Cisco Application :: To Create A Static Bidirectional Nat On 6500
Jul 20, 2011
First of all, I want you to know that I do understand that it's not a good design at all, but I still need to implement it.My ACE20 in 6500 works in routed mode with VLAN 101 (10.0.101.0/24) as the client-side VLAN. I therefore have Vlan101 SVI (10.0.101.1/24) on 6500.I also have VLAN 200 (10.0.200.0/24) on 6500 with SVI Vlan200 (10.0.200.1/24) and I want to create a static bidirectional NAT so that clients, connecting to IP address in VLAN 200 (10.0.200.64) would be NATed to VIP (10.0.101.10).Let's say we have clients (10.0.500.0/24) connecting through gig1/0/1.Here is my current setup on 6500.
View 14 Replies
ADVERTISEMENT
Jul 26, 2011
how a static entry under a "sticky" performs Configuring Static IP Address Sticky Table Entries Cisco Documentation Says When you configure a static entry, the ACE enters it into the sticky table immediately. Configuring the ACE Action on Server Failure failaction purge # The purge keyword specifies that the ACE remove the connections to a real server if that real server in the server farm fails after you enter the command. The ACE sends a reset (RST) to both the client and the server that failed. Cisco Documentation Says If you do not configure this command, the ACE takes no action when a server fails
sample config
sticky ip-netmask 255.255.255.240 address source STICKY1
timeout 180 replicate sticky serverfarm SERVERFARM1 8 static client source 192.168.12.15 rserver SERVER1
Question1 - What happens if SERVER1 fails?
a) Does the ACE let the connections to SERVER1 timeout(default behaviour) and then load-balance new connections coming in deom 192.168.12.15 to another server in SERVERFARM1
ORb) Does the ACE reset the connections to SERVER1 immediately and starts load-balancing new conenction coming in from 192.168.12.15 to other servers in SERVERFARM1 ?
ORc) Does the ACE just drop the current and new connections from 192.168.12.15 till SERVER1 comes back up ?
OR d) Is it dealt differently?
Question2 - Now what happens if the failed server(SERVER1) comes back up after some time?
e) Does the ACE reset any current connections from 192.168.1.15 and starts sending them to SERVER1 ?
ORf) Does the ACE leave the current connections from 192.168.1.15 to other servers in SERVERFARM1 as they are and send any new connections
from 192.168.1.15 to SERVER1?
ORg) Is it dealt differently?
My guess is Question1 -> a) and Question2 -> e)
ACE model = ACE10-6500-K9
Version = A2(3.3)
View 4 Replies
View Related
May 18, 2013
I need urgent support on creating SSID as layer 2.We have cisco WLC2504 and 1602i access point. In our network we have in gate for guest.I want to create one ssid and bind with vlan only. We can not creat interface on WLC b/c of static IP.
View 3 Replies
View Related
Jun 10, 2011
is it possible to to create VPN between static IP and dynamic IP on netgear FVS318?
View 1 Replies
View Related
Feb 6, 2011
Ok I realise that the 825 doesn't have the ability to create static LAN routes. Is there a workaround or is this somthing that may be implemented in the future. It's a real let down to find this feature missing in an expensive router such as this.
View 1 Replies
View Related
Mar 20, 2012
I just upgraded my firewall to ASA 5505. Now, my original static ip address cofiguration is gone. Apperantly, Cisco went away from static ip address to something like nat (inside,outside) dynamic interface. how to create a static ip address under version 8.4? By the way, I am sharing what my configuration used to look before upgrading.
!
hostname cisco-asa
domain-name default.domain.invalid
names
!
interface Vlan1
nameif inside
security-level 100
[code].....
View 7 Replies
View Related
Sep 15, 2011
At first I use ACS 4.2 to create static ip address user for remote access VPN,It's easy,just configuration it at user set>Client IP Address Assignment>Assign static IP address,but when I use ACS 5.2 I can't find it.I try to add IPv4 address attribute to user by read "ACS 5.2 user guide" ,it says this: [code] I do this,but it's not work.When I use EasyVPN client to connect ASA 5520,user could through authentication but will not get that static IP address which I configuration on Internal Users.so,what should I do,if anyboby knows how to use ACS 5.2 to create a static ip address user for remote access VPN.
View 2 Replies
View Related
Jan 26, 2011
I am trying to create a static route on the TP-Link TD-W8950ND router, however am a little confused about the interface I should use. The default gateway on the route is another router on the LAN. I have a choice to use interface pppoe (telstra), LAN/br01 (bridge) or no interface. I was assuming I didn't need to use any interface as this is not a bridge setup and is on the LAN, but when I select "no interface" it doesn't save the static route settings.Also, when I select LAN/br01, the routing saves but doesn't actually work (tracert shows not going through the right router).
View 1 Replies
View Related
Sep 17, 2011
At first I use ACS 4.2 to create static ip address user for remote access VPN,It's easy,just configuration it at user set>Client IP Address Assignment>Assign static IP address,but when I use ACS 5.2 I dont't know how to do it.
I try to add IPv4 address attribute to user by read "ACS 5.2 user guide" ,it says this:
Step 1Add a static IP attribute to internal user attribute dictionary:
Step 2Select System Administration > Configuration > Dictionaries > Identity > Internal Users.
Step 3Click Create.
Step 4Add static IP attribute.
Step 5Select Users and Identity Stores > Internal Identity Stores > Users.
Step 6Click Create.
Step 7Edit the static IP attribute of the user.
I just do it,but it's not work.When I use EasyVPN client to connect ASA 5520,user could success to authentication but will not get the static IP address which I configure on Internal Users,so the tunnel set up failed.I try to Configure a IP pool on ASA for ACS users get IP address,and use EasyVPN client to connect ASA , everything is OK,user authenticate successed.but when I kill IP pool coufigurations and use the "add a static IP address to user "configurations,EzVPN are failed. how to use ACS 5.2 to create a static ip address user for remote access VPN?
View 7 Replies
View Related
May 9, 2012
We have cisco ace 30 modules installed in cisco 6500 switches. For application availability purpose from the internet, we need to have some global site selector/3rd party devices with similar feature set that of cisco gss.
whether cisco ace is compatible to ge tintegrated with other 3rd party devices like F5 GTM?
View 1 Replies
View Related
Feb 12, 2012
if enabling BFD (Bidirectional Forwarding Detection) for BGP on a Cisco 7609 Router causes extra loading on the CPU or impact on Router performance?
View 2 Replies
View Related
Aug 22, 2012
I have a Ciso L3 switch with 4 VLANs and all host computer connected to rest of 8 cisco 2960 switch's:
VLAN 1 : 192.168.1.0/24
VLAN 10: 192.168.10.0/24
VLAN 20: 192.168.20.0/24
VLAN 50: 192.168.30.0/24
There are list of my some Questions about Extended ACL serialwise :
1. For Restrict traffic from VLAN 10 to VLAN 20, I am using only one ACL is : Access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255.\ What will happen in this scenerio if we talk about traffic from VLAN 20 to VLAN 10. Will it communicate or not ???
2. How to Block the traffic from VLAN 10 to VLAN 20 but allow the traffic from VLAN 20 to VLAN 10 ?
View 16 Replies
View Related
Aug 23, 2012
The old syntax that I am much more familiar with has been deprecated. On older IOS it would have been something like static (inside,outside) tcp 209.114.146.122 14033 192.168.30.69 1433 netmask 255.255.255.255 Plus an extended ACL to allow the traffic.I am trying to create a Static PAT to allow a host address to access our Network through an ASA. I have external address 209.114.146.122 that I want to hit the external interface on an obscure port (say 14033) and translate that traffic to an internal host address on port 1433.
View 11 Replies
View Related
Oct 14, 2011
I have ACE10-6500-K9 installed in 6513 core switch with below mentioned sh version.
Software
loader: Version 12.2[121]
system: Version A2(2.0) [build 3.0(0)A2(2.0)]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_2_0.bin
[Code].....
I want to know that can i upgrade ACE10-6500-K9 to c6ace-t1k9-mz.A5_1_0 i.e version5 ? I tried to search cisco website but could not get proper upgrade or user guide.
View 2 Replies
View Related
Jul 9, 2012
I have installed ANM 5.2 virtual appliance.I have an issue importing a Catalyst 6500 device.When I try to import it, I get the following error: Device discovery failed: Cannot communicate to the device.Authentication failure while attempting to connect. Verify the device type and credentials. I double verified and the credentials are correct.I user SSH version 2.I use the following special carachters in the password: "!" and space.I don't use enable password to connect to the 6500 device. The 6500 device has a privilege 15 username.In ANM, the enable password is a requirement so I just fill in the regular password.I think the issue is appearing due to one of the following:
1.) The ANM does not support the special carachters I use in the 6500 password.
2.) Then ANM requires enable password, while I don't use enable password in the 6500 switch.
The 6500 runs SXI6 software version.I can't configure an enable password or configure a test username without special carachters beacause it's against the organization's policy.
View 1 Replies
View Related
Sep 12, 2012
I have done this in the past but I cannot find it anywhere......how do you display the uptime of a CSM module in a 6500? The chassis has an uptime of over 2 years, but I believe the CSM module was power cycled at some point within that 2 years and I need to find out if we may be running in to the bug that occurs after 828days of uptime. We are running 4.2(6) on the CSM and 12.2(18)SXF1 IOS on the SUP.
View 3 Replies
View Related
Jul 13, 2011
I have an application for my client's company. Their clients should post the request from outside thru internet. for that we have bought a Static IP. And now i have to configure that static ip to access the application from outside.what is the procedure for that?
View 1 Replies
View Related
Jun 28, 2011
I am just designing a solution where a FWSM consists of 2 contexts initially and has a shared outside interface pointing to the 6500 switch. There are 3 subnets connected to each of the FWSM contexts. So if anyone wants to access these 6 subnets then a route would be needed pointing to the interface vlan of the shared interface on the switch. But that would not be enough to access the subnets.. I am sure we have to define static NATS to point them to the right context where these subnets reside.
The FWSM is running version 3.x code So say 1.1.1.0(shared), 10.10.0.0(inside1), 10.20.0.0(inside2) and 10.30.0.0(inside3) reside in Context 1 and 1.1.1.0(shared), 20.10.0.0(dmz1), 20.20.0.0(dmz2) and 20.30.0.0(dmz3) reside in Context 2 in each of the context we would have to make three static NATS
static(inside1,shared) 10.10.0.0 10.10.0.0 netmask 255.255.255.0
static(inside2,shared) 10.20.0.0 10.20.0.0 netmask 255.255.255.0
static(inside3,shared) 10.30.0.0 10.30.0.0 netmask 255.255.255.0
The same would go for context 2 as well
static(dmz1,shared) 20.10.0.0 20.10.0.0 netmask 255.255.255.0
static(dmz2,shared) 20.20.0.0 20.20.0.0 netmask 255.255.255.0
static(dmz3,shared) 20.30.0.0 20.30.0.0 netmask 255.255.255.0
By creating these NAT statements, would the outside users be able to access the subnets residing in the context?
View 1 Replies
View Related
May 23, 2011
When we do self diagnostic test for WAE connected to the 6500 switch i get warning as below. Due to this alert there is no major acceleration benfits by the WAAS
Test WARN [tfo] WARN ASYMMETRIC Asymmetric routing is seen in the device Action: Check router's network configuration and WCCP redirection on the router.usevwa1#
6509 switches has only L2 capability and does not do WCCP redirection. The WCCP re-direction is done by 2821 routers.Is there any command which needs to be given in 6500 switch to solve the issue
View 1 Replies
View Related
Mar 7, 2013
I was asked to mount ACESMs on each of the CAT6K switches of a VSS cluster (one ACESM on each individual switch).On a non-VSS environment, the "svclc module <slot> vlan-group <group>" command is used to bind the VLAN group to the module on a certain slot. But now I am facing a VSS scenario, I will need to combine switch and slot in order to reference each of the individual modules...
How do I "index" each of the ACESMs in a VSS cluster? ¿Is there an extension of the aforementioned command to be able to combine switch and slot information?
View 1 Replies
View Related
Dec 7, 2011
It seem that ACE10 not support 12.2(33)SXJ1 IOS running on C6500. The box cannot detect the ACE module when power up. Currently the ACE10 running on system A2(30).
My challenge i have the ASA SM that compulsary to run on 12.2 (33) SXJ1 version. How to let these 2 module can running on the same C6500 box?
View 1 Replies
View Related
Feb 19, 2013
I have an issue with my setup of a 6500 switch (12.2(33)SXI9).We have a 6500 switch with several VRF's. For a certain VRF I would like to redistribute a static route in EIGRP. After doing so I don't see the static route on my eigrp neighbor.
This is a overview of my config. I'm basically redistributing only my static route for this vrf in eigrp.
I found a similar case in which the solution was adding a metric to the static route. (eg. redistribute static route-map static-eigrp-pp metric 10000 100 255 1 1500). But the strange thing is that we don't have this issue on a similar machine (same IOS, same config setup). [code]
View 2 Replies
View Related
Jan 12, 2013
i have configure new ACE 30 module on top of 6500 core switch , the issues am facing whenver i want to access to https://ACE_IP and after i enter the user name and the password , it's forwared me to the follwoing page: is there anything should i configure to avoid this page ?
View 1 Replies
View Related
Dec 27, 2011
I have an ACE10-6500-K9 (Application Control Engine service module for Catalyst 6500) but I can't access it because I lost the admin password.I would like to know how to perform a Password Recovery Procedure on this device.Is it similar to the password recovery procedure on an ACE 4700 appliance?
View 2 Replies
View Related
Apr 8, 2013
I have Cisco 6500 with FWSM and ACE module which are in one central DC. Also we have four different Datacenter (Hub & spoke) and in our FWSM we have configured four contexts in central DC FWSM for each DC. Each DC servers are different VLAN and IP subnet. Now we have to configure ACE module for load balancing among those different subnet servers. What will be the design and configuration for this solution? Like routed or one-arm mode design.
Scenario Example:
1. App Server01
IP:192.168.11.5/24
GW: 192.168.11.1 in FWSM
FWSM Context: DC1
Physical Location:DC1
VLAN:11
[code].....
Now customer requirement is we have to load balance using ACE between these App Servers which are in different context s in FWSM and one Server is not FWSM. how to configure or design or placement of ACE and FWSM for above scenario.
View 4 Replies
View Related
Jun 20, 2011
Since the ACE supports only static routing, when pointing a default route from the ACE what is your preferred method when using multiple 6500s with an ACE in each in a failover scenario to prevent just pointing at one 6500? Static route to an HSRP address? Multiple static routes on the ACE, etc?
View 2 Replies
View Related
Apr 12, 2012
Is it possible to modify conf with snmp on ace module like others 6500 catalyst ?Is ace answer to snmpset cmds ?
View 1 Replies
View Related
Apr 21, 2013
Does 6500 SUP720/2T support MAC Address-Table Move Update Feature?
View 1 Replies
View Related
May 7, 2013
Is it possible to use 1 or 2 of the 4 gigabit ethernet ports from one ACE straight into the other ACE for redundancy? So ACE_01 gig0/4 to ACE_02 gig0/4.If so, is it a case of just having the layer 3 config instead of trunking etc..Also - is it possible to create a context within the same vlan as the Admin context?
View 4 Replies
View Related
Dec 21, 2011
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies
View Related
Mar 12, 2013
Today I installed the 1.0.2.6 Firmware on a RV180W. I only have now two problems regarding the Static DHCP support in the GUI.
1. Via the Networking > LAN (Local Network) > Static DHCP I have no buttons to Add a new static Lease.
2. Via the Networking > LAN (Local Network) > DHCP Lease Clients I can thick a Lease and click on Make Static IP. The result is an error: Operation failed.
View 3 Replies
View Related
Jul 26, 2011
I've been having a problem with setting up static dns 3 on my WAG, what has been set is...
Static DNS 1: 208.67.222.222
Static DNS 2: 208.67.220.220
Static DNS 3: 208.67.220.222
Now if I look in my router status screen 1&2 are correctly displayed but the 3rd entry is showing my ISP's DNS,
View 9 Replies
View Related
Dec 3, 2012
Everytime I make a config change to one of the contexts on our ACE20, I get this message: Config Application in Progress. This command is queued to the system
If I run show download info, I get:
context : context1
Interface Download-status
--------------------------------------------------------------
187 In Progress
199 Pending
Regex download optimization status : Couldn't get status[TNRPC Timed out]
It eventually seems to complete, but it takes a very, very long time. We are running Version A2(3.5) [build 3.0(0)A2(3.5)].
View 2 Replies
View Related
