Cisco :: Config 2600 And Permit Samsung DVR Publishing?
Feb 12, 2013I need config mi own Cisco Router 2600 and permit to External Internet my Samsung DVR SDE-4001
View 3 Replies
ADVERTISEMENT
Cisco WAN :: 2600 Remove Serial T1 Card From Router Config
Jul 23, 2012I have recently made a WAN change from T1 to fiber and my Cisco 2600 series router no longer needs to connect over the Serial T1 card. The Serial connection also provided a few voice channels for the old phone system that are no longer needed. I need to keep Main Cisco 2600 router in place because I have many network devices that use it as the gateway instead of my firewall. I will not require the second subnet for Offsite Cisco 2600 anymore either. commands that will be required to remove all instances of the Serial connection and Offsite Cisco 2600. I have included the config of the Main Cisco 2600 below. [code]
View 1 Replies View RelatedCisco Switching/Routing :: 2600 Switch Ports Don't Even Show Up On Router Config
Jan 10, 2012My network generally runs older routers (2600 series) with 16 port switch modules (NM-ESW-16). This has always worked great since I can configure the router and the switch ports on the fly, making changes to either as necessary. Well I am upgrading to 2811 routers, and we wanted to get gigabit ethernet ports on our switch modules. I think I made an error when I purchased a few of these switch modules: NME-16ES-1G.
The first problem, is that the switch ports don't even show up on the router config, I have to establish a session into the switch, (And I can't seem to get back to the router unless I manually switch off power and restart). I don't like this type of switch module, it's like I'm running a completely separate device, and while having a layer 3 switch is cool, It doesn't let me setup routing protocols so I don't like doing it this way. I want to go back to using a switch module that simply adds a ton of ports to my router like the NM-ESW-16. (Note: The NM-ESW-16 does actually work in the 2811 and would be perfect if it were Gigabit speed.)
The seconds problem is that the NME-16ES-1G isn't actually a Gigabit switch. It has a single gigabit port, but the 16 ports are all Fastethernet, and not gigabitethernet. So ideally, I am looking for a switch module that I can fully configure from the router interface that has 16 gigabitethernet ports, and works with a 2811. IE I want to do this. [code]
Cisco Switching/Routing :: 2600 Simple Router On A Stick Config Which Is Providing Dhcp To Customer SSID
Mar 17, 2013i have a simple router on a stick config which is providing dhcp to a customer SSID. however i don't want employees to stay on it and eat the band width since its open. the lease is set to an hour, is there anyway that i could set it so that once your lease expired it can't be renewed for 4 about 8 hours? I am using a cisco 2600 router in this setup.
View 1 Replies View RelatedCisco Firewall :: ASA 5520 / 8.6 Allow Publishing To Only One Range Of Public IP
Apr 19, 2013Any confirmation that the versions 8.6 and up don't allow publishing to more then one public range if IP addresses?
We have ASA5520 version 8.4 in deployment and there I can NAT to 3 different ranges of public IP-s.
With same configuration on ASA5525-X version 8.6 it will NAT only the range that the outside interface belongs to. Also tried the 9.0 version with the same result.
Cisco Infrastructure :: 2921 / Webmail Publishing On Non-standard Port?
Apr 3, 2012We are going to "publish"(I don't know if this is correct word to use;)) our mail server on Cisco 2921. As far as I know it can be easily achieved with static NAT. But the thing is, we don't want to publish it on standard 443 port i.e. we want router to listen for https connections on other port than 443, and then redirect this connection to internal server with private ip.
View 1 Replies View RelatedPublishing A Local Website Using NO-IP (free Service) In CentOS?
Nov 15, 2011I've just registered with NO-IP (free account), created a host, installed the client (in CentOS) and I want to see a website I'm running locally in that computer from another computer (via internet :). How do I access it?My host is "customtrack.no-ip.org "And in that unix box I've got a published website that I can access from any browser in the following URL: [URL]When I log in to from the browser from another computer I get the following error message:
Quote:The connection was reset- The connection to the server was reset while the page was loading.The site could be temporarily unavailable or too busy. Try again in a few moments.If you are unable to load any pages, check your computer's network connection.If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
How do I tell CentOS that I want to redirect that site I'm hosting locally [URL] to [URL]? I believe that's not done automatically. How do I configure the redirection?
Home Network :: Internet Failing Due To Publishing Website With IWeb?
Jan 21, 2013We have a network of over 20 devices, all kinds (windows, android, mac enz...). Everything was going well until one of the mac-users tried to publish his website that contained a movie (at first the movie was 622 MB). If this user presses publish the internet is going away. The website won't publish, waiting doesn't work. While the internet isn't working I went to another pc in the network and started some ping experiments. I can ping any device in the LAN, outside the LAN something strange happens: let's say for 6 seconds it is ok, but then it fails for lets say 20sec, again 6 sec the ping returns ok (45ms), and goes down for a longer period. Eventually it is not coming back.The mac user himself cannot access the internet either. When the publishing is stopped, the internet is back in less than a second.
This problem is recent, and it isn't the first time this user published a video on his own website, on the same host with the same application (iWeb). I asked him to publish his site to a local folder and hand it over to me, I tried to publish it to the same host using my own FTP application (FileZilla), this worked without any problem (I am on the same network). This is what we tried:
- Compressing the video (it is now 26 MB, still not working), we have 2GB space from the host, no limits on filesize.
- Publishing the website without the video's, no problem
- I turned on logging (debugging level) in the modem/router, no entries at the moment things went wrong...
- I called the provider, they claim nothing is wrong at their systems.
So, can the modem be broken? I don't think so because I can use it with far more intensive tasks without going down.One thing is clear, it shouldn't be possible for one computer to block the internet for everybody, so changes in the configuration are needed (I think).
Cisco Switching/Routing :: ASA 5505 Upload Config File Into Start-up Config
Apr 17, 2012If i connected the latop to brand new out of the box ASA 5505 through consloe cable and i have a config file on this laptop from other ASA5505, is there anyway i can upload that config file into startup-config of this new ASA5505 through console cable, without using TFTP or FTP?
View 5 Replies View RelatedCisco WAN :: 2811 - Startup Config Is Not Copying To Running Config
Nov 15, 2009I have a Cisco 2811 router and when I turn of the router the running config is lost. I have to the following to get the router running of the start-up config settings.
router#copy start-up running-config
Cisco Firewall :: How To Permit Traffic From Outside To DMZ On ASA 8.4
Jan 22, 2013I Have this Topology: R1 is as server and i want to public that server in INTERNET using public IP 7.7.7.7, but i can not do that. I tried to do a NAT but it just translate from DMZ to Outside, however i can not to ping to 7.7.7.7 from Outside (R2).
I have a route in R2
7.7.7.7 [1/0] via 200.200.200.1
On R2 i can´t ping to 7.7.7.7
On R2 i can´t ping to 172.16.0.2
On R1 i can ping to 200.200.200.2
On Inside i can ping to 172.16.0.2
when i try to ping from DMZ to Outside (200.200.200.2) the debug, and show nat details, show me:
ciscoasa(config)# nat: translation - dmz:172.16.0.2/26 to outside:7.7.7.7/26
nat: untranslation - outside:7.7.7.7/26 to dmz:172.16.0.2/26
nat: untranslation - outside:7.7.7.7/26 to dmz:172.16.0.2/26
nat: untranslation - outside:7.7.7.7/26 to dmz:172.16.0.2/26
ciscoasa(config)#
ciscoasa(config)# sh nat detail
[code]...
Cisco :: Permit Snmp Queries On Just One Interface?
Feb 27, 2013I'm familiar with snmp-server views and excluding certain mib's, but is it possible to permit an snmp host to poll just one interface and nothing else on the router?
View 2 Replies View RelatedCisco :: Access List To Permit IP's Instead Denies All Traffic?
Feb 16, 2011I'm new to this forum and Cisco in general but I feel it may be very resourceful to me as I am a new network administrator fresh out of school for a local credit unionHere's my situation:We need to limit access to one of our servers to only 3 workstations used by our IT department. The server is on a Cisco 3560G on port 17, which is the interface I'm trying to apply a standard, basic ACL to, which looks like this:
View 10 Replies View RelatedCisco Firewall :: Cannot View Permit Entries In The Log On ASA 5520
Apr 6, 2011I can not seem to view my "permit" entries in the log on my ASA 5520. I set up logging-lists, changed the level to 3 on the logging statement, and simply can't find it anywhere.
Partial config:
logging enabled
logging timestamp
logging JC-L3 level errors
logging monitor JC-L3
logging buffered JC-L3
logging trap notifications
[code]....
Cisco WAN :: How To Configure ASA 5505 To Permit MySQL Traffic
Aug 9, 2011I have an application behind an ASA 5505 that needs to access a mysql database over the Internet. How do IO configure the ASA to allow this remote mysql connection?
View 1 Replies View RelatedCisco WAN :: Permit Connection From Outside To Inside In 2911 Router?
Jan 24, 2012I need to permit the connection from outside to inside in a 2911 Cisco router, only from an Public IP Address (suppose 1.1.1.1) to some local private IPs.
I have one question:
Using the command:
ip nat inside source static tcp <local ip> <port> <global ip> <port>
The "global IP" can be the Public IP from where the connection starts (in this case 1.1.1.1)? or it must be the Public IP assigned the the Router interface connected to the Public Network.
Cisco :: Configure ASA5505 To Permit Access To Internal LAN?
May 12, 2013I have configured a Cisco ASA 5505 to allow VPN access from outside to my LAN using Cisco VPN Client software. The connection is establishing properly with the ip address from my VPNPool. From outside (on VPN connection) I can ping the interface e0/0 (outside) and the interface e0/1 (inside) of the firewall, but I cannot ping the layer 3 switch interface to which the ASA is connected ( int gi1/0/22 ip address 192.168.1.2/30 ) and I cannot ping any vlan interfaces inside my switch. Therefore, I cannot connect to any server on my internal LAN. I am available at any time if further information is needed. find attached my ASA config.
View 7 Replies View RelatedCisco WAN :: 800 Router - Permit Some IP To Connect Over Port 3389?
Apr 22, 2011Below is my show run of a Cisco 800 router (Two VLAN's, single WAN) that works fine. Problem is that in this senario port 3389 is open for everyone. Only two remote users are allowed to connect trough port 3389. Let's say WAN IP's : 22.33.44.55 and 66.77.88.99. How would a good access-rule look like to fix it?
no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryptionservice sequence-numbers!hostname cisco-867!boot-start-markerboot-end-marker!logging buffered 51200logging console criticalenable secret 5 ***!no aaa new-modelmemory-size iomem 10clock timezone GMT 1clock summer-time GMT date Mar 30 2002 1:00 Oct 26 2035 1:59!!no ip source-route!!ip dhcp excluded-address 192.168.10.200 192.168.10.254!ip dhcp pool Vlan2 network 192.168.10.0 255.255.255.0 domain-name dsl.local default-router 192.168.10.254 dns-server 213.144.235.1 213.144.235.2 lease 0 8!!ip cefno ip bootp serverno ip domain lookup!!!archive log config
[Code]....
Cisco Firewall :: ASA 5510 - Setting Up ACL To Permit Access Only To The Nat Subnet?
Apr 9, 2012setting up an ACL on my ASA 5510 to permit access only to the Nat subnet from inside to the outside interface. This firewall is setup for the DR solution in the production network. I am applying following acl in the inbound direction on the inside interface.
permit ip any "Nat_subnet"
After appliying this acl to inside interface I observed that I can ping to the destinations in NAT'ed subnet but unable to ssh to the servers. Following is the summary of my configuration.
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 192.168.135.241 255.255.255.248 standby 192.168.135.242
[code].....
Cisco AAA/Identity/Nac :: ACS5.2 Command Sets Permit All Commands
Mar 3, 2011I have everything working on a new 5.2 ACS but:I can only make a command set that permits things and denies all.I thought with the check box. Permit any command that is not in the table below" one could allow all and specifically deny commands.and that would allow the user to do all commands except for conf and set. But it doesn't seem to adminstratively block it, it allows them to still "conf" for instance.
Then it works as expected, it allows the commands that are permitted and denying all unspecified commands.I know I am in the right command set because the changes I make are reflected immediately.Can someone test the "Permit any command that is not in the table below' and tell me if it works? I can make it work with the unchecked box, sure, but it would be nice to get it to work.
Cisco Firewall :: ASA 5520 - Permit Traffic To Inside Via MAC - Address?
Apr 6, 2011I have a handheld device that will be used for inventory outside of our office. It has 3g capabilities. Is there anyway I can permit traffic from this device from the outside world coming into my network? I need to open a couple of ports so it can hit the server. But I have no intention to open these ports up to the entire world. I use an ASA 5520 with a managed router from our provider. I looked around on the Cisco site and the only information I found was for permitting and denying traffic from devices that are within the network.
View 2 Replies View RelatedCisco Firewall :: ASA5510 Permit Incoming Connection From Remote LAN
Sep 4, 2011Actually all service from site to site is permitted, without restriction.I want to insert an ASA to block some internet traffic on main site.I try to configure my ASA5510.No problem for outgoing connection or to permit a single service on main site.But impossible to give access to all service/connection from all remote site to main site. [code]
View 7 Replies View RelatedCisco Firewall :: ASA 5510 Ways To Allow Outside Adapter To Permit Smtp
Oct 25, 2012We have a 5510 (8.2) with the following 4 interfaces (security-levels) inside (95), outside(0), dmz(25), and test (95). The dmz network is 10.10.10.0/24 and the outside interface is 40.133.84.69.We have run into a situation where a dmz hosted iRedMail server running postfix (10.10.10.51) is relaying mail which in some cases points back to us at 40.133.84.69 and into our Exchange server. In these cases in the dmz server's mail logs we see postfix timeout trying to connect to smtp at 40.133.84.69. When I try to telnet from 10.10.10.51 to the outside interface on port 25 it times out.We've tried different ways to allow the outside adapter to permit smtp (or any service!) from 10.10.10.51 but we're left scratching out heads.
View 1 Replies View RelatedCisco Firewall :: ASA 5510 - See Logged Traffic On Permit Rules
Feb 9, 2012I have a rule which permits traffic to a web server and logging is enabled. But when I go to syslog I am only seeing traffic which has been denied. What needs to change to be able to see the logged traffic on permit rules?
View 1 Replies View RelatedCisco Switching/Routing :: EDS 316 / 208 - Network Don't Permit Traffic UDP In VLAN
Jul 17, 2012I have problems in my Cisco network until I connected some Moxa devices.This Moxa are models EDS-316 and EDS-208
My principal trouble is the traffic UDP. Suddently the network don't permit the traffic UDP in VLAN where are connected Moxa devices.
During an hour the Moxa can send TCP traffic, but can't send UDP. If a Moxa device is unplugged from network, all devices connected to him can work offile from principal network, but if I plugg again the Moxa is like disable.
After one hour (more or less) the system restart all functions and work fine.I catch the logs from TXerrorsInPorts and all the ports where is connected a Moxa have errors all time.
I don't know which is the problem, but I think that problem is in negotiation from Moxa to Cisco.This is the configuration from a port where is connected a Moxa: [code]
Cisco VPN :: ASA5540 - AnyConnect/SSL - Permit Local Network Access
Jul 20, 2011We have SSL VPN using the AnyConnect client going to an ASA5540.
Is there a way to permit users to access their own LAN, but still force them to use the VPN tunnel for Internet access?
If I'm reading the documentation correctly, it seems that when you activate split tunnelling, it allow LAN access, but will also allow the user to access the Internet over the LAN instead of over the VPN.
Cisco Firewall :: ASA 5585- TCP Syslog / Logging Permit-Host Down
Jul 5, 2012We have a firewall service environment where logging is handled with UDP at the moment. Recently we have noticed that some messages get lost on the way to the server (Since the server doesn't seem to be under huge stress from syslog traffic). We decided to try sending the syslog via TCP. You can imagine my surprise when I enabled the "logging host <interface name> <server ip> tcp/1470" on an ASA Security context and find out that all the connections through that firewall are now being blocked. Granted, I could have checked the command reference for this specific command but I never even thought of the possibility of a logging command being able to stop all traffic on a firewall.
The TCP syslog connection failing was caused by a mismatched TCP port on the server which got corrected quickly. Even though I could now view log messages from the firewall in question in real time, the only message logged was the blocking of new connections with the following syslog message: "%ASA-3-201008: Disallowing new connections."
Here start my questions:
- New connections are supposed to be blocked when the the TCP Syslog server are not reachable. How is it possible that I am seeing the TCP syslog sent to the server and the ASA Security Context is still blocking the traffic?
- I configured the "logging permit-host down" after I found the command and it supposedly should prevent the above problem/situation from happening. Yet after issuing this command on the Security Context in question, connections were still being blocked with the same syslog message. Why is this?
- Eventually I changed the logging back to UDP. This yet again caused no change to the situation. All the customer connections were still being blocked. Why is this?
- After all the above I removed all possible logging configurations from the Security Context. This had absolutely no effect on the situation either.
- As a last measure I changed to the system context of the ASA and totally removed the syslog interface from the Security Context. This also had absolutely no effect on the situation.
At the end I was forced to save the configuration on the ASAs Flash -memory, remove the Security Context, create the SC again, attach the interfaces again and load the configuration from the flash into the Security Context. This in the end corrected the problem. Seems to me this is some sort of bug since the syslog server was receiving the syslog messages from the SC but the ASA was still blocking all new connections. Even the command "logging permit-host down" command didn't wor or changing back to UDP.
It seems the Security Context in question just simply got stuck and continued blocking all connections even though in the end it didn't have ANY logging configurations on. Seems to me that this is quite a risky configuration if you are possibly facing cutting all traffic for hundreds of customers when the syslog connection is lost or the above situation happens and isn't corrected by any of the above measures we took (like the command "logging permit-host down" which is supposed to avoid this situation altogether).
Cisco Switches :: SG300 - Implement ACL To Permit Or Deny Access Between Vlans And Hosts
Mar 25, 2012I have a SG300 Switche working in layer 3 mode.I configured 3 VLANs on the switch, assigned all ports, given IP addresses to VLANs interfaces, etc.Now I want to implement ACL to permit or deny access between vlans and hosts.Can I apply an ACL to a whole VLAN (in or out) like Catalyst models?I mean apply the ACL to the entire vlan or the only way in this model is to implement that ACL port by port?Every time I have a new port configure to work in a Vlan I have to implement the ACL?
View 4 Replies View RelatedCisco Switching/Routing :: Block / Permit Intra Vlan Traffic On 3750
Feb 21, 2013I have One switch 3750 and many switch 2960 c.I use one ASA 5510 to reach emote branche site (vpn conexion).I use one router 1841 for internet conexion.Router 1841, ASA and catalyst 2960 are connected on the 3750.Default gateway of all user is ASA IP
I configured Vlan 3750 and it work.Now I need to implement security : permit/block specific traffic between vlan [code] From vlan 72 I cannot have remote access on computer in vlan 34 and I cannot ping computer in vlan 34.
Cisco Firewall :: 5510 - Outlook Port Only Permit (POP3 995 / SMTP 587) With TLS Encryption
Jun 3, 2012In Cisco ASA 5510 , outlook port only permit ( pop3 995/smtp :587) with TLS encryption. How we can do it thru ASDM .
View 1 Replies View RelatedCisco :: Can IOS 12.4 Be Used On Different 2600 XM Routers
Jun 30, 2011I'm looking at purchasing one Cisco 2600 XM Series router that has IOS 12.4 on it. I put the IOS name into Cisco's feature navigator and it states that it supports SSH and IPv6. Can I buy that router, take the IOS off that one, and put it on another 2600 XM Series so I don't have to spend $400 on two routers with 12.4 on them?
View 3 Replies View RelatedCisco WAN :: 2600 - ASL And Sub-interfaces
Sep 30, 2011I am trying to secure sub interfaces on a 2600 Router
interface FA0/1.1
No Access-group
Interface FA0/1.2
IP Access-group 110 out
Access-list 110 deny ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
Access-list 110 permit ip any any
This works but it blocks traffic both ways I only want to block one, I dont want FA0/1.2 to be able to access FA0/1.1 but I want all traffic to be allowed to go the other way
Cisco VPN :: VPN From 877 Router To Draytek 2600
Jul 13, 2011I have a cisco 877 router connected to our adsl broadband at our head office. I have managed to set this up with Nat and DHCP all working to let multiple users access the internet through our single static ip supplied by the ISP lets say the ip is 1.2.3.4.Our internal network is 192.168.1.0 255.255. 255. 0.I have a draytek vigor 2600 at a branch office set up the same with a static ip addresss supplied by the ISP lets say the ip is 5.6.7.8.The internal network is 192.168.4.0 255.255.255.0
I am trying to set up a VPN between the head office and branch office so the branch office users can connect to our internal server(lets say ip is 192.168.1.2) to receive group policies,access files and also telnet into our database server(lets say ip is 192.168.1.3).I have attached a sort of running config that i have pieced together from bits i have read on this site and others. I have tried these settings and other permutations of these settings but i cant seem to establish a tunnel even though when i show int tunnel0 on the router it says tunnel is up and line protocol is up, if i show ip route it shows that there is an ip address for the tunnel and that is about it(No vpn light on).
If it makes sense and that I have entered the right information? I have highlighted the parts i am not sure about in red(Quite a bit and obviously not the exact settings but what i think it should be). Once all the settings are correct on the cisco will it automatically establish the vpn or do i have to dial it from the draytek.