I have a home network using a 2600 and PIX515E, and unfortunetly I don't know how to set up ACLs. I read a few Cisco documentation but unfortunetly I am unable to grasp the concept of how to define them. Would anyone be able to give me a crash course on setting up ACLs?
View 3 RepliesI will be building my own computer here in the next month and am looking to become quite informed about building my own wireless network.Trouble is, I'm a bit out of to with what I need and what is good. I'm also officially tired of renting a modem from Comcast (bastards keep bumping my monthly rate up). So what pieces of equipment do I need to build a simple quality wireless network for my home? I would like the network to support two laptops, one desktop, and an Xbox plugged into a LAN line. Also, I'm thinking of using a Rosewill Wirelss Adapter 3 antenna [URL].
View 4 Replies View RelatedI've got a 2600 that I am wanting to connect to my cable modem. However I don't have the knowledge to get it running. My ISP uses a dynamic IP and I am unable to get it to connect.
ROUTER#show run
Building configuration...
Current configuration : 685 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
[code].....
i have a simple router on a stick config which is providing dhcp to a customer SSID. however i don't want employees to stay on it and eat the band width since its open. the lease is set to an hour, is there anyway that i could set it so that once your lease expired it can't be renewed for 4 about 8 hours? I am using a cisco 2600 router in this setup.
View 1 Replies View Relatedi'm trying to set up a simple VPN (client to Gateway), but i can't ! An SSL VPN or an IPSEC VPN, whatever..
The firmware of the RV042 is up to date, and i'm trying QuickVPN as a client vpn (also updated...)
My configuration details :
I'm in : 192.168.2.14 /24
My RV042 : 192.168.2.250 /24
And the VPN intend to connect me to : 192.168.4.x
[Code].....
I am trying to create a VPN on my Mac that I can access from my iPad in a remote location (work.) I have been using "iVPN" on the Mac to "distribute" the home Mac's Internet connection to the iPad. I have everything set up right and the VPN works fine and the iPad connects fine, just not when I am work, where I want it to work. The iPad tells me that it cannot connect to the VPN. I believe my work blocks VPN ports (1701, 1723 etc) I can do a google search from the iPad on the work WiFi so the connection is ok, but I believe those ports are blocked. If I connect the iPad to a restaurant's wifi for example, the VPN connects fine. What client can I use to create my own VPN at home where I can use a standard port like port 80 or something that is not blocked at work so that I can connect to the VPN from work?
View 10 Replies View RelatedI have the above router on 10.10.10.1 which I'm quite familiar with but I need reaching a VM residing on one of my internal MAC's. My cisco route table is as follows:
Gateway of last resort is 93.97.20.1 to network 0.0.0.0
93.0.0.0/21 is subnetted, 1 subnets
C 93.97.16.0 is directly connected, ATM0.1
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, BVI1
S* 0.0.0.0/0 [1/0] via 93.97.20.1
The internal physical machine that contains the VM is 10.10.10.9 whose routing table is:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.10.10.1 UGSc 6 8 en0
10.10.10/24 link#4 UCS 5 0 en0
10.10.10.1 0:1b:2b:cc:7:8a UHLWI 7 1248 en0 284
10.10.10.9 127.0.0.1 UHS 0 86171 lo0
10.10.10.11 0:23:54:2a:6:d3 UHLWI 0 234 en0 150
10.10.10.30 0:9:34:28:60:2e UHLWI 0 25 en0 857
10.10.10.111 0:1d:ec:2:2d:2d UHLWI 1 1599 en0 721
10.10.10.255 link#4 UHLWbI 2 18609 en0
10.37.129/24 link#8 UC 2 0 vnic1
10.37.129.2 0:1c:42:0:0:9 UHLWI 1 2 lo0
10.37.129.255 link#8 UHLWbI 2 14046 vnic1
10.211.55/24 link#7 UC 2 0 vnic0
10.211.55.2 0:1c:42:0:0:8 UHLWI 0 2 lo0
10.211.55.255 link#7 UHLWbI 2 14046 vnic0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 5 214223 lo0
169.254 link#4 UCS 0 0 en0
The VM has a static IP of 10.211.55.5 and can obviously ping out to the rest of my lan but as of yet my router and other machines on the 10.10.10/24 subnet cannot reach the VM. I sort of presume this is a simple task of adding some kind of static route on my router and then all other machine will know how to get to the VM. So what do I need to do as I have about 40 or so customers already connected of whom I do not wish to suddenly halt their access due to my inexperienced attempts to create this route or new link(s)
My laptop have 2 NIC attach it, the cable NIC and Wireless NIC, the cable one connect to my lab network environment and the Wireless connect to office network environment (connect to internet) which both have differen segments [code] when my Wireless was turn off my pc can ping to all segment on my lab network environment, but if the wireless was turn on, i cant ping to others segment but only my laptop segment and i still could surfing to the internet without any problem.then i tried to add a new route from my laptop using "route add x.x.x.x mask x.x.x.x (gateway)" in command line and after that i can ping back to all segment in my lab network environment eventhough my wireless was onwhy i have to create a manual route into my laptop so that i can have connection between my laptop and my lab environment in the condition my wireless turn on ??
View 8 Replies View RelatedI have a 24-hour running computer that I want to make a small and simple server for personal useim: to put some photos on the server for my target audience from China. I have a 24 hour running computer located in my small flat in China. The purpose to make this is to provide a fast speed loading for average users in China? The links for the photo should be in format
View 4 Replies View RelatedI have a customer an exisiting 5505 which connects to multiple sites for a site-to-site VPN. This firewall was not installed by myself originally I have just been asked to take a look now.The situation is that we now need to edit one of the existing site-to-site VPNs to include the remote sites expanded network. I have tried doing this through the ASDM and have found that I cannot add new network objects. I have tried creating a new network object group and then added the new networks from there but I am completely unable to add the new objects.I believe a picture tells a thousand words in this case so I have attached some images which show the problem. I have also tried going through the VPN wizard, this also does not allow me to add new network objects.
View 2 Replies View RelatedI have recently upgraded my ASA 5510 to 8.3 code and honestly I am confused on the best and most efficient way to do many nat translations through it. I have a group of about 100 IP's that need http/https/and sqlnet allowed through for our web farm.
I have a text file with the real and translated IP addresses and in 8.2 I could simply modify it and dump the thing in and make the NAT rules and access-lists. Now with the new object based model I am having a hard time wrapping my brain around how to do this using as few lines of code as possible.
Do I have to create an network object for each and every IP i want to nat through?
I'm migrating our network objects from our current firewall to a new ASA 5520 configuration. I'm using ASDM 6.4 for configuration.
We have a range of IP addresses for hosts that we need to add to a firewall rule/ACL. In the previous FW software I could create an object that was a range of IP address. For example there is an object called emailservers that is defined as 192.168.2.25-192.168.2.50.
Is there a way to do a similar thing on the ASA 5520?
I can see how to create subnets, but in this case I only have a range of IP addresses, no subnet mask.
The old syntax that I am much more familiar with has been deprecated. On older IOS it would have been something like static (inside,outside) tcp 209.114.146.122 14033 192.168.30.69 1433 netmask 255.255.255.255 Plus an extended ACL to allow the traffic.I am trying to create a Static PAT to allow a host address to access our Network through an ASA. I have external address 209.114.146.122 that I want to hit the external interface on an obscure port (say 14033) and translate that traffic to an internal host address on port 1433.
View 11 Replies View RelatedI've tried setting up some simple port forwarding on my ASA, where I want to forward one port on the external interface for both UDP and TCP to the same port on an internal server.
It works fine for UDP, but all TCP packets are dropped on the outside interface, even though the configuration for UDP and TCP is basically the same! This is my config:
object network MY_SERVER
host 10.10.1.4
object service TCP_MY_SERVICE
[Code].....
Port count goes up on line 2 (UDP) but never for line 1. I just see the packet denied instead. Same thing happens in the packet tracer, a packet destined for my external interface on that port for UDP is allowed and NAT'd just fine. TCP it gets dropped by the ACL on the outside interface.
I have a cisco ASA 5540 and i cant make a simple PAT (many private IP to one public IP). Below you can find my conf.
[code]...
I have created a simple static ip address by using this command:
interface Vlan1
nameif inside
security-level 100
[Code].....
But, no matter what, the I can't ping the static address or access the computer 10.2.1.2 from outside of the asa 5505. I have attempted to ping from inside of the asa 5505 or from another computer. I just does not work.
I also have created several rules that allows icmp traffic.
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply inside
icmp permit 10.2.1.0 255.255.255.0 inside
icmp permit any echo-reply outside
icmp permit any outside
I've attached a document showing how this network is designed. A client on a guest vlan behind the ASA, nat'd to one address on the public subnet, needs to be able to get out to the internet, and still come back in for specific services, such as OWA, via the IP which the mail server is nat'd to. The drawing is pretty explanatory. Do I simply need to create a NAT statement and ACL to allow that client out and back in, or do I need to set up hairpinning? I'm working with a Cisco ASA 5505 Version 8.4(4)3.
Note: The drawing has public IP's substituted with 1.1.1.x with final octet being accurate.
Here is my environment: DSL Modem - ASA 5505 - switch ,Inside network (192.168.2.0/24)
What I have successfully done:
- Modem online and passing on DHCP requests from the ASA to my ISP (ASA does get an internet address on the outside interface)
- ASA assigning DHCP to internal network
- All internal clients can access the internet.
What I am getting stuck on is getting NAT rules set up for simple port forwarding. What I would like: ANY internet address be able to access a server on the inside network address (192.168.2.x) over tcp/22 . I set up what I believe to be the correct NAT rule and Access Rule, but the packet tracer fails. Here is my config.
ASA Version 9.1(1)
hostname xxxxxx
domain-name ugh
enable password xxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[code]......
I would like to know if there is a way to monitor which programs/processes are using my network, say if there's something in the background updating that I can close to reduce lag in games, my computer is free of viruses and most the auto updates are turned off because I update them manually, so I just would like a simple straightforward answer,what program or process is using my network?
View 4 Replies View RelatedI would like to setup a simple VPN on a small network, nothing special, just to provide access to some simple resources on the network from anywhere. Since I'm not a Cisco expert, I was advised to user a 861 router, but I just can't seem to get the VPN working on this device.
I've placed the router behind a modem and did some basic configuration. Hosts who are connected to the modem (on the Vlan side) can access the internet and can setup a VPN connection to the router. A VPN connection from inside the network is worthless, but I just can't get the VPN working on the FastEthernet4 connection.
Any VPN config for a 861 router for this situation? Or how to configure this device as a VPN server?
I know the general difference between a router and a switch, but after considerable reading I'm unable to determine if I could just use a switch for my pretty simple specific application.
Here are the two devices I need to setup on my network (connections would be wired, both devices in close proximity): (1) computer running windows2k with 100mbps ethernet card (has software firewall installed) (1) blue ray player for streaming netflix videos
Because I don't have any computers on the network communicating with each other, based on what I've read it seems possible to just connect a switch to my cable modem instead of using a router.
How can i create a local projector at home
View 1 Replies View RelatedWe'll be building a small remote site that will use two Windows 2008 servers. We would like redundancy in firewalls, IPS's and switches. Is it better to buy stand-alone ASA 5510s (with embedded IPS's) and 2960s, or is it a better option to buy a Cat 6000 with FW modules. We'll have several internet IP addresses available.
View 2 Replies View RelatedI am upgrading my home network, I am running cat 5 cables all around my house. currently I have a comcast cable modem and a netgear router. I will have about 20 cables coming in to my office (all the network equipment is already there) I know I will need a switch but I am not sure what kind. I will be upgrading my wireless router to a much better one, should I have the router get its internet connection from the switch or have the switch get the connection from the router. Will I need a firewall? I also have a web and ftp server running behind the router? how should I connect my server?
View 4 Replies View RelatedI've been trying to configure a cisco ASA 5505 for my home network but I'm not having much joy with it. I've looked at countless guides, tutorials and followed the ASA setup wizard in ASDM. The Cisco 1841 is running sub-interfaces for my VLAN's.
View 4 Replies View RelatedI would like to setup a small home network with an ASA firewall and an 871 router for testing purpose so I can get familar with the ASA commands and concepts. Is there sample config I can be pointed to?
View 2 Replies View RelatedI have been asked to install a ASA5505 on a home network. The home network has a home broadband connection which the ISP provider supplies with an IP address. This is only for 6 weeks until the new line comes in. I know this is going to cause problems but we have no choice but to impletment this.
My questions are below.
1, We have a home hub supplied by the ISP which is configured by an IP address which is NOT static. Can we not use the ASA 5505 instead. I know that if our ISP change the IP address we have to change the IP address on the 5505.
2, Will we be able to use the home network broadband to create a secure connection?
I am redoing my homes networking and I am looking for a firewall. I heard that you can install clear os on a server and use it as a firewall and a dhcp server. So i was going to install it on a rack in my server cabinet. does the server need to have a wan port and a lan port? Or how does the server get connected? So, so far its the cable modem into the clear os firewall and then into my switch. Is is possible to use the clear os server as the dhcp server for the whole house? From the switch I am going to connect the rest of my servers, and the rest of the house. I was going to connect two wireless routers for my house. Would that work with the clear os server?
View 2 Replies View RelatedI have a Time Warner Cable business class service with no static IP, with a wireless modem which is plugged to a CAT5 distribution panel. On the jacks (2 other rooms on the house) I have a Linksys E3000 and a Linksys Valet router for signal boost and gadgets usage (TV, cameras, etc).The main router (TWC) has it's own external IP which TWC assigns to me and internally distributes via DHCP the range 192.168.0.x. With that said:
- The E3000 has a 192.168.0.6 IP -- this is fixed setup on the TWC router (ubee brand) by MAC address
- The Valet has a 192.168.0.7 IP -- this is fixed setup on the TWC router (ubee brand) by MAC address
- The main router has the 192.168.0.1 as the gateway and web-interface
Whenever I connect something to the E3000, it is distributing the 192.168.1.x range and the valet 192.168.2.x range.That works perfectly for my home based business until I decided to use more stuff on the network such as a IP printer, IP cameras, etc.
- The IP cameras are connected to the E3000 due to signal strength and I have manually assigned them the 192.168.1.15 and 192.168.1.16 IPs and ports 9001 and 9002.
- The printer is connected to the E3000 and I have manually assigned the IP 192.168.1.30.
Issue 1: Port forwarding On the main router (TWC - UBEE) I have tried to setup a port forwarding by informing the Local IP as 192.168.0.6 (E3000 IP), Internal Port 0, Public Interface IP (0.0.0.0), Ext Start Port 9001, Ext End Port 9001, Protocol - Both, Enabled Yes. On the E3000 I did the same config (screen shot attached e3000.png).This is not working properly. I can't get into the camera.
Issue 2: Printer/ The printer is only accessible if I connect to the E3000 (because it is on the 192.168.1.x network)
Issue 3: How to configure all the devices on the same subnet? If I want everyone to be on the 192.168.0.x network, how to configure properly the E3000 and the Valet? I have tried to force them into the same network but it would not work properly. It would not get an IP from the UBEE router (main).
Is blocking echo request to prevent ping sweep the same as having a firewall in stealth mode? And how could someone ping sweep from outside if you had a firewall at all?
View 3 Replies View RelatedHere's the layout: Cable modem in the basement. Several devices in which I'd prefer a wired connection in the basement. Upstairs on the 1st and 2nd floor of the house are many devices in which wifi is fine or preferred.Here's the problem: As you might guess, wifi is weak upstairs and certainly on the patio and 2nd floor. I have an access point upstairs that I've experimented with but it is flaky.
View 1 Replies View RelatedHow to install a wireless network in home environment?
View 6 Replies View RelatedI am a new student in networking, taking the CCNA courses, and now want to rewire my home. I currently have a cable modem and E2500 setup running my network. I want to get the modem and router out of my computer room and in the basement where the cable enters the house. I want to do this to clean up the computer room wiring a bit and to run line drops to different rooms in the house where the internet will be utilized.Currently there are two PC's, a laptop, a tablet, sometimes a phone, and an XBOX using the internet. I want to get my printer back up and running on the network but thats another story. Only one PC is currently hardwired. I would like to run two cables into the room with the PC and XBOX that are currently using wireless, at least two into the computer room for the PC and network printer, and one or two into the living room for the blue ray player and possibly an internet tv.
View 1 Replies View Related