Weired issue odd IP's can ping the VIP and even can't!
Hello experts!
we have two nexus 9k core, attached to the HP Blade v7000 chasis and VPC configured. All Vlans are HSRP are configured. VPC is configured successfully. But the weird this is that source IP address 10.1.2.3 can ping the dest VIP (on the loadblanacer) but 10.1.2.4 can't ie all odd IP's can ping the vip and even IP's can't ping and this is happening in all other Vlans. No firewall no security applience ... windows firewalls are turned off, no ACL's on the swtiches. If I shut down the interface on nexus 1 then all IP's can ping the VIP, as soon as I unshut the interface then .4 stops pinging, and if I shutdown the interface on nexus 2 then all IP's can ping. 10 gig links are connected to Flex fabric card and vpc port channel is up. Any thoughts or help ?
Nexus 1 Nexus 2
Nexus 1
show hsrp active brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan99 1 120 P Active local 10.104.0.3 10.104.0.1 (conf)
Vlan160 5 120 P Active local 10.104.5.3 10.104.5.1 (conf)
Vlan200 6 120 P Active local 10.104.6.3 10.104.6.1 (conf)
Vlan210 7 120 P Active local 10.104.7.3 10.104.7.1 (conf)
Vlan310 9 120 P Active local 10.104.9.3 10.104.9.1 (conf)
Vlan350 11 120 P Active local 10.104.11.3 10.104.11.1 (conf)
Vlan450 13 120 P Active local 10.104.13.3 10.104.13.1 (conf)
Vlan700 14 120 P Active local 10.104.14.6 10.104.14.4 (conf)
Vlan750 15 120 P Active local 10.104.15.3 10.104.15.1 (conf)
=======================
Nexus 2
show hsrp active brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan100 3 120 P Active local 10.104.2.2 10.104.2.1
(conf)
Vlan150 4 120 P Active local 10.104.4.2 10.104.4.1
(conf)
Vlan199 2 120 P Active local 10.104.1.2 10.104.1.1
(conf)
Vlan300 8 120 P Active local 10.104.8.2 10.104.8.1
(conf)
Vlan320 10 120 P Active local 10.104.10.2 10.104.10.1
(conf)
Vlan400 12 120 P Active local 10.104.12.2 10.104.12.1
(conf)
Vlan760 16 120 P Active local 10.104.16.2 10.104.16.1
Similar Messages
-
Weired issue odd IP's can ping the VIP and even can't on the Nexus 9K switch.
Hello experts!
we have two nexus 9k core, attached to the HP Blade v7000 chasis and VPC configured. All Vlans are HSRP are configured. VPC is configured successfully. But the weird this is that source IP address 10.1.2.3 can ping the dest VIP (on the loadblanacer) but 10.1.2.4 can't ie all odd IP's can ping the vip and even IP's can't ping and this is happening in all other Vlans. No firewall no security applience ... windows firewalls are turned off, no ACL's on the swtiches. If I shut down the interface on nexus 1 then all IP's can ping the VIP, as soon as I unshut the interface then .4 stops pinging, and if I shutdown the interface on nexus 2 then all IP's can ping. 10 gig links are connected to Flex fabric card and vpc port channel is up. Any thoughts or help ?
Nexus 1 Nexus 2Hello experts!
we have two nexus 9k core, attached to the HP Blade v7000 chasis and VPC configured. All Vlans are HSRP are configured. VPC is configured successfully. But the weird this is that source IP address 10.1.2.3 can ping the dest VIP (on the loadblanacer) but 10.1.2.4 can't ie all odd IP's can ping the vip and even IP's can't ping and this is happening in all other Vlans. No firewall no security applience ... windows firewalls are turned off, no ACL's on the swtiches. If I shut down the interface on nexus 1 then all IP's can ping the VIP, as soon as I unshut the interface then .4 stops pinging, and if I shutdown the interface on nexus 2 then all IP's can ping. 10 gig links are connected to Flex fabric card and vpc port channel is up. Any thoughts or help ?
Nexus 1 Nexus 2 -
Hi, using iphoto 6, i suddenly lost albums: they are still in the directory, but no pictures in some albums.Using finder, I can locate the pictures and even get preview. But impossible to import them. Anyone can help? thanks
Try these in order - from best option on down...
1. Do you have an up-to-date back up? If so, try copy the library6.iphoto file from the back up to the iPhoto Library allowing it to overwrite the damaged file.
2. Download <a href="http://www.fatcatsoftware.com/iplm/"><b><u>iPhoto Library Manager</b></u></a> and use its rebuild function. This will create a new library based on data in the albumdata.xml file. Not everything will be brought over - no slideshows, books or calendars, for instance - but it should get all your albums and keywords back.
Because this process creates an entirely new library and leaves your old one untouched, it is non-destructive, and if you're not happy with the results you can simply return to your old one.
3. If neither of these work then you'll need to create and populate a new library.
To create and populate a new *iPhoto 6* library:
Note this will give you a working library with the same Rolls and pictures as before, however, you will lose your albums, keywords, modified versions, books, calendars etc.
Move the iPhoto Library to the desktop
Launch iPhoto. It will ask if you wish to create a new Library. Say Yes.
Go into the iPhoto Library on your desktop and find the Originals folder. From the Originals folder drag the individual Roll Folders to the iPhoto Window and it will recreate them in the new library.
When you're sure all is well you can delete the iPhoto Library on your desktop.
In the future, in addition to your usual back up routine, you might like to make a copy of the library6.iPhoto file whenever you have made changes to the library as protection against database corruption. -
Help
WhyWontThisWork:
I can definitely how frustrating it must be to not be able to take pictures or even view pictures that have already been taken with your LG Dare.
Since this problem has started, have you tried to either:
a.) put that memory card in an alternate phone to see if the pictures can be viewed on there
b.) use a card reader/adapter in a computer to see if the pictures can be viewed on the computer
c.) take the memory card out of the phone and then try to take a picture?
What I am trying to determine is which of the 2 is defective (phone or memory card)
If you are able to view pictures in another phone, or on the computer , then you may have a bad card. If that is the case, you can transfer the pictures to the computer and then format the memory card by
Note: This procedure will erase all data on the memory card. It is recommended to back up the data.
From the home screen, touch the menu tab.
Touch Settings.
Touch SD card & phone storage.
Touch Unmount SD card.
Touch Format SD card.
Once you have done the formatting, try to take pictures again. If you continue to have problems it more than likely is the phone.
Also, in order to access PixPlace, log into your MyVerizon account, at the top, you should see "Messaging" go down to "Manage your photo albums" once there, you should see "My Media", however, if you have already received a message advising you that your album would be deleted if you haven't logged on in more than 180 days, all pictures have then most definitely been deleted. Again, we do send warning messages once the online album hasn't been accessed in 150, 175, 180 days respectively prior to deletion. -
I had no problem being connected to the store and browsing. I eventually bought a CD but it won't download it. It won't download podcasts either. It tells me that I don't have the privilege to do so and to connect my network settings. This is the first time I'm using my MacBook Pro with iTunes. What is wrong?
As it says on the page that you posted from :
If you download a rented movie on your iPhone 4 or later, iPad, iPod touch (4th generation or later), or Apple TV: It is not transferable to any other device or computer.
Why it's like that I don't think that Apple have said (these are user-to-user forums). If you haven't downloaded it on your iPad then have you checked to see if you can download it on your computer's iTunes (Store > Check For Available Downloads menu option) or Apple TV ?
If it doesn't show on either of them then you can try contacting iTunes Support and see if they will let you download it on a different computer/device or refund or credit you : http://reportaproblem.apple.com
If the 'report a problem' link doesn't work then you can try contacting iTunes Support via this page : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page -
It worked this morning. The only change done during the day is adding 250 photos to the Organizer
Hi,
If it was working but now fails, it could be a problem with your catalog.
I would suggest you try repairing and optimizing it
Load the organizer
From the File menu, select Catalog - that should open the Catalog Manager.
Select you current catalog and click on the Repair button
When that has finished, click on the Optimize button
When that is done, click on the Cancel button to close the Catalog Manager.
If it crashes before you can get into the Catalog Manager, start the organizer while holding down the shift key - that should go straight into the Catalog Manger - resume at step 3 above.
If after repairing, you still get it crashing, then try the next test.
Start the organizer while holding down the shift key so that you enter the Catalog Manager.
Click on the New button (top right) and enter a new name (TestCat or something) and click on OK button.
That should create a new empty catalog. You can see if that says up for more than a minute. You could try importing a few images but I suggest that you don't do anything with them.
If that stays running then we know it is the catalog - otherwise it is the application.
Good luck
Brian -
My Vista PC can ping my Mac but I can't see it in the network
I have a network consisting of one PC running Windows Vista Ultimate wired to a WRT300N V1 and a MacBook Pro hooked up wirelessly to the same router. The router is connected to a Cox cable modem. Both the PC and the Mac belong to the same workgroup named "workgroup". Both the PC and the Mac can communicate with the router on 192.168.1.1 and both have access to the internet through the router. My problem is that I can't network the PC and the Mac. I can ping the Mac and get response but the Mac can't ping the PC nor see it. Nor can the PC see the Mac in the network environment so file sharing is impossible. The PC and the Mac have IP:s 192.168.1.101 and 192.168.1.100 respectively and both have subnet 255.255.255.0. I have built many network, PC to PC and PC to Mac but never with Windows Vista and never had this problem.
Can anyone think of a solution?
GertI'm having same issues on all my Linksys routers, I'm at the point of buying a AEBS.
-
Using tab groups but Firefox 28.0 crashes and even can not save all tabs in archive recently
Hi. I installed tab groups addon on my firefox 28.0 (firefox portable version) and each group has its tabs. of course. Problem is that Firefox crashes when i work on a group with the tabs and even can not save all tabs in archive as MAFF recently too. When i try to save all tabs in archive as... i choose the name and hit save and wait but after some time this crashes too. Last time i saved all my tabs and groups as MAFF or other file was end of april and since then i can not save them anymore because of the crashing.
I read on the help site to delete Firefox then reinstall ect. to fix problems but I DO NOT want to erase my groups with their tabs as i chose this solution working with group tabs as it would be to hard on my cpu when i use for each group a different browser for example.
Please help me fix this problem with the crashes but without loosing my groups and its tabs as they are all important and do not wish to erase them as i use them all.
Thanks and hope for a soon reply :)Can you give me your crash reports?
#Enter ''about:crashes'' in the Firefox address bar and press Enter. A Submitted Crash Reports list will appear, similar to the one shown below.
#Copy the '''5''' most recent Report IDs that start with '''bp-''' and paste them into your response here. -
DNS Issues - Can ping server name and IPs but not FQDNs.
Hi All,
Hopefully some one can help me here, I am having an issue where one of my domain attached servers cannot ping any FQDNs in the environment but it can ping the host names and the IPs and look up the host names from a reverse look up.
We have done the following troubleshooting:
Flushed and registered DNS cache.
Restarted the DNS client and net logon services on the effected server
Preformed standard checks and commands such as:
Checked the event logs and found there were warnings for DNS registration.
Compared the DNS settings in the network adapters across the rest of the servers in the environment and found that they were all the same. DNS Suffixes are added in the correct order and are set to register.
Pinging FQDNs which is not giving any results.
Tracert FQDNs which is also not giving any results.
Nslookup which is querying the DNS server directly and giving results as expected
Ran the command which reported successful: dcdiag /test:registerindns /dnsdomain:sub.domain.net /v
Checked and updated the permissions on DNS for the affected server to give the server full control of its own DNS entry.
Replaced the DNS Client service DLL with one from a server that is working as expected.
Also worth noting is that the affected server (as well as every other server in the environment) has 2 NICs, one that communicates with DNS and AD and the other does not have any DNS IPs set.
Not this is not the first time this happened, a reboot fixed the issue before but it seems to be a reoccurring problem now.
If any one can shed some light on this issue I would be grateful.
Regards,
Steve.Hi Steve,
First, we should confirm if this issue is caused by DNS.
When you ping the FQDN, does the server show the correct corresponding IP address?
If no, there should be some error messages. If it is possible, please post the screenshot of this issue.
To check the process about how does server resolve the FQDN, please follow the steps below:
clear local DNS cache with command ipconfig /flushdns
perform the network capture
ping the specified FQDN
Check the DNS traffic
To download Network Monitor, please click the link below:
http://www.microsoft.com/en-hk/download/details.aspx?id=4865
Besides, have you tried to update the NIC driver to the latest version?
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
I have 3 servers : Main server, and 2 file servers in another country.
My main server can only ping the 2nd file server.
But both of our 2 file servers from another country can ping the main server.
In short, I cannot remote to the first file server.
The settings on both file servers are the same. And I don't have issues in accessing the 2nd file server using the Main server.
Can somebody have the patience to help me figure out the issue?Being able to ping the server does not mean that you remotely access it.
If you are trying to RDP a server then you need to check that RDP is enabled on the server and that traffic to port 3389 is not blocked or filtered. You can use PortQryUI for checking.
For testing, you can temporary disable security software running on the servers and try again. Also, check the filtering done on network equipment in between your servers.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
I have a Mac on my home network and also a Systemline music server on same network. My PC was able to find the server but my MAC cannot. I can ping the server from the mac, but cannot actually connect . Also can't add the mac as a location from server, despite following the Systemline instructions that impy this can be done.
Can anyone please advise what I am doing wrong?Hi LowLuster
Thanks for reply. I am not an expert on these sharing protocols but I think I have turned on SMB sharing but still wont connect. I tried adding netwrik drive by using cntrl K in finder and using smb\\network address but nothing. It is driving me mad!! -
I am having sound issues with the website Pottermore while using Safari 6.1. I once muted the sound and now can't unmute it even though the icon tells me it's unmuted. I can hear samples of audio books in the store section. Any ideas? I have reset Safari. Website works fine on Firefox.
I am having sound issues with the website Pottermore while using Safari 6.1. I once muted the sound and now can't unmute it even though the icon tells me it's unmuted. I can hear samples of audio books in the store section. Any ideas? I have reset Safari. Website works fine on Firefox.
-
Trying to get home sharing working on a corporate wireless network. Cisco wireless.
WLC5508 controller
Cisco 3502 access points
All apple devices on same WLAN - security WPA2-PSK
ITunes account up to date
All devices laterst software.
Can ping apll tv from laptop
can ping apple tv from ipad
Can ping ipad from laptop
can ping laptop from ipad.
Apple tv never sees any other device.
Any ideas?Fascinating just reading about your setup. I have a WRT350N and have noticed that it will drop its speed, sometimes down to 1Mbps. It seems to do so at about the same time every day, but usually comes back to speed in about 5 minutes. In my experience, the Apple TV will disconnect if the speed falls this low. Try monitoring the Linksys with Netstumbler, Vistumbler, or just in the Windows Network utility.
Check the "lease obtained" and "lease expired" times for your router to see if that is when the network fails. I've just finished reading an angry thread over at the Linksys forum about the WRT330N where someone mentioned that the router wasn't renewing its lease.
"I cannot set it run off automatic DHCP from the WRT330N, the router will not assign it an IP every time the lease expires, causing me to have to manually set an IP on the Print server. That's annoying. Having the router drop IP's to individual machines after 12-48 hours...very annoying."
http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&thread .id=67412
If that is the problem, then I would consider setting up a Static IP address for your Apple TV. You can do that through the user interface -> Settings -> Network -> Configure ... (Quite intuitive as you only have change IP address and the subsequent details remain the same.)
My router assigns IP Addresses in the ranges of 192.168.1.100 ->149. The idea here is to choose an address outside of that range but is not greater than 192.168.1.253 (and should not end in the number 1). You shouldn't have to change the linksys router as long as 50 clients are assigned in that range. You'll have to figure that out by accessing your router webpage at browser address 192.168.1.1 -> the default password is "admin" (without the quotes).
Good luck. -
Hi,
I'm running web applications and there is performance issue is most probably caused by the fact that IE can not handle such amount of requests that are forwarded to the server at the same time.
Data:
On IE(10) – search variety 11- it takes a long time (about 25 seconds for response) .
in general, the responding time of "search variety" in IE is much longer than Chrome.
IE - see:http://screencast.com/t/kSeT3hC2mRfV
Chrome see:http://screencast.com/t/NYf6fskU
Why? any solution ?
Thanks,Hi,
without a link to your site (so we can use the same tools mentioned above)... we can only guess.
these are peer to peer support forums... your favorite web search engine will help you to learn about web development.
display the Developer tool console in each browser to view the suppressed error messages.
All modern browsers support the performance api or your can use the Networking tab to view the latency metrics for the site.... commonly you may be using meta directives for caching instead of server headers or you have different settings between browsers
which determine how long resources are cached. Commonly, IE has a different security model to other browsers... ensure that you are using the Default IE security zone settings.... Actions like innerHTML go through a sanitization process to remove script content...
Commonly AJAX calls are made during the onload event...
Please post questions about web site development to the IE Web Developer forum. Include with your questions a link to your website or a publicly accessible mashup that shows your issue.
Questions regarding Internet Explorer 8, 9 and 10 and Internet Explorer 11 for the IT Pro Audience. Topics covered are: Installation, Deployment, Configuration, Security, Group Policy, Management questions. If you are a consumer looking for answers or to
raise a question, it's highly recommended you head on over to http://answers.microsoft.com
Rob^_^ -
I can Ping FW inside interface but can not connect to remote resources
dear all
i configer my asa 5520 through ASDM to enable VPN Connection , i follow the cisco steps and it works fine and the anyconnect version 3.1 in Windows 8 - one day troubleshoot for this point only - can connect and have an IP address from the range , but i have something wrong in NAT may be because all guides talking about old ASDM ( NAT Exempt) but i am confeused to apply it on the new ASDM.
i can ping the inside interface from my labtop which using anyconnect , but i can not access anything else inside my network
Please anyone has a solution , please describe it using ASDM , thanks for help
This is my configuration
interface GigabitEthernet0/1
description
nameif SRV_ZONE
security-level 50
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/2
description
nameif TRUST_ZONE
security-level 100
ip address 172.17.200.1 255.255.255.0
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif MGMT
security-level 0
ip address 10.10.10.1 255.255.255.0
dns server-group DefaultDNS
domain-name xxx.xxx.xxx
object network obj-192.168.1.11
host 192.168.1.11
object network obj-xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object service obj-tcp-source-eq-25
service tcp source eq smtp
object network obj-192.168.1.12
host 192.168.1.12
object network obj-xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object service obj-tcp-eq-25
service tcp destination eq smtp
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-0.0.0.0
host 0.0.0.0
object network obj_any-01
subnet 0.0.0.0 0.0.0.0
object network obj-172.17.8.8
host 172.17.8.8
object network obj-172.17.0.0
subnet 172.17.0.0 255.255.0.0
object network obj_any-02
subnet 0.0.0.0 0.0.0.0
object network obj_any-03
subnet 0.0.0.0 0.0.0.0
object network obj_any-04
subnet 0.0.0.0 0.0.0.0
object network obj_any-05
subnet 0.0.0.0 0.0.0.0
object network obj_any-06
subnet 0.0.0.0 0.0.0.0
object network obj.172.17.8.115
host 172.17.8.115
object network obj.xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object service http
service tcp source eq www destination eq www
object network obj.xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object service https
service tcp source eq https destination eq https
object service newservice
service tcp source eq pop3 destination eq pop3
object network mail
host 172.17.8.8
description mail
object network 192.168.1.11
host 192.168.1.11
description smtp
object service smtpnew
service tcp source eq 587 destination eq 587
object network VPN_RANGE
description VPN ACCESS RANGE
object network VPN_PoOL
subnet 172.17.16.0 255.255.255.0
description vpn
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.1.11
network-object host 192.168.1.12
object-group network Eighth_Floor
network-object 172.17.8.0 255.255.255.0
object-group service WEB_SERVICES
service-object tcp destination eq www
object-group network ENT_SERVERS
network-object host 192.168.1.11
network-object host 192.168.1.1
object-group network DM_INLINE_NETWORK_2
network-object 172.17.200.0 255.255.255.0
network-object 172.17.8.0 255.255.255.0
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
port-object eq https
port-object eq smtp
object-group service web tcp
port-object eq www
port-object eq xxx
port-object eq ftp
port-object eq xxx
port-object eq xxx
object-group service xxx_Web_and_Email
service-object object http
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 172.17.0.0 255.255.0.0
access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 any
access-list justice_splitTunnelAcl standard permit 10.100.100.0 255.255.255.0
access-list xxx-VPN_splitTunnelAcl remark vpn
access-list xxx-VPN_splitTunnelAcl standard permit 172.17.16.0 255.255.255.0
access-list xxx-VPN_splitTunnelAcl standard permit any
access-list cap extended permit tcp any host xxx.xxx.xxx.xxx eq smtp log
access-list cap1 extended permit tcp host 192.168.1.11 any eq smtp
access-list SRV_ZONE_nat_outbound extended permit tcp 192.168.1.0 255.255.255.0 any eq smtp
access-list SRV_ZONE_nat_outbound extended permit ip host 192.168.1.11 any
access-list TRUST_ZONE_access_in extended permit ip host 172.17.88.108 any
access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_2 10.10.3.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.10.50.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit ip 172.17.8.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit ip 172.17.200.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit ip 172.17.0.0 255.255.0.0 host 192.168.1.12
access-list TRUST_ZONE_cryptomap extended permit ip xxx.xxx.xxx.xxx 255.255.255.248 any
access-list outside_access_in extended permit tcp any host 192.168.1.11 eq smtp
access-list outside_access_in extended permit tcp any host 172.17.8.8 eq www
access-list outside_access_in extended permit tcp any host 192.168.1.12 object-group web
access-list outside_access_in extended permit tcp any host 172.17.8.8 eq pop3
access-list outside_access_in extended permit ip 172.17.16.0 255.255.255.0 any inactive
access-list vpn remark vpn
access-list vpn standard permit 172.17.16.0 255.255.255.0
pager lines 24
logging enable
logging trap informational
logging asdm informational
logging host TRUST_ZONE 172.17.8.100
mtu INT_ZONE 1500
mtu SRV_ZONE 1500
mtu TRUST_ZONE 1500
mtu MGMT 1500
ip local pool VPN_POOL 172.17.16.100-172.17.16.254 mask 255.255.255.0
ip verify reverse-path interface INT_ZONE
ip verify reverse-path interface SRV_ZONE
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any SRV_ZONE
icmp permit any TRUST_ZONE
asdm image disk0:/asdm-635.bin
no asdm history enable
arp timeout 14400
nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.11 obj-xxx.xxx.xxx.xxx service any obj-tcp-source-eq-25
nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.12 obj-xxx.xxx.xxx.xxx
nat (SRV_ZONE,INT_ZONE) source dynamic obj-192.168.1.0 interface service obj-tcp-eq-25 obj-tcp-eq-25
nat (INT_ZONE,SRV_ZONE) source static any any destination static 192.168.1.11 obj-172.17.8.8 service obj-tcp-source-eq-25 obj-tcp-source-eq-25
nat (TRUST_ZONE,INT_ZONE) source static VPN_PoOL VPN_PoOL destination static VPN_PoOL VPN_PoOL
object network obj_any
nat (SRV_ZONE,INT_ZONE) dynamic obj-0.0.0.0
object network obj_any-01
nat (SRV_ZONE,MGMT) dynamic obj-0.0.0.0
object network obj-172.17.8.8
nat (TRUST_ZONE,INT_ZONE) static xxx.xxx.xxx.xxx service tcp www www
object network obj-172.17.0.0
nat (TRUST_ZONE,SRV_ZONE) static 172.17.0.0
object network obj_any-02
nat (TRUST_ZONE,INT_ZONE) dynamic interface
object network obj_any-03
nat (TRUST_ZONE,SRV_ZONE) dynamic interface
object network obj_any-04
nat (TRUST_ZONE,INT_ZONE) dynamic obj-0.0.0.0
object network obj_any-05
nat (TRUST_ZONE,SRV_ZONE) dynamic obj-0.0.0.0
object network obj_any-06
nat (TRUST_ZONE,MGMT) dynamic obj-0.0.0.0
object network obj.172.17.8.115
nat (TRUST_ZONE,INT_ZONE) static obj.xxx.xxx.xxx.xxx service tcp www www
object network mail
nat (TRUST_ZONE,INT_ZONE) static obj-xxx.xxx.xxx.xxx service tcp pop3 pop3
nat (TRUST_ZONE,INT_ZONE) after-auto source static obj-172.17.8.8 obj-xxx.xxx.xxx.xxx service https https
access-group outside_access_in in interface INT_ZONE
access-group DMZ_access_in in interface SRV_ZONE
access-group TRUST_ZONE_access_in in interface TRUST_ZONE
route INT_ZONE 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
route TRUST_ZONE 10.10.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 10.11.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 10.12.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 10.13.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 172.17.0.0 255.255.0.0 172.17.200.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
http server enable
http 172.17.8.0 255.255.255.0 TRUST_ZONE
http 172.17.8.155 255.255.255.255 TRUST_ZONE
http 172.17.8.45 255.255.255.255 TRUST_ZONE
http 10.10.10.2 255.255.255.255 MGMT
http 192.168.1.12 255.255.255.255 SRV_ZONE
http 0.0.0.0 0.0.0.0 INT_ZONE
http 172.17.200.0 255.255.255.0 TRUST_ZONE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map pol 1 match address TRUST_ZONE_cryptomap
crypto dynamic-map pol 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map INT_ZONE_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map TRUST_ZONE_map0 1 ipsec-isakmp dynamic pol
crypto map TRUST_ZONE_map0 interface TRUST_ZONE
crypto map INT_ZONE_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map INT_ZONE_map0 interface INT_ZONE
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn SEC-xxx-FW1
subject-name CN=SEC-xxx-FW1
no client-types
proxy-ldc-issuer
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment self
subject-name CN=SEC-xxx-FW1
keypair sslvpnkeypair
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 31
57f4e52e 6b851966 77515d62 c209a0df 1c32ce94 bb90cbce 497cfd04 6745ea85
efb75f85 2ae1ad35 344d94ab 915e01ab d3292626 ac697a52 b4ed6632 d3ed2332 ae
quit
crypto ca certificate chain ASDM_TrustPoint1
certificate e6054352
c64f3661 30f14c3d 06b5f039 9f14560d 3b154fd1 42782268 7531689e 8e547d91
85e88415 e326f653 74733a6c a3f5c935 f7e83f56 f6
quit
crypto isakmp enable INT_ZONE
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 INT_ZONE
ssh 172.17.8.0 255.255.255.0 TRUST_ZONE
ssh 10.10.10.2 255.255.255.255 MGMT
ssh timeout 5
console timeout 0
management-access TRUST_ZONE
vpn load-balancing
interface lbpublic INT_ZONE
interface lbprivate INT_ZONE
priority-queue INT_ZONE
tx-ring-limit 256
threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics host number-of-rate 3
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint1 INT_ZONE
webvpn
enable INT_ZONE
svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy xxx-VPN internal
group-policy xxx-VPN attributes
dns-server value xx.xx.xx.xx xx.xx.xx.xx
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value xxx-VPN_splitTunnelAcl
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol webvpn
group-policy GPNEW internal
group-policy GPNEW attributes
dns-server value 172.17.8.41
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
default-domain value xxx.xxx.xxx
address-pools value VPN_POOL
username VPNAM password xxx encrypted
username VPNAM attributes
service-type remote-access
vpn-group-policy xxx-VPN
tunnel-group xxx-VPN type remote-access
tunnel-group xxx-VPN general-attributes
dhcp-server 172.17.8.41
tunnel-group xxx-VPN ipsec-attributes
pre-shared-key *****
tunnel-group pol type ipsec-l2l
tunnel-group pol ipsec-attributes
pre-shared-key *****
trust-point ASDM_TrustPoint0
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
address-pool VPN_POOL
default-group-policy GPNEW
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
inspect pptp
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:78a941e3f509dec8f3570c60061eedaa
: endthanks god
i solve the problem
the problem is in NAT
i creat an object with the ip address host from VPN pool and name it vpn
then i do the nat from inside to that host as the following picture...
trust zone is the inside zone
vpn is the outside vpn host...
thanks and hope it helps anyone else...
Maybe you are looking for
-
I own an iPad 2 and love it, feeding it with new apps on a regular basis. However it does have obvious shortcomings and I'm seriously thinking of buying another tablet that has features which are missing. Keyboard I'll start with the the most common
-
Double Space File from GET Download from Server
Whenever I GET a file within Dreamweaver (FTP) from the server, PHP and CSS files come down as double spaced. I've search many forums and changed the Code Format under Preferences but still get the same issues. I'm running the most current version of
-
Hello everytime I try to run a program in the wirless toolkit, the program transfers to the emulator but when I click launch I get this error Running with storage root DefaultGrayPhone Method............: 100d2aa8 'com/sun/midp/midlet/MIDletState.cre
-
I cannot complete the i07 download on my i Phone and am unable to do anyhing on my phone! Get to submit rescue email stage, but the "next" button won't let me do anything.
-
Hi all, I just purchased a Ipod nano 16GB. I synched around 770 songs last night. I found that if I unchecked some playlists, artists they would disappear from my Ipod nano and I have to go back in and check the box to synch them back in. Is this nor