Don’t forget that Windows Personal Firewall can cause false-negatives.
Today needed to verify some hair-pin NAT configuration on a Cisco ASA 5515-X.
Hmm… should be getting a reply on that last hop.
On older versions of Windows, even if Personal Firewall was turned off so long as the ping originated on the Windows PC the Personal Firewall would permit the echo-reply but this is not the case with new versions of Windows.
So, let’s turn off Personal Firewall on my Windows 8 laptop…
… now let’s re-verify our trace…
That looks better!!
No comments:
Post a Comment