Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
3
Replies

Cannot ping from 199.213.187.x to 199.213.186.x

support.edm
Level 1
Level 1

‎04-16-2009 07:18 AM - edited ‎03-11-2019 08:19 AM

This is a 199.213.186.0/254 network with gateway of 199.213.186.16.

A device which is assigned (dhcp or static) a 199.213.187.x address cannot ping a 199.213.186.x device. .186.x can, however, ping .187.x device.

So when I try to telnet to a .186.x cisco switch from a .187.x workstation, I cannot connect at all. But if I give the workstation a .186.x static IP, I can connect.

Any ideas why???!?!?

Labels:
0 Helpful
3 Replies 3

support.edm
Level 1
Level 1

‎04-16-2009 07:20 AM

ahw-cwb08-cgi-asa1# sh run

: Saved

:

ASA Version 8.0(4)

!

hostname ahw-cwb08-cgi-asa1

domain-name edm.cgi.com

enable password ZT9a9oZN5U5rsJoR encrypted

passwd ZT9a9oZN5U5rsJoR encrypted

names

dns-guard

!

interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address 155.15.237.166 255.255.255.252

ospf cost 10

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 199.213.186.16 255.255.254.0

ospf cost 10

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

management-only

!

banner exec WARNING

banner exec You have logged in to a secure CGI device. If you are not authorized to access this

banner exec device, log out immediately or risk possible criminal consequences.

banner asdm WARNING

banner asdm You have logged in to a secure CGI device. If you are not authorized to access this

banner asdm device, log out immediately or risk possible criminal consequences.

boot system disk0:/asa804-k8.bin

ftp mode passive

clock timezone MST -7

clock summer-time MDT recurring

dns server-group DefaultDNS

domain-name domain.domain.com

access-list Outside_access_in extended permit ip 155.15.237.172 255.255.255.252 any

access-list Outside_access_in extended permit ip 155.15.237.0 255.255.255.252 any

access-list Outside_access_in extended permit ip 155.15.237.164 255.255.255.252 any

access-list Outside_access_in extended permit ip 155.15.0.0 255.255.0.0 any

access-list Outside_access_in extended permit icmp any any echo

access-list Outside_access_in extended permit icmp any any echo-reply

access-list Outside_access_in extended permit icmp any any source-quench

access-list Outside_access_in extended permit icmp any any unreachable

access-list Outside_access_in extended permit icmp any any time-exceeded

access-list Outside_access_in remark Rule for Exchange mail flow

access-list Outside_access_in extended permit tcp any any eq smtp

access-list Outside_access_in extended permit tcp any any eq ftp

pager lines 24

logging enable

logging timestamp

logging trap debugging

logging asdm warnings

logging from-address blah@blah.com

logging recipient-address blah@blah.com level alerts

logging facility 16

logging host inside 199.213.186.223

logging rate-limit unlimited message 106100

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-615.bin

no asdm history enable

arp timeout 14400

static (inside,outside) 199.213.186.0 199.213.186.0 netmask 255.255.254.0

access-group Outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 155.15.237.165 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http 199.213.186.0 255.255.254.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no service resetoutbound interface outside

no service resetoutbound interface inside

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

0 Helpful

support.edm
Level 1
Level 1

‎04-16-2009 07:21 AM

telnet timeout 5

ssh 155.15.237.0 255.255.255.0 outside

ssh 199.213.186.0 255.255.254.0 inside

ssh timeout 60

ssh version 2

console timeout 0

management-access inside

threat-detection basic-threat

no threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

ntp server 129.128.5.210 source outside

username user password vNMGUw31jV6rSd1. encrypted privilege 15

username user2 password 3kZuWgFBc69Td5Jq encrypted

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect icmp

!

service-policy global_policy global

smtp-server x.x.x.x

prompt hostname context

Cryptochecksum:431a954f8f9a977dd3c6ef601eb4c87e

: end

ahw-cwb08-cgi-asa1#

0 Helpful

John Blakley
VIP Alumni
VIP Alumni

‎04-16-2009 07:53 AM

I don't see any global or nat statements. Are you not using nat? If you need to, you can enable like this:

global (outside) 1 interface

nat (inside) 1 0 0

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card