Accessing Internal IP Address From Outside Office?
Oct 6, 2011
Ive run into something a bit new to me. Networking! Now i do have some experience but not enough for me to figure this one outHere is what i am trying to achieveWe have a webserver at the office which i can access from the outside world. We also have a local server with a static internal ip(File Server)My question is as follows can i add a link on a web page on my webserver to that i can access the internal ip address from outside the office?
I want to acccess my office computer from Home PC.I have ZTE DSL Modem + Wireless Router and got new Static IP, so how to configure Static IP From BSNL.
I'm the IT Manager for a Small Non-Profit Organization(facilitating build homes, giving education, health care for the poor).All computers are connected to a network through a Linksys E1000 Wifi Router and I would like to access all computers remotely especially when I'm on my site visits or when I'm not in the office. Is there a way for me to join the network even if I'm outside the office.
I am trying to configure access to several remote offices for users who VPN into our main datacenter. The datacenter has a 5520, and the branches are connected through IPSec L2L VPNs. Branches all have 5505 or 5510's. Remote users use IPSec via the Cisco remote Client. Remote access into our data center works, and the L2L VPNs are perfect...just now that i need remote users to access the branches after Remote access VPNing (for support) i cant get that part to work.
i have configured my ACS 5.3 server to access AD for user authentication but i would as well like to use the internal store for some users.The problem is that when i test with an internal user account, i can see in the logs that it still tries to access the AD for this user and i receive a message in the logs. " 22056 subject not found in the applicable data store".i have already defined the identity sequence to first use the AD, then if user not found, use the internal database.
I am having an issue with internal and external clients. When we have the nat ip configured on the controller we cannot connect internal ap's at all. When we take the nat ip out it works fine. We are on code 7.0.220. I have tried the following command <config network ap-discovery nat-ip-only disable> and it did nothing.
I just moved from a Linksys wired router to the Cisco EA2700 wired/wireless router.I have three web servers on my network that serve up content via standard web URLs. For example, pretend www.domain.com pointed to the WAN side of my EA2700. Port forwarding routes port 80 traffic to the server, located on an internal, private IP (ie, 192.168.1.21).All works well when accessing these servers from outside my network (I checked this via my mobile broadband connection). But when I'm on a workstation internal to the same network as the servers, I cannot connect to the servers via the web URL. Of course, I can hit them via the IP or an internal-only DNS network entry. For example, when on 192.168.1.55 on a desktop machine, and I type the URL in the form www.domain.com, it just hangs and times out. I was able to do this on the old Linky router. Traffic should go stop at the router and be re-routed back internally to the port-forwarded server - but it does not.
I have to route properly via the web URL and not the internal DNS name or IP addy, as I am running virtual web servers on IIS on one of the servers.Is there a setting I failed to set on the EA2700?
I have a Cisco 5505, 2 sites that are internal, 1 external IP (dhcp from cable modem). While on my laptop, ipad, iphone, I cannot access the server via it's external IP address. I MUST use the internal IP in order to access this site. I have heard of hairpinning, internal dns server(don't really want this).
we recently upgraded from an RVS4000 router which didn't have this issue.
the problem; Internal users from Site A cannot access the external owa address.From Site A i can successfully ping both the external/internal IP addresses/names and they resolve correctly, including pinging the address ('mail.company.com") resolves correctly to the external ip address.
I am having an issue where occasionally the Sidewinder starts to see my internal RFC 1918 address instead of the configured external address of my firewall. This is for peering between the two. The error they see on the Sidewinder is:So instead of seeing the external peer address he sees a 10.220.3.18 address. We are not sure what triggers this becuase normally he see's my 63.117.98.222 address.
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
I have a mail server, with external access which works fine for external access thorugh our router (a 1941). I have a laptop which connects to a wireless network that is inside our router. When attempting to navigate to the webmail or use outlook, it cannot connect.
The laptop is configured to access the mail through the external path as it would be offsite occasionally.
I think the problem seems to be that the traffic is not leaving the router to come back internally. The laptop can ping the external address ok.
I read about something called hairpinning - is this what i need to be looking at?
I have a situation where a user needs more than one office extend AP in his home. My office extend controller is a 5508 running 7.0.220.0. Are there any issues NATing multiple OE APs to a single address? My initial lab results indicate that each of the AP's associate with the controller and establish a DTLS tunnel. I see the SSIDs get pushed to the AP and then it seems to restart the process never being fully operational. Is there a workaround that will allow me to run mutliple OE APs?
I'm running into a strange problem and cant seem to figure it out. I have an asa running 8.2(1). I have an ipsec vpn setup and working great. I can ping hosts on the inside of the network and everything seems to be fine. However there is one single ip address that i know for a fact is live, but i cannot ping through the vpn. If i ping the address from the asa i get a reply, if i ping the address from inside the network i get a reply, but if i ping when connected through the vpn no reply.
I've been tasked with retiring a VPN Concentrator 3000 and replacing it with an ASA 5520. I'm trying to get a handle on how to set up the NATs and ACLs, since most of my experience is remote access VPNs, not site-to-site. Plus I've not configured a VPN 3000 in about 6 years so I'm having to re-learn a lot of the interface.
The VPN 3000 has a feature called LAN-to-LAN NAT rules that basically allow you to NAT an address on your internal network to an address on the "local" network for the LAN-to-LAN connection so it can then go through the tunnel to the remote side. The config looks something like this in the VPN 3000: [code]
Which looks to me like a "Static Policy NAT" in ASDM. So I set one of those up, that should be translating 172.16.3.151 on the inside interface to 192.168.200.151 on the inside interface (yes, the same interface) which should then (logically) be picked up as "interesting traffic" by the crypto-map and sent across the VPN tunnel. However, that doesn't seem to be the case - both the "packet trace" in the ASDM and traceroute from the source workstation show the packets getting to the inside interface, and then passed right out the outside interface to the internet router (which then drops the packets as they're a private IP).
what else do I need to do to make the crypto-map pick up the NATted traffic?
I have been asked to "forward a port on an ASA 5505 to an internal ip address." Sounds easy for most of you, and I thought I did it right, but I am not certain. Basically, they want it set up so that when xx.xx.xx.xx:30000 (x's = the firewall ip with port 30000) is accessed from outside, it is forwarded to an internal ip on port 30000 (xxx.xxx.x.xxx:30000)
Here is what I tried from within ASDM 6.4:
1. NAT Rules-add static NAT route: original-Interface: inside -Source: xx.xx.xx.xx (local ip of computer on LAN they wish to access from outside)
Translated - Interface - Use Interface IP Address
Enable PAT: Original and Translated port both set to 30000
2. Access Rule - add Interface: Inside Source: any Destination: xx.xx.xx.xx (IP of Firewall) Service: tcp/30000
The problem is that the PABX is sending out an internal address in it's INVITE messages and the ASA5505 isn't changing the internal address to the external address.We need> From: Calling Number <SIP: SIP Username@Public IP Address>However our PABX sends out> From: Calling Number <SIP: SIP Username@Private IP Address>. How to translate the internal IP address to the external IP address on an ASA 5505?
I have an old ASA 5505, and I'm having some trouble with Nat Hairpinning. I've done this with other firewalls before and I am having no luck now. I have an internal address that I wish to forward from an external address- so if someone goes to 123.456.789.012:3456 then it will forward to 192.168.1.244:92 (All numbers are arbitrary here- only for illustration). I have and Access Rule and NAT and PAT set up so that I can get in if I originate from outside the LAN. What I am trying to do is to have this work from inside the LAN as well- so that if I am at my desk, and I connect a device and type in 123.456.789.012:3456, it will deliver the content at 192.168.1.244:92. The problem I am having is that it just isn't working, and I cannot figure out why- When I started here, there was an address configured to work this way, and it still works- I just cannot find what is different between what I am doing and what the person who configured it did.
Is it possible to perform static Nat's through an internal network?I have a ASA 5510 with a public outside interface (let’s call it 68.68.68.1), and I have an inside private IP address (192.168.1.2/24). The inside IP address leads to a 4900m with that interface being configured with a 192.168.1.1 (no switching). On the 4900 M I have several VLANs one of them is an internal DMZ of sorts. (192.168.2.0/24). Within this DMZ network are several Web servers which need to be associated a public IP address (68.68.68.x).
Every time I configure a static Nat to associating a public IP address with an internal IP address within the DMZ, packet Tracer on the ASA informs me that the packet gets dropped at the static Nat and I cannot figure out why this is so.Safe it to say my question still stands is it possible to Nat (68.68.68.222 to and 92.168.2.60) given the configuration above, and how would I go about configuring in such the manner above so that I acn apply static nat through the 192.168.1.0 network to reach the 192.168.2.0 network.
We have a 5508 with 7.4.100.0 vor Internal APs and OEAPs. till now every thing is ok. Now we have to connect an AP (local) in a remote office, connected to the WLC by a VPN Tunnel. The problem is that the AP in the remote office uses the NAT Address to connect to the WLC, so the traffic goes over the Internet, not trough the VPN Tunnel. On the controller I have the following setting:
AP Discovery - NAT IP Only ................. Disabled On the AP: AP Link Latency.................................. Disabled
How to force the AP to use the internal IP Address of the WLC?
I have an ASA 5505 configured with internal network, a DMZ, and a VPN on seperate subnets. The implicit rules allow my internal client computers to connect to the web servers on the DMZ IP, but I can not connect to the public NAT address from the internal network. I have a DNS server on my internal network and it does resolve to the public IP correctly. NAT seems to be working correctly because if I go outside the network and connect to the public IP or qualified name then I can get to everything correctly. I do not see any messages in the Cisco logs and the packet trace tool shows the route of http from an internal IP adddress to the external (NATed) address is allowed.
Specifically, I can go to http://192.168.1.121 from the internal (192.168.0/24) network, but I can not go to http://72.22.214.121 (the NAT address) from the internal network. If I am outside my cisco then I can go to http://72.22.214.121 easily. [code]
Is it possible to create a service which will forward public port 9010 to an internal IP address with port 23?First of all, I do not like to open the public Telnet port to the inside so I would use another public port and second my ISP does not allow some public ports beneath port 80?
My current IT people are so expensive, I am determined to hook up a new laptop to my office network if it destroys me (wirelessly). I have the office network map with all usernames, passwords, and IP addresses...but I can't figure it out. Can someone give me a step by step for dummies to save me the several hundred or should I just bite the bullet? (I am the business owner and seems like we add laptops every year or so and desktops and would really love to finally understand)
I am trying to set our VPN connection to route to our branch office from a VPN Client. So far I did not succeed and at this point I am stuck.At our office we have a VPN Server which enables VPN Clients to connect to our main office with an IP Range of 192.168.104.0 with subnet 255.255.248.0 and a branch office with a IP Range of 192.168.25.0 and a subnet 255.255.255.0Internally on the LAN the routing is done by our firewall, which acts as DHCP and Default gateway. It connects the 2 LANs by a leased line.When I ping an IP address in our branch office from our main office I get a reply.
Now when a VPN client connects it gets a IP Address in the range of the main office from our firewall and the client can connect to all computers in the main office network. However if i try to connect to a computer in the branch office it does not work.I tried a static route in the Routing and remote access Server (which is Windows Server 2003 R2) and I tried adding a static route to the DHCP settings on the firewall. In both cases it does not connect from the VPN Client to the branch office.Searching the internet, since the examples are all based on a setup with a RAS Server on both networks. The LANs are already "integrated"/"physicly connected" trough the routing on our firewall and its leased line.
I also tried settings on the VPN Clients machine. Settings like "Use gateway in remote network" on or off and tried adding static routes. This did not work, since the Default gateway I must use is not on the same range as the home network and returned an error trying that.What I noticed is that the VPN Client gets a route which uses the VPN CLient IP as default gateway. Makign a static route like that will work (I think), but since the IP addresses for the VPN clients are obtained through DHCP and can vary each time, there is no way (i think) to automate adding a route with, for example, a batchfile that I could give to the employees connecting trough VPN because of the variable IP.
A friend has asked me to work with him set up a new office. He already has a PC and a phone line but not broadband, so he is going to organise that and getting a wireless router.He wants a wireless colour laser printer so that his visitors/guests can print easily from his office, or the next office. Does he really need a wireless printer to do this? Or if I plug a network printer directly into his router with an Ethernet cable, same with his PC, will that enable laptop users to print wirelessly (assuming they know the router passphrase of course)? I guess they would need to install the relevant printer driver to do this too.
I have a small office with 4 employees. We all work off of laptops (although I am about to bring a desktop in because I need a little more horsepower for some graphic stuff).I have a number of files I would like everybody to share, update and save so we can all access them. I also need the ability to access them remotely.
I was hoping if someone could give me some suggestions on this matter. I have some IT knowledge but a bit rusty.I currently have 25 pcs all running web based applications on their own. So filesharing is a headache. I decided to setup a small file server for the office.This is what I need the server to do.1) Internet connection comes through server protected by a firewall and then distributed to the 5 pcs (star topology)2) Print and file sharing.3) application sharing (accounting software)4) fax facilitiesMy question to you all:How do I go about setting this up. What do I need (OS, softwares, etc)How do I secure the internet and distribute it to the rest.witch, router, etc)
My current set-up is: my laptop connects to the coaxial outlet with a cable so I can access the internet. So I can't really bring it somewhere else since the cable is short.
Now, I am planning to buy 2 more computers and a printer. The printer will be shared by all 3 computers. what else I need to buy (modem?? wireless router??) and what type. I also request that you let me know how to set it up. Of course, I will follow the manufacturer's instructions.
I was just wondering how to connect 3 laptops to 1 printer in my office?We don’t have a server and all laptop contacted to internet wireless through a router next door. (I don’t have access to that router)I was thinking to get a hub and then connect it to the Ethernet cable back of the printer and then connect it to each laptop?
I have a very high speed connection in my dad's office, and it is over 10 mbps. and the connection in my house is worse ( 256 kbps ). So can I use the office connection in home without any problems from the ISP. just like sharing the connection from the office to home.
I would like to connect my three pcs together so that they can all make use of the printers, scanners, internet etc in my office space. i also need to be able to access this lot from a remote laptop so that i can continue to work from home. i would like to store all my data in one place that was easily accessible from every PC and my laptop.
I have this strange problem the application Whatsaap connects at my office wifi perfectly but at home it does not connects,I don't know what seems to be the solution.