04-16-2009 07:18 AM - edited 03-11-2019 08:19 AM
This is a 199.213.186.0/254 network with gateway of 199.213.186.16.
A device which is assigned (dhcp or static) a 199.213.187.x address cannot ping a 199.213.186.x device. .186.x can, however, ping .187.x device.
So when I try to telnet to a .186.x cisco switch from a .187.x workstation, I cannot connect at all. But if I give the workstation a .186.x static IP, I can connect.
Any ideas why???!?!?
04-16-2009 07:20 AM
ahw-cwb08-cgi-asa1# sh run
: Saved
:
ASA Version 8.0(4)
!
hostname ahw-cwb08-cgi-asa1
domain-name edm.cgi.com
enable password ZT9a9oZN5U5rsJoR encrypted
passwd ZT9a9oZN5U5rsJoR encrypted
names
dns-guard
!
interface Ethernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 155.15.237.166 255.255.255.252
ospf cost 10
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 199.213.186.16 255.255.254.0
ospf cost 10
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
!
banner exec WARNING
banner exec You have logged in to a secure CGI device. If you are not authorized to access this
banner exec device, log out immediately or risk possible criminal consequences.
banner asdm WARNING
banner asdm You have logged in to a secure CGI device. If you are not authorized to access this
banner asdm device, log out immediately or risk possible criminal consequences.
boot system disk0:/asa804-k8.bin
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns server-group DefaultDNS
domain-name domain.domain.com
access-list Outside_access_in extended permit ip 155.15.237.172 255.255.255.252 any
access-list Outside_access_in extended permit ip 155.15.237.0 255.255.255.252 any
access-list Outside_access_in extended permit ip 155.15.237.164 255.255.255.252 any
access-list Outside_access_in extended permit ip 155.15.0.0 255.255.0.0 any
access-list Outside_access_in extended permit icmp any any echo
access-list Outside_access_in extended permit icmp any any echo-reply
access-list Outside_access_in extended permit icmp any any source-quench
access-list Outside_access_in extended permit icmp any any unreachable
access-list Outside_access_in extended permit icmp any any time-exceeded
access-list Outside_access_in remark Rule for Exchange mail flow
access-list Outside_access_in extended permit tcp any any eq smtp
access-list Outside_access_in extended permit tcp any any eq ftp
pager lines 24
logging enable
logging timestamp
logging trap debugging
logging asdm warnings
logging from-address blah@blah.com
logging recipient-address blah@blah.com level alerts
logging facility 16
logging host inside 199.213.186.223
logging rate-limit unlimited message 106100
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-615.bin
no asdm history enable
arp timeout 14400
static (inside,outside) 199.213.186.0 199.213.186.0 netmask 255.255.254.0
access-group Outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 155.15.237.165 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 199.213.186.0 255.255.254.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no service resetoutbound interface outside
no service resetoutbound interface inside
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
04-16-2009 07:21 AM
telnet timeout 5
ssh 155.15.237.0 255.255.255.0 outside
ssh 199.213.186.0 255.255.254.0 inside
ssh timeout 60
ssh version 2
console timeout 0
management-access inside
threat-detection basic-threat
no threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 129.128.5.210 source outside
username user password vNMGUw31jV6rSd1. encrypted privilege 15
username user2 password 3kZuWgFBc69Td5Jq encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
!
service-policy global_policy global
smtp-server x.x.x.x
prompt hostname context
Cryptochecksum:431a954f8f9a977dd3c6ef601eb4c87e
: end
ahw-cwb08-cgi-asa1#
04-16-2009 07:53 AM
I don't see any global or nat statements. Are you not using nat? If you need to, you can enable like this:
global (outside) 1 interface
nat (inside) 1 0 0
HTH,
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide