Weired issue odd IP's can ping the VIP and even can't!

Similar Messages

• Weired issue odd IP's can ping the VIP and even can't on the Nexus 9K switch.

  Hello experts!
  we have two nexus 9k core, attached to the HP Blade v7000 chasis and VPC configured. All Vlans are HSRP are configured. VPC is configured successfully. But the weird this is that source IP address 10.1.2.3 can ping the dest VIP (on the loadblanacer) but 10.1.2.4 can't ie all odd IP's can ping the vip and even IP's can't ping and this is happening in all other Vlans. No firewall no security applience ... windows firewalls are turned off, no ACL's on the swtiches. If I shut down the interface on nexus 1 then all IP's can ping the VIP, as soon as I unshut the interface then .4 stops pinging, and if I shutdown the interface on nexus 2 then all IP's can ping. 10 gig links are connected to Flex fabric card and vpc port channel is up. Any thoughts or help ?
                                 Nexus 1                                                                                                                        Nexus 2

  Hello experts!
  we have two nexus 9k core, attached to the HP Blade v7000 chasis and VPC configured. All Vlans are HSRP are configured. VPC is configured successfully. But the weird this is that source IP address 10.1.2.3 can ping the dest VIP (on the loadblanacer) but 10.1.2.4 can't ie all odd IP's can ping the vip and even IP's can't ping and this is happening in all other Vlans. No firewall no security applience ... windows firewalls are turned off, no ACL's on the swtiches. If I shut down the interface on nexus 1 then all IP's can ping the VIP, as soon as I unshut the interface then .4 stops pinging, and if I shutdown the interface on nexus 2 then all IP's can ping. 10 gig links are connected to Flex fabric card and vpc port channel is up. Any thoughts or help ?
                                 Nexus 1                                                                                                                        Nexus 2

• Hi, using iphoto 6, i suddenly lost albums: they are still in the directory, but no pictures in some albums.Using finder, I can locate the pictures and even get preview. But impossible to import them. Anyone can help? thanks

  Hi, using iphoto 6, i suddenly lost albums: they are still in the directory, but no pictures in some albums.Using finder, I can locate the pictures and even get preview. But impossible to import them. Anyone can help? thanks

  Try these in order - from best option on down...
  1. Do you have an up-to-date back up? If so, try copy the library6.iphoto file from the back up to the iPhoto Library allowing it to overwrite the damaged file.
  2. Download <a href="http://www.fatcatsoftware.com/iplm/"><b><u>iPhoto Library Manager</b></u></a> and use its rebuild function. This will create a new library based on data in the albumdata.xml file. Not everything will be brought over - no slideshows, books or calendars, for instance - but it should get all your albums and keywords back.
  Because this process creates an entirely new library and leaves your old one untouched, it is non-destructive, and if you're not happy with the results you can simply return to your old one.
  3. If neither of these work then you'll need to create and populate a new library.
  To create and populate a new *iPhoto 6* library:
  Note this will give you a working library with the same Rolls and pictures as before, however, you will lose your albums, keywords, modified versions, books, calendars etc.
  Move the iPhoto Library to the desktop
  Launch iPhoto. It will ask if you wish to create a new Library. Say Yes.
  Go into the iPhoto Library on your desktop and find the Originals folder. From the Originals folder drag the individual Roll Folders to the iPhoto Window and it will recreate them in the new library.
  When you're sure all is well you can delete the iPhoto Library on your desktop.
  In the future, in addition to your usual back up routine, you might like to make a copy of the library6.iPhoto file whenever you have made changes to the library as protection against database corruption.

• My iPhone at the moment won't click when I txt and when I try to play music I can't playit out of my speakers. When I get a call I can hear the ringtone and I can hear the person on the other end?? What is happening I have tried rebooting... No use.

  Help

  WhyWontThisWork:
  I can definitely how frustrating it must be to not be able to take pictures or even view pictures that have already been taken with your LG Dare.
  Since this problem has started, have you tried to either:
  a.) put that memory card in an alternate phone to see if the pictures can be viewed on there
  b.) use a card reader/adapter in a computer to see if the pictures can be viewed on the computer
  c.) take the memory card out of the phone and then try to take a picture?
  What I am trying to determine is which of the 2 is defective (phone or memory card)
  If you are able to view pictures in another phone, or on the computer , then you may have a bad card. If that is the case, you can transfer the pictures to the computer and then format the memory card by
  Note: This procedure will erase all data on the memory card. It is recommended to back up the data.
  From the home screen, touch the menu tab.
  Touch Settings.
  Touch SD card & phone storage.
  Touch Unmount SD card.
  Touch Format SD card.
  Once you have done the formatting, try to take pictures again. If you continue to have problems it more than likely is the phone.
  Also, in order to access PixPlace, log into your MyVerizon account, at the top, you should see "Messaging" go down to "Manage your photo albums" once there, you should see "My Media", however, if you have already received a message advising you that your album would be deleted if you haven't logged on in more than 180 days, all pictures have then most definitely been deleted. Again, we do send warning messages once the online album hasn't been accessed in 150, 175, 180 days respectively prior to deletion.

• I can browse the store and even purchase music but it won't download because I don't have the privilege to make changes. What?

  I had no problem being connected to the store and browsing.  I eventually bought a CD but it won't download it.  It won't download podcasts either.  It tells me that I don't have the privilege to do so and to connect my network settings.  This is the first time I'm using my MacBook Pro with iTunes.  What is wrong?

  As it says on the page that you posted from :
  If you download a rented movie on your iPhone 4 or later, iPad, iPod touch (4th generation or later), or Apple TV: It is not transferable to any other device or computer.
  Why it's like that I don't think that Apple have said (these are user-to-user forums). If you haven't downloaded it on your iPad then have you checked to see if you can download it on your computer's iTunes (Store > Check For Available Downloads menu option) or Apple TV ?
  If it doesn't show on either of them then you can try contacting iTunes Support and see if they will let you download it on a different computer/device or refund or credit you : http://reportaproblem.apple.com
  If the 'report a problem' link doesn't work then you can try contacting iTunes Support via this page : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page

• I have Elements 10. I can start the application and I can activate the Editor. When I try to activate the Organizer I keep getting the messsage: "Elements10 Organizer has stopped working. A problem caused the program to stop. Please close the program".

  It worked this morning. The only change done during the day is adding 250 photos to the Organizer

  Hi,
  If it was working but now fails, it could be a problem with your catalog.
  I would suggest you try repairing and optimizing it
  Load the organizer
  From the File menu, select Catalog - that should open the Catalog Manager.
  Select you current catalog and click on the Repair button
  When that has finished, click on the Optimize button
  When that is done, click on the Cancel button to close the Catalog Manager.
  If it crashes before you can get into the Catalog Manager, start the organizer while holding down the shift key - that should go straight into the Catalog Manger - resume at step 3 above.
  If after repairing, you still get it crashing, then try the next test.
  Start the organizer while holding down the shift key so that you enter the Catalog Manager.
  Click on the New button (top right) and enter a new name (TestCat or something) and click on OK button.
  That should create a new empty catalog. You can see if that says up for more than a minute. You could try importing a few images but I suggest that you don't do anything with them.
  If that stays running then we know it is the catalog - otherwise it is the application.
  Good luck
  Brian

• My Vista PC can ping my Mac but I can't see it in the network

  I have a network consisting of one PC running Windows Vista Ultimate wired to a WRT300N V1 and a MacBook Pro hooked up wirelessly to the same router. The router is connected to a Cox cable modem. Both the PC and the Mac belong to the same workgroup named "workgroup". Both the PC and the Mac can communicate with the router on 192.168.1.1 and both have access to the internet through the router. My problem is that I can't network the PC and the Mac. I can ping the Mac and get response but the Mac can't ping the PC nor see it. Nor can the PC see the Mac in the network environment so file sharing is impossible. The PC and the Mac have IP:s 192.168.1.101 and 192.168.1.100 respectively and both have subnet 255.255.255.0. I have built many network, PC to PC and PC to Mac but never with Windows Vista and never had this problem.
  Can anyone think of a solution?
  Gert

  I'm having same issues on all my Linksys routers,  I'm at the point of buying a AEBS.

• Using tab groups but Firefox 28.0 crashes and even can not save all tabs in archive recently

  Hi. I installed tab groups addon on my firefox 28.0 (firefox portable version) and each group has its tabs. of course. Problem is that Firefox crashes when i work on a group with the tabs and even can not save all tabs in archive as MAFF recently too. When i try to save all tabs in archive as... i choose the name and hit save and wait but after some time this crashes too. Last time i saved all my tabs and groups as MAFF or other file was end of april and since then i can not save them anymore because of the crashing.
  I read on the help site to delete Firefox then reinstall ect. to fix problems but I DO NOT want to erase my groups with their tabs as i chose this solution working with group tabs as it would be to hard on my cpu when i use for each group a different browser for example.
  Please help me fix this problem with the crashes but without loosing my groups and its tabs as they are all important and do not wish to erase them as i use them all.
  Thanks and hope for a soon reply :)

  Can you give me your crash reports?
  #Enter ''about:crashes'' in the Firefox address bar and press Enter. A Submitted Crash Reports list will appear, similar to the one shown below.
  #Copy the '''5''' most recent Report IDs that start with '''bp-''' and paste them into your response here.

• DNS Issues - Can ping server name and IPs but not FQDNs.

  Hi All, 
  Hopefully some one can help me here, I am having an issue where one of my domain attached servers cannot ping any FQDNs in the environment but it can ping the host names and the IPs and look up the host names from a reverse look up. 
  We have done the following troubleshooting:
  Flushed and registered DNS cache.
  Restarted the DNS client and net logon services on the effected server
  Preformed standard checks and commands such as:
  Checked the event logs and found there were warnings for DNS registration.
  Compared the DNS settings in the network adapters across the rest of the servers in the environment and found that they were all the same. DNS Suffixes are added in the correct order and are set to register.
  Pinging FQDNs which is not giving any results.
  Tracert FQDNs which is also not giving any results.
  Nslookup which is querying the DNS server directly and giving results as expected
  Ran the command which reported successful: dcdiag /test:registerindns /dnsdomain:sub.domain.net /v
  Checked and updated the permissions on DNS for the affected server to give the server full control of its own DNS entry. 
  Replaced the DNS Client service DLL with one from a server that is working as expected. 
  Also worth noting is that the affected server (as well as every other server in the environment) has 2 NICs, one that communicates with DNS and AD and the other does not have any DNS IPs set. 
  Not this is not the first time this happened, a reboot fixed the issue before but it seems to be a reoccurring problem now. 
  If any one can shed some light on this issue I would be grateful.
  Regards,
  Steve. 

  Hi Steve,
  First, we should confirm if this issue is caused by DNS.
  When you ping the FQDN, does the server show the correct corresponding IP address?
  If no, there should be some error messages. If it is possible, please post the screenshot of this issue.
  To check the process about how does server resolve the FQDN, please follow the steps below:
  clear local DNS cache with command ipconfig /flushdns
  perform the network capture
  ping the specified FQDN
  Check the DNS traffic
  To download Network Monitor, please click the link below:
  http://www.microsoft.com/en-hk/download/details.aspx?id=4865
  Besides, have you tried to update the NIC driver to the latest version?
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Main Server cannot ping the 2nd server in another location but the 2nd server can ping the main server

     
  I have 3  servers :  Main server, and 2 file servers in another country.
  My main server can only ping the 2nd file server.
  But both of  our 2 file servers from another country can ping the main server.
  In short, I cannot remote to the first file server.
  The settings on both file servers are the same. And I don't have issues in accessing the 2nd file server using the Main server.
  Can somebody have the patience to help me figure out the issue?

  Being able to ping the server does not mean that you remotely access it.
  If you are trying to RDP a server then you need to check that RDP is enabled on the server and that traffic to port 3389 is not blocked or filtered. You can use PortQryUI for checking.
  For testing, you can temporary disable security software running on the servers and try again. Also, check the filtering done on network equipment in between your servers.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• I have a Mac on my home network and also a Systemline music server on same network. My PC was able to find the server but my MAC cannot. I can ping the server from the mac, but cannot actually connect . Also can't add the mac as a location from server

  I have a Mac on my home network and also a Systemline music server on same network. My PC was able to find the server but my MAC cannot. I can ping the server from the mac, but cannot actually connect . Also can't add the mac as a location from server, despite following the Systemline instructions that impy this can be done.
  Can anyone please advise what I am doing wrong?

  Hi LowLuster
  Thanks for reply. I am not an expert on these sharing protocols but I think I have turned on SMB sharing but still wont connect. I tried adding netwrik drive by using cntrl K in finder and using smb\\network address but nothing. It is driving me mad!!

• I am having sound issues with Pottermore while using Safari 6.1. I once muted the sound and now can't unmute it even though the icon tells me it's unmated. I can hear samples of audio books in the store section.  Any ideas?

  I am having sound issues with the website Pottermore while using Safari 6.1. I once muted the sound and now can't unmute it even though the icon tells me it's unmuted. I can hear samples of audio books in the store section.  Any ideas? I have reset Safari.  Website works fine on Firefox.

  I am having sound issues with the website Pottermore while using Safari 6.1. I once muted the sound and now can't unmute it even though the icon tells me it's unmuted. I can hear samples of audio books in the store section.  Any ideas? I have reset Safari.  Website works fine on Firefox.

• Trying to get home shaing working on apple tv using Cisco Access points and a Cisco WLC 5508 with 7.2.110 code.  I can get devices working individually but they never see each other.  I can ping the apple tv from my laptop and ipad.

  Trying to get home sharing working on a corporate wireless network.  Cisco wireless.
  WLC5508 controller
  Cisco 3502 access points
  All apple devices on same WLAN - security WPA2-PSK
  ITunes account up to date
  All devices laterst software.
  Can ping apll tv from laptop
  can ping apple tv from ipad
  Can ping ipad from laptop
  can ping laptop from ipad.
  Apple tv never sees any other device.
  Any ideas?

  Fascinating just reading about your setup. I have a WRT350N and have noticed that it will drop its speed, sometimes down to 1Mbps. It seems to do so at about the same time every day, but usually comes back to speed in about 5 minutes. In my experience, the Apple TV will disconnect if the speed falls this low. Try monitoring the Linksys with Netstumbler, Vistumbler, or just in the Windows Network utility.
  Check the "lease obtained" and "lease expired" times for your router to see if that is when the network fails. I've just finished reading an angry thread over at the Linksys forum about the WRT330N where someone mentioned that the router wasn't renewing its lease.
  "I cannot set it run off automatic DHCP from the WRT330N, the router will not assign it an IP every time the lease expires, causing me to have to manually set an IP on the Print server. That's annoying. Having the router drop IP's to individual machines after 12-48 hours...very annoying."
  http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&thread .id=67412
  If that is the problem, then I would consider setting up a Static IP address for your Apple TV. You can do that through the user interface -> Settings -> Network -> Configure ... (Quite intuitive as you only have change IP address and the subsequent details remain the same.)
  My router assigns IP Addresses in the ranges of 192.168.1.100 ->149. The idea here is to choose an address outside of that range but is not greater than 192.168.1.253 (and should not end in the number 1). You shouldn't have to change the linksys router as long as 50 clients are assigned in that range. You'll have to figure that out by accessing your router webpage at browser address 192.168.1.1 -> the default password is "admin" (without the quotes).
  Good luck.

• Performance issue is most probably caused by the fact that IE can not handle such amount of requests ? is it ?

  Hi,
  I'm running web applications and there is performance issue is most probably caused by the fact that IE can not handle such amount of requests that are forwarded to the server at the same time.
  Data:
  On IE(10) – search variety 11- it takes a long time (about 25 seconds for response) .
  in general, the responding time of "search variety" in IE is much longer than Chrome.
  IE - see:http://screencast.com/t/kSeT3hC2mRfV
  Chrome see:http://screencast.com/t/NYf6fskU
  Why? any solution ?
  Thanks,

  Hi,
  without a link to your site (so we can use the same tools mentioned above)... we can only guess.
  these are peer to peer support forums... your favorite web search engine will help you to learn about web development.
  display the Developer tool console in each browser to view the suppressed error messages.
  All modern browsers support the performance api or your can use the Networking tab to view the latency metrics for the site.... commonly you may be using meta directives for caching instead of server headers or you have different settings between browsers
  which determine how long resources are cached. Commonly, IE has a different security model to other browsers... ensure that you are using the Default IE security zone settings.... Actions like innerHTML go through a sanitization process to remove script content...
  Commonly AJAX calls are made during the onload event...
  Please post questions about web site development to the IE Web Developer forum. Include with your questions a link to your website or a publicly accessible mashup that shows your issue.
  Questions regarding Internet Explorer 8, 9 and 10 and Internet Explorer 11 for the IT Pro Audience. Topics covered are: Installation, Deployment, Configuration, Security, Group Policy, Management questions. If you are a consumer looking for answers or to
  raise a question, it's highly recommended you head on over to http://answers.microsoft.com
  Rob^_^

• I can Ping FW inside interface but can not connect to remote resources

  dear all
  i configer my asa 5520 through ASDM to enable VPN Connection , i follow the cisco steps and it works fine and the anyconnect version 3.1 in Windows 8 - one day troubleshoot for this point only - can connect and have an IP address from the range , but i have something wrong in NAT may be because all guides talking about old ASDM ( NAT Exempt) but i am confeused to apply it on the new ASDM.
  i can ping the inside interface  from my labtop which using anyconnect , but i can not access anything else inside my network
  Please anyone has a solution , please describe it using ASDM , thanks for help
  This is my configuration
  interface GigabitEthernet0/1
  description
  nameif SRV_ZONE
  security-level 50
  ip address 192.168.1.1 255.255.255.0
  interface GigabitEthernet0/2
  description
  nameif TRUST_ZONE
  security-level 100
  ip address 172.17.200.1 255.255.255.0
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif MGMT
  security-level 0
  ip address 10.10.10.1 255.255.255.0
  dns server-group DefaultDNS
  domain-name xxx.xxx.xxx
  object network obj-192.168.1.11
  host 192.168.1.11
  object network obj-xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object service obj-tcp-source-eq-25
  service tcp source eq smtp
  object network obj-192.168.1.12
  host 192.168.1.12
  object network obj-xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object network obj-192.168.1.0
  subnet 192.168.1.0 255.255.255.0
  object service obj-tcp-eq-25
  service tcp destination eq smtp
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network obj-0.0.0.0
  host 0.0.0.0
  object network obj_any-01
  subnet 0.0.0.0 0.0.0.0
  object network obj-172.17.8.8
  host 172.17.8.8
  object network obj-172.17.0.0
  subnet 172.17.0.0 255.255.0.0
  object network obj_any-02
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-03
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-04
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-05
  subnet 0.0.0.0 0.0.0.0
  object network obj_any-06
  subnet 0.0.0.0 0.0.0.0
  object network obj.172.17.8.115
  host 172.17.8.115
  object network obj.xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object service http
  service tcp source eq www destination eq www
  object network obj.xxx.xxx.xxx.xxx
  host xxx.xxx.xxx.xxx
  object service https
  service tcp source eq https destination eq https
  object service newservice
  service tcp source eq pop3 destination eq pop3
  object network mail
  host 172.17.8.8
  description mail     
  object network 192.168.1.11
  host 192.168.1.11
  description smtp     
  object service smtpnew
  service tcp source eq 587 destination eq 587
  object network VPN_RANGE
  description VPN ACCESS RANGE  
  object network VPN_PoOL
  subnet 172.17.16.0 255.255.255.0
  description vpn
  object-group network DM_INLINE_NETWORK_1
  network-object host 192.168.1.11
  network-object host 192.168.1.12
  object-group network Eighth_Floor
  network-object 172.17.8.0 255.255.255.0
  object-group service WEB_SERVICES
  service-object tcp destination eq www
  object-group network ENT_SERVERS
  network-object host 192.168.1.11
  network-object host 192.168.1.1
  object-group network DM_INLINE_NETWORK_2
  network-object 172.17.200.0 255.255.255.0
  network-object 172.17.8.0 255.255.255.0
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq www
  port-object eq https
  port-object eq smtp
  object-group service web tcp
  port-object eq www
  port-object eq xxx
  port-object eq ftp
  port-object eq xxx
  port-object eq xxx
  object-group service xxx_Web_and_Email
  service-object object http
  service-object tcp destination eq pop3
  service-object tcp destination eq smtp
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object udp
  protocol-object tcp
  object-group protocol DM_INLINE_PROTOCOL_2
  protocol-object ip
  object-group protocol DM_INLINE_PROTOCOL_3
  protocol-object ip
  access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 172.17.0.0 255.255.0.0
  access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 any
  access-list justice_splitTunnelAcl standard permit 10.100.100.0 255.255.255.0
  access-list xxx-VPN_splitTunnelAcl remark vpn
  access-list xxx-VPN_splitTunnelAcl standard permit 172.17.16.0 255.255.255.0
  access-list xxx-VPN_splitTunnelAcl standard permit any
  access-list cap extended permit tcp any host xxx.xxx.xxx.xxx eq smtp log
  access-list cap1 extended permit tcp host 192.168.1.11 any eq smtp
  access-list SRV_ZONE_nat_outbound extended permit tcp 192.168.1.0 255.255.255.0 any eq smtp
  access-list SRV_ZONE_nat_outbound extended permit ip host 192.168.1.11 any
  access-list TRUST_ZONE_access_in extended permit ip host 172.17.88.108 any
  access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_2 10.10.3.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.10.50.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit ip 172.17.8.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit ip 172.17.200.0 255.255.255.0 any
  access-list TRUST_ZONE_access_in extended permit ip 172.17.0.0 255.255.0.0 host 192.168.1.12
  access-list TRUST_ZONE_cryptomap extended permit ip xxx.xxx.xxx.xxx 255.255.255.248 any
  access-list outside_access_in extended permit tcp any host 192.168.1.11 eq smtp
  access-list outside_access_in extended permit tcp any host 172.17.8.8 eq www
  access-list outside_access_in extended permit tcp any host 192.168.1.12 object-group web
  access-list outside_access_in extended permit tcp any host 172.17.8.8 eq pop3
  access-list outside_access_in extended permit ip 172.17.16.0 255.255.255.0 any inactive
  access-list vpn remark vpn
  access-list vpn standard permit 172.17.16.0 255.255.255.0
  pager lines 24
  logging enable
  logging trap informational
  logging asdm informational
  logging host TRUST_ZONE 172.17.8.100
  mtu INT_ZONE 1500
  mtu SRV_ZONE 1500
  mtu TRUST_ZONE 1500
  mtu MGMT 1500
  ip local pool VPN_POOL 172.17.16.100-172.17.16.254 mask 255.255.255.0
  ip verify reverse-path interface INT_ZONE
  ip verify reverse-path interface SRV_ZONE
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any SRV_ZONE
  icmp permit any TRUST_ZONE
  asdm image disk0:/asdm-635.bin
  no asdm history enable
  arp timeout 14400
  nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.11 obj-xxx.xxx.xxx.xxx service any obj-tcp-source-eq-25
  nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.12 obj-xxx.xxx.xxx.xxx
  nat (SRV_ZONE,INT_ZONE) source dynamic obj-192.168.1.0 interface service obj-tcp-eq-25 obj-tcp-eq-25
  nat (INT_ZONE,SRV_ZONE) source static any any destination static 192.168.1.11 obj-172.17.8.8 service obj-tcp-source-eq-25 obj-tcp-source-eq-25
  nat (TRUST_ZONE,INT_ZONE) source static VPN_PoOL VPN_PoOL destination static VPN_PoOL VPN_PoOL
  object network obj_any
  nat (SRV_ZONE,INT_ZONE) dynamic obj-0.0.0.0
  object network obj_any-01
  nat (SRV_ZONE,MGMT) dynamic obj-0.0.0.0
  object network obj-172.17.8.8
  nat (TRUST_ZONE,INT_ZONE) static xxx.xxx.xxx.xxx service tcp www www
  object network obj-172.17.0.0
  nat (TRUST_ZONE,SRV_ZONE) static 172.17.0.0
  object network obj_any-02
  nat (TRUST_ZONE,INT_ZONE) dynamic interface
  object network obj_any-03
  nat (TRUST_ZONE,SRV_ZONE) dynamic interface
  object network obj_any-04
  nat (TRUST_ZONE,INT_ZONE) dynamic obj-0.0.0.0
  object network obj_any-05
  nat (TRUST_ZONE,SRV_ZONE) dynamic obj-0.0.0.0
  object network obj_any-06
  nat (TRUST_ZONE,MGMT) dynamic obj-0.0.0.0
  object network obj.172.17.8.115
  nat (TRUST_ZONE,INT_ZONE) static obj.xxx.xxx.xxx.xxx service tcp www www
  object network mail
  nat (TRUST_ZONE,INT_ZONE) static obj-xxx.xxx.xxx.xxx service tcp pop3 pop3
  nat (TRUST_ZONE,INT_ZONE) after-auto source static obj-172.17.8.8 obj-xxx.xxx.xxx.xxx service https https
  access-group outside_access_in in interface INT_ZONE
  access-group DMZ_access_in in interface SRV_ZONE
  access-group TRUST_ZONE_access_in in interface TRUST_ZONE
  route INT_ZONE 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
  route TRUST_ZONE 10.10.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 10.11.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 10.12.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 10.13.0.0 255.255.0.0 172.17.200.254 1
  route TRUST_ZONE 172.17.0.0 255.255.0.0 172.17.200.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication enable console LOCAL
  aaa authentication http console LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication serial console LOCAL
  http server enable
  http 172.17.8.0 255.255.255.0 TRUST_ZONE
  http 172.17.8.155 255.255.255.255 TRUST_ZONE
  http 172.17.8.45 255.255.255.255 TRUST_ZONE
  http 10.10.10.2 255.255.255.255 MGMT
  http 192.168.1.12 255.255.255.255 SRV_ZONE
  http 0.0.0.0 0.0.0.0 INT_ZONE
  http 172.17.200.0 255.255.255.0 TRUST_ZONE
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map pol 1 match address TRUST_ZONE_cryptomap
  crypto dynamic-map pol 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map INT_ZONE_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map TRUST_ZONE_map0 1 ipsec-isakmp dynamic pol
  crypto map TRUST_ZONE_map0 interface TRUST_ZONE
  crypto map INT_ZONE_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map INT_ZONE_map0 interface INT_ZONE
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment self
  fqdn SEC-xxx-FW1
  subject-name CN=SEC-xxx-FW1
  no client-types
  proxy-ldc-issuer
  crl configure
  crypto ca trustpoint ASDM_TrustPoint1
  enrollment self
  subject-name CN=SEC-xxx-FW1
  keypair sslvpnkeypair
  crl configure
  crypto ca certificate chain ASDM_TrustPoint0
  certificate 31
      57f4e52e 6b851966 77515d62 c209a0df 1c32ce94 bb90cbce 497cfd04 6745ea85
      efb75f85 2ae1ad35 344d94ab 915e01ab d3292626 ac697a52 b4ed6632 d3ed2332 ae
    quit
  crypto ca certificate chain ASDM_TrustPoint1
  certificate e6054352
      c64f3661 30f14c3d 06b5f039 9f14560d 3b154fd1 42782268 7531689e 8e547d91
      85e88415 e326f653 74733a6c a3f5c935 f7e83f56 f6
    quit
  crypto isakmp enable INT_ZONE
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 INT_ZONE
  ssh 172.17.8.0 255.255.255.0 TRUST_ZONE
  ssh 10.10.10.2 255.255.255.255 MGMT
  ssh timeout 5
  console timeout 0
  management-access TRUST_ZONE
  vpn load-balancing
  interface lbpublic INT_ZONE
  interface lbprivate INT_ZONE
  priority-queue INT_ZONE
    tx-ring-limit 256
  threat-detection basic-threat
  threat-detection scanning-threat
  threat-detection statistics host number-of-rate 3
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl trust-point ASDM_TrustPoint1 INT_ZONE
  webvpn
  enable INT_ZONE
  svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
  svc enable
  tunnel-group-list enable
  group-policy xxx-VPN internal
  group-policy xxx-VPN attributes
  dns-server value xx.xx.xx.xx xx.xx.xx.xx
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value xxx-VPN_splitTunnelAcl
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol webvpn
  group-policy GPNEW internal
  group-policy GPNEW attributes
  dns-server value 172.17.8.41
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  default-domain value xxx.xxx.xxx
  address-pools value VPN_POOL
  username VPNAM password xxx encrypted
  username VPNAM attributes
  service-type remote-access
  vpn-group-policy xxx-VPN
  tunnel-group xxx-VPN type remote-access
  tunnel-group xxx-VPN general-attributes
  dhcp-server 172.17.8.41
  tunnel-group xxx-VPN ipsec-attributes
  pre-shared-key *****
  tunnel-group pol type ipsec-l2l
  tunnel-group pol ipsec-attributes
  pre-shared-key *****
  trust-point ASDM_TrustPoint0
  tunnel-group SSLClientProfile type remote-access
  tunnel-group SSLClientProfile general-attributes
  address-pool VPN_POOL
  default-group-policy GPNEW
  tunnel-group SSLClientProfile webvpn-attributes
  group-alias SSLVPNClient enable
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect ip-options
    inspect pptp
  service-policy global_policy global
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:78a941e3f509dec8f3570c60061eedaa
  : end

  thanks god
  i solve the problem
  the problem is in NAT
  i creat an object with the ip address host from VPN pool and name it vpn
  then i do the nat from inside to that host as the following picture...
  trust zone is the inside zone
  vpn is the outside vpn host...
  thanks and hope it helps anyone else...