I'm stumped. I have here a DC SBS 2008 that has full Lan access, but no internet access. I'm not able to Ping "google.com" but it resolves to the IP and get request timed out. Anything internal works. I tried a tracert to google and it only gets to the first hop. This server has 2 Nics, but only 1 is enabled, Windows firewall is turned off. the AV is Viper which has no firewall features and I can Ping the gateway. I do have ASA firewall and am able to successfully run packet tracer from server IP to googles IP, however HTTP and HTTPS is opened for this server and I am able to RDP to the server from home via RWW.. All PCs and servers on the LAN have internet access.
any help would be great!
SBSNetwork AnalysisHardware Firewalls
Last Comment
regmandy
8/22/2022 - Mon
wrwiii12
What happens if you ping and tracert to 4.2.2.1?
Waynepre
Try restarting the DNS Server and DNS Client in services.
Go to Start - Administrative Tools - Services
Right Click on DNS Server - click restart
Righ click on DNS Client - click restart
regmandy
ASKER
tracert to 4.2.2.1 gives me the same result as going to google. 1st hop goes to the gateway and times out after.
It indeed seems like you are not connected to the internet.
Try pinging your ISP default gateway.
wrwiii12
Is ping allowed through the ASA? When you do it look at the real time logging using the ASDM and see if you are getting denies.
I guess I should ask if this connection has worked in the past in the current configuration (both hardware and software) and if so have any config changed been made to the ASA.
regmandy
ASKER
ping is allowed out from inside. I am unable to telnet to say google.com either where I can from other machines/servers inside the network. The only thing is the ASA was recently reloaded to clear up some memory issues. There was a backup run of the config, the reload was done then the config was reloaded and saved to mem. I have to admit, ASA is not my strong point, however like I said I was able to do a packet trace on the ASA from the servers internal iP to google.coms IP.
the ISP gateway shouldnt be the issue as it's the same used for the rest of the network. All other PCs and servers(with same gateway etc) have internet access.
I'll run another test and check the realtime logs. last time I checked I didn't see anything come from the source IP which in my mind should be the servers IP..
6 Dec 30 2012 14:07:33 302013 98.139.183.24 80 (Servername)3100 Built outbound TCP connection 1402777 for outside:98.139.183.24/80 (98.139.183.24/80) to inside:(Servername)/3100 (externalgatewayIP/3100)
6 Dec 30 2012 14:08:03 302014 98.139.183.24 80 (Servername) 3100 Teardown TCP connection 1402777 for outside:98.139.183.24/80 to inside:(Servername)/3100 duration 0:00:30 bytes 0 SYN Timeout
I did notice I have a different IP then when I ping from another machine. get the same results telneting to the other iP on port 80
Waynepre
Maybe it's worth trying thre basics...
As it is SBS it always worth running Fix my Network
Have you tried this yet?
wrwiii12
You are getting this on the sbs server and other pc's right? Or is it just the sbs.
I know this might be a little redundant but for comparison sake can you turn on the asa monitoring again. Do a telnet yahoo.com 80 from the bad server and then from the good server and see if the traffic is the same?
You have some weird stuff going on.
regmandy
ASKER
definitely got some weird stuff going on..
changed the DNS to 8.8.8.8 and still unable to get to the internet, Ping denied.
Waynepre
oooooook.... ummmm.....
I take it you are using the Exchange on the SBS server???
If so are you able to send an email and receive to / from externally?
From the server having issues..
telnet yahoo.com 80
6 Dec 30 2012 16:29:11 302013 72.30.38.140 80 CE-DC00 40009 Built outbound TCP connection 1449336 for outside:72.30.38.140/80 (72.30.38.140/80) to inside:CE-DC00/40009 (142.166.210.193/40009)
6 Dec 30 2012 16:29:41 302014 72.30.38.140 80 CE-DC00 40009 Teardown TCP connection 1449336 for outside:72.30.38.140/80 to inside:CE-DC00/40009 duration 0:00:30 bytes 0 SYN Timeout
telnet yahoo.com 80 on server with internet access
6 Dec 30 2012 16:31:19 302013 98.139.183.24 80 192.168.20.15 53198 Built outbound TCP connection 1449978 for outside:98.139.183.24/80 (98.139.183.24/80) to inside:192.168.20.15/53198 (CE-ENTELIWEB_OUTSIDE/53198)
6 Dec 30 2012 16:33:20 302014 98.139.183.24 80 192.168.20.15 53198 Teardown TCP connection 1449978 for outside:98.139.183.24/80 to inside:192.168.20.15/53198 duration 0:02:00 bytes 0 TCP FINs
the difference also.. server A not working is sbs 2008.. server B with internet access is server 2K8 R2.
regmandy
ASKER
yes SBS is exhange. external email is what started this. internal email works fine, external is not. we are using SBS pop connector to connect to the ISPs server for external mail. I am able to login a mailbox using webmail and see there are emails.. so the problem is this server not able to connect to internet for the pop connector to get what it needs. I'm tying the internet and email issues together.
Waynepre
In the SBS Console can you please re run Connect to the Internet.
Are you able to RDC to the server from the server that does work?
when I run connect to the internet, it finds the gateway and ip. from what I understand I don't have to configure it since it's the gateway is a 2900 series cisco. but I have to manually configure the ports to be open. THis server is running exchange, DHCP and DNS but not sharepoint. so those ports are open on the ASA 5510.
I am currently connected remotely from home using RWW. and yes I am able to connect using RDC within the network.
and Thank you all so far for your advice.. this ones got me stumped good.
regmandy
ASKER
I did notice when running telnet to yahoo from multiple different machines that the outside interface is different on the servers that have internet access compared to the one which does not. the server with no access seems to be trying to use the external Gateway. looking at the logs I've posted above. I'm not sure if this would be a routing issue on the firwall or not?
Waynepre
The firewall was going to be my next suggestion, do you have a working backup of the config that you could restore to?
no the current state which doesn't work. I tried to restore the config to the most recent which is Feb. and I have the same issue. The server was working last week prior to the ASA reboot due to memory issues.. I just took over administering this building.
For security i think it might be best if you email me d(etails are on my profile). I will send you the details over email.. But we should always update this forum with our results.
wrwiii12
Yeah if you are getting 2 different IPs on public I think there is a config issue too.
Good luck and let me know if you need a 3rd set of eyes.
well, it looks like it certainly is a firewall issue thats blocking the .5 internal IP. I changed the IP on the server to .8 and internet was back up with all functionality.. I changed IP address in the network object of my ASA to the new IP and saved it to mem, hopeing that the .8 would be blocked and I could reconfigure to the .5 IP to keep all the services running with the original IP, but unfortunately that had no effect.
So do I need to open a new question for this or can I continue as this issue is not yet fully resolved.
Thank you Waynepre to giving me someone to bounce ideas from. you were certainly committed to this and I appreciate it.. Can I give points for that? 8o)
regmandy
ASKER
So do we have anyone here who is good with ASA5510 that can help me by perhaps looking at my ACL? see what I'm missing?
wrwiii12
I am here for you. Do you want to do a remote session or post your sanitized config here?
Ah, NIC or firewall?? as the firewall isn't accepting 192.168.20.5?
at first we thought it could have been the router, but then digging deeper we thought it was the server so digged deeper into that. The server could do with being rebuilt at some point but that is gonna be a massive job.
I think once Reg has this little issue resolved he will be fine until he decides what he wants to do... I have spoken to my Cisco expert but he is drunk would you believe lol... So I will have a chat with him tomorrow if there still is an issue with the firewall.
Just had a thought, if it still is the firewall and not the NIC is it worth resetting the firewall back to factory settings upgrade the firmware and reconfigure..??
If its the NIC change to the second NIC that is currently disabled.
Waynepre
I should have said, when I left Reg it looked like a firewall issue after all.
wrwiii12
yeah he changed to a second NIC and it is working when I closed out with him.
It was working with both when he changed to the new NIC.
Waynepre
Ah I thought we tried that and .5 didn't work I must be wrong. Well I am glad we have gotten to the bottom of it... Right I'm off to bed its 02:14 here and I gotta be up early. Night to you both and Happy new year.
Hey guys,
ok... .5 wasn't working originally, and With Wayne I switched it to .8 to test and it was working.. so to test I switched it back to .5 and it still wasn't working so I was 99% sure it was firewall. Happy new year Wayne. 80)..
So Will came on and we were going to look at the ASA. well after a quick game plan, I went to the server room and switched the IP back to .5.. by this time the IP had been switched for probably 30 mins to an hr. low and behold.. the internet was working.. ping requests worked etc.. I blame it on William, I think the my internetz wuz sceered!.. so it started to work again.. right? 8o)
well I wasn't able to recreated it which leads me to beleive it might of been an ARP cache issue.. I will try again to replicate it tomorrow but count it resolved FINALLY..
I'm going to have to split the points.. Will for scaring it straight.. 80) and Wayne for the dedication and time he offered in assistance.. Great to have guys like these around to help bounce some ideas or second pair of eyes when needed.
thanks again!
regmandy
ASKER
Hey guys,
Ok this is is not closed. the problem came back couple times since. Originally I thought it was the ARP.. but the next time it happed I tried flushing ARP and nothing. So I swapped to the second nic permanently and that did not fix it either. It seems the problem flops between IP.
So basically the original IP is .5 and the second IP is .8.
Internet access drops from .5 (note internal network still functions 100%). Swap to .8 IP and internet is up. After about 4 to 5 hrs running internet drops on .8. change the IP back to .5 then the internet is up again.
thanks for the offer, but I think I have it licked this time. I'm just waiting to see if I drops today.. I will update.
regmandy
ASKER
it was tough as either really resolved the issue, however time and dedication and brainstorming were great and helped come to resolution so I had to split the points.. in the end, ARP cache was the issue I beleive.
regmandy
ASKER
Confirmed ARP cache was the problem. I had to clear the cache on my cisco router as well as on the server and let them rebuild themselves. There was a duplicate mac entry in the ARP on the router for both the IPs used on the server. once I cleared the ARP, it matched the Mac of the primary nic to the proper IP and everything has been stable since last week..