Solved

Windows 7 workstation connect to LAN but not the internet

Posted on 2013-11-07
33
520 Views
Last Modified: 2013-11-20
I have one workstation that is Windows 7 64 bit that is unable to connect to the internet but can access domain resources with out an issue.  All the other Windows 7 workstations work fine.  Here are the things that I have tried:

Restarted my Cisco Router (192.168.0.254)
Restarted my Internet Cable Modem
Ran netsh int ip reset
Ran netsh winsock reset catalog
removed workstation from domain
joined workstation to domain
Reassigned ip address to workstation
logged into workstation with a different domain user.
Rebooted workstation in Safe Mode with network
Ran Mawarebytes nothing found
Deleted all temp files through CCLEANER
Ran Symantec Antivirus nothing found.
Removed all network names in the network sharing and connecting screen.
Unable to ping outside ip addresses however when I ping a name outside dns name I get the IP address so I know something is working.
Plug workstation network connection into a different port in the self managed switch.

Here is the local workstation information:

IP 192.168.0.31
SM 255.255.255.0
GW 192.168.0.254
DNS 192.168.0.200 - SBS 2011 Domain Server
4.2.2.2  & 4.2.2.3- Google DNS servers


I have a second network that supports wireless connections and I can connect to that network and I am able to connect to the internet and this what baffles me...  So if anyone has any ideas please let me know.
0
Comment
Question by:PaulSmaglik
  • 15
  • 11
  • 4
  • +2
33 Comments
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
Did you check device manager to make sure there isn't any conflicts?

windows key + r

Type: devmgmt.msc

Locate the network adapter and uninstall and reboot; windows will automatically detect the driver and reinstall.

Plus did you try  ipconfig /flushdns and /registerdns ?
0
 

Author Comment

by:PaulSmaglik
Comment Utility
I did what you suggested with the nic card uninstall that made no difference.  I did use the command previously to this post of ipconfig /flushdns but I did try the ipconfig /registerdns and that did not work.
0
 
LVL 1

Expert Comment

by:jeepr94
Comment Utility
can you please ping 4.2.2.1 and ping www.google.com and try tracert 4.2.2.1
0
 

Author Comment

by:PaulSmaglik
Comment Utility
Here are the results

Pinging 4.2.2.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 4.2.2.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Pinging www.google.com [74.125.228.16] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 74.125.228.16:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



Now the tracert

Tracing route to a.resolvers.level3.net [4.2.2.1]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Trace complete.
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
How long has this been happening, if it recently happen then try to revert back to previous configuration with restore point?

windows key + r

Type: SystemPropertiesProtection


Can you perform a nslookup www.google.com ?


Plus it seems that it is not reaching Default gateway.
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
Can you ping the default gateway?
0
 
LVL 1

Expert Comment

by:jeepr94
Comment Utility
Hmm is the default gateway set the same on this machine as others? Also can you go to command prompt and do a the command route print

it looks like your box is not sending unknown traffic to your gateway. Can you ping your gateway ip  192.168.0.254?

Also please disable the windows firewall and any other firewalls.
0
 

Author Comment

by:PaulSmaglik
Comment Utility
Yes I can ping the gateway and all my other workstations are pointing to gateway and they can reach the internet as well.  The firewall has been disabled except for the router itself.
0
 

Author Comment

by:PaulSmaglik
Comment Utility
Route Print log
nterface List
 13...4c 72 b9 e5 f7 82 ......Intel(R) 82579V Gigabit Network Connection
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.0.254      192.168.0.4    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.4    276
      192.168.0.4  255.255.255.255         On-link       192.168.0.4    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.4    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.4    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.4    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0    192.168.0.254  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6abd:60:1022:3f57:fffb/128
                                    On-link
 13    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::60:1022:3f57:fffb/128
                                    On-link
 13    276 fe80::7105:b598:1bf6:fa2f/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
I haven't mess much with the routing table in windows but this entry:


192.168.0.0    255.255.255.0         On-link       192.168.0.4    276

should be along the line of

192.168.0.0    255.255.0.0         On-link       192.168.0.4    276

I am not sure but will research just in case????



If you had something like this:

192.168.1.0    255.255.255.0         On-link       192.168.0.4    276

then this would be correct!!!
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
Try this from a elevated cmd prompt:

route delete 192.168.0.0 mask 255.255.255.0 192.168.0.4 metric 276

Open in new window



route add 192.168.0.0 mask 255.255.0.0 192.168.0.4  metric 276

Open in new window

0
 

Author Comment

by:PaulSmaglik
Comment Utility
I get this message when I run the route add and route delete commands

The requested operation requires elevation.
The requested operation requires elevation.
0
 

Author Comment

by:PaulSmaglik
Comment Utility
I plugged the workstation directly into my router so I can monitor the  traffic more closely and here is what the interface looks like.

Interface Ethernet0/4 "", is up, line protocol is up
  Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
      Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
      Available but not configured via nameif
      MAC address 001b.d426.3d9a, MTU not set
      IP address unassigned
      57149 packets input, 6858216 bytes, 0 no buffer
      Received 475 broadcasts, 0 runts, 0 giants
      1 input errors, 0 CRC, 0 frame, 1 overrun, 0 ignored, 0 abort
      0 L2 decode drops
      0 switch ingress policy drops
      547132 packets output, 157209894 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collisions, 0 deferred
      0 lost carrier, 0 no carrier
      0 rate limit drops
      0 switch egress policy drops
All looks very normal.

Paul
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
Start -----> type cmd in the "Search programs and file" hit Ctrl+Shift+Enter and select yes.

This will open the cmd in elevated privileges


Or

You can go Start ----> All programs ----> Accessories ----> right on cmd and choose "run as Administrator"


This message, "The requested operation requires elevation." is due to the fact you did not open the cmd prompt with elevated privileges.
0
 

Author Comment

by:PaulSmaglik
Comment Utility
OK i ran the commands that you have specified.  Also note I had change the workstation ip address to the orginal configuration which is 192.168.0.31 instead of 192.168.0.4 I reflect that change in the command.

Route Print

==========================================================================
Interface List
 13...4c 72 b9 e5 f7 82 ......Intel(R) 82579V Gigabit Network Connection
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.0.254     192.168.0.31    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.31    276
     192.168.0.31  255.255.255.255         On-link      192.168.0.31    276
    192.168.0.255  255.255.255.255         On-link      192.168.0.31    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.31    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.31    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0    192.168.0.254  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6ab8:4ac:d0f:3f57:ffe0/128
                                    On-link
 13    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::4ac:d0f:3f57:ffe0/128
                                    On-link
 13    276 fe80::7105:b598:1bf6:fa2f/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None


Still no internet access as of yet!
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
192.168.0.0    255.255.255.0         On-link      192.168.0.31    276

no you did not this line is still a /24 instead of a /16

192.168.0.0    255.255.0.0         On-link      192.168.0.31    276

you are putting 255.255.255.0 instead of 255.255.0.0

I am talking about the netmask
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:PaulSmaglik
Comment Utility
I ran the first command that you have given me

route delete 192.168.0.0 mask 255.255.255.0 192.168.0.31 metric 276  and I get this error message of "The route deletion failed:  Element not found"

However when I do a route print it shows that in the table.
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
But 198.168.0.0 /24 the ranges of IP addresses ( 192.168.0.0 - 192.168.0.255)
0
 

Author Comment

by:PaulSmaglik
Comment Utility
So how do I get around the route delete issue?
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
Do you have a working workstation and can you print it's routing table so I am able to make a comparison?
0
 

Author Comment

by:PaulSmaglik
Comment Utility
This is my workstation:

===========================================================================
Interface List
 19...4c 72 b9 b0 fd 25 ......Intel(R) 82579V Gigabit Network Connection #2
 17...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 18...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.0.254    192.168.0.104    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link   169.254.159.239    276
  169.254.159.239  255.255.255.255         On-link   169.254.159.239    276
  169.254.255.255  255.255.255.255         On-link   169.254.159.239    276
      192.168.0.0    255.255.255.0         On-link     192.168.0.104    276
    192.168.0.104  255.255.255.255         On-link     192.168.0.104    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.104    276
    192.168.200.0    255.255.255.0         On-link     192.168.200.1    276
    192.168.200.1  255.255.255.255         On-link     192.168.200.1    276
  192.168.200.255  255.255.255.255         On-link     192.168.200.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.104    276
        224.0.0.0        240.0.0.0         On-link   169.254.159.239    276
        224.0.0.0        240.0.0.0         On-link     192.168.200.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.104    276
  255.255.255.255  255.255.255.255         On-link   169.254.159.239    276
  255.255.255.255  255.255.255.255         On-link     192.168.200.1    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0    192.168.0.254  Default
          0.0.0.0          0.0.0.0    192.168.0.254  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 19    276 fe80::/64                On-link
 17    276 fe80::/64                On-link
 18    276 fe80::/64                On-link
 18    276 fe80::1865:9ade:458a:523e/128
                                    On-link
 17    276 fe80::2c82:5b46:df98:9fef/128
                                    On-link
 19    276 fe80::6d1d:b6f0:83a:6984/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    276 ff00::/8                 On-link
 17    276 ff00::/8                 On-link
 18    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
The routing table is correct per this 198.168.0.0 /24 the ranges of IP addresses ( 192.168.0.0 - 192.168.0.255)  

Are you able to ping the default gateway or can you ping your workstation from the trouble workstation and vice versa?

Also please disable the windows firewall and any other firewalls.
from jeeper94

Plus did you check the vendor's website  for any updated NIC drivers?


You are able to obtain internet with wireless but not wired that is why I am asking the above question.
0
 
LVL 14

Expert Comment

by:comfortjeanius
Comment Utility
Plus from and elevated cmd prompt

type: arp -a

Look at the default gateway IP address and MAC address are correct.
0
 

Expert Comment

by:Psy4HA
Comment Utility
<this is jeepr94 btw changed accounts recently ;)>:

is the workstation statically configured or is DHCP configured? If static please give another machine the same static address on the same switch port to see if it works.

If it works we know its the Desktop (and if you have norton i don't trust it and may want to just completely remove temporarily).

if it doesn't work then you know its switch/router and we can look outside the desktop. Sorry haven't read all posts on this so not 100% sure this was asked already. good luck!
0
 

Author Comment

by:PaulSmaglik
Comment Utility
The workstation was powered down for about 15 hours and when it came on this morning it was able to access the internet.  I don't know what the solution was and I am totally baffled by it.  Anyone have any idea what caused it?

Paul
0
 

Author Comment

by:PaulSmaglik
Comment Utility
OK it now moved to another windows 7 workstation this is so strange.  I repeated all these steps that are stated in this post.  Anyone else have an idea to try.
0
 

Expert Comment

by:Psy4HA
Comment Utility
Ok this maybe nat. Can you show us the router config sanitized?
0
 

Author Comment

by:PaulSmaglik
Comment Utility
ASA Version 8.0(2)
!
hostname KFABMAIN
domain-name default.domain.invalid
enable password encrypted
names
name 192.168.0.122 HyperVXP
name 192.168.0.200 KFABSVR01 description CORP Server
name 192.168.0.147 DVR1411
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.0.254 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 72.9.22.197 255.255.255.0
!
interface Vlan5
 no forward interface Vlan1
 nameif dmz
 security-level 50
 no ip address
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd NodBOzwcAGxxULma encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object ip
 protocol-object udp
 protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
 protocol-object udp
 protocol-object tcp
object-group service DVR tcp-udp
 port-object eq 8000
object-group service DVR2 tcp-udp
 port-object eq 7000
object-group service TCP tcp
 port-object eq 3389
object-group service VPN tcp
 port-object eq pptp
object-group service vpn udp
 port-object eq 1701
object-group service PORT8000 tcp
 port-object eq 8000
access-list from-outside extended permit icmp any any
access-list from-outside extended permit object-group DM_INLINE_PROTOCOL_1 any 192.168.0.0 255.255.255.0
access-list from-outside extended permit object-group TCPUDP any any
access-list from-outside extended permit tcp any interface outside eq https
access-list from-outside extended permit tcp any interface outside eq 3389
access-list inside_access_in extended permit ip any any
access-list inside_nat0_outbound extended permit ip any 192.168.0.88 255.255.255.248
access-list dmz_access_in extended permit tcp any host KFABSVR01 eq pptp
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool Kfab 192.168.0.90-192.168.0.94 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface https KFABSVR01 https netmask 255.255.255.255
static (inside,outside) tcp interface 3389 KFABSVR01 ldap netmask 255.255.255.255
static (inside,outside) tcp interface 8000 DVR1411 8000 netmask 255.255.255.255
static (inside,outside) tcp interface 7000 192.168.0.148 7000 netmask 255.255.255.255
static (inside,outside) tcp interface pptp KFABSVR01 pptp netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group from-outside in interface outside
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 144.158.133.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd lease 7200
dhcpd auto_config outside
!
dhcpd address 192.168.0.163-192.168.0.175 inside
dhcpd dns KFABSVR01 interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!
service-policy global_policy global
group-policy KFAB internal
group-policy KFAB attributes
 vpn-tunnel-protocol IPSec
username cbarroll password  encrypted privilege 0
username cbarroll attributes
 vpn-group-policy KFAB
username guestvpn password encrypted privilege 0
username guestvpn attributes
 vpn-group-policy KFAB
username cpaese password encrypted privilege 0
username cpaese attributes
 vpn-group-policy KFAB
username psmaglik password  encrypted privilege 15
username admin password  encrypted
username cisco password  encrypted privilege 15
tunnel-group KFAB type remote-access
tunnel-group KFAB general-attributes
 address-pool Kfab
 default-group-policy KFAB
tunnel-group KFAB ipsec-attributes
 pre-shared-key *
prompt hostname context
0
 

Expert Comment

by:Psy4HA
Comment Utility
I am not exactly an expert on this stuff but:

1. access-list inside_nat0_outbound extended permit ip any 192.168.0.88 255.255.255.248
2. ip local pool Kfab 192.168.0.90-192.168.0.94 mask 255.255.255.0

Line 1, i would probably have the first line say permit ip any 192.168.0.0 255.255.255.0
Line 2  for local pool. i would probably specify a different mask for that though i could be wrong but would review. You might even be able to use an entirely different subnet for that.

also may want to remove the username from config so people can't see that stuff.

lastly what exact ip is the desktop with the problems have now?
0
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 500 total points
Comment Utility
Can you issue a show version on your ASA?

I guess you have a 10 user license on your ASA and our licenses are running out.
0
 

Author Comment

by:PaulSmaglik
Comment Utility
I have a 50 User license on my ASA 5505 and I have 76 devices on my internal network.   I am looking to buy an unlimited license package for my ASA.  Also I had this many devices on my network for a long time and now I am having a issue it seems stange.  But the problems that I having this  recommendation makes sense.
0
 

Expert Comment

by:Psy4HA
Comment Utility
Hey may want to look at this article too:
https://supportforums.cisco.com/thread/235350
0
 

Author Closing Comment

by:PaulSmaglik
Comment Utility
That is what cisco tech support was telling me also.  Thank you for your advice I thought I was loosing my mind.  I have purchased an unlimited license for the router.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now