Cisco Firewall :: Route Tagging On ASA 8.4?

Mar 16, 2012

how to tag static routes on ASA. I have static routes that I want to redistribute into EIGRP on ASA. I can't find any tag option when defining a static route or under set command in route map... am I overlooking something?

View 1 Replies


ADVERTISEMENT

Cisco Switches :: VLAN Tagging Across From Firewall To Two SG-300

May 18, 2011

I need some assistance in setting up VLAN's (802.1Q) accross two switchs, I want the same 2 vlan's on both switchs, how do i configure them to be connected and pass both vlan's traffic.VLANs from firewall are tagged at 3 and 8.Single port out from the firewall.The first switch is simple enough, port is connect at port 52 and configured from both vlan's then the individual ports are either on one or the other.  The question is how do i connect the second switch so that it can also do both vlans.  Assume I connect switch1 at port 51 to switch 2 port 52.  Do I configure both ports to be on the same VLAN's. or do i setup LAG's.

View 3 Replies View Related

Cisco Firewall :: VLAN Tagging To ISP Through ASA 5510 To Remote Site

Oct 25, 2012

we have a base license ASA 5510, and been trying to get ICMP working to check that we're routing and not hitting any NAT translation. We have a VLAN280 setup to ISP for VPN link to remote site and another VLAN281 for internet access for internal users.
 
Users can browse internet from (name _inside interface e0/1 access port) which is fine. When I do a ping to remote office through the VPN I get a response pinging from VLAN280 name VPN_Link. When I do a ping from name inside interface I don't get a response both are security level 100 with same-security-traffic permit inter-interface configured.
 
Config:
 
!
interface Ethernet0/0
speed 100
no nameif

[Code]....

View 11 Replies View Related

Cisco Firewall :: 5510 Trace-route / Antispoofing On Not Default Route

Jun 24, 2011

I've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
 
I have ICMP inspection and icmp-error inspection enabled.

View 1 Replies View Related

Cisco Firewall :: Route To Internet Through Old PIX515 Firewall

Jun 10, 2012

We have a wifi network for guests, that we route to internet through an old PIX515 Firewall. We recently tuned the timers to lower values in order to "save" on resources and publix address usage.
 
The timers we use are:
 
-timeout xlate 0:30:00
-timeout conn 0:30:00 half-closed 0:05:00 udp 0:02:00 icmp 0:00:02
 
Through verifying the new timers, we noticed at some xlate connections (TCP PAT) that are idle for ever!!In the connection table, I cannot find an idle connection for longer than 1h....

View 1 Replies View Related

Home Network :: NIC Tagging

Aug 12, 2011

is there any possible way that NIC starts sending tagged frames. Actually the scenario is that we always have to troubleshoot DSLAMS and there uplinks are bind to some vlans, and we cant directly check their connectivity with PC, and always have to carry a switch with us.

View 4 Replies View Related

VLAN Tagging On A HP Procurve?

Jul 29, 2012

Unfortunately I do not remember the model and the switch is a couple of hours away without remote access.I have 4 vlans on a procurve switch.

VLAN1 - Network Devices (Server, printers, WAPs)
VLAN100 - Admin (Office workers)
VLAN200 - Teachers
VLAN300 - Students

There is a server doing DHCP. There are 4 ranges of IPs 1 for each VLAN.

The router is on Port 44. VLAN 1, 100, 200, 300 - Tagged

The Server is on Port 46. VLAN 1 - Untagged

The WAPs are on Ports 1, 11, 31 VLAN 1, 100, 200, 300 - Tagged

All other ports are on VLANs 100, 200 or 300 - Untagged

The WAPs all have VLANs 100, 200, 300. Each VLAN on a different SSID.

I have IP helper with the server IP on VLANs 100, 200, 300.

There are IPs from the different subnets on their respective VLANs in the switch.

The gateway for each subnet is on a different subinterface on the router.

The router is a linux box. (Untangle)

The WAPs are not able to talk to the server, therefore no computers on the wireless networks can get an IP.The server can only talk to the router if I change port 44 to untagged.What combination of tagged and untagged ports do I need to make everything talk?

Do I need to put the VLANs on the subinterfaces of the router?

View 1 Replies View Related

Cisco Switches :: VLAN Tagging ESW-540 And 3750g

Aug 19, 2011

I am currently tasked with setting up a network, pretty much from scratch, that requires some fairly hefty VLAN deployment. My hardware on hand (already existed so can't can't change anything easily) 5x ESW-540-48 Switches, 1x3750g switch, 1x2811 router.  I don't believe the router should be required as the 3750 is capable of intervlan routing. [code]
 
Now at one point I actually had the VLAN's *working* in that I could specify an IP address and could ping to and from it!  However DHCP wasn't passing despite numerous attempts with DHCP relay and IP-Helper configurations.Also I was having issues with VLAN 1 as the native VLAN, the ESW switches don't allow you to do much with them, as they 'weren't created by the user'.  So tried switching that out to VLAN11 also but with very little success there (I had to change the native vlan on all trunks to VLAN 11)All the 10.x.x.x addresses need to be able to communicate with each other.All the ESW switches need to be able to handle their respective VLAN's as well as VLAN 1 (for Printers and wireless access points distributed around the building).

View 16 Replies View Related

Cisco :: VLAN Tagging At Access Port In Switch?

Sep 28, 2012

I'm Confused from the fact that Vlan tagging is done at access port and trunk port always gets tagged packets (untill its case of native vlan).But I still believe in other fact which says tagging happen only when a frame hit the trunk port which means trunk port gets untagged frame and tagging is not possible at access port.

Would like to know where actually this tagging happens ?

and also which command we can use to encapsulate 802.1q protocol to access port ? The way we do at trunk port is #switchport trunk encapsulation dot1q Is the above command applicable for access mode also?

View 6 Replies View Related

Cisco Routers :: SF300 24p Vlan Tagging Being Stripped?

Feb 13, 2012

I have a sf300 with (2) vlans (1) ] vlan for data and vlan (100) is my voice vlan I have Vlan (100) tagged traffic, and my VoIP pbx as an access port only to vlan (100) all other ports are trunk ports with vlan (100) tagged and vlan (1) untagged traffic. I get no outbound audio on calls I can call out hear them fine they cant hear me. I am wondering if my tagged traffic leaving the phone is being striped and if so were. I have CDP turned off.

View 1 Replies View Related

Vlan Tagging In Nortel BES110 Switches?

Nov 23, 2011

We are having one HP core switch and VLAN is configured on it. Four Nortel BES1010(24port) switches will be connected to this HP switch. We need to configure the VLAN tagging in the Nortel switches in order to make deices connected to nortel switches can communicate with devices in the VLAN.

View 3 Replies View Related

Cisco Firewall :: Removing Route-map From Pix 525

Nov 1, 2012

I have pix firewall 525, configured with ospf process. We are also performing route filetering in ospf process using route-map. Now we want to remove this route-map from ospf process. Any step-by-step process for removing route map as per below list. How to remove route-map without having any impact as per above configuration.

View 1 Replies View Related

Cisco Firewall :: Trying To Get ASA5505 To Route

Nov 14, 2012

customer's WAN solution, instead of buying routers, purchasing department bought ASA's (don't even get me started!). So I have 5 ASA 5505's for the branch offices and one 5510 for the Head Office. I am trying to get them to behave like routers and pass the traffic across. I set up a lab with a 5505 and the 5510 using an ethernet cable for both Outside interfaces since the WAN links are going to be MetroEthernet Layer 2 anyway.
 
I tried static routes, dynamic routing, I followed examples from other persons who did it and it doesn't work. I attached the configs here to show I have the default routes, specific static routes pointing the traffic out, any any rules configured as well. I cannot ping from the internal lan of the 5505 to the internal lan of the 5510.

View 1 Replies View Related

Cisco Switching/Routing :: Determine VLAN Tagging On A 3550?

Jun 13, 2013

We are trying to replace the CSS between our firewall and DMZ with a BigIP.  Among it's other functions, it will act as the router between the firewall and the DMZ. To make this work, I need to assign vlan tags values for the vlans I create on the BigIP box and these must match the tags on the cisco switches (3550's)  How do I find this information on the switch?

View 2 Replies View Related

Cisco Switching/Routing :: 2960 / QoS Tagging And Dot1q Trunking?

Nov 9, 2011

If you have a router with multiple direct vanilla FE (non trunked) interfaces on a switch trying to send QOS tagged packets to a wifi bridge several switches away does the trunking in the switched infrastructure mess with the qos tags if no qos is configured on the switches.
 
Does it depend on the switch?  We have new 2960's running 12.2 and a few older 2950's running 12.1

View 1 Replies View Related

Cisco Switching/Routing :: 3560 - How To Implement CoS Tagging By TCP Port

May 1, 2013

  Our enviornment includes 3560 switches and 2800 routers. We have a few remote offices using an application on TCP port 1677 that use far to much bandwidth. Our WAN provider can throttle and police this for us, if I can TAG this traffic, for example all Traffic from Florida using the Groupwise app on TCP  uses TCP port 1677 and I want it tagged with CoS 3.

View 1 Replies View Related

Cisco Firewall :: ASA5510 / Default Route With Different AD Value?

Nov 14, 2011

Will ASA5510 support default route failover mechanism by giving two different AD value in the route outside command?

View 1 Replies View Related

Cisco Firewall :: Route To Same Interface On ASA 5510?

Sep 14, 2011

I would like to route traffic that are coming in and going out to the same interface on ASA. I am using inside interface with security-level 100.  In this URL, [URL], ASA is able to do that.

View 5 Replies View Related

Cisco Firewall :: NAT Route For Remote VPN On ASA 5510

Nov 15, 2011

I have configured a remote access VPN on my Firewall ASA5510. Everything worked fine and I can successfully connect through the VPN. The problem is I cannot ping or connect to any of my internal network resources. I tried to add a new NAT route from outside to my internal servers using the defined pool but due to a new ASA version there are many changed I see in the NAT routes

View 37 Replies View Related

Cisco Firewall :: ASA 8.4.2 - Clear Route Not Working

Jul 8, 2011

After command clear route, all timers just continue, there is not actually clearing the routing table... This is happening on two different boxes: pair of ASA 5520 and one 5505 ASA... I presume it is happening on all others too, but I don't have this release installed anywhere else...
 
Codes:
C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route(code)

View 1 Replies View Related

Cisco Switching/Routing :: 2960 / Verifying Trunk Vlan Tagging?

Jul 5, 2012

I have a 2960 switch connected to another. The I need to verify that vlan0010 on one switch is forwarding tagged traffic between the other switch it is hooked up to through the Gi0/1 port. How do I verify this? I have a server that's multihomed (Broadcom) on the other side an it is supposed to be on this vlan with one of it's network interfaces. We had a pwer outage and now it cannot communicate on this vlan. However, everything else on the vlan can reach all the other nodes accept this server in the front of my building. All the devices in the same room are linked to the same switch which has one port (fa0/17) on vlan0010 and can ping eachother just fine. The server is hooked to port 24 on my server room switch and Gigabit port one goes to a fiber converter all the way to the back. It then gets converted from fiber to cat5e again and links into the switch (2960) in the backroom.

View 5 Replies View Related

Cisco Switching/Routing :: 3750 - Tagging Traffic By IP Source And Destination?

Dec 2, 2012

I want to know if there is way to tag traffic with DCSP tags without having to do all the other requirments of QOS setup.  All i want to do is just tag traffic at different DCSP values via source and destination IPs.  We do not have a need to be priortizing traffic on out internal switches.  We just want to tag the traffic so our MPLS provider can distinguish the different types of traffic.
 
Our environments is primarily 3750s in all offices.

View 6 Replies View Related

Cisco Wireless :: Mesh 1260 Ethernet Bridging With VLAN Tagging

Mar 18, 2012

I'm a little stuck with a 4400 7.0.220.0 + RAP 1550 + MAP 1260 Ethernet bridging issue. I'm using the VLAN tagging functionality and I'm finding that periodically a VLAN that I've tagged on the MAP will deregister from the backhaul and stop passing traffic. If I go into the Mesh tab on the MAP, select the wired interface, remove the VLAN from the list of tagged VLAN IDs and then add it right back to the list, its starts passing traffic again

View 2 Replies View Related

Linksys Wireless Router :: Vlan Tagging On E4200 / WRT610n?

Feb 14, 2012

I rencently bought the E4200v1 router, to be wired together with my WRT610nv2 to form gigabit network for different floor network.However with the recent installation of fiber to home network offered by my local ISP, I would need router that capable for performing vlan tagging (500 for internet & 600 for IPTV).Would like to know if Cisco have any development plan to enable the VLAN option for:-

1. E4200
2. WRT610nv2
 
At the moment, I'm still stuck with the provider "home-made" router which lacks of Gigabit & dual band wireless.

View 9 Replies View Related

ASA 5505 - VLAN Tagging / Trunking Power-connect 2716?

Oct 30, 2011

Having an issue getting my DMZ vlan working. Running my ASA5505 and i have configured e0/2 for DMZ w/ VLAN ID 3. Connected to my 2716 on port2.Inside e0/1 w/ VLAN ID 1. Connected to my 2716 on port1.

I am trying to get my DMZ Vlan to ports3&4 (LAG1) but when i assign the LAG group to PVID 3 i lose connectivity on VLAN1. I want to send both VLANs to that host because the teamed adaptor is used for Hyper-v Network Switch.

View 17 Replies View Related

Cisco Firewall :: ASA 5505 Route Monitoring Options?

Oct 22, 2012

We have one pair Cisco ASA 5505 located in different location and there are two point to point links between those two locations, one for primary link (static route w/ low metric) and the other for backup (static route w/ high metric). The tracked options is enabled for monitoring the state of the primary route. the detail parameters regarding options as below,
 
Frequency: 30 seconds               Data Size: 28 bytes
Threshold: 3000 milliseconds     Tos: 0
Time out: 3000 milliseconds          Number of Packets: 8

[code]....
 
I'm not sure if the setting is so sensitive that the secondary static route begins to work right away, even when some small link flappings occur. What is the best practice to set those parameters up in the production environment. How can we specify the reasonanble monitoring options to fit our needs.

View 5 Replies View Related

Cisco VPN :: ASA5505 Firewall - Route Internet Via External?

Feb 6, 2013

I would hereby like to inform if it is possible to configure the Cisco ASA5505 firewall to route internet via an external VPN, while a laptop and smartphone connect to the firewall via Cisco AnyConnect VPN.
 
The configuration would result into: Laptop on public internet -> Cisco ASA5505 VPN -> External VPN (Unix server) -> internet.

View 4 Replies View Related

Cisco Firewall :: Multiple Route Commands On ASA 5505?

Jan 7, 2013

I want to know with an ASA 5505 w/ Security Plus License I get up to 20 VLANS/Named Interfaces.I have a customer that is getting a new subnet of external IP addresses from their service provider and a different default gateway to accomodate re-hosting their datacenter at their main office instead of at a Colo. My question, when building out their new DMZ, can I have multiple route 0.0.0.0 commands?
 
Example.
 
Current Default Gateway 1.1.1.X
 
Internal hosts 192.168.1.0 use and are natted to 1.1.1.X
 
New Default Gateway for DMZ Servers 2.2.2.x
 
Internal hosts still use 1.1.1.X, but server hosts in 192.168.1.3 should use 2.2.2.X -- there are also a bunch of pre-existing static NAT rules for these servers such as 2.2.2.30 translates to 192.168.1.30.
 
I think I would accomplish this by using the following:
 
route inside 0.0.0.0 0.0.0.0 1.1.1.X
route DMZ 0.0.0.0 0.0.0.0 2.2.2.x
 
Would this be correct?

View 2 Replies View Related

Cisco Firewall :: Trace Route Between Two ASA 5505 And 5510

Oct 15, 2012

We have a ASA 5505 and a 5510, that we are using site to site.I need to traceroute from the 5505-5510.. From the outside interfaces.. Don't want to do this through the site-to-site.I have temporarily added a few acl on the outside interfaces.when i traceroute it only goes one hop.. Maybe thats the way it suppose to be? I need to know all the hops between the outside interfaces on the 5505 to the outside interface on the 5510.

View 12 Replies View Related

Cisco Firewall :: ASA5520 - Static Route Shows A-172.24.0.0 Or A-192.168.176.0

Jul 14, 2012

We use ASDM 6.2 to manage our Cisco ASA 5520 running ASA Software Version 8.2 (1). I just noticed that some static routes have "A-" when you view the static routes with ASDM e.g. A-172.24.0.0 or A-192.168.176.0 (pls see attached print screen). I haven't seen this before and dont know what it means.

View 4 Replies View Related

Cisco Firewall :: 5505 - Route Traffic Between Two VLANs Through ASA

May 30, 2011

I have ASA 5505 Firewall with security plus license, I configured two V LAN 1 and V LAN 5 as my inside V LAN for different sub net, i need to route the traffic between this two V LAN's through ASA. I configured
 
int vlan 1
nameif inside
Security level 100
Ip address 172.16.100.1 255.255.255.0
[Code] .........

The problem is i am not able to ping other sub net, for ex my PC is in V LAN 1 not able to ping 192.168.22.1 ... For troubleshoot i type debug icmp trace while pinging other subnet
 
ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=4608 len=32ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=4864 len=32ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=5120 len=32ICMP echo request from 192.168.22.2 to 172.16.100.101 ID=512 seq=5376 len=32

I turn off the firewall on my local machine.

View 10 Replies View Related

Cisco Firewall :: ASA 5515-X Route With Branch Locations?

Apr 17, 2013

We installed a new ASA 5515 about a month ago for the corporate office we also have 40 branch locations that feedback VOIP, camera, and Citrix to the corp location.  Each of the branch locations have a separate DSL connection with a local provider and all of them are dynamic IP addresses. 
 
The problem I have is that I cannot figure out a access rule to make the voip traffic work 100% of the time what ends up happening is five or six random locations change IP address's every day and I could not figure out how to create a access rule for that so I create a static route with that dynamic IP and then it will change a week or so later.  That's a horrible security risk and a lot of manual work.

View 4 Replies View Related

Cisco Firewall :: How Many Route Entries Can ASA5520 (8.2.1-k8) Support

Sep 24, 2011

how many route entries can ASA5520 (8.2.1-k8) support?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved