Cisco :: Network Address Translation On 6500?
Nov 22, 2012
We've got an application that is running on our LAN that is using IP addressing to connect to the server (they refused to use DNS).The server is now being moved to a VM which will be on a different subnet. The supplier is now concerned that there will be a big down time due to him having to reconfigure each device (about 100) with the new server IP. If the server was external I know I'd be able to do NAT on the FW to make this work but can it be done internally on my 6500s? I want to have the devices pointing at their hardcoded IP address off 1.1.1.10 and NAT the destination to the VMware servers IP 2.2.2.10? Is this possible using cisco NAT?
View 13 Replies
ADVERTISEMENT
Apr 18, 2011
How Stuff Works "How Network Address Translation Works"."This is where NAT (RFC 1631) comes to the rescue. Network Address Translation allows a single device, such as a router, to act as an agent between the Internet (or "public network") and a local (or "private") network. This means that only a single, unique IP address is required to represent an entire group of computers." so let's say 6-7 pc's can have access to the internet using the same IP. doesn't this causes any problems? what if one of those pc's was used fore doing something illegal? how can they spot it later on? or what if 2 or more pc's access (from that subnetwork) access the same website with the same IP?
View 3 Replies
View Related
Mar 24, 2011
In my router I can set rule that all traffic incoming to router's extAddr:8888, is forwarded to my intAddr:8888. But I also need reverse rule that packets originating from intAddr:8888 are translated to extAddr:8888. Can I do that? What technique can I search on google to find more information, because it is not port forwarding. I would calll it reverse port forwarding or static port address translation, but I do not find anything useful in internet searching these keywords.
View 3 Replies
View Related
Aug 4, 2012
I have site to site vpn between cisco asa and cisco 2911 router.asa is static ip and cisco 2911 side is dynamic ip. my site to site vpn is working fine. I am just trying to make PAT over the vpn means i want forward one ip in my public pool to one of my local ip in the cisco 2911 side.
View 2 Replies
View Related
Jan 19, 2013
Is it possible to perform static Nat's through an internal network?I have a ASA 5510 with a public outside interface (let’s call it 68.68.68.1), and I have an inside private IP address (192.168.1.2/24). The inside IP address leads to a 4900m with that interface being configured with a 192.168.1.1 (no switching). On the 4900 M I have several VLANs one of them is an internal DMZ of sorts. (192.168.2.0/24). Within this DMZ network are several Web servers which need to be associated a public IP address (68.68.68.x).
Every time I configure a static Nat to associating a public IP address with an internal IP address within the DMZ, packet Tracer on the ASA informs me that the packet gets dropped at the static Nat and I cannot figure out why this is so.Safe it to say my question still stands is it possible to Nat (68.68.68.222 to and 92.168.2.60) given the configuration above, and how would I go about configuring in such the manner above so that I acn apply static nat through the 192.168.1.0 network to reach the 192.168.2.0 network.
View 11 Replies
View Related
Oct 18, 2011
I have 5 static public IP addresses assigned by my ISP. I like to use one of these static public IP addresses to access one of my PCs in my office from the outside. So I like to configure something like:65.11.22.44 <-> 192.168.1.100.This translation is good for all protocols and all ports. Where I can configure this on the DIR655?
View 2 Replies
View Related
Dec 5, 2012
I have a server in a DMZ of my 8.4 ASA with nat:
object network FTP-SERVER
host 192.168.1.102
nat (dmz,outside) static interface tcp ftp ftp
And that's working well. However, I now need to translate the source address of connections from the outside to the FTP server as well. The aim is that the source address of packets when they reach the FTP server is an address on the DMZ subnet (as the default route for the FTP server now needs to be something else, not the ASA) as well as this outside-dmz NAT. I thought overloading the DMZ interface of the ASA? Or another IP in that range?
View 2 Replies
View Related
Nov 12, 2011
I would like to know if Cisco Collector Engine 6.0 can recive and reading the sent address traslation logging of router ASR1006. Using Netflow v9.
View 4 Replies
View Related
Oct 31, 2011
I am trying to correctly configure our ASA 5520 and our Mitel Border Gateway in our DMZ. In the documentation for the Mitel border gateway it wants me to set up 2 external IP's on my ASA one to allow 443 traffice into the MBG, and another for 443 traffic that needs to be forwarded to port 4443 for the MGB in the DMZ. My problem is I don't know how to do this. the MBG only has one IP, and I need to have 2 different URL's mapped to two different external IP's both externally using port 443, and one of them forwarding to 4443 on the DMZ interface.
View 10 Replies
View Related
Aug 22, 2011
I have an 8.3(2) ASA with a single outside IP. Dynamic PAT translates inside addresses to the outside interface address. I would like to use static NAT with port translation to access an inside syslog server. I got an error when I tried using the outside interface address. Can I use both dynamic PAT and Port Translation with the same outside address?This is what I would like to use but I receive an error saying there is an overlap using the outside interface address.(192.168.1.0 is my inside network. 10.10.1.10 is the outside interface IP.)
object network inside-net
subnet 192.168.1.0 255.255.255.0
nat (inside, outside) dynamic interface
object network SYSLOG_SERVER
host 192.168.1.50
nat (inside,outside) static 10.10.1.10 service tcp ssh ssh
View 6 Replies
View Related
Oct 13, 2009
Is it possible using any module in CW to get the MAC address and IP address of all switchports on a 6500?
View 6 Replies
View Related
Feb 12, 2013
1. the LAN network (multiple subnets) needs to access server 1(outside) - NAT translation works fine no issues
2. a subnet from the LAN e.g SUB-TEST currently acceses server1 but I need to change it to access TESTserver 2 (outside) instead (temporarily)
I dont want to change the original setup .I am trying to implement NAT on the local router such that
- any traffic from SUB-TEST that enters the inside interface and is going to Server1 then change the destination and NAT it to TESTServer 2
- all other LAN traffic is allowed to go to server 1.
i am using a 1941 router for this
View 1 Replies
View Related
May 23, 2012
I am trying to create a passcode for 1 IP Phone in a Network and have the following configuration in place as shown below: The plan is that when this IP Phone wants to dial out they will have to dial out the a 4 digit number 5798 followed by the number they want to dial out.The Router i am using is a CCME.
View 1 Replies
View Related
Mar 2, 2013
I would like to configure a Management ip address on 6500 by giving ip to the SVI. Following is the configuration done
1) int vlan X
ip address 10.1.1.1 255.255.255.0
no shut
However i am not able to reach this Switch IP from other subnet's. for ex:- 192.168.1.0/24.What next configuration should be done, in order to make this work. I dnt want to use any routing protocol.
View 4 Replies
View Related
Jul 17, 2011
In an IPSec port to DUT scenario, with Mode-Config set so as the DUT sends the IP address to the port, I get to a situation in which the DUT continuously enter the "Need config/address" state for the port, even if the port sends its ACK packet to every set IP address from the DUT.
The DUT is a Cisco 6500 Version 12.2 (33) SXI3, having Mode-Configuration configured to provide clients with IP addresses from a local pool. I enabled the "debug crypto isakmp" on Cisco, and below is an extract form the log file:
5d23h: ISAKMP:(80653):Need config/address /* My comments here: This is the first Address configuration message from Cisco to port */
5d23h: ISAKMP: set new node 1768971286 to CONF_ADDR
5d23h: ISAKMP: Sending private address: 94.94.0.164
5d23h: ISAKMP:(80653): initiating peer config to 171.159.1.113. ID = 1768971286
5d23h: ISAKMP:(80653): sending packet to 171.159.1.113 my_port 500 peer_port 500 (R) CONF_ADDR
5d23h: ISAKMP:(80653):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
5d23h: ISAKMP:(80653):Old State = IKE_P1_COMPLETE New State = IKE_CONFIG_MODE_SET_SENT
above debug messages that Cisco produces I can not realize why Cisco resends the IP adderss configuration message for remote peer. Any other methods to use so as to get the reason behind this behavior? Or any explanation to the above behavior?
View 1 Replies
View Related
Oct 31, 2012
Currently we're providing DHCP to wireless clients from a dhcp pool on a cisco 6500. Due to new requirements we need to move to windows 2008 dhcp and when I test this on an unused WLC (7.0.235.0) the client doesn't get an address.
When I do a packet capture on the client I see it requesting dhcp but not getting any response from the server. When I do a dhcp debug on the client I see the same (see attached file).
This seems to me to be a server issue but the same server is supplying addresses to wired clients.
View 3 Replies
View Related
Oct 31, 2012
The customer has 4 6500 switches. 2 Physical locations, and 2 switches at each locations. The locations are connected via 1 200mpbs metro ethernet(layer 2). We ran into an issue during a DR exercise. We had created a VLAN for DR testing purposes, that did not have any SVI configured, but the VLAN did exist on one of the 6500s. When the customer restored a VM to the DR VLAN, we lost connectivity to the production server. After some troubleshooting, we found the cause to be the same mac address showing up, but in a different vlan. Once we removed the DR vlan from the 6500 all was well. It seems like switches are ignoring the VLAN in the mac address table, and forwarding to the incorrect ports. The switch is not reporting any mac flapping in the logs. No spanning tree topology changes are occurring. Code version is 12.2(33)SXJ2 on all switches.
View 1 Replies
View Related
Nov 20, 2012
I am trying to configure the Wism running on a 6500 switch.... I have configured the DHCP scope for the AP on the controller itself with the same subnet as of the management for the controller. The AP gets the IP but once it restarts it doesn't register to the controller, this is the log i get on the AP when consoled into it. [code]
View 6 Replies
View Related
Apr 8, 2013
we have 6500 cisco switch as a backbone switch in universty. When ı want to look mac addres table , it does no show all mac address.ı mean if ı type ;show mac address-table there are not all mac address.
View 3 Replies
View Related
Apr 30, 2012
I have an Issue.In my networks, 1 single user is facing Network Slowness issue. i needs to check to which port user is coneected in switch to CHeck whether that port has any errors.But problem is, i am providing support from remote location.And my concern LAN segment is Very big,I have only user Ip address details,when i ping the Ip address from Core switch it is pinging. but when i give show ip arp & give Ip address then its not learning and listing out the Mac address to trace down to the specific port.
View 3 Replies
View Related
Jun 11, 2013
I have 2 servers, one active, the other standby, both will be using the same IP. If the active fails then a re-patch for the standby to make this the active. I understand that i will need to clear the arp & maybe mac address table on the 6500 for the new active server to work, as the failed server will have its mac address on the 6500,.
is there a way around this so i dont have to clear the arp cache & clear the mac table? [code]
View 6 Replies
View Related
Dec 26, 2012
We are facing issue with mac address learnt from different port-channels, Connectivity is like 6500 as core running VSS and 4500 access switches are connected to Core and WLC is also connected to Core.WLC to 6500 PO 60 , 4500 to 6500 PO 32.
View 1 Replies
View Related
Jul 12, 2010
We want to configure the "mac-address-table synchronize" command on our 6500 series switches to ensure that the CAM tables on our DFCs are in synch with the PFC on the supervisor modules. url...it is recommended that we disable the routed MAC purging with the mac-address-table aging-time 0 routed-mac global configuration command. What is a routed mac entry? Are there any issues with running that mac aging-time command?
We also plan to run this command "mac-address-table aging-time 14400" to keep our ARP and CAM tables on the same aging time to reduce unicast flooding on our network. Can we run this command with the "routed-mac" command above?
View 2 Replies
View Related
Feb 22, 2013
Version 12.2(33)SXI
int vlan 1
description client vlan
ip vrf forwarding A
ip address 10.1.1.1 255.255.255.0
standby 129 ip 10.1.1.2
standby 129 timers 1 4
standby 129 priority 105
standby 129 preempt
ip helper-address 10.1.2.20
[code]....
dhcp requests are not making it to the dhcp server SAME VRF (ip helper-addres is not doing anything.....)extended vrf traceroutes on udp 67 sourced from vlan2 are fine
I am expecting udp unicast packets on port 67 "giaddr" relay packets on the DHCP server generated and sourced by the relay on Vlan1
eg. Mar 1 01:59:06.731: DHCPD: setting giaddr to 10.1.1.1
This exact setup works in our preprod environment with the same code.Only difference is we run Distributed etherchannel on the 6500's where this doesnt work.
Wireshark on the client I can see the requests being sent Going to check it with debug ip dhcp server to check the relay logs out of production hours.
I have seen so many people say it IS and ISN'T supported on this version of the code.e.g. [URL]
I am aware the helper-adddress should inherit the vrf of the interface ip helper-address vrf command is not supported.The fact it works in the PP environment.... could this be due to the Distributed EtherChanel difference? or just some bug....
View 2 Replies
View Related
Apr 21, 2013
Does 6500 SUP720/2T support MAC Address-Table Move Update Feature?
View 1 Replies
View Related
Jul 15, 2012
I have just updated a VLAN interface on my router. I have two 6500's with GLBP configured. The particular interface had a primary and secondary IP address. I shutdown the interface on one router and deleted the secondary address then assigned the orignal secondary address to be the be the only address associated with the interface and enabled the interface and it came right back up...all looks good. I proceeded to do the same thing to the other router and once again all looked good. Now, I am able to PING the devices in the subnet from router, but am unable to ping them from any place else. [code]
View 2 Replies
View Related
Jul 16, 2011
I switched from Time Capsule with AirPort to E2000 and have a problem with configuration.I use the same IPs as in AirPort and E2000 gives me an error:"The WAN IP address cannot be the same subnet as the Guest Network IP address" and I can't save configuration.But in my opinion they are different.I use "Static IP" option and I have IPs from my ISP: [code] So WAN IP is different subnet as LAN and I don't know what to do now. It worked with these settings in AirPort and here I can't proceed.
View 2 Replies
View Related
Dec 21, 2011
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies
View Related
Jun 16, 2011
currently I face problem with outside nat translation and Im not sure how to solve it. I gotta 881 router
int vlan1
ip address 10.10.10.1 255.255.255.0
ip nat inside
[code]...
and remote server 100.100.100.25 routed to interface fa0/0. So the problem is that hosts from V lan 1 and V lan 2 want to communicate to this server, but they cannot route, which means, that I have to "give" them some IP from their range as fake address of this server and translate it. So I did
ip nat outside source static 100.100.100.25 10.10.10.7 (for Vlan 1)
ip nat outside source static 100.100.100.25 20.20.20.7 (for Vlan 2)
but I get
% 100.100.100.25 already mapped (10.10.10.7 -> 100.100.100.25)
As far as I understand router doesn't allow this translation, because if the communication would be started from outside (initial packet would come from server side), router wouldn't know how to translate its source address.
View 2 Replies
View Related
Apr 28, 2011
I am able to access the servers in the network when i am on the LAN . The problem is while we are connected to the VPN, I am unable to https to the servers. While on the VPN, I can ping and traceroute to the servers but I cannot HTTPS.We are using the 3000 series concentrators and also ASA's.This thing was working fine until recently we did a network migration from 6500's to Nexus.
View 1 Replies
View Related
Aug 24, 2012
I am going with ASA 5520, know how many NAT translation is possible.
View 2 Replies
View Related
Aug 1, 2010
My remote VPN clients aren't able to do anything network wise once they have connected to the VPN. The ASA keeps coming up with "no translation group found" in the log.
Result of the command: "show running"
: Saved:ASA Version 7.2(2) !hostname ciscoasadomain-name office.propertyfinder.comenable password ######## encryptednamesdns-guard!interface GigabitEthernet0/0 description Office Network Interface nameif Office-LAN security-level 100 ip address 10.121.10.4 255.255.255.0 ospf cost 10!interface GigabitEthernet0/1 description 4Mbps BTNet Internet Connection nameif Internet-Primary security-level 0 ip address 213.121.253.33 255.255.255.248 ospf cost 10!interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address!interface GigabitEthernet0/3 description Office Wireless Interface nameif Office-Wireless security-level 10 ip address 172.16.0.1 255.255.255.0 ospf cost 10!interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ospf cost 10 management-only!passwd 2KFQnbNIdI.2KYOU encryptedboot system disk0:/asa722-k8.binftp mode passivedns domain-lookup Office-LANdns server-group DefaultDNS name-server 10.121.10.20 name-server 10.121.10.21 domain-name
[code]....
View 13 Replies
View Related
Jan 5, 2012
I am looking for the SNMP OID to monitor the sh ip nat translations on a cisco 881.
#sh ver
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Thu 26-Feb-09 06:01 by prod_rel_team
[code]....
View 1 Replies
View Related
