Cisco :: ACL - Allowing Only One Host To Connect To Internet?
Jul 15, 2012
I've got an 1841 router acting as the firewall for a LAN. It also does NAT and acts as the dialer for a PPPoE DSL line to the internet.
All is working fine, except now I need to allow a Tivo device to connect to certain ports on the Tivo servers on the internet. I want only the Tivo to be able to do this. The problem is that NAT is happening before my outbound ACL is checked, so even though I've got rules to allow the Tivo's LAN address out on all ports, it never works. I've verified this using a syslog server, and can see my external DSL IP trying to connect to the Tivo servers and being denied.
I've done things like this at work by NATting the appropriate internal host to its own external static IP address, which allows me to write rules allowing only that external address to do stuff. But I don't have multiple external addresses to work with here.
I tried applying my outbound ACL to the LAN interface of the router in the "in" direction (and removing the same ACL from the Dialer interface in the "out" direction), but that broke other things like the router's own ability to ping out to the LAN or to see a TFTP server on the LAN. I could maybe fix all of that with rule changes and inspect statements on traffic going out toward the LAN (not sure of this, think so), but I'm wondering:
Is there a better way to let just the Tivo makes outgoing connections to certain ports?
Config pasted below:
!
! Last configuration change at 17:15:10 CDT Sun Jul 15 2012
! NVRAM config last updated at 16:27:14 CDT Sun Jul 15 2012 by someguy
!
[Code].....
View 3 Replies
ADVERTISEMENT
Jun 12, 2011
I have created a RA VPN with a 5505 using Anyconnect client. My VPN functions perfectly, but now I am trying to limit access so that only one single host on my network can connect. To do this I tried creating an ACL permiting the host and denying all other traffic, but it does not work it seems every one can connect. how I can limit the outside access to a single host?
View 3 Replies
View Related
Mar 4, 2012
got an old computer to use from a family member and it is not alowing me to connect to the internet. it shows all my wireless connections but wont alow me to connect and use the internet. how do i fix this problem?
View 1 Replies
View Related
May 28, 2012
EA4500 Linksys router stopped allowing vizio Internet apps to connect from two different TV's. Problem, Just got brand new EA4500 router and Motorola SURFboard DOCSIS 3.0 High-Speed Cable Modem Model: 575319-019. I have 2 new vizio big screen tv's with internet apps. All was working fine and had no problems but occasional drops or limited access.
One day BOTH TV's could no longer connect. However, The tv's will connect to another access point. therefore the problem does not exist in the TV/s and has to be a problem in my access point (I.E. Router allowing access). Additionally, all other devices connect and work fine. I have already unplugged everything for an extended period of time. Checked for updates on firmware and verified no software needed to be updated. Rebooted router... Am using wpa-psk and feel i shouldn't have to go weep as it was working fine...
View 3 Replies
View Related
May 11, 2012
My internet connection started to disconnect after an office mate used my PC. I thought it was just the cables but it's not. I pinged my ip address and its okay (sent=4; received=4). But when i ping Yahoo! and other websites, it said that "Destination host unreachable" (sent=4;received=0;lost=4;100% loss). What should I do to make my connection okay? I didn't ask assistance from our IT personnel bcoz they said if i want to reconnect/reinstall connection, I have to get an approved request from our bosses. And I don't like being asked bcoz they are like tyrant bosses.
View 2 Replies
View Related
Dec 27, 2012
There is a problem with my WLC, it is not allowing an specific client to connect. It gives an 802.1x failure log but I am not using it, anyways the WLC puts this client in the excluded clients list and I didn't add it manually, in fact is a new laptop.
I attached a couple of screens from my WLC.
IOS is 7.0.98.0
View 7 Replies
View Related
Mar 10, 2013
I have a nac guest server 3315 appliance with 4 NICs. I want to connect each NIC to 4 different networks without allowing traffic between them. So RADIUS interface will be different from sponsor/admin interface to the NGS. how to achieve this. I have created and assigned a static IP address using system-config-network, but when i do ifconfig i dont see the remaining 3 NICs and the web interface doesnt seem to have provision to create this interfaces.
View 3 Replies
View Related
Jul 23, 2011
My internet speeds are 45 Mbps DL and 1 Mbps UL and my various wireless connections (3 laptops in my household) were achieving speeds anywhere from 25-40 Mbps DL. My router started acting up and wasn't letting anyone connect via wifi so I did a factory reset and set it up the same way I did before (as best as I could), it started working fine again but now the speeds on all the devices that are connecting to at are capped at 18 Mbps. A simple speed test shows that no matter what they won't pass 18 Mbps, I am almost 100% certain this is the router and I was wondering what I might have done wrong or what is causing this.
View 5 Replies
View Related
Oct 21, 2012
We recently had the Aironet 3502i APs installed in our infrastructure and are having a bad time with hosts connecting to them. The controller sees them, they have an IP, they are showing a solid green light, but you cannot get devices to connect. If you reboot the device you get about 5 seconds of connection and then it disconnects. The only cure seems to be rebooting the APs, but I am baffled why this keeps happening. The installer is blaming our devices, but it is happening to laptops, thin clients, and even cell phones. From what I've seen, everything works fine until, i believe, the device tries to refresh it's lease and is unable to do so.
View 6 Replies
View Related
Jan 14, 2012
I just bought the 655, mainly for school/Xbox. My parents use it also, but I bought it for myself mainly (shh). I set it up correctly and got connected, but suddenly I wasn't allowed Internet access. The router connects to my laptop, but won't get Internet access. I called customer service and he didn't know what to do. We tried everything he knew and nothing worked. I don't want to return the router cause I read it was very good, but I need internet for school. I have Rev. A and F/W 2.00.
View 8 Replies
View Related
Mar 4, 2013
I recently saw it for a good price online, and required a new router (had a netgear that died, and my backup was a really buggy Belkin which I'm currently using).I'm having an issue with the internet, in that when I connect my ADSL modem to the WAN port it seems to work fine, however the PC can't connect to the internet. When I go into the settings it says that the WAN connection is OK and even shows my external IP. I have it set via the stardard DHCP setup.Should I have done anything specific to my ADSL modem before plugging it into the RV180W? The Modem (D-Link 320B) also has a DHCP server on it, however I assume that this causes no issues when connected to the RV180W.
View 1 Replies
View Related
Jan 8, 2012
I'm a college student working on a lab involving a Cisco PIX 501 Firewall.
My project involves 1 computer and a firewall. My goal is to use the firewall to allow access to the internet for that computer which uses a static IP 192.168.1.5 and ONLY for that IP address. The firewall is connected to the internet.
I have the computer hooked up to the firewall with the serial and using hyper terminal to enter commands. I think I need to use access lists in order to deny traffic on those ports for those particular hosts. I can't figure out exactly how I need to set it up.
What I need to do is permit internet access for 192.168.1.5 alone. Any other IP should not be able to access the internet.
I tried:
access-list 1 permit tcp host 192.168.1.5 any eq 80
access-group 1 in interface inside
I cannot access the internet using the computer with 192.168.1.5. The goal is to be able to access with that IP and no other.
View 6 Replies
View Related
Nov 3, 2012
My Netgear wireless router had been working just fine and then inexplicably stopped allowing wireless internet access. My modem is fine. I contacted my internet service provider, and no luck. I unplugged the router's power source and plugged it back it in. Still not working. I switched the power on and off. Nothing. I do not know what to try next.
View 1 Replies
View Related
Nov 16, 2012
Belkin N450 Router. I want to restrict Internet access completely but allow LAN access to a shared drive for a particular computer on my wireless network. I have gone into the web based set up page and under access controls have enabled and added this computer to the list. I have blocked http, https, ftp and nntp. I don't know if this is enough. The reason I am asking is that I am in Iraq right now and I want to allow my fellow team members access to the wireless for using viber on their iphones but one cat even though he has hardwired internet wants to continuously suck off my wireless for his computer to download stuff since I paid for faster internet. I am trying to do this quietly and still allow him access to the shared drives on the LAN. Sooooo If I block him just outright will he still have access to the drives or do I need to pick and choose like I did above and if I need to pick and choose did I miss anything other then pop3 email and imap?
View 2 Replies
View Related
Mar 20, 2011
The following diagram represents my current network.
I would like for the Phone and the Laptop both on wireless to have internet access but not access to the other PCs/shares.
I have access to routing tables in both the cable router 10.0.0.1 and the wireless router
wired : ASUS RX3042H
wireless : Linksys WRT54G (default Firmware)
View 2 Replies
View Related
Oct 16, 2011
I have a 100mb conection and regularly get 90mb plus speed when conected direct to the modem. If I conect via the E4200 I only get 50mb ? I have tried disabling the firewall and QOS but this has had no effect. I am using a wired conection and the latest firmware. Its almost as the E4200 is capped at 50mb throughput.
View 6 Replies
View Related
Apr 14, 2013
Installed new N600 router and every box in the house can access the internet - except for my Vista powered laptop. My network shows up as Unidentified network with 'locla only' access. Ben scouring message boards all day. Can't find a solution at Microsoft.
View 3 Replies
View Related
Oct 29, 2011
I have a Linksys router (model BEFSR41) and I all the outputs going to two computers and two gaming systems (X360 and PS3). I have had the router for over a year and it works fine, but I recently decided to attempt to have my 360 access the media on my computer by linking the two together through the Media Center. To do this, I needed to enable my router to allow UPnP (according to Microsoft help). When I did enable this, the router would disconnect me every 2-5 seconds from the internet, then would reconnect me right away.I have no clue why it was doing this (it occured across all of my devices) so I just disabled UPnP and things went back to normal. How to fix this so that I can have a consistent and stable connection when I have UPnP enabled?
View 1 Replies
View Related
May 25, 2013
I have 5508 controller in my lab. I am working on a project to set up a public internet but with some condition.
- User should able to connect to the SSID without any authentication.
- Once user will connec to the SSID it should redirect to an external URL which indicates terms and condition and email address field.
- User should enter his/her email address in email addrss filed and click I accept button.
- Once that is done then he/she is allowed to access internet.
We are not sure how can we achive this as I do not know what should be the return value for WLC to allow that user to go through or what should be the settings on the WLC to redirect to the page.
I have seen a settings on web authentication for external URL but I guess it is only for username passwor or Radius authentication. While in this case I do not want to use any authentication just an accept buttor or Decline button and all good to go.
View 2 Replies
View Related
Jun 27, 2011
I have a host that can successfully connect to a PIX 515E (7.x OS) via VPN Client; however, I have no IP routing to the LAN from the remote host.The VPN IP pool works finem,The LAN default gateway is the inside interface on the PIX; the network is flat L2 behind it.The default route on the PIX points out; no other routes are defined,The VPN remote host can be pinged from LAN hosts, but the VPN remote host cannot ping any LAN host, not even the PIX inside interface.
View 2 Replies
View Related
May 7, 2012
ASA 5510
Ver 8.2(5)
I have been looking all over the place for the answer of how to allow clients on an IPSEC VPN to ping from host to host.
View 4 Replies
View Related
Mar 24, 2011
What are the most common cause for a "could not connect to host" problem?The firewall is not blocking anything, and even with the firewall disabled, the problem still occurs. With "Server" service turned on, the problem still happens.Windows xplso the server couldn't find any trace of a connection attempt, so my attempts to connect never actually made it to the server.
View 5 Replies
View Related
Feb 10, 2011
I'm just wondering if its possible to ping an IPv4 host using the IPv6 host assuming that the NAT64 has already been implemented?
[code]...
View 2 Replies
View Related
Apr 28, 2012
My host has an IP of 20.168.1.2 from a router DHCP. I have a virtual environment which has a DC and DNS and the IP is: 192.168.1.x how can I get access from my host to the virtual environment? What do I need to setup on the host OS? (Windows)
View 3 Replies
View Related
Jul 28, 2012
How is it possible to connect a host to a switch when they're in different subnets? I'm new to Networking and was thinking it may be achievable through VLAN configuration?
View 3 Replies
View Related
Sep 3, 2011
We have an ASA5510 with the IPS ASA-SSM-10 module installed. All is working well except event notification. When sending a test email from the SSM IPS, we get the error "could not connect to SMTP host". The Exchange SMTP host does allow traffic from the IPS and ASA. I can ping to the SMTP host by IP and name. What am I missing here?
View 3 Replies
View Related
Apr 27, 2011
When I try to ping ipv6.xsnews.nl on either of my Windows 7 computers, it returns "Ping request could not find host". But when I do it on XP, it succeeds. I have tried putting the W7 PC in the DMZ, disabling the software firewall but it doesn't work.
What I think it involves is having ipv6 installed on each. I tried to duplicate the setup of both the XP and a W7 computer, installing the gogo6 tunnel. But apparently it's not setup on this computer because the ping result is the same as on the third computer which hasn't had ipv6 installed. s not setup on this computer because the ping result is the same as on the third computer which hasn
View 3 Replies
View Related
Mar 13, 2011
I have an issue with NAT on a Cisco 1841. See following configuration,
interface FastEthernet0/0 description Connection to LAN bandwidth 100000 ip address 10.90.0.100 255.255.0.0 ip helper-address 10.100.2.2 ip helper-address 10.100.2.3 ip load-sharing per-packet ip nbar protocol-discovery ip nat inside ip virtual-reassembly duplex auto speed auto
interface Dialer1 description ADSL connection bandwidth 448 ip address X.X.X.X 255.255.255.248 ip access-group 150 in ip nat outside ip inspect firewall out ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname hostname ppp chap password password ppp pap sent-username hostname password password crypto map vpn
ip nat inside source list 102 interface Dialer1 overload(code )
I've tried this with both a source list NAT statement, and a route-map. The router can contact hosts on the Internet:
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 128.31.0.51, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 144/147/148 ms
View 21 Replies
View Related
May 2, 2011
Small office setup with a wireless modem/router. We have two computers that are identical HP Pavilion a6807c PCs running Vista Home Premium. Other computers in the office are a bit older and run either XP or Vista.Just purchased a new HP Officejet 7000 printer and connected it via a USB to one of the HP Pavilion Vista computers (which I will refer to as HP1). The printer works fine on HP1 using the direct USB connection.Set printer sharing, file sharing, and even public sharing on both HP computers (HP1 and the other one I will refer to as HP2). Workgroup name is the same. Can access HP1 and see the HP printer on HP1 from other computers in the office. However, when I try to connect to the printer from HP2 to HP1, it locks up HP1 and HP1 requires a hard reset. I tried installing the software/drivers on HP2, but HP2 still tries to install the drivers from HP1.I am not sure its a problem with HP1 as much as it is a Vista issue. The reason I say this is because I have been able to successfully use an XP computer (XP3) to connect and print to the Officejet on HP1.
View 1 Replies
View Related
Feb 2, 2011
Running a Windows 7 laptop plugged into a LAN using ethernet cable with internet.The built-in wireless nic on the laptop connects to a totally different internet network. I set up an XP Mode Virtual PC on the laptop with the intention that it would use the wireless internet connection.I set this up by installing Microsoft Loopback Adapter, then sharing the wireless nic to it. The Virtual PC is set to use the Microsoft Loopback Adapter as its network connection.My problem is that only the hard wired internet connection works.The wireless is connected and has an ip address, however no traffic flows through it until i either disable the cabled network or physcially unplug the cable. Is it possible to have my host laptop use the cabled internet connection and my virtual pc use the 2nd wireless internet?
View 1 Replies
View Related
Mar 9, 2011
We are using an ASA with 8.4 in transparent mode. Connection fails when a host on inside tries to connect to a server on outside. This server uses mac-address 0100.5E00.0000 to load balance but replies with real mac-address.Firewall logs "Deny TCP".ARP inspection is disabled.
View 2 Replies
View Related
Mar 5, 2012
I have a VMware workstation on my host computer (windows 7) and the VMware workstation has a virtual machine (windows 7) on the host. We were trying to allow internet access only to the Virtual machine, i.e. to minimize exposure of the host to the internet. I tried to use Vlan Access Control list with MAC ACL to deny the host virtual machine from accessing the internet and allow all other traffic including the virtual machine. The configuration works for some time and after some time when the virtual machine continously pings the c3750 switch (wher the VACL is implemented), the host also pings the c3750 switch and re-establishes connection with the internet. But when we configured the c3750 switch to deny the VM and allow all other traffic, it works fine. It seems like the host automatically finds a way to get arround the VACL.
View 0 Replies
View Related
May 22, 2011
At work my desktop pc is a Novell client with WinXP. I wanted to use it a an ics host so I'd be able to connect my laptop to it with a cross wire so both computers could surf simultaneously using one source connection.I should probably note that I only have user privileges on my desktop and no admin privileges on it. It is my workplace policy so people don't install software that might end up being malicious.We also have Wifi at work but my at my office I have a low signal (1-2 bars) so I can disconnect my desktop, copy it's MAC address to my laptop and surf with my laptop instead. However, I need both computers, the desktop for work and PC for personal use.
View 1 Replies
View Related
