Cisco :: Cannot Ping Static Nat Public Ip In ASA 8.4(2)
Jun 27, 2012
I have setup Cisco Asa 8.4 Lab in GNS3 to understand new Nat changes in asa 8.4 because im new to asa.
I have configured one of my internal webserver to static NAT with one public ip. Im able to access hosted webpage from static public ip 192.168.1.4 means NAT is working fine, the problem here Im facing i'm not able to ping to Mapped public IP 192.168.1.4 from outside interface sitting on pc (ip 192.168.1.100) which is also connected to same outside network and neither from ASA console but Im able to ping outside interface ip address which is 192.168.1.3 from pc (192.168.1.100) and from asa console.
This how my network topology
Inside Network 192.168.72.0/24 outside Network 192.168.1.0
inside ip 192.168.72.2/24---------------ASA8.4-----------------------outside ip 192.168.1.3/24 (connected to ADSL router 192.168.1.1)
[Code]......
View 3 Replies
ADVERTISEMENT
Nov 8, 2011
in ASA 8.4, I need to use to static nat an internal IP with a public IP and use the same public IP to dynamic nat another internal IP:
-nat (inside,outside) source static IP1_PRIVATE IP_PUBLIC
-nat (inside,outside) source dynamic IP2_PRIVATE IP_PUBLIC
All outgoing connection from IP1_PRIVATE and IP2_PRIVATE should be natted to IP_PUBLIC and all incoming connection to IP_PUBLIC should be forwarded to IP1_PRIVATE: is it correct ?
View 3 Replies
View Related
May 26, 2011
I'm able to configure the device with the IP, Subnet, GW and DNS given by my ISP. However I need to assign public IPs to my other two servers ( Apache Server, Firewall) which are connected directly to the device. I've tried disabling NAT and assign static ips to each server. However, when I go to change the lan ip on the router it won't allow it. the errors are: pv0 and iplan are on the same subnet cannot have ip_range
View 2 Replies
View Related
Aug 29, 2012
I recently "upgraded" to Uverse from DSL. While the speed boost is nice, UVerse comes with a 2wire residential gateway. Unfortunately you can't disable the DHCP functionality in the 2wire router, nor can you disable the router functionality completely and just run it as a modem, which has pretty much made it impossible to integrate into my network.So the partial solution anyway is to keep using the rv082 (yey!) behind the 2wire, assign a public static IP to the rv082 WAN1 i/f, disable the firewall in the 2wire for the rv082, and up and running again.The problem I'm facing now is that I had 3 devices on the LAN that were published using individual public static IPs. With good-ol'-DSL, I could use the one-to-one-NAT feature in the rv082, block any unwanted traffic in the firewall, and everything works. Unfortunately with the configuration options in the 2wire, I can only assign a single public IP address to any one device hooked up to it, in this case the rv082 WAN1 port.i have the one-to-one-NAT configured sequentially on the WAN and LAN side on the rv082 with nothing else hooked up to the 2wire. For example, one-to-one-NAT configuration in the rv082:
WAN range: 66.77.88.91 to 66.77..88.93
LAN range: 192.168.0.2 to 192.168.0.4
The 2wire is allocating the first public static IP in the range to the rv082 (i.e. 66.77.88.91). This works 100% reliably for this address - however because I can only assign a single address in the 2wire interface the other devices are no longer accessible externally. Curiously it kind of partially works, but not reliably. I can briefly connect to one of the other addresses (say xx.92), but then connectivity is lost to the others.Someone suggested I try using the Dual-WAN feature to get at least two addresses assigned to the rv082. Seemed like a good idea in theory, i.e. because the 2 WAN ports have different MAC addresses, the 2wire should see two different devices and allow me effectively to assign two public IPs to the rv082, e.g. 66.77.88.91 to WAN1 and 66.77.88.92 to WAN2. Of course failover mode won't work here, because only one is connected at a time. However the load-balancing mode did seem like it may work, but something is going on that I don't understand. Internal connectivity is working fine and I can access the internet, but for some reason the 2wire is getting really confused and constantly re-assigning IP addresses to the rv082. I don't know if this is because the host name is the same for both WAN1 and WAN2 ports, or there is something in how the rv082 does the load balancing.
- Is there any tricks to getting the Dual-WAN to work in the way needed to essentially have two simultaneous internet connections?
- Would it be possible to buy a 2nd rv082 and have it on the same LAN? How would I configure this?
- Is there an alternative Cisco router that may work better with what I'm trying to do?
View 9 Replies
View Related
Apr 16, 2013
I have a customer who wants to do a static mapping in order to prevent any downtime for one of his public web servers. Any good example to follow? FYI, the edge device is:
CISCO1941W-A/K9 (configured as a zone based firewall)C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(1)T
View 1 Replies
View Related
Sep 25, 2011
my Networks contain three devices (BPX, DVR, PC) need to fixed IP, do you router supports the Cisco SRP547W Static Public ip.
View 1 Replies
View Related
Feb 3, 2013
I have ASA 5505 with basic licence, v9.1, ASDM 7.1. I want to create the DMZ for a web server.
The interface 0 is for the outside network The interface 6 is for the DMZ All other interfaces are for the inside network
My ISP provided me with one public static IP address, one gateway address and a subnet mask 255.255.255.252
1/ I would like to ask which interface I should assign the public static IP address to. Should it be assigned to the outside interface 0, or should it be assigned to the DMZ interface 6, while outside interface would be configured to use DHCP?
I tried to assign the static IP address to the outside interface first, but then when I used ASDM the “Public Servers” feature to configure NAT, I get error message that the outside interface and the public address cannot have the same IP address.
2/ For the sake of peace of mind, I am thinking about using the second firewall, which would be used only for the inside network. Can I connect this second firewall to one of the inside interfaces of the 1st firewall,
View 4 Replies
View Related
Dec 14, 2011
Is there a simple way to have a web server have both a static public ip (I have a block of static IP's) and an static private ip (ex 192.168.0.60)? I am running a web project management application....
View 4 Replies
View Related
Sep 3, 2012
So, I have a bit of a problem getting out Natted Cisco 7960 working with our external SIP providers behind NAT.
We have a block of IPs available to us, however when I asign a static NAT rule for the internal phone, outgoing calls are fine but incoming provides no audio.
We have no ACL blocking or anything, it's fully open to the outside world with the IP assigned to it via NAT.
Our static NAT rule for the phone:
ip nat inside source static 192.168.0.250 xxx.xxx.xxx.xxx
NAT is configured on the phone, with the external IP set correctly.
Also, after a while, it seems as the the registration times out or something because incoming calls no longer work.
I thought a static NAT rule would just allow full access to incoming connections to the internal IP specified? Our main router config (with unnecessary information removed):
version 15.1
no service pad
service timestamps debug datetime msec
[Code].....
View 4 Replies
View Related
May 21, 2013
I have an aironet 1242, It must be connect to an DSL using a static Public IP, and this AP must provide dhcp services, how to configure this access point in order to be connected to Internet using Public IP and provide dhcp service.
View 4 Replies
View Related
Aug 8, 2011
We have Cisco 1921 router with two ADSL connections on it. both ADSL public ip address working fine, they both send and receive packets. we can ping both ADSL public ip from inside but
we cannot ping both ADSL ip from outside it is some times with one ip and some times with another ip.
View 12 Replies
View Related
Feb 28, 2013
I have my webserver (30.30.30.50) located at DMZ zone. The public IP of my webserver is (119.2.116.191). From outside i can ping my webserver using public IP thats fine.The issue out here is, if i want to ping my webserver using public IP from Internal LAN then i cannot ping but i can ping my webserver using private IP.I am using ASA5520. [code]
View 2 Replies
View Related
Jul 19, 2012
We have ciso asa 5505 and we are using one public ip of 155.155.155.9 , so i wanna disable to ping from outside this ip , but not effect our site to site and remote vpn connections ,the only thing i need is to disable the public ip to ping from outside.
View 7 Replies
View Related
Apr 3, 2013
I have just setup the 3G Wifi Router (Huawei 3G21WE) for my company at remote site for temporary use.Now we want to monitor the DVR and cameras installed on the site from head office but i am unable to do it.I have done the port forwarding on the router and using Dyn DNS and configured it correctly, but i cannot browse it from internet.I have also noticed that i am unable to ping the public IP/DynDNS from internet. also i cannot find any option to disable the firewall on my router.
View 3 Replies
View Related
Oct 26, 2012
I am connecting a 2600 router to an ISP. Interface 0/0 is connected to the ISP using DHCP. Interface 0/1 is connected to the inside providing DHCP services to the inside. At least it should only be providing DHCP services to the inside. I also have a public static IP that is NAT to a private static IP. Everything is working except the computer on the static IP. From the router I am able to ping inside and out from each interface. I am able to ping both interfaces of the router from the computer on the static IP but I cannot ping outside the router. If I do a debug all I see a reject for the gateway of the static IP but it has “mobile IP” in the text string. Not sure what mobile IP is relating to. Networks are as follows:
0/0 DHCP 10.X.X.X
0/1 192x.x.x
Static 75.X.X.X
[Code].....
View 13 Replies
View Related
Jan 21, 2011
My old office uses Cisco 861 as a VPN router, with the WAN side setup to receive a dynamic IP assigned by Time Warner cable. Now we switched to a new office, with TowerStream which provide 4G SLA'ed 10Mbit service with static IP, and I get a Cat 5 ethernet down from it.
So all I did, was to go my "interface FastEthernet4", and typed ip address 173.243.123.123 255.255.255.252.Changed speed to "speed 100" and "full-duplex" (as instructed by the ISP).
I also did "ip default-gateway 173.243.123.124", which is the default gate way assigned by the ISP.I also typed "ip name-server 64.17.123.123" to setup the new DNS, am I doing anything wrong? I can't even use the router to ping google, but if I connect the laptop directly to the outside line, then it works, so I know the outside line is good.
Why can't I connect to the internet? I wasted several hours already trying everything in my book to trouble shoot a supposedly very simple configuration change. Do I need to change something related to NAT when changing to Static IP? My NAT was working just fine before when under DHCP.
The below is my full config (some IPs changed to preserve anonymity):
=============================================
Building configuration...
Current configuration : 16628 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
[code].....
View 29 Replies
View Related
Oct 25, 2011
I defined a static route: 192.168.0.0 / 255.255.255.0 / 192.168.1.201 (gateway), I can connect from 192.168.1.0 to 192.168.0.0 but we cannot ping in this local network. We have a CISCO 18000 as a VPN IP configured between this two local network.
View 1 Replies
View Related
Nov 7, 2012
I have 5 Static Ip pool all IPs are working fine. I have deploy a IIS Server on Windows2008 and configure the Static IP on that server. earlier it was working fine . but since last month the IP is not pinging from Out Side but internal IP Pool its working. I have checked the SERver firewall and another Setting is Ok. if i changed the Ip from the server the new IP is also not pinging.
View 1 Replies
View Related
Jul 5, 2011
I have strange problem I am using my static ip system since two year, I dont have issues so far, since two days I am facing a strange issue when I am piging my system I could able to see reply,
but when I am trying to connect via MSTSC..blank screen even I am unable to get login screen also...
I have tried to connect to log mein and team viewer all are having the blank screens
View 7 Replies
View Related
Apr 2, 2013
One of our vendors requires using a public ip address to setup a site-to-site IPSEC vpn. We only have one public ip address and that will be used for the vpn endpoint and for internet access for the local network. I've setup policy NAT from our local network to the outside interface. I'm also using the outside ip address for the crypto map. The tunnel setups successfully and the Tx count increases anytime I try to ping the remote network, but the ping fails and the Rx count does not increase. According to our vendor, we should be able to ping the remote network and connect using port 443. When trying to connect using port 443, I see a SYN timeout in the logs. I'm not sure if the problem is on their end and they're rejecting our traffic, or if something is misconfigured on our end. I'd like to make sure that I have everything configured correctly before I go and point fingers at them.
Local Network - 10.10.9.0/24
Remote Network - 20.20.41.0/24
Remote Peer - 20.20.60.193
.ASA Version 8.2(5)
!
hostname ciscoasa
[code]....
View 4 Replies
View Related
Jul 10, 2011
i have an ASA 5520 8.4(1) setup as follows
public wan
|
|
ASA-- public dmz
|
|
private lan
i need to allow https traffic to a server in the DMZ that will have a routable IP address will just an ACL suffice ?which interface do i apply it to ? wan or dmz ?i dont need a NAT since the DMZ is a routable space?
View 6 Replies
View Related
Mar 12, 2013
Today I installed the 1.0.2.6 Firmware on a RV180W. I only have now two problems regarding the Static DHCP support in the GUI.
1. Via the Networking > LAN (Local Network) > Static DHCP I have no buttons to Add a new static Lease.
2. Via the Networking > LAN (Local Network) > DHCP Lease Clients I can thick a Lease and click on Make Static IP. The result is an error: Operation failed.
View 3 Replies
View Related
Jul 26, 2011
I've been having a problem with setting up static dns 3 on my WAG, what has been set is...
Static DNS 1: 208.67.222.222
Static DNS 2: 208.67.220.220
Static DNS 3: 208.67.220.222
Now if I look in my router status screen 1&2 are correctly displayed but the 3rd entry is showing my ISP's DNS,
View 9 Replies
View Related
Mar 31, 2012
I have a new 3560G to set up a small network for a remote site. I configured the vlan and an SVI as the gateway. The switch is also the DHCP server for the LAN. I configured Gi0/2 as L3 port, connecting to the nearest neighbor. My network runs EIGRP so i advertised the routes into the EIGRP process. The switch forms EIGRP neighbors and learns all routes in the enterprise network. The problems I'm having now are: 1. The switch learns all routes in my enterprise LAN and can ping devices in the enterprise LAN, but I can’t ping any interface on the switch from the enterprise LAN. 2.
View 5 Replies
View Related
Dec 12, 2011
I set this up and I can ping all the gateways but never the hosts. I was hoping I could make these links between 6500's a mix of L2 and L3. Check it out. They are connected in a linear fashion R1--->R2--->R3. I can ping from R1 to R3's SVI4 gateway but I can never ping a host on that SVI4. I was hoping that I could use the port-channels between 6500's as routed links or as trunk links depending on the type of traffic....thought it would ease the migration. I suppose I could always get rid of the port-channels and just make separate L2 and L3 links between the 6500's.
View 3 Replies
View Related
Jan 18, 2013
From My Router that connects to Cable modem i am unable to ping website 4.2.2.2I am able to ping all other websites fines.Same website i can ping from my pc and all other switches fine.Router has only 1 ACL thats for NAT.
View 25 Replies
View Related
Aug 15, 2011
When I ping an address from my windows machine, it succeeds, but when I ping to the same IP on my MAC OS X machine, it fails.
1. Why?
2. How to get successful ping on my MAC machine?
View 1 Replies
View Related
Jan 26, 2012
I installed window server 2003 in a old Pentium III server as a standalone test server. Now I want to use it as a print server and connected it to the domain. I can ping workstations and other servers from that test svr. But i cannot ping that test server from the work stations.
View 2 Replies
View Related
Mar 1, 2013
I had both a Westell 7500 and a Linksys Router working fine and had my 360 setup as an extender for Windows Media Center so I could stream TV, Music, Movies, etc from my desktop to the 360. Then I switched my modem/router out with a Zyxel PH5001Z
So now today I noticed that I can no longer find my desktop through the XBox. I have adjusted my firewall settings on the modem itself, even completely disabling it. UPnP is enabled for the 360 and the device is showing under my device table. At first I wasn't able to ping any network devices but after creating an ICMPv4 Firewall rule it worked fine. I've confirmed the XBox IP Address through Network Map, the Device Table on the modem and through Network Settings on the XBox. I've diabled my modem firewall as well as Windows Firewall, completely and I still can't ping my XBox or set it up as an Extender.
I have the XBox connected wirelessly using WPA2-Personal and it's operating in 802.11g/n mode.
View 19 Replies
View Related
Feb 29, 2012
I have a strange issue on my ASA 5510 (8.4). I can't ping or connect to the VPN clients but the VPN clients can ping/connect to any inside resources. I have checked all the NAT extemtion entries.
View 3 Replies
View Related
Apr 30, 2011
I'm trying to setup my DMZ so all my servers will have public IPs assigned to them. I'm currently trying to use two interfaces on each server, one with a private IP and then one with a public IP. All my internal traffic will go over the private interfaces...this is working. However, I'm having a problem trying to get it so the public interfaces work. Ultimately, these will be VM Hosts and have VM guests on them, each guest will have it's own public IP.
View 14 Replies
View Related
Nov 6, 2012
I am trying to configure a SSL VPN on a Cisco ASA5520. Unfortunately the port 443 of the OUTSIDE interface of ASA is already in use by Microsoft Outlook Web Access and I cannot change the configuration of Outlook. This configuration already in place prevents me to use the public IP of the ASA as Cisco VPN ip address for the webpage. I don't either want to use a different port so to keep life easy for the users.I have some public IPs available that I can use so I wanted to use one of them instead of the ASA's OUTSIDE interface.
View 7 Replies
View Related
Apr 7, 2013
My ASA 5510 is configured with a single PUBLICIP1 on the outside interface. All internal hosts 192.168.0.x are behind the ASA firewall and NATed to PUBLICIP1 including a few site-to-site VPN tunnels. This is also true for DMZ. Now, I would like to add a second PUBLICIP2 to the ASA and map it to one internal host ONLY - For eg: 192.168.0.25. How can I do this without effecting the existing setup? Since my entire internal subnet 192.168.0.0/24 is NATed to an existing PUBLICIP1 how can I exclude just one host (192.168.0.25) and bond it to the PUBLICIP2 for all ports.
This is what my current OUTSIDE interface looks like.
interface Ethernet0/0
duplex full
nameif OUTSIDE
security-level 0
ip address PUBLICIP1 255.255.255.224
!
View 7 Replies
View Related
