I'm working with Nexus 7010 - System version: 5.1(3).
For example, in the 7200 we can include or exclude an OID from the SNMP view entry using the command #snmp-server view.
How can we include or exclude an OID from the SNMP view entry in the Nexus 7010?
8.4(3) I need to outside PAT all incoming UDP (SIP/RTP) traffic from outside to an internal IP. The following command makes it work:
nat (outside,inside) source dynamic any obj-10.0.0.173 service udp udp
But it breaks DNS resolution from inside. If I add the above command and try to nslookup from inside to an outside DNS server 64.90.175.90, DNS times out. If I remove the above nat command, it works again. It seems like even though DNS UDP originates from inside which should create a statefull connection, ASA still messes with return DNS responses.I then tried to create an "exclusion" for that IP with the following:
object-group network nat-exclusions
network-object host 64.90.175.90
!
nat (outside,inside) source static nat-exclusions nat-exclusions
but it's not working.I also tried:
nat (outside,inside) source static nat-exclusions nat-exclusions unidirectional
Also not working.How can outside-PAT all UDP traffic excluding DNS.
I have the following setup:
ADSL ---> Cisco 877 with connected site-to-site VPN's ---> Cisco ASA 5505 with Remote VPN enabled
I want to connect my Android phone to the Cisco ASA 5505 with Remote VPN. When I forward port 500 and 4500 on the Cisco 877 to the Cisco ASA5505 I can connect with the phone.
But as expected, the site to site connections are lost because now they try to reach the ASA 5505 also.
I want to exclude the site to site external IP addresses from doing static NAT to the ASA 5505...how can I accomplish this ?
I have a number of devices such as Cisco Call Manager, or Cisco Wireless Controllers, etc that I want to remain in DCR but would like to exclude from the Config Archive process. Is there any way of excluding an individual device from this process?
View 3 Replies View RelatedI have an inventory added to Ciscoworks and am getting alerts on interfaces that I want to exclude but for the life of me I can't figure out how to exclude interfaces. Any tips on how to exclude interfaces from the fault engine in 4.1.
View 3 Replies View RelatedI'd like to know if there is a way to exclude passed authentications for a specific username from reporting in the Authentications-TACACS and Authentications-RADIUS reports?
We have a few usernames that are used in scheduled jobs. We only need to know when they fail authentication, so we don't need to fill up the reports with every passed authentication from these accounts. Can this be done?
In earlier versions of LMS it was possible to choose i.e. the Routers category (top level) and enter a series of commands to be excluded from the comparison. In LMS 4.0.1 I experience, in several different installations, that this is not possible. It seems I can enter one exclude command beyond the defaults per category, the rest is not applied even though the feedback from the application is positive. Next time I access the Exclude Commands view, the commands I entered are gone. Is this a change of behaviour or a bug?
View 2 Replies View RelatedI am trying to setup 4 cameras to view with remote live view. I set up my server with IP addresses of 192.168.1.80 .... 85. The screen has only the option for 1 video channel. I have seen on-line screen shots that have options for channel 1 through 8. I want to assign each camera to a different channel so I will be able to use remote live view to show all 4 cameras at the same time. I can only show one at a time. Do I need a different version than 3.3 or some obscure windows 7 setting?
View 5 Replies View RelatedHow i should setup my network to include a DNS Server. I have 2008R2 running on a VM on my main desktop machine (this will soon be moved to a dedicated VM Server) with my Virgin Superhub acting as the primary router / modem. I also have a Belkin N+ router in AP mode and a dedicated AP for wireless around the home.I have a few options on how to configure the network adaptor for the VM Server. [code] On my host machine i have the two default VM Network adaptors for "Host only" and "NAT".Im not really sure on how the IPv4 should be configured on these adaptors in order than the VM server is on the same network as my physical machine without conflicting IP's. If i leave it default the VM server gets a default IP of 192.168.13.138.
View 1 Replies View RelatedThe datasheet contains the following regarding rails and brackets:
Cisco ASA 5512-X, 5515-X, 5525-X, 5545-X, 5555-X spare rail kit - ASA-RAILS=
Cisco ASA 5512-X, 5515-X, 5525-X brackets for rack mounting - ASA-BRACKETS=
The word spare seems to imply that it comes with a set of rails. Does the ASA-5515-X come with rails and brackets, or must both of these be ordered?
[URL]
at our office we have a brand new WRVS4400N with 2.0.1.3 fw preinstalled.In order to make a VPN connection to our cliente, we need to establish an IPSEC VPN with AES-CBC encryption, but in the drop-down list I can only select 3DES.
Does v2.0.2.1 fw update include AES-CBC encryption?In negative case, how can we add this type of encryption to the router?
I even just reset to factory and loaded the 1.0.4 firmware but still persists.In the DNS setting, the wireless router adds itself as one of the DNS servers, and I can't figure out why it would do that. My DNS should come from my comcast router and not the e3200 wireless device.
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : TP-LINK Wireless USB Adapter
Physical Address. . . . . . . . . : B0-48-7A-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
[Code]....
We are re-designing our wireless network and are navigating the security options.Are design will include a 5508 WLC and 3600 series APs. We plan on breaking our wireless out into four VLANS.Is 802.1x the standard for wireless authentication?What EAP flavor would you recommend for wireless? We will be supporting an environment with a variety of mobile devices (iPhone, iPad, HP tablets, Dell laptops, etc.). We will also be supporting wireless Cisco VoIP phones. Someone suggested choosing between EAP-Fast or EAP-PEAP, does this seem reasonable? Also, if we want to authenticate users using their AD account, we need to have NPS running on the AD server and use the radius protocol from client to server, is that right?
View 1 Replies View RelatedWhen purchasing part number WS-C3560X-48P-L is a StackWise cable included or do I need to purchase that separately?
View 3 Replies View RelatedI have configured a SVI in my 4500 ( Sup 7-E 10GE,,,,,,and,,,,,cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin) switch and it is showing Down Down, because there were no active switch port in the vlan, I added one switch port to this vlan but this port also in the down state, so i added the SWITCH PORT AUTO STATE EXCLUDE command under this port, even after this also the SVI never came up, So i added one systen to the port so both the switch port and the SVI came up...So why SWITCH PORT AUTO STATE EXCLUDE command have no effect in this model of the switch..
View 4 Replies View RelatedI have te E4200. When I backed up and restored my media server settings were not there as well as ftp, I found this out upgrading to 1.0.02 that turned out to be a huge waste of time anyways.
View 7 Replies View RelatedI just got my ea4500. the 50 Mbs from Comcast was killing my old wrt54gl. the thing where cisco connect and access thru the web interface step on each other, or when the web interface does not expose all the settings is annoying. because i didn't want a guest network, i had to go back to Cisco connect. and things did not work well. i ended up re-doing the whole thing, because i did not want a guest network and wanted diff settings for 2.4 and 5 Ghz.and logging after so many years and Linksys still does not include a date/time stamp for the events. logs without date/time are not very useful.
View 6 Replies View RelatedI've purchased a wmp600n pci adapter january this year and installed it with no problems and did not encoutner a single problem with it until today. I use windows 7 64bit.
I've just came back from a 3 week absence and turned on my computer for the first time since i left. I notice that I have no wireless connection. So i go to network connections and realize that my wireless adapter dosent even show up..only my lan card. So i check my device manager, and under network adapters, i can see my wireless adapter, but with an exclamation mark next to it. I check the properties, and under the status box, it gives me this message.Your computer's system firmware does not include enough information to properly configure and use this device. To use this device, contact your computer manufacturer to obtain a firmware or BIOS update. (Code 35).
So i do what it says, and flash my bios to the latest version. After the update, I check the device manager, and the error message is still there. I check my wireless adapter driver version and it is v3.0.2, which is the latest version according to the linksys driver download webpage. I've tried uninstalling and re-installing the adapter but no luck there. I also checked to see if maybe there was a problem with my pci slot and that was not the problem because I was able to use my older wireless adapter.
I have a requirement to NAT a spare address on the same subnet range as one of the firewall interface - however, because this is not allocated to a physical interface, there is no mac entry in the arp cache. the other end of the link from the firewall is connected to a router which has no idea how to reach this "virtual address" - again because there is no entry in the arp cache I have tried to put a static arp entry into the firewall but this doesn't appear to work either. Should I be using a mac address form a physical interface or can I create a dummy mac for this - If the router can't see the ip address, then users will not be able to target this address - so that the firewall can NAT to the real outside address.I have tried routes to null0 on the router and static arp entries on both devices but the user just times when trying to connect to 10.2.7.11 (nat to 10.2.32.11)
View 6 Replies View RelatedI am trying to split traffic entering from the web for servers so everything goes over the ADSL link but time sensitive information such as Sharepoint (TCP80) go direct over the ESHDSL link, now the problem is traffic that enters through the ESHDSL hits the server, the server replies out of its default gateway which is the ADSL which doesnt know what to do since it does not have a NAT entry for its return path.
How can I make it so traffic can enter one router and exit the other?
The two routers have HSRP to provide fail over between the two, and BGP is setup so one BGP route goes ESHDSL-ADSL and the other ADSL-ESHDSL
The routers are a 877M-SEC-K9 and a 881-SEC-K9
We have one business application, accessed across GCC region by having a single entry with individual computer hosts file, ie123.123.155.116 myappl.mycompany.com and other than Bahrain, all countries are able to successfully resolve the hostname (application only works against hostname (Oracle EBS)) against this entry with the hosts file. Now, prior contacting the ISP in Bahrain (where internet is regulated due to the current political situations) we need to know whether anything could be done from our end to resolve this issue.
View 2 Replies View Relatedan attacker have configured his PC with an static IP address but there is no such entry configured statically in switch, neither in DHCP snooping database.now when he want to generate traffic will switch block him? because there is no entry of his PC in the switch database.
View 2 Replies View RelatedIs it possible to use a DNS entry in an extended ACL instead of an IP address range?
View 2 Replies View RelatedI have a wap200 with a static ipaddress e.g. 192.168.249.205/24 (it is for management and is in vlan 1). Firmware of the wap is 2.0.4.0. No gw and no dns. (they are not necessary) I export the config . I have a second wap200 and import the config.bin to the new wap. ThenI like to change the static address and the name of the new wap, but - and this is the problem - it asks me to fill out the dns (the address for primary dns cannot be 0 and 255), but I absolutely don't want that because there is no dns or gw (management only). And if I fill it out I cannot go the the internet with the wap.
So I also have some other wap200 where I could import the config.bin and change the static ip without giving a dns (firmware 2.0.1.0). can I go back to a previous firmware (Europe) and where can I find it. Looked for it, but seeing only the last one 2.0.4.0 etsi.Or is there another method to skip the dns with a static ipaddress?
When I try to add new MAC entrys to the WLC I get the following message unable to add mac entry to database, reached max size the problem is when I look at the stats there is only 386 MAC entry and the databse size was set to 1024 entry..The work around was to increase the size of the database to 2048.Is there any why to clean up the database?
View 2 Replies View RelatedUsing CCP I am trying to create a NAT entry for a range of ports. CCP window for a new NAT has only one entry for the port #. Is it possible to set uf port ranges in 877 router?
View 2 Replies View RelatedIn my environment, VPN users are connecting to corparate network via ASA 5540 and using 3.5.1, 4.8, 5.0 (32 bit) and 5.0(64 bit) VPN clients.After they have built VPN connection, they use program that generates traffic to a bradcast address (x.x.x.255) inside corparate network.
There is no problem with users who are using 3.5.1 and 5.0(64 bit), but 4.8 and 5.0 (32 bit) vpn clients can not add ARP entry to Windows machines ARP table. If i add ARP entry for x.x.x.255 on VPN interface, they can work.
cisco 2651XM router
IOS: c2600-adventerprisek9-mz.124-15.T8.bin
if I do #sh arp in the terminal with this router I see a rogue entry thus:
Internet 192.168.0.4 0 Incomplete ARPA
My whole LAN operates on 172.16.x.x/16, there are no 192.168.x.x devices connected. In the past I've had 192.x.x.x devices running but for a long time and the router has been restarted since then. I've tried several clear commands in the terminal but this entry is stuck there and I've also seen it in a wireshark scroll on a pc when monitoring the routers' adsl traffic - it shows up an an SNMP entry and I do use SNMP on my router, but that data goes to a 172.16.x.x. machine. How can I clean this entry out?
I am having peculiar issue in my setup. I recently replaced my ASA 5505 (8.2.1) with ASA 5510 (8.4.3). Everything works fine for a while suddenly I see some of the servers will not be reachable from the LAN all the servers gateway is my switch. If I check on my Dell switch the particular server's arp entry on the connected port is same as ASA physicall MAC. If im reverting to 5505 ASA everything goes smooth without any issue.
View 6 Replies View RelatedEverytime I start one of my two Windows machines, I need to go to the control panel network adapter and enter the static IP address in the IPV4 properties. It is always blank after a shutdown.I have two machines that are networked for flight simming.One of the machines must have a static IP so I configured both static. Not sure if this has anything to do with my problem.
View 5 Replies View RelatedI have a 5510 using AnyConnect VPN clients. I have a DNS name for my router to accept connections ie cisco.mydomain.com..I can ping the address by hostname from the clients machine ok but when the AnyConnect client opens it has my hostname ie (cisco.mydomain.com) but says "invalid host entry" I have to type in my IP address for it to connect.I have the hostname in my AnyConnectProfiles.xml.
View 1 Replies View Related I'm configuring up aa ASA-5510, and I have several interfaces, some of which include:
interface Ethernet0/0.200
vlan 200
nameif SITECORP
security-level 90
ip address 10.1.4.1 255.255.254.0
!
[code]....
This definitely confuses me, because SITECORP has an inbound access-list of permit ip any any.
We're replacing our older catalyst switches with new SG300 family switches and have a Microsoft NLB cluster for some services that run in multicast balancer mode.
We currently do L3 routing to the network with the cluster and have the following IOS configuration line in the specific switch to let users on other subnets to access the services.
arp 10.20.1.226 03bf.0a14.01e2 ARPA
How do we replicate this using the SG300 series in L3 mode? Whenever I try to add a manual ARP entry I get an error message that says that the MAC address is not a valid unicast address?
