- Cisco Community
- Technology and Support
- Security
- VPN
- Re: Troubles with ASA 5505
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Troubles with ASA 5505
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2011 01:06 AM
To my situation: I have several locations that are routet via MPLS (from my provider). In the locations 192.168.x.0/24 nets are used. The Provider Gateway is always 192.168.x.1. At the location 34 (192.168.34.0), we have also an Internet SHDSL line. My projects: ASA5505 WAN interface on the Internet SHDSL, LAN interface in the MPLS, so user can dial with vpn.The MPLS gateway and the Internet gateway linked directly to the ASA.
My problem: when i make a ping from the serial console to the provider gateway 192.168.34.1 i have no packet loss like this:
vpngateway# ping 192.168.34.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.34.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/3/10 ms
when i make a ping from ssh console from extern the ping looks like that:
vpngateway# ping 192.168.34.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.34.1, timeout is 2 seconds:
?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 98 percent (980/1000), round-trip min/avg/max = 1/3/80 ms
when i ping a host from external ssh :
vpngateway# ping 192.168.34.222 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.34.222, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/1/10 ms
so only ping to my provider gateway from external is with packet loss
cay anybody explain me whats going wrong?
here my config
: Saved
:
ASA Version 8.4(1)
!
hostname vpngateway
enable password Yn8Esq3NcXIHL35v encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.34.251 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 81.223.xxx.xxx 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
switchport access vlan 2
!
interface Ethernet0/5
switchport access vlan 2
!
interface Ethernet0/6
switchport access vlan 2
!
interface Ethernet0/7
switchport access vlan 2
!
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Fial1
subnet 192.168.2.0 255.255.255.0
object network NETWORK_OBJ_172.20.1.0_27
subnet 172.20.1.0 255.255.255.224
object network PROXY
subnet 192.168.71.0 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object object Fial1
network-object object PROXY
network-object 192.168.34.0 255.255.255.0
pager lines 24
logging enable
logging buffered warnings
logging trap warnings
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN-Pool 172.20.1.1-172.20.1.20 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 21000
nat (inside,outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_172.20.1.0_27 NETWORK_OBJ_172.20.1.0_27
nat (inside,any) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_172.20.1.0_27 NETWORK_OBJ_172.20.1.0_27
route outside 0.0.0.0 0.0.0.0 81.223.xxx.xxx 1
route inside 192.168.1.0 255.255.255.0 192.168.34.1 1
route inside 192.168.2.0 255.255.255.0 192.168.34.1 1
route inside 192.168.71.0 255.255.255.0 192.168.34.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
management-access inside
no threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy Cisco123 internal
group-policy Cisco123 attributes
vpn-tunnel-protocol ikev1
default-domain value vpngateway.local
username Test password tEw.zBkWtr5cfsmI encrypted
username Cisco123 password yNwY71zwggdLw/tD encrypted privilege 0
username Cisco123 attributes
vpn-group-policy Cisco123
tunnel-group Cisco123 type remote-access
tunnel-group Cisco123 general-attributes
address-pool VPN-Pool
default-group-policy Cisco123
tunnel-group Cisco123 ipsec-attributes
ikev1 pre-shared-key *****
!
!
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:e2ceb697073646d520e3ed79325dde3c
: end
no asdm history enable
- Labels:
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2011 02:03 AM
Hi,
Lets do a 'clear asp drop', try ping to .34.1 and take 'show asp drop' output. If you have access to .34.1, then try 'ping 192.168.34.251' and check for packet drops.
Try ping 192.168.34.1 from other devices, hosts and check if you get similar (or not) results.
Paps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2011 02:44 AM
here my result:
vpngateway# clear asp drop
vpngateway# ping 192.168.34.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.34.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (996/1000), round-trip min/avg/max = 1/4/10 ms
vpngateway# show asp drop
Frame drop:
Flow is denied by configured rule (acl-drop) 3
Slowpath security checks failed (sp-security-failed) 1
FP L2 rule drop (l2_acl) 8
Last clearing: 09:32:12 UTC Mar 16 2011 by enable_15
Flow drop:
Last clearing: 09:32:12 UTC Mar 16 2011 by enable_15
vpngateway#
a ping from a host (192.168.34.7) to 34.1
ping -l 100 -n 100 192.168.34.1
no timeouts
i don´t have access to 34.1 (provider gateway)
but my provider told me he can`t ping 34.251 from the 34.1 gateway?
and once again:
vpngateway# clear asp drop
vpngateway# ping 192.168.34.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.34.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (995/1000), round-trip min/avg/max = 1/3/10 ms
vpngateway# show asp drop
Frame drop:
Flow is denied by configured rule (acl-drop) 3
Slowpath security checks failed (sp-security-failed) 16
FP L2 rule drop (l2_acl) 6
Last clearing: 09:41:23 UTC Mar 16 2011 by enable_15
Flow drop:
Last clearing: 09:41:23 UTC Mar 16 2011 by enable_15
here the result from the seriel console
vpngateway# clear asp drop
vpngateway# ping 192.168.34.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.34.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/3/10 ms
vpngateway# show asp drop
Frame drop:
Slowpath security checks failed (sp-security-failed) 4
FP L2 rule drop (l2_acl) 3
Last clearing: 10:08:27 UTC Mar 16 2011 by enable_15
Flow drop:
Last clearing: 10:08:27 UTC Mar 16 2011 by enable_15
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2011 05:13 AM
Are we able to ping 192.168.34.251? If so, it would indicate a problem with 192.168.34.1. I would suspect some arp related problem.
Lets ping some subnet behind 192.168.34.1, say 192.168.71.x. We would see packet drops here as well, if there are any arp related problems.
Paps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2011 08:43 AM
here the next results:
ping from a local windows computer 192.168.34.7 to the 34.1 gateway
C:\>ping -l 100 -n 100 192.168.34.1
Ping wird ausgeführt für 192.168.34.1 mit 100 Bytes Daten:
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=7ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=7ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=6ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=5ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=4ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=3ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Antwort von 192.168.34.1: Bytes=100 Zeit=2ms TTL=255
Ping-Statistik für 192.168.34.1:
Pakete: Gesendet = 100, Empfangen = 100, Verloren = 0 (0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 2ms, Maximum = 7ms, Mittelwert = 2ms
to the ASA 34.251
C:\>ping -l 100 -n 100 192.168.34.251
Ping wird ausgeführt für 192.168.34.251 mit 100 Bytes Daten:
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Antwort von 192.168.34.251: Bytes=100 Zeit<1ms TTL=255
Ping-Statistik für 192.168.34.251:
Pakete: Gesendet = 100, Empfangen = 100, Verloren = 0 (0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
to the remote location 2.1
C:\>ping -l 100 -n 100 192.168.2.1
Ping wird ausgeführt für 192.168.2.1 mit 100 Bytes Daten:
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=73ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=49ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=27ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=26ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=63ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=34ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=26ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=26ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=30ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=37ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=53ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=24ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=27ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=46ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=24ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=71ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=24ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=44ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=24ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=26ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Antwort von 192.168.2.1: Bytes=100 Zeit=25ms TTL=254
Ping-Statistik für 192.168.2.1:
Pakete: Gesendet = 100, Empfangen = 100, Verloren = 0 (0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 24ms, Maximum = 73ms, Mittelwert = 27ms
so far so good, now the result ping from asa serial console to remote location 192.168.2.1
vpngateway# clear asp drop
vpngateway# ping 192.168.2.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (991/1000), round-trip min/avg/max = 20/26/70 ms
vpngateway# show asp drop
Frame drop:
Flow is denied by configured rule (acl-drop) 3
Slowpath security checks failed (sp-security-failed) 8
FP L2 rule drop (l2_acl) 12
Last clearing: 15:24:20 UTC Mar 16 2011 by enable_15
Flow drop:
Last clearing: 15:24:20 UTC Mar 16 2011 by enable_15
vpngateway#
and last, a ping to the remote location 192.168.2.1 from ssh external
vpngateway# clear asp drop
vpngateway# ping 192.168.2.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!
!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!?!!!!!!!!!!!!!!!!!!!!
!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!
!!!!!!!!?!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!
!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!
!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!
!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?
!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!
!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!?!!!!!!!!!!!!!!!!!!!!!!!
!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!
!!!?!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!
!!!!!!!!!!!?!!!!!!!!!!!!!!!!!?!!!!!!!!!!!!!!!!!!!!!!!!!!!!?!!!!!!!!!!!
!!!!!!!!!!!!!!!!!?!!
Success rate is 96 percent (963/1000), round-trip min/avg/max = 20/27/80 ms
vpngateway# show asp drop
Frame drop:
Flow is denied by configured rule (acl-drop) 8
Slowpath security checks failed (sp-security-failed) 31
FP L2 rule drop (l2_acl) 26
Last clearing: 15:28:40 UTC Mar 16 2011 by enable_15
Flow drop:
Last clearing: 15:28:40 UTC Mar 16 2011 by enable_15
vpngateway#
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 12:45 AM
Thank you.
34.7 can ping 34.251 fine. But 34.1 cannot ping 34.251.
34.251 can ping everything in 34.x just fine, except 34.1 (where we see drops).
34.251 can ping 2.x with drops. This is irrespective of serial/ssh session.
To me it seems something strange is going on with 34.1 device. For the sake of testing, during off hours, can we try connecting the ASA to another router/host and give this device 34.1 and check how things go?
Paps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 01:20 AM
ok, so you mean to plug off the 34.1 gateway, give any host (windows client) 34.1 ip
an ping from the asa to 34.1? is this right?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 01:36 AM
Yes, it could be a host or another router.
Paps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 02:32 AM
ok, here my next result:
pluged off 34.1 provider gateway, pluged in a netbook with 192.168.34.1/24
ping from asa to 34.1
vpngateway# clear asp drop
vpngateway# ping 192.168.34.1 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.34.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/1/10 ms
vpngateway# show asp drop
Frame drop:
Slowpath security checks failed (sp-security-failed) 2
Last clearing: 08:59:45 UTC Mar 17 2011 by enable_15
Flow drop:
Last clearing: 08:59:45 UTC Mar 17 2011 by enable_15
vpngateway#
ping from netbook to 34.251 also ok!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 02:56 AM
At this point, it seems your ISP should take a deeper look into
their device with 34.1. To me, it looks like a faulty or oversubscribed hardware.
All looks good on the ASA.
Paps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 04:03 AM
and what do you think that ping to 34.1 from windows clients make no troubles?
Sent from Cisco Technical Support iPhone App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 04:18 AM
I understand your point.
To look into why this happens only with ASA, we'll need simultaneous packet captures on ASA, and the router (or at least a monitor session for port connecting to 34.1). We'll also need a similar pair of captures between a host and 34.1.
However, going through all the details w.r.t ASA and 34.1, the latter seems to be first looked into.
Paps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 05:13 AM
would it help to give external ssh access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 05:27 AM
Well, it seems that active troubleshooting will be required to find why there are drops between 34.251 and 34.1 and not between other hosts and 34.1. Therefore, i'd recommend opening a TAC case for the same.
You can either call at the appropriate number listed in http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html or use http://tools.cisco.com/ServiceRequestTool/create/launch.do
Paps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 12:49 PM
problem solved!
•
Mac Address Cloning—Manually assigns MAC addresses.
By default in routed mode, all VLANs use the same MAC address. In transparent mode, the VLANs use unique MAC addresses. You might want to set unique VLANs or change the generated VLANs if your switch requires it, or for access control purposes.
set another mac to vlan1, and anything fine!
thx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide