Cisco Firewall :: 1811 NAT Port Range From Loop Back

Feb 19, 2013

I need to NAT a port range spanning from TCP and UDP 50,000 to 59,999 from inside global address 58.96.x.x on loopback2 to an inside local address of 192.168.5.5.Currently all the existing NAT translations are 1-to-1 that map inside global addresses on a wide span of Loopbacks and a Dialer Interface to inside local addresses on few subnets which are fine.I'm using an 1811 with an ADVIPSERVICESK9-M image, version 12.4(6)TS

View 1 Replies


ADVERTISEMENT

Cisco LAN :: 6513 How To Create Loop Back Cable For Gig Copper Port

Jul 4, 2012

How to create loopback cable for gig copper port (cisco 6513).I

View 3 Replies View Related

Cisco WAN :: Port Range Forwarding On 1811?

Mar 23, 2006

I’m having serious issues getting Tandberg H.323 working behind this router with NAT.
 
My setup is Cisco 1811 configured with Fas0 to pull DHCP (public address). This router is being used in a mobile medical clinic VAN so the setup needs to be seamless and transparent to the users. The idea with the DHCP is anywhere they go they could pull a DHCP address and then NAT behind that address. The van visits mostly small schools in the Texas Rio Grande Valley providing medical assistance and consulting to the local community. The router has an 8 port built in switch and all ports are sitting in default VLAN 1.
 
Basic stripped down config, only relevant commands listed…
 
ip dhcp excluded-address 10.0.0.1 10.0.0.4
 
ip dhcp pool VANnet
network 10.0.0.0 255.255.255.240
default-router 10.0.0.1
dns-server 10.0.0.1(code)

Now initially I can’t even get the call to connect with just using the ports above, which I should. Also knowing there are several issues with H.323 and NAT I went ahead and added all know ports Tandberg says they use…
 
80 HTTPd *TCP
443 HTTPs TCP
1719 H323/RAS UDP
1720 H323/Q931 *TCP
2326-2373 (2837)** H323/RTP UDP
5555-55xx (5587)** H323/H.245/Q.931 TCP
 
Basically I created static NAT entries for all the ports and the ranges above. For the ranges I had to add a line for every port.
 
This didn’t and hasn’t worked yet even with some additional tweaking… Finally the question… am I going about this all wrong? Is there an arrangement of commands that will even work? How can I accomplish the port forwarding setup on a Linksys/Netgear router on a real Cisco router?

View 9 Replies View Related

Cisco Switching/Routing :: C3550 - Configure Loop Back Interface On Gigabit Fiber Port

Sep 14, 2012

I am trying to configure a loop back interface like so: [URL], on the following device:

C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(50)SE, RELEASE SOFTWARE (fc1on port gig0/1 which is using a 1000Base-SX adapter. This is for troubleshooting purposes and it does not appear to be a feasible option.  Is there another way to accomplish in the IOS?

View 1 Replies View Related

Possible To Assign Loop Back Address To Typical Switch Port On 2950 Switch

Jan 16, 2011

is it possible to assign a loopback address to a typical switch port on a 2950 switch? I want to be able to have some devices connected to a switch to test access lists and VLANs.

View 3 Replies View Related

Cisco Firewall :: Open A Port On 1811?

Sep 8, 2011

This is problably a stupid question but how do I open a prot on a cisco 1811? I have a cisco 1811 and a computer that has VNC installed on it. I want to be able to access that computer from out side the network using the external ip address and port 5950. People outside the network will be able to open vnc viewer and type in *external ip address*:5950 and it will be directed to the computer with a static internal ip address of 10.11.101.10. What commands do I use to do this?

View 23 Replies View Related

Purpose Of Loop Back Testing

Aug 12, 2011

What is the purpose of loop back testing.

View 2 Replies View Related

Cisco :: Loop Back Tests For The Network

Apr 21, 2013

I don't do a lot of networking however during a cisco lesson the other day my lecturer briefly touched upon loop-back tests, would it be okay for somebody to very imply sum up exactly what loop-back tests do in a couple of lines and how they are carried out? (not in detail, so literally for example - a wire is put in from one end of the network to the other etc.) I don't really understand all the different wiring types etc.

View 4 Replies View Related

Cisco Routers :: Need NAT Loop Back For RV 120W

Sep 30, 2011

I recently replaced a client's router with a Cisco RV 120W.  The client employs a web-based application on an internal server that manages their business.  Workers in the field use a handheld device power by WIndows Mobile to access a mobile version of the the web-based app.  Data contained on the mobile app syncronizes with the server when workers choose a sync menu.  Some workers perform this sync in the field, others wait till they return to the office and use the wireless provided by the router. Prior to changing the router, the synching worked fine either inside or outside the company network.  The mobile app accesses the internal server via the router's public IP address.  The router forwards the http requests to the internal server.  But now the synching does not work internally.  I assume it's because the Cisco RV 120 W does not support NAT Loopback, or I simply haven't figured out how to enable it.  Does anyone know how to enable NAT Loopback on the RV 120 W so I can access the web-based app by through the router's external IP while on the private side of the LAN??

View 2 Replies View Related

Access Device On Loop Back Subnet

Jul 12, 2011

I am working with a device that does not have a physical reset button on it, and have mistakenly typed in 127.x.x.127 for it's IP. I was trying to use 172, but mistyped and didn't catch it until after I had rebooted the unit. Is there anyway that I might be able to gain access to the device. My PC is running Windows 7, but I am familiar with linux as well. I have attempted to change the loopback adapter IP to 128 on a ubuntu live disc and set my ethernet port to the subnet the device is on with no avail. (I am also using vlans on the device, but believe I have them set up correctly)the device is set to IP: 127.x.x.127 netmask 255.255.255.128. [code] I know that the last octet of 127 is the broadcast IP for the range, but have been able to address similar blunders before by forcing myself to a /24 subnet to correct that.

View 5 Replies View Related

Cisco VPN :: GRE Termination At 7600 Using Loop Back As Source

May 7, 2012

I am terminating GRE vrf-lite on my 7600 and using loopback as source for each client.I found one problem where 7600 seems to be not forwarding traffic until I delete create the tunnel interface.Worked fine for a week. Then stopped again. I had to delete,create again tunnel interface.

View 6 Replies View Related

Cisco VPN :: 1800 GETVPN Crypto Map On Loop Back

Jan 12, 2013

We have 6 WAN routers connected through  ISP MPLS cloud , we need to implement GET VPN between these WAN routers.We have 2 Key servers (1800 routers) , and the  WAN routers will act as Group Members (6  GMs)
 
The attached configuration files  are for working configuration for typical GETVPN (crypto map applied on WAN interface)
 
In Key server configuration , the crypto isakmp command is using   the WAN interface IP address of each WAN router (172.16.x.x) , and since that the KS routers are connected to local backbone (VSS) , they should be able to reach 172.16.X.X , and therefore the subnet 172.16.X.X is advertised to the local network   (check GM configuration file under eigrp - redist connected )
 
This is what our customer  want to avoid ! they do not want 172.16.X.X to be advertised to the local network .I know It is possible in GETVPN configuration to configure ,the crypto isakmp command to use loopback address's of the WAN routers instead of the WAN IP  , but in this case the crypto map must be applied to the loopback address , and this requires all traffic to be encrypted and decrypted to go through the loopback interfaces on all  WAN routers .
 
i was wondering what is the best solution for this case , I though  to use the below config on the GM's

View 14 Replies View Related

Cisco Switches :: How To Use SG-300 Combo Ports For Loop Back Testing

Sep 5, 2011

I've got an SG300-10P switch and am trying to use it to create a testing environment for a Fiber Test set. What I would like to do is get two hosts, A & B, plugged into ports 1 and 3 on the switch, to talk to each other, but forcing the traffic to be routed through the two Combo ports 9 & 10. Please see the attached diagram.I've attempted to configure two VLAN's, 10 and 20. Vlan 10 is used for traffic between Ports 1 and 9, Vlan 20 is used for traffic between Ports 3 and 10.I don't really care whether the traffic is tagged or untagged as it passes between ports 9 and 10.
 
I've tried various combinations of tagged/untagged ports, PVID's, etc. As a first test I've bypassed the Fiber Test set and simply created a direct connection between ports 9 and 10.  I am unable to get the traffic from Host A to Host B to get routed through ports 9 and 10 (I ping each host from the other and get no response).

View 7 Replies View Related

Cisco VPN :: 886 DMVPN Tunnel Sourced Via Loop Back Error

Nov 22, 2012

I am having a hard time trying to configure DMVPN with the tunnel being sourced via a loopback interface. All routers are Cisco 886 routers which don't have L3 ports.That is why I used SVI interfaces, and have configured the L2 ports (Fa0, Fa1, etc.) with the command switchport access vlan.The problem is that I am receiving Invalid SPI error's only on the Hub router and I have no clue what could be the problem, because they use exactly the same parameters for IPsec. [code]

View 1 Replies View Related

Cisco Firewall :: 1811 / Zone Based FW With Non-standard HTTP Port

Apr 4, 2011

We are testing a Zone Based FW config since 1month, everything run smooth but we're having problem ( big slow speed access ) when a user try to reach a website on a non-standard port ( 8080 in that case ). All the trafic stay in our LAN, using a IPSEC/EZVPN connection between the 2 sites.As soon as I have disabled the Zone Based FW, the speed was much better.
 
I'm sure I'm missing a parameter to fix that problem but I tried many different options and I didn't find anything yet. All the routers are Cisco 1811 running adv IP Services 15.1.2.T1 IOS.A port-map has been created to map the port 8080 to the HTTP protocol for the inspection.The PC will have an IP address in the 10.2.2.x/24 and will access a server on 10.2.3.x/24, both devices are part of the zone private in each site/LAN.All the access between sites are managed by an ASA; the IPSEC/EZVPN peer.Little summary, it's gonna be something like : SiteA with a PC on private zone then on public zone for the EZVPN to SiteB on public zone and then private zone to access the server in the LAN.

View 6 Replies View Related

Cisco VPN :: 1921 Loop Back Interface / Static IP Address For Client

Nov 17, 2012

I have a couple a questions answers on which i cant google for a period. BTW maybe i simly use wrong aproach to choose keywords.

1)  Is it possible to assign same ip address to the same client each time  it authenticated, preferably without using DHCP? Im definely sure that  it possible but cant find corresponded configuration examples (my device  is Cisco 1921 with IOS 15.0.1).
 
2)  Is it possible to assign dynamic crypto map to loopback interface (the  purpose to make EASY VPN Server accessible through two interfaces -  maybe you recommend other approach instead?) - as i move workingcrypto  map from phy int to loopback - i cant connect with reason "Phace1 SA  policy proposal not accepted"

View 3 Replies View Related

Cisco Switching/Routing :: 3750x Switches / 32 Loop Back Responding As A Broadcast?

Jun 7, 2012

I have a bunch of 3750x switches that each have a 10 gig routed link back to a central 4507 (loopback = 172.30.255.255).We carved up a /24 (of course, the /24 doesn't really exist except in our address tracking spreadsheet) into a bunch of /30's for routed WAN links and /32's for loopback addresses.We started on the low end for /30 subnets (ie 172.30.255.0/30, 172.30.255.4/30, etc.).We started at the high end for the /32 loopbacks (ie 172.30.255.255/32, 172.30.255.254/32, etc.)
 
Well, when I try pinging 172.30.255.255 from the access layer 3750x switches, the 3750x seems to be treating it as a broadcast ping where it lists each member that responds instead of the regular !!!!! response (this makes think something is odd with the 3750x).  Of course, only one member responds (the core).  But even the core seems to respond with the other end of the /30 instead of the actual /32 loopback (which makes me think something is odd in the core).  I could have sworn that I've setup similar topologies without problems (ie, using 10.0.0.0/32, 10.255.255.255/32, etc as loopbacks) and as long as the mask is a /32, it should work.Also, I can ping/ssh to that loopback if my laptop is on a directly connected subnet.  But I can't do it from any of the 3750x switches (which are also directly connected).I've double checked for overlapping subnets, but nope.  I don't see any.  Routing looks fine.  The actual /32 is being propagated everywhere properly.

View 3 Replies View Related

Cisco Switching/Routing :: WS-6748-SFP Diagnostic Test Loop Back Failed

Aug 18, 2012

The following error was seen on the switch and the Diagnostic Test Loop back failed following a new WS-6748-SFP module installation.Fabric in slot 5 detected excessive flow-control on channel 3 (Module 4, fabric connection 1)
 
Tried Hard reset of the module and still the error persist.

View 4 Replies View Related

D-Link DIR-655 :: Why Is Loop-back Only Working On Ports Forwarded In Virtual Server Section

Nov 4, 2011

Why is loop-back only working on ports forwarded in the Virtual Server section and not Port Forwarding or even DMZ? I have seen a post about loop-back on the DIR-655 from a while ago that had said to disable SPI and change NAT Endpoint to independent, I have done this and loop-back still doesn't work.

View 1 Replies View Related

Cisco Switching/Routing :: 2691 / 6500 - Unable To Ping IP Of IBGP Nei Loop Back

Apr 6, 2012

Here is my Lab Setup: 2691 is BGP nei to R4 router and they are not directly connected. 2691 and R4 are in same AS  6500. 2691 Config---router ospf 1 network 3.3.3.3 0.0.0.0 area 0 . Its advertising its loop back IP to OSPF domain. 
 
router bgp 6500
no synchronization
bgp log-neighbor-changes
neighbor 6.6.6.6 remote-as 6500
neighbor 6.6.6.6 update-source Loopback3
[code]...
 
R4 Router  
router ospf 11
log-adjacency-changes
network 6.6.6.6 0.0.0.0 area 0
[ code]..... 
 
We can see that 2691 and R4 are BGP neis and 2691 has 200.1.x.x routes in its route table. My question is why from 2691 router i am unable to ping any route learned by BGP from R4?
 
2691Router# ping 50.1.1.0 Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 50.1.1.0, timeout is 2 seconds:.....Success rate is 0 percent (0/5)2691Router#ping 200.1.2.0 [ code]...

View 12 Replies View Related

Cisco Firewall :: ASA 8.4 Forwarding Port Range?

Oct 30, 2012

I need to open port range 554 - 558 to a DVR on the internal network. Also, I need to NAT one of my public IP's to the DVR. How is this accomplished in 8.4? I was able to do it in an older version ASA software.

View 3 Replies View Related

Cisco Firewall :: Port Forwarding A Range Of Ports (PIX 6.3)

Dec 5, 2012

I have a network with multiple servers behind a PIX with 6.3 on it. I have one public IP address, and I'm using NAT. I'm currently trying to port my Exchange server to a cloud host, and the vendor is requiring I open up a wide range of ports for MAPI, basically ports 1024 on. What would be the command to forward all of the trafic cominto/from that broad range? if I could simply route all trafic to and from their two IP addresses to my email server, that would accomplish the same end goal.

View 3 Replies View Related

Cisco Firewall :: How To Configure NAT Port Range On ASA 5510

May 22, 2012

i have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999

View 15 Replies View Related

Cisco Firewall :: Opening Port Range ASA5505

Mar 26, 2013

I just bought a Cisco ASA5505. I'm trying to opening a port range through CLI, but it doesn't seem to be working.
 
Background:I have an FTP Server running behind the firewall and need to allow port ranges 30000-30100 for data connections.  I have been using FTP through the command prompt and its working. However, I cannot use it through the FileZilla client as it fails to query the directories.  I have the ASA forwarding to port 1125 from 21 in passive mode.
  
Access-List:
access-list Outside_Access_In line 3 extended permit tcp any any eq ftp-data (hitcnt=0) 0xfa8ed43d
access-list Outside_Access_In line 4 extended permit tcp any any eq ftp (hitcnt=17)

[Code].....

View 14 Replies View Related

Cisco Firewall :: 5505 - NAT Port Range For Sip Server

Feb 7, 2013

: Saved
: Written by enable_15 at 03:51:29.049 UTC Mon Feb 4 2013
ASA Version 8.4(4)1
host name cisco asa
enable password xxxxx encrypted
password xxxxx encrypted
names
interface Ethernet0/0
switch port access v lan 100
interface Ethernet0/1
interface Ethernet0/2
[code]...

View 2 Replies View Related

Cisco Firewall :: Port Range Forwarding On Post 8.3 ASA5505

Jun 1, 2011

I have an ASA 5505 on a job. It is a smaller business that would have done better with an RV082, but they have what they have. It is running firmware 8.4. The client needed ports forwarded for their FTP server. The port range in this config is tcp 43333-43339. The FTP server ip is 192.168.1.2. [Code] ......

View 8 Replies View Related

Cisco Firewall :: 3845 - Open Port Range On Secondary IPs On Router Interface

Feb 12, 2013

I have 4 public IPs on Router 3845 interface FastEthernet 0/0/1. IP as below.
 
50.200.2.2
50.200.2.3 secondary
50.200.2.4 secondary
50.200.2.5 secondary
 
I wan to allow ports 80 to 90 on 50.200.2.3 for my webserver (192.168.10.50)

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Time Range / Allow Single Port During Business Hours Only

Apr 1, 2012

I'm new to an ASA 5510 running 8.4(3) and am trying to figure out something regarding time ranges in ASDM. I simply want to allow a single port during business hours only (I'm not concerned about open sessions needing to be closed). So as an example I add a rule something like:
 
(RULE1 on the internal interface) SRC=INTERNAL DEST=ANY SERVICE=RDP ACTION=PERMIT with a time range set for weekdays 8:00-16:59. I did a test after 5pm on a weekday and was still allowed to do RDP to a server (from INTERNAL), and after using the packet trace tool saw it was still passing through due to a rule a couple lines down (rule 4) that allowed a port range that happened to include port 3389. So my question is if I specify an "allowed" time range and someone attempts access outside that time range, why doesn't it drop it right there? I guess I'm assuming that anything outside the "allowed" time range would be dropped but that doesn't seem to be the case. I'm also assuming the rule base is processed top to bottom.

View 2 Replies View Related

1811 Dual Wan Port Forward Configuration?

Nov 13, 2011

I'm trying to configure cisco 1811 with dual isp internet connections. Everything is working fine till i get to setting up port forwards.The port forwards for 2nd ISP do not work while connection to 1st isp is active. If if shutdown the connection to isp1 the port forwards work fine.

here's relevant section of the config

Code:
track 123 ip sla 1 reachability
delay down 15 up 10
!
track 456 ip sla 2 reachability
delay down 15 up 10

[code]....

I can access the 192.168.2.131 web server using the ISP1 ip but not ISP2 ip If i shutdown ISP1 interface the server becomes accessible through ISP2.Also while ISP1 is active I can't remote desktop to 192.168.1.210There are no acls, firewall zones or anything else.

View 3 Replies View Related

Cisco Switching/Routing :: Reading 4/port Card Of 1811

Aug 30, 2012

I have a Cisco 1811 with a 4/port Serial Async/Sync (HWIC 4 A/S) and another 2 port A/S serial wic. My router seems to have a problem reading the 4/port card. I did some research and it looks like there shouldn't be a compatibility issue.

View 7 Replies View Related

Cisco Firewall :: 1811 / Zone-Based Policy Firewall Configuration

May 16, 2011

I have two 1811's connected in a lab using a ipsec vpn tunnel (using a switch to simulate an internet connection between them).I am trying to configure one of the routers as a ZBPF just to allow a remote windows login (DC on the firewalled side, workstations on the other side).I'm trying to verify that the zbpf is working, but it doesn't seem to stop anything.  I had match icmp added to the class-map, but took it out to test if icmp would fail.  It didn't.  Basically, I don't think the firewall is working at all.  Any thoughts on how I can configure this so that the policies will work between zone-pairs?

Here's an quick drawing:

Here are the configurations:

 Local router:
 hostname sdc-1811-LocalLab
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy

[code]....

View 11 Replies View Related

Cisco Switching/Routing :: 2690 / 1811 - Port Flapping With Log DTP-5-Nontrunkporton

Oct 2, 2012

I have Cisco 1811 and Cisco 2960 interconnect with each other by TRUNK link. As time pass i recieving below log on cisco 1811 router.
 
DTP-5-NONTRUNKPORTON: Port Fa8 has become non-trunk
LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherne t8, changed state to down
LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to down
LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan200, changed state to down
LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan300, changed state to down
LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan400, changed state to down

View 4 Replies View Related

Cisco Switching/Routing :: 3925 With 48 Port Switch Module Infinite Loop

Jan 19, 2012

I have a 3925 Router with a 48 port switch module (part number SM-D-ES3G-48-P).  I have no problem accessing the 3925 Router, but when I go into the 48 port, I get an error that reads
 
Error Hardware not supported by firmware. Try loading a newer software instead. System Resetting...
 
I know that the wrong IOS is installed on the switch, but the problem is that this is an endless loop.  The switch resets then comes back to the same error.  How to get the switch out of this loop so that I can load the correct IOS. 

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved