when i am on the 10 network. Well then the rule shouldn't be wrong right?
  Any tips and tricks, i prob missed something
  Thanks
  Shane

  Yes sorry about that, you were right the output in the CLI is much better
  Yeah and your were right about the .1, my bad Feel stupid..
  I tried with 10.10.10.10 to 192.168.190.27 and the packet was allowed
  Here is the output from
  # packet-tracer input inside tcp 10.10.10.10 12345 192.168.190.27 443
  Phase: 1
  Type: CAPTURE
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  MAC Access list
  Phase: 2
  Type: ACCESS-LIST
  Subtype:
  Result: ALLOW
  Config:
  Implicit Rule
  Additional Information:
  MAC Access list
  Phase: 3
  Type: FLOW-LOOKUP
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Found no matching flow, creating a new flow
  Phase: 4
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   192.168.190.0   255.255.255.0   inside
  Phase: 5
  Type: ACCESS-LIST
  Subtype:
  Result: DROP
  Config:
  Implicit Rule
  Additional Information:
  Result:
  input-interface: inside
  input-status: up
  input-line-status: up
  output-interface: inside
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (acl-drop) Flow is denied by configured rule
  So i see that its drop at Phase 5..
  I added another rule on the inside interface
  Allow packet from the guest network to 192.168.190.27 which is the https server.
  Get the output:
  Phase: 1
  Type: CAPTURE
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  MAC Access list
  Phase: 2
  Type: ACCESS-LIST
  Subtype:
  Result: ALLOW
  Config:
  Implicit Rule
  Additional Information:
  MAC Access list
  Phase: 3
  Type: FLOW-LOOKUP
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Found no matching flow, creating a new flow
  Phase: 4
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   192.168.190.0   255.255.255.0   inside
  Phase: 5
  Type: ACCESS-LIST
  Subtype: log
  Result: ALLOW
  Config:
  access-group Outgoing in interface inside
  access-list Outgoing extended permit tcp 10.10.10.0 255.255.255.0 host 192.168.190.27 object-group DM_INLINE_TCP_4
  object-group service DM_INLINE_TCP_4 tcp
  port-object eq www
  port-object eq https
  Additional Information:
  Phase: 6
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 7
  Type: NAT-EXEMPT
  Subtype: rpf-check
  Result: ALLOW
  Config:
    match ip inside 192.168.190.0 255.255.255.0 inside 10.10.10.0 255.255.255.0
      NAT exempt
      translate_hits = 0, untranslate_hits = 1
  Additional Information:
  Phase: 8
  Type: NAT
  Subtype: rpf-check
  Result: ALLOW
  Config:
  nat (inside) 1 192.168.190.0 255.255.255.0
    match ip inside 192.168.190.0 255.255.255.0 inside any
      dynamic translation to pool 1 (No matching global)
      translate_hits = 0, untranslate_hits = 0
  Additional Information:
  Phase: 9
  Type: NAT
  Subtype: host-limits
  Result: ALLOW
  Config:
  static (inside,outside) x.x.x.x 192.168.190.27 netmask 255.255.255.255
    match ip inside host 192.168.190.27 outside any
      static translation to x.x.x.x
      translate_hits = 739399, untranslate_hits = 2012692
  Additional Information:
  Phase: 10
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 11
  Type: FLOW-CREATION
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  New flow created with id 36837297, packet dispatched to next module
  Phase: 12
  Type: ROUTE-LOOKUP
  Subtype: output and adjacency
  Result: ALLOW
  Config:
  Additional Information:
  found next-hop 192.168.190.27 using egress ifc inside
  adjacency Active
  next-hop mac address 000c.2946.f8e5 hits 85
  Result:
  input-interface: inside
  input-status: up
  input-line-status: up
  output-interface: inside
  output-status: up
  output-line-status: up
  Action: allow

• EtherChannel with Packet Tracer

  I tried in Packet Tracer to bundle 4 links between 2 switches, each switch is connected to a host.
  when I try to ping from host to other, it pings and successful, but when I try to disconnect a cable, which the selected link by the PAgP, it says Request timed out.
  and it can't ping till I return that cable back again, what is the problem?

  Hello, i have packet tracer 6.2, and i use Switches 3560(L3), my portchannel have two ports, when i reload de Switch1, after to startup the Switch appear this message
  %EC-5-CANNOT_BUNDLE2: Fa0/1 is not compatible with Po1 and will be suspended (trunk encap of Fa0/1 is auto Po1 is dot1q)
  %EC-5-CANNOT_BUNDLE2: Fa0/2 is not compatible with Po1 and will be suspended (trunk encap of Fa0/2 is auto Po1 is dot1q)
  Do you Know what is the problem
  CONFIG S1
  interface Port-channel 1
  switchport trunk allowed vlan 10,20
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface FastEthernet0/1
  channel-protocol pagp
  channel-group 1 mode auto
  switchport trunk allowed vlan 10,20
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface FastEthernet0/2
  channel-protocol pagp
  channel-group 1 mode auto
  switchport trunk allowed vlan 10,20
  switchport trunk encapsulation dot1q
  switchport mode trunk
  CONFIG S2
  interface Port-channel 1
  switchport trunk allowed vlan 10,20
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface FastEthernet0/1
  channel-protocol pagp
  channel-group 1 mode desirable
  switchport trunk allowed vlan 10,20
  switchport mode trunk
  interface FastEthernet0/2
  channel-protocol pagp
  channel-group 1 mode desirable
  switchport trunk allowed vlan 10,20
  switchport mode trunk
  Thanks

• Where can I get scenarios for Packet Tracer?

  I want to use PT to get used to commands. I want to start from easy router configuration to advanced (no more than CCNA-level for now). I have Packet Tracer, but where can I get scenarios along with guidance?

  Hi There
  What study material are you using. Usually the study material will give you lab scenarios to configure.
  For CCNA level check out the following
  1, Wendell Odoms ICND 1 and ICND 2 books.
  (I have never seen these books, but Wendell Odom is a pretty well respected person in the Cisco certification circles and is CCIE. I have one of his CCIE books for my CCNP studies and find it really good.)
  2, Todd Lammles CCNA study Guide, 6th edition.
  (The 6th edition is geared towards the upgraded CCNA exam. I used the 5th edition of this book as part of my own CCNA studies.This will give you lots of hands on practice and you build up your lab up as you move through the book.)
  3, The Byrant Advantage CCNA study guide.
  (I have used Chris Bryant's study material for my CCNA and am still using it as part of my CCNP studies. I find it quite good and lab work books are provided.)
  Be prepared though for some problems with Packet Tracer. For as good as it is, it does not have all the commands available. So you may come across somethings that you can not configure or get to work correctly.
  If you have access to some IOS versions you should check out Dynamips/Dynagen, which is better than any simulator on the market.
  Best Regards,
  Michael

• Packet Tracer 6.0.1 - Buffer Full

  Hey,
  I'm experiencing an issue with Packet Tracer 6.0.1. When I try to send any packet over my network I recieve a "Buffer Full" error after so many hops. It gives me the option to clear the buffer but once I do the packet simulation resets. Because of this it's impossible to tell if my network is flawless, because it's impossible to simulate a packet on through the entire journey.
  Does anyone have a solution to this "Full Buffer" issue?

  Looks like this is using wineskin, I couldn't get it to work.
  I'm using parallels though, so I just installed the exe provided by Totamann77.
  Look at his guide here, it explains what you have to do to run the package.
  https://discussions.apple.com/message/22917652#22917652

• Packet Tracer 6.0 "Provides new capability with PT Bridge to connect real network equipment to the Packet Tracer environment"

  The new updates sound great. Anyone got any documentation on the "Provides new capability with PT Bridge to connect real network equipment to the Packet Tracer environment" bit?
  Rich

  PT Bridge is an external java applet allowing Packet Tracer to communicate with real world networks through multiuser cloud. Have a look on http://www.packettracernetwork.com/ for more details (end of the home page)

• Shared public IP with same tcp port (round robin/load balance)

  Hi all,
  I want to know if I can do that with my ASA5515-X, I have two servers that can do the same thing, there are SSO servers, What I want to do is to publish the 2 servers on Internet with the same public IP address and on TCP 443.
  Is it supported ? will it works like load balancing per sessions ?
  or do I need to add an HLB between ASA and my SSO servers ?
  Thanks

  Hi Yann,
  You can configure the ASA to allow traffic to your SSO server from outside on two public IP's. Users can hit either of the IP to reach the inside server. Now, load balancing would be achieved based on source devices sending request to public IP's. If source machine son internet use one public IP more to access the server, ASA can't do anything to load balance in such scenario. Here is how you can accomplish this:
  Assuming SSO server on inside is 192.168.16.110 and two public IP's are 192.168.17.110 and 192.168.17.111
  object network SSO_1
  host 192.168.17.110
  object network SSO_2
  host 192.168.17.111
  object network SSO
  host 192.168.16.110
  object service https
  service tcp source eq https
  nat (inside,outside) source static SSO SSO_1 service https https
  nat (inside,outside) source static SSO SSO_2 service https https
  Hostname(config)# sh xl
  2 in use, 6 most used
  Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
  TCP PAT from inside:192.168.16.110 443-443 to outside:192.168.17.110 443-443
      flags sr idle 0:00:06 timeout 0:00:00
  TCP PAT from inside:192.168.16.110 443-443 to outside:192.168.17.111 443-443
      flags sr idle 0:00:08 timeout 0:00:00
  Verification:
  Hostname(config)#    packet-tracer input outside tcp 4.4.4.4 discard 192.168.17.110 443
  Phase: 1
  Type: UN-NAT
  Subtype: static
  Result: ALLOW
  Config:
  nat (inside,outside) source static SSO SSO_1 service https https
  Additional Information:
  NAT divert to egress interface inside
  Untranslate 192.168.17.110/443 to 192.168.16.110/443
  Phase: 2
  Type: ACCESS-LIST
  Subtype: log
  Result: ALLOW
  Config:
  access-group outside in interface outside
  access-list outside extended permit ip any any
  Additional Information:
  Phase: 3
  Type: CONN-SETTINGS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 4
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 5
  Type: NAT
  Subtype: rpf-check
  Result: ALLOW
  Config:
  nat (inside,outside) source static SSO SSO_1 service https https
  Additional Information:
  Phase: 6
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 7
  Type: FLOW-CREATION
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  New flow created with id 3670, packet dispatched to next module
  Result:
  input-interface: outside
  input-status: up
  input-line-status: up
  output-interface: inside
  output-status: up
  output-line-status: up
  Action: allow
  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  Hostname(config)#    packet-tracer input outside tcp 4.4.4.4 discard 192.168.17.111 443
  Phase: 1
  Type: UN-NAT
  Subtype: static
  Result: ALLOW
  Config:
  nat (inside,outside) source static SSO SSO_2 service https https
  Additional Information:
  NAT divert to egress interface inside
  Untranslate 192.168.17.111/443 to 192.168.16.110/443
  Phase: 2
  Type: ACCESS-LIST
  Subtype: log
  Result: ALLOW
  Config:
  access-group outside in interface outside
  access-list outside extended permit ip any any
  Additional Information:
  Phase: 3
  Type: CONN-SETTINGS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 4
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 5
  Type: NAT
  Subtype: rpf-check
  Result: ALLOW
  Config:
  nat (inside,outside) source static SSO SSO_1 service https https
  Additional Information:
  Phase: 6
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 7
  Type: FLOW-CREATION
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  New flow created with id 3671, packet dispatched to next module
  Result:
  input-interface: outside
  input-status: up
  input-line-status: up
  output-interface: inside
  output-status: up
  output-line-status: up
  Action: allow
  Sourav

• Sun Fire V490 x 2 servers with Oracle RAC facing Split brain problem

  Hi all,
  I have Sun Fire V490 x 2 servers with Oracle RAC and they faced a Split brain problem. One of the node's database instance has gone down, The DBA claims it is due to network problem, but as such the networks are OK. We use the on board CE1 interface for Cluster interconnect and CE0 as the public interface.
  Did anybody face this kind of a problem? Could this be a hardware/OS patch problem?
  I had kept a continuous ping for 24 hours after this happened last time and the output shows no packet loss
  Many thanks in advance.
  Ushas Symon

  In order to diagnose this properly, you'll need to provide too much detail and far too many log files for a generic discussion forum to handle.
  Use your service contract and open a support case.
  Because a cluster environment is involved you'll likely end up talking to the cluster support staff.
  They can analyze hardware and software errors as well as review whether you configured the systems in a supportable fashion.
  Be prepared to make a direct connection to each system and gather data using such as by using the Explorer tool. The technical support staff will tell you what they will actually need.

• How to packet trace a VPN

  After installing a VPN I tried to see if outbound traffic was actually encrypted.
  When the VPN is activated, ifconfig shows a new interface "tun0:" so I ran a packet trace against tun0. The trace was started with...
  sudo tcpdump -i tun0 -s 0 -w VPNActivetun0.dmp
  ...and then Mail was started. Once mail had connected to the mail servers the trace was stopped and then formatted with...
  tcpdump -s 0 -n -e -X -r VPNActivetun0.dmp
  ...and it contains lots of clear text including email account passwords being transmitted.
  What am I doing wrong ?

  I've also see that I'm tracing gobs and gobs of non-Internet packets, to and from 10.?.?.?. Do you know how I can filter these out?
  Presumably your local network is 10.x.x.x, otherwise you shouldn't see these at all.
  However, that said, if your local network is 10.x.x.x then you cannot tell tcpdump to blindly ignore anything to/from 10.x.x.x because that will include the very traffic you're trying to trace.
  The best solution is to tell tcpdump specifically which traffic you DO want to see, either via IP address or port number.
  For example, if you're trying to see what (if any) SMTP traffic (port 25) is going to/from your machine:
  <pre class=command>sudo tcpdump -i en1 port 25</pre>
  To see traffic going to/from a specific IP address:
  <pre class=command>sudo tcpdump -i en1 host 1.2.3.4</pre>
  You can also use the keywords and and not to further refine what traffic to look for. e.g. to watch all non-http traffic going to 1.2.3.4:
  <pre class=command>sudo tcpdump -i en1 host 1.2.3.4 and not port 80</pre>

• Package Packet Tracer 6.0.1.exe for native for Mac OS X

  Hello everyone, share a way to package Packet Tracer.exe possibly any .exe to a native app on Mac OS X with WineSkin.
  You can download the Packet Tracer 6.0.1 for windows and WineSkin from here:
  Download Packet Tacer 6.0.1
  Download WineSkin
  After download and install WineSkin is necessary to download certain Engines and Wrappers that allow you to run windows on mac and itself packaging libraries. The Engines that must install are:
  WS9Wine1.5.27
  WS9Wine1.5.2AMDSpeedHack
  The Wrapper that we will use is:
  WineSkin-2.5.12
  For the following steps you can follow this tutorial video made by my
  http://rafavg77.wordpress.com/2013/09/07/como-empaquetar-packet-tracer-exe-a-una -app-nativa-en-mac-os-x/
  Any question or observation I am open to comments. Best regards.

  hi,
  i have already followed all your instructions and after after many times, i was stuck at the same place.
  i want to click the icon so that i can "install this software" but the dialog box opened and "Cisco Packet Tracer 6.0.1 can't be open"
  i really hope you saw my message and please guide me on how to proceed.
  thanks!

• Bug in packet tracer 5.3

  Hi all.
  I have a L3 switch in packet tracer. If i put the command "no ip routing" the switch can route.. Its a bug?¿¿?
  I add a pkt file... If anyone ping from pc3 to , for example, pc1 ping works using the no ip routing command.
  Regards.

  The "redistribute" command works for all IP routing protocol groups
  The format of the command is documented here:
  http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_pi/command/iri-cr-a1.html#GUID-9C67E447-FD2B-47E3-9A2C-334A41829A76
  You have to identify the routing protocol (and AS, if applicable) that from which you intent to redistribute before adding any other arguments.
  e.g.
  redistribute rip (details)
  redistribute eigrp 109 (details)
  In your case, you omitted that and the command parser tried to interpret "metric" as if it were the name of a routing protocol.
  "metric" is a valid argument (which is why the "help" works), but it needs to appear later in the multi-staged redistribute command. 
  Once could argue that Cisco should enhance the help to be more clever, but if you start with "redistribute ?" that step should be clear.

• Can't read load RSA public key with JDK 1.4.2_08?

  We have been using Bouncy Castle's provider to provide RSA encryption and decryption of a login name and password for several years ... with JDKs in the 1.4.2 series up through 1.4.2_07.
  Recently, however, Sun released JDK 1.4.2_08, and suddenly any of our Java Web Start client applications are unable to successfully load the public key that we use to encrypt their login name and password before shipping it to the server for authentication with the 1.4.2_08 JRE. But, if we revert back to 1.4.2_07, everything works again.
  This public key itself has been in use for several years and the same code to read the public key has been in use for a long time ... including multiple versions of the BouncyCastle provider and all versions of the JDK up through 1.4.2_07. But suddenly things appear to break with JDK 1.4.2_08.
  This smells like a problem with JDK 1.4.2_08 so I thought that I'd check on this forum to see if any other Bouncy Castle users have experienced this problem. Is there anything further that I can do to check this out? Has any Bouncy Castle user successfully loaded a RSA public key from a byte stream with JDK 1.4.2_08? Or have people using other providers seen any problems reading similar public keys with JDK 1.4.2_08?
  The code that is failing on the client side is:
  try {
     encKey = new byte[this.publicKeyInputStream.available()];
     this.publicKeyInputStream.read(encKey);
     spec = new X509EncodedKeySpec(encKey);
     keyFactory = KeyFactory.getInstance("RSA",  "org.bouncycastle.jce.provide.BouncyCastleProvider");
     myPublicKey = keyFactory.generatePublic(spec);
     return myPublicKey;
  catch (Exception e) {
     e.printStackTrace();
  }The stack trace that I'm getting includes ...
  java.security.spec.InvalidKeySpecException: java.lang.IllegalArgumentException: invalid info structure in RSA public key
     at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(JDKKeyFactory.java:330)
     at java.security.KeyFactory.generatePublic(Unknown Source)
     at org.opencoral.util.Encryption.loadPublicKey(SourceFile:450)
     at org.opencoral.util.Encryption.<init>(SourceFile:119)
     at org.opencoral.main.Coral.<init>(SourceFile:338)
     at org.opencoral.main.Coral.main(SourceFile:1919)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at com.sun.javaws.Launcher.executeApplication(Unknown Source)
     at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
     at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
     at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
     at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
     at com.sun.javaws.Launcher.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)While it clearly indicates that it thinks that there is an "invalid info structure in RSA public key", I believe that nothing has changed in the structure of our key ... and this same key still works properly if I revert to JDK 1.4.2_07.
  Any thoughts or insights?
  Thanks,
  John Shott

  I'm facing the same Exception here,
  With JDK 1.5 (SUNJce) i'm getting --
  Exception in thread "main" java.security.spec.InvalidKeySpecException: java.secu
  rity.InvalidKeyException: Invalid RSA public key
  at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(Unknown Source)
  With BouncyCastle i'm getting --
  Exception in thread "main" java.security.spec.InvalidKeySpecException: java.lang
  .IllegalArgumentException: invalid info structure in RSA public key
  at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(
  JDKKeyFactory.java:345)
  Any Solution?

• Question: Packet Tracer Use

  Hello, sorry if this is the wrong place to send a message but couldn't find a suitable email address.
  I am at current in full time education studying for a degree in Computer Networks, on the final year. For my dissertation, i have chosen to investigate routing protocols (eigrp, RIPv2, OSPF etc).
  Up until July 2013, i was part of the networking academy studying for the CCENT and CCNA qualifications, and as such have a copy of packet tracer.
  What i would like to know, is if it is acceptable for me to use Packet Tracer to develop the network(s) for my dissertation and aid me in describing, analysing and comparing the different options for routing protocols?
  Thanks

  What i would like to know, is if it is acceptable for me to use Packet Tracer to develop the network(s) for my dissertation and aid me in describing, analysing and comparing the different options for routing protocols?
  C'mon, give the newbie/noobie a break!  
  You have no idea how difficult it is to cut-and-paste someone else's answer and pass it to your faculty advisor as your own.  The mere act of posting their school work question(s) on the forum is wrought with difficulty and danger.  This means that the OP has to stop playing his console game, get someone (maybe an out-of-work nuclear physicist from Chernobyl) to write the opening thread above before getting his sorry azz off the couch to post this in the esteemed Cisco Support Forum.
  And to Neale's question, the answer is YES.  
  And Neale, if you want a more detailed response (2500 words) that will guarantee you an A+, I am willing to share you my publication (written by me, of course) for a small fee of 250 Bitcoins.  Please don't waste time as some of your classmates have already made contact.  I've already provided them with a short essay (1500) which contains lines from Homer's The Eliad and translated in Rihannsu.   (Don't worry, neither your classmates, faculty advisor nor your professor/instructor will know.  They'll all come to the same conclusion that the phrase could be the new "buzz word".)

• Multihomed servers with IPv4 and IPv6

  We have a set up where we have virtual servers with two NIC's.  One NIC is connected to our corporate network and the other NIC is connected (via layer 2 over MPLS) to the customer network.  The NIC on our network is only assigned an IPv6 address
  and the NIC on the customer network is only assigned an IPv4 address from the customer DHCP server.  The problem we are running into is when the server does an NSLOOKUP for a URL that is associated with a server located on our network (the server has
  an IPv6 and IPv4 address and is publicly accessable to the internet) the traffic goes out the customer NIC then out their internet connection and back to our public facing load balancer.  Our application that runs on the server needs to communicate with
  a server at the customer site and then send that data to a server on our side.  We believe this behavior is happening because the customer server is responding as an "Authoritative" DNS server.  We are trying to avoid using the HOSTS file
  if possible (when we use the HOSTS file and specify the FQDN with the IPv6 address our application works fine and goes out our NIC).
  Any help would be appreciated
  Thanks,

  Thanks for the idea Bruno, however we did try this already.  I moved the adapter with IPv6 to the top of the binding order and rebooted the VM.  However when I run NSLOOKUP it still goes out the adapter with IPv4 which is now second in the binding
  order.
  Side question.  When I do an IPCONFIG /all what determines the order of listed adapters?  I have changed the adapter names (so it isn't alphabetical), I have looked at the adapters in device manager and it isn't based on which one is #1 next to
  it.  And now I have changed the binding order and it still hasn't changed.  The adapter with IPv4 is always listed first.  Not sure if that means anything but just an observation.
  Any other ideas?
  Thanks,
  Adam

• Etherchannel in switch multilayer packet tracer

  Hi experts this is my first post,
  I´m practicing with SW multilayer in packet tracer, I´ve created a port-channel between 2 multilayer switches with the next commands
  channel-group 1 mode desirable
  but when i´m trying to assign an ip to this port channel with the command "no switchport" I can not do it and I´m getting this:
  Switch(config)#int port-channel 1
  Switch(config-if)#no switchport
  % Incomplete command.
  and also I get this message: 
  Switch(config-if-range)#no switchport 
  Command rejected (Port-channel): Either port is L2 and port-channel is L3, or vice-versa
  Command rejected (Port-channel): Either port is L2 and port-channel is L3, or vice-versa
  So my question is, how can I assign an ip address to a port channel in a multilayer switch in packet tracer? is it possible to do that in PT?
  Thanks in advance may be I´m doing something wrong.

  I just did this same setup in Packet Tracer 6.1.1 and it appears to work.
  Default the configurations in each of your existing links, set the individual links as "no switchport" first, then place them into a port-channel, then enter into the port-channel interface and set the IP address.
  interface Port-channel 1
    no switchport
    ip address 10.10.1.1 255.255.255.0
  interface FastEthernet0/1
    no switchport
    channel-group 1 mode desirable
    no ip address
    duplex auto
    speed auto
  interface FastEthernet0/2
    no switchport
    channel-group 1 mode desirable
    no ip address
    duplex auto
    speed auto
  Hope that helps.