Re: Tunnel created but can't ping other sides
You will also need to remove set route source 172.16.10.0/24 interface ethernet0/2 preference 20 from the SSG-140.
View ArticleRe: Unable to ping from SSG140 to external network
Thanks for you advise, appreciate it. My bad, traffic from trust zone does not need to nat. But I need to clear something, by right the untrust zone (10.151.1.252) can reach the external network...
View ArticleRe: Unable to ping from SSG140 to external network
Hi,1: Try pinging 10.151.1.251 from eth0/0 : ping 10.151.1.252 from eth0/02: Check if NATting is happening correctly, did you set the DIP, interface mode ANT or policy based NAT. One of these will be...
View ArticleRe: Unable to ping from SSG140 to external network
Hi,I have tried to ping from source which is my untrust interface going to external network (192.2.3.1) but still cannot go through. Below are the configurations that I made. Seems all are fine. I dont...
View ArticleRe: Unable to ping from SSG140 to external network
What is the router connected to the SSG and does it have ping response enabled for its interfaces? The default route will make sure your SSG can reach the 192.2.3.1 network.But is there a return route...
View ArticleRe: Unable to ping from SSG140 to external network
Hi Spuluka, SSG is connected to ASA5506. Yes, I managed to ping from SSG to its directly connected interface and permit "any" "any". On ASA5506 I have also configured default route to SSG interface and...
View ArticleRe: SSG 550 in a rolling crash / reboot after bootload and firmware upgrade
If you get the prompt for the bootloader / diag mode you can try to roll back the upgrade. But you will need a copy of the older version to do so from the prompts....
View ArticleThe message "fails to authenticate the packet." is repeatedly output
It is repeatedly outputted from 2017-11-01 10:17:48 .Please tell me about cause, impact, and solution. [00001] 2017-11-01 10:17:48 [Root]system-critical-00026: IPSEC tunnel with ID 40000003 fails to...
View ArticleRe: The message "fails to authenticate the packet." is repeatedly output
this generally means the ispec packet has been modified in transit between the gateways so must be dropped failing the hash test. You can see the details of how to verify this here....
View ArticleClik here to view.
Re: Unable to ping from SSG140 to external network
Hi Spuluka,I did some troubleshoot today. Here's the setup:From ASA5506 I managed to ping its connected interface to SSG140 even the client that is connected to 100.100.2.0 subnet. From SSG140:1. Ping...
View ArticleRe: SSG 550 in a rolling crash / reboot after bootload and firmware upgrade
Since the error message was related to memory allocation, just for the heck of it, I replaced the 256MB dimm with a 512MB dimm that had the same specs. The system is now booting correctly. Not sure if...
View ArticleRe: Tunnel created but can't ping other sides
rseibert wrote:You have a routing issue. set route source 192.168.1.0/24 interface ethernet0/3 gateway 68.179.20.150 preference 50set route source 192.168.1.0/24 interface ethernet0/2 gateway...
View ArticleRe: Tunnel created but can't ping other sides
An easier way to do that would be with a default destination route and interface based track-ip monitoring. For example set route 0.0.0.0/0 int eth0/2 gateway 184.69.6.121set route 0.0.0.0/0 int...
View ArticleRe: SSG-140 Block/Deny By Country
You can try to export the ACL by country from https://www.ip2location.com/free/visitor-blocker and use it in SSG-140.
View ArticleRe: Unable to ping from SSG140 to external network
Hi, Config looks fine, you need to run debug flow basic on the SSG140 to see the traffic processing and some same sort of debugging on the Cisco:...
View ArticleRe: Unable to ping from SSG140 to external network
This result ping from the SSG to the cisco remote side failing: 2. Ping 192.168.2.1 from source ethernet 0/2 and 0/0 both are failed. Will be a security policy you need on the ASA to permit the traffic...
View ArticleRe: SSG 550 in a rolling crash / reboot after bootload and firmware upgrade
Glad you have it working with a relatively simple fix.
View ArticleRe: Unable to ping from SSG140 to external network
Hi,I have found the root cause. There were existing network in between SSG140 and ASA5506 that is using a same network with internal ASA5506 network 192.168.2.x (note that between SSG140 and ASA5506 is...
View ArticleRe: Unable to ping from SSG140 to external network
Once an IPSEC vpn is created you can choose the routes you want to transport over that link. Naturally they need to be configured on both sides. With this only the gateway ip address needs to be...
View ArticleRe: Unable to ping from SSG140 to external network
Thanks Spuluka, appreciate your advise. Currently tunnel that I created at both ASA and SSG cannot be established. I am still troubleshooting it. Anyway, attached is my config. Thanks.
View Article