I got one request from one of the user to allow his ip to access one public using port www, this needs to be allowed in Cisco PIX, if the below command is correct for this.
Source host : 10.84.11.1
Destination IP : 203.126.112.131
Port : www
access-list acl_outbound permit tcp host 10.84.11.1 host 203.126.112.131 eq www
i am using a Cisco 1841 with subinterfaces instead (NAT on a stick).From the internet i can access services on public IP being hosted in LAN2. But when i try to access the same services on the same public IPs but sitting on LAN1, it does not work.
View 1 Replies View Relatedi am using a Cisco 1841 with subinterfaces instead (NAT on a stick).From the internet i can access services on public IP being hosted in LAN2. But when i try to access the same services on the same public IPs but sitting on LAN1, it does not work.
View 3 Replies View RelatedBasically after upgrade from ASA 8.4 to 9.0 (2) I have problems when certain types of NAT.Example:SA 8.4: nat (LAN, outside) 85 10.252.253.123 source static 192.168.3.2 192.168.3.2 192.168.3.104 static destination service http http In this form the host 192.168.3.2 uses the mapped ip (192.168.3.104) to access by http while other ports can be accessed using the original IP (10.252.253.123).
ASA 9.0: nat (LAN, outside) 85 10.252.253.123 source static 192.168.3.2 192.168.3.2 192.168.3.104 static destination service http http In this form the host 192.168.3.2 uses the mapped ip (192.168.3.104) to access by http but unlike before now I cannot access to the original IP (10.252.253.123) using another port or ping from host 192.168.3.2.
Trying to allow inbound access from any host outside to my LAN server on port 995. [code]
View 1 Replies View RelatedI would like to understand how public IP works in remote access. I do have belkin router and when I access it remote I type my public IP and after it the port number for example xxx.xxx.xxx.xxx:80 and if I would like to access an IP cam remotely in the same network i would do the same thing xxx.xxx.xxx.xxx:5656 (public IP). I do know my Public IP is unique.Thus, its quite logical I can access my devices remotely. my understanding of the port number is application specific that addresses packets in different applications in the same computer. For example port 80 is for HTTP connection used browsing the web, for chatting in MSN i will use different port number specifically for MSN...etc. my question is how I can access my belkin router remotely by typing the public IP and the port number knowing that the port number is application specific not device specific? My second question is, is it possible to access two routers in the same network remotely?
View 7 Replies View RelatedOn remote site I have Cisco ASA5505, on cental site I have Cisco 2811 router, working site-to-site VPN tunnel. [code]
View 1 Replies View RelatedHow can we host 300+ secure (https) websites using a couple of public IP's on an ASA5520 with AIP SSM-20 and with as few certificates as possible?
Summary of set-up:
We currently host a number of websites using an ASA5520 and use host headers, so have 6 servers with around 40 hosted URL's. The number of websites is due to double very soon and we will need to use more of our public IP's. We can see that we will will run out of public IP's very soon especially as there is a project in the pipeline that has a likely requirement to host an additional 200+ websites.
Each of these websites are required to use https and therefore each must have a certificate which will be very expensive. PCI DSS (payment card industry data security standard) is causing us issues because we had hoped to post the certificates on the firewall (one for each physical server) and then run the data UN-encrypted from the firewall to the relevant web servers, so that we could use one certificate for lots of websites and therefore reduce our certificate costs, however is not best practice to do this due to the data being unencrypted within the firewall and on the DMZ network and therefore potentially open to compromise. I doubt that we could install 200+ certificates on a 5520 and then re-encrypt the data to the web servers especially seeing as we also have an IPS card that is already running at around 70-80% util due to the performance overhead.
BTW - We also have an in-line Breach WAF which will be required to inspect the packets (certificates to be installed on the WAF to allow this).
Is it possible to create a service which will forward public port 9010 to an internal IP address with port 23 ?
First of all, I do not like to open the public Telnet port to the inside so I would use another public port and second my ISP does not allow some public ports beneath port 80
Is it possible to create a service which will forward public port 9010 to an internal IP address with port 23?First of all, I do not like to open the public Telnet port to the inside so I would use another public port and second my ISP does not allow some public ports beneath port 80?
View 1 Replies View Related I have 3 x SG500-52P switches stacked. Vlan 1 is data and Vlan 3 is voice Port to Vlan membership is 1UP and 3T Port security is disabled
The issue I have is that I can have either a phone or a PC plugged into a port but not both. If I plug in both then the phone works and the PC gets an IP address (Broadcast traffic) but PC cannot browse the network.
One of the persons involved in a home network has installed a Dlink DIR-825 Rev-B Extreme router on the Comcast cable system to allow a 'better' wireless signal on upper floors of the home. Two others involved in the same home network use a 'secure desktop access' software called NetOp to access the network remotely. To facilitate this software, we must 'port forward' port 6502 on BOTH UDP and TCP to the single system that is accessed.
However, this setup (simple port forwarding) does not seem to work - neither does 'virtual server', for that matter. Prior to this router being installed, it was extremely simple to accomplish this remote access using a Linksys router, so our software firewall configuration has not changed but the new Dlink seems unable to allow remote access.
How (and via which of these access methods - port forwarding or virtual server) would be best? This configuration seems frustratingly difficult to accomplish and I'm about to take the Dlink 'out' of the network and re-install the Linksys with a 'high-gain' external antenna to facilitate simple signal enhancement.
I recently upgraded my internet service and received a D-Link DIR-815 from the company as they couldn't get our older router working with the new service (4G)
My brother plays Star craft and you have to forward ports to be able to host games for others to join, but it doesn't work.
I know how to port forward because our old router had exactly the same setup, but I have one issue though, when I look at the DIR-815's manual, and even in posts made by D-Link, I've seen them asking if the filters for the firewall are set to Endpoint Independent for UDP/TCP, now I know where this is, it's under Advanced/Firewall Settings, it even shows it there in the manual, but it's not there at all under my firewall settings, my older DIR router had it and we had no problems port forwarding, I'm not sure if it was removed in a later hardware or something?
command for port forwarding to a few applications (inside hosts) when you only have one Static IP (Public) which is used for many to one NAT (Overloading)?This is the config for the many to one NAT.access-list 1 permit 172.16.0.0 0.0.255.255 ip nat inside source list 1 interface Dialer1 overload What command is necessary to forward ports to certain applications?
View 1 Replies View RelatedI'm using an ASA5505 (8.4(1)) and would like to block port 80 on a specific host in the LAN so machines in other remote LANs connected via VPN can't access this port on the host. Devices in the local LAN should have access to this port on the host. Here are the commands I'm using:
-access-list block_port extended deny tcp any host 10.20.10.20 eq 80
-access-list block_port extended permit ip any any
-access-group block_port out interface inside
These commands are not working as I would expect them to. When I browse to http://10.20.10.20 from a remote machine over the VPN tunnel I am able to access the host web server.
I have recently separated a few sites that I operate, into multiple virtual machines, all with their own IP.Basically, site A is located on for instance www.siteA.com, Site B is located on blog.domain.com etc etc. So my question is, how do I (with the Cisco RV220W), forward port 80 based on host?[URL]
View 3 Replies View RelatedI have build topology like this:
host------c2950(f0/3)------(f0/4)c3550(f0/41)----modem-----Internet
I wanted to monitor c3560 port where modem is connected from host. So for that I configured rspan. configurate show below. But problem is that after configuration f0/4 of c3550 remains up and f0/3 of c2950 goes down. WHen I look at status of f0/4 it show "FastEthernet0/4 is up, line protocol is down (monitoring)". I tried to search websites It seems configuration is fine.
[code]...
I have setup LAG for one of our 5508 controllers and have connected 4 of the 8 ethernet ports to a 4507 switch. After configuring 2 port channels on the switch we are receiving a host flapping error between the port channels and it seems to be causing a serious slowdown on the switch. When I shutdown one of the port channels the error goes away and traffic returns to normal. I have the same configuration at other locations with the only difference being the switches used are 3750G-12S and I do not see the host flapping error. It appears to only be a problem with modular switches.
One other thing of note: I read a Cisco white paper on LAG and it suggested creating the port channels over 2 different modules. For example, put ports G4/24 and G5/24 in port channel 1 and G4/25 and G5/25 in port channel 2. I tried this but I still got the host flapping error.
recently I had some malware on my Windows XP Professional (version 2002), so I followed a guide at Bleeping Computer [URL] to get rid of it. Problem is, for some reason, after I finished, I could no longer access the internet!When I try, FIrefox gives me their "could not connect" message: "Server not found. Firefox can't find the server at [site]." Check the address for typing errors such as ww.example.com instead of [URL]"When I try to log into MSN, the troubleshoot says I have a problem with my DNS and Key Ports.I'm not good with computers so I Google'd and found some ping-ing instructions. When I tried to ping [site], I get: "Ping request could not find host [site]. check the name and try again." This happens regardless of the site I use.Lastly, I tried "ping 127.0.0.1" from a troubleshooting site. It gives me: "Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
[code]..
I am having normal network need to add public ip 162.196.212.32 / 29 with port 51241 in ASA firewall
View 8 Replies View RelatedI have a virtual FreeNAS server running from VMPlayer and I want to allow my friends to connect to my media server from their houses, but I don't want to buy a domain. Is there a way to port them to it when they connect to my Public IP? I am willing to use another program if necessary. I have looked at Filezilla, but have the same issue.
View 4 Replies View RelatedI have a customer thats got a Linksys router now, that has a DMZ port.The DMZ port is configurede to it routes the extra public ip-adress to the DMZ port it has.At the DMZ port they have another router connected, where they routes the public ip-adresses på some other devices.How can i make this setup on a Cisco ASA 5505 (With the Security Plus licens)What i have to do is to replace the Linksys router, and make it so, so it works like it was before with the Linksys.
View 5 Replies View RelatedI just thought if it's possible to make sure that only approved IP addresses for each of divisions of a company can be used.How can I assign for a port one/more public addresses and be sure that only this port is using it/them. Thing is I have only one 24 bit public Network ID provided to me by ISP. One IP address of the range is used for ISP's gateway. So I have 253 addresses to be distributed among divisions. However to avoid IP address conflicts I have to be sure that only dedicated for a division IP address/es is/are used by the division.
Router is 2821.
Switch is 2950.
Is there any way to Mirror a CISCO C3750 Switch Port Taffic to a remote Host IP Address?I know Port Mirror (SPAN/RSPAN) can copy one Interface Packet to another Interface. But I am looking for a way to miror Switch Port Packets to a remote Host (having Public IP Address and running Wirehark). Is it possible?
View 9 Replies View RelatedI am trying to remotely access my PC from my HP Touchpad. I have program to do that but my public router is blocking access. The program says to redirect that router to port 5900. Since it is a public router I can't find how to access the public router to redirect it.
View 3 Replies View RelatedI have a host machine (Laptop, Win 7 Home Premium x64) running Windows 7 Ultimate x64 on VMWare Workstation 9. I've got this system set up for UMDF driver development, because I need a target machine to debug drivers on. However, because I'm developing drivers for Win 7 (x86 and x64), I cannot connect to the virtual machine on via a simple network connection. Connection methods are outlined here.
I have tried a few different pieces of software (mostly Eltima software), and have Google'd every combination of phrases that I can think of. I can't find any information on this anywhere. I don't just need to share data between the machines, I need a more "physical" connection.
Does any know how to do this, or if there's another (preferably more simple) way of doing it?
We have 2 TS (Terminal Servers) and have configured the 1st RDP using my public address (say 8.8.8.8) on port 3389. it is working very well of course. However I need setup my 2nd TS but will use port 7777 on the same public address which is not working.I am using ASDM 6.3 and firmware 8.3.1.Is this a limitation for this IOS?
View 6 Replies View RelatedWe are in a planning phase of adding another service to our DMZ. The DMZ has a singe publicly accessible IP. We are running Citrix inside our network externally accessible via w121eb https (443). Another service will be added to the DMZ (Exchange/O365) requiring ADFS & and ADFS proxy also using port 443 as well. Both services (the Citrix secure gateway & ADFS) will have separate subdomains but directed to that same IP, each with its own cert.
Now, I guess the question is: How (if possible) can we forward the public requests to the two services that hit our network on the same port (can't change the port on either), to two separate appliances with their own internal IP's internally?Our current appliance on the DMZ is an ASA 5505. Also could use a PIX
I'm trying to trace a host and I'm getting stuck at the port channel mac addresses. I need to find out where the server is connected to and the switch it lives on.
Please read below:
Step 1) Log into the core (MSFC): Code...
How do I find out where this physical server lives? I keep getting the mac for the trunk ports which is being used for all VLANs.
The server is hanging off some switch but I need to track it down to the last end.
One of the ports on the 3750 stack was configured for VLAN121. It was changed to VLAN40 and the configuration saved. Both VLANs exist in the switch configuration. As soon as a host was connected (in this case, a label printer) the port VLAN reverted back to VLAN121.
View 3 Replies View RelatedI have one public IP address but multiple local servers that run on the same port. I cannot change the port the clients use to connect to this server, so I can't do a port map in my NAT router. The solution I had in mind, is to filter on source address. If a client from public IP X.X.X.X connects to port Z, I want it to go to internal server 10.10.10.10 and if a client from public IP Y.Y.Y.Y connects to port Z, I want it to go to internal server 10.20.20.20. Is this possible? I'm using an ASA5510 but I could also switch to a 5505 for this.
View 3 Replies View RelatedI recently installed a First Alert Security System and assigned IP address to the DVR but within the DHCP (After reading many threads, I will asssign, ping and create a static IP outside of the DHCP, maybe this will resolve the issue). I am able to view the cameras on my iPhone and HP Laptop but only internally on my network. I am trying to port forward my DVR IP address to be able to view the cameras on a public website. Although I am going to chcek and see if assigning an IP to my DVR outside of the DHCP and hopefully this will be it, I am afraid that my CradelPoint CRT 500 Modem will not support it. I read on one thread that this is a common issue after you have exhausted all the options. How can I be sure that my modem supports that my router port forwards? I want to avoid configuring to run in bridged or pass-through mode.
View 3 Replies View RelatedI have a host that can successfully connect to a PIX 515E (7.x OS) via VPN Client; however, I have no IP routing to the LAN from the remote host.The VPN IP pool works finem,The LAN default gateway is the inside interface on the PIX; the network is flat L2 behind it.The default route on the PIX points out; no other routes are defined,The VPN remote host can be pinged from LAN hosts, but the VPN remote host cannot ping any LAN host, not even the PIX inside interface.
View 2 Replies View Related