Here's the version of the ios i'm running:Cisco Adaptive Security Appliance Software Version 8.0(4)The issue i'm encountering seems to stem from the use of port rangesThe client states that while a port range is included within the running config, nmap tests within the server indicate that port as closed. Below is the list of port ranges being opened within the ASA[CODE]
View 1 RepliesI feel like this has probably been asked a thousand times over, but it doesn't seem to work for me. TCP works fine. I can't find any definitive answers, I'm still a novice with the IOS.
The purpose behind opening the ranges of UDP ports to the interface and forwarding is because the people in question want to run a VOIP phone from their home, but they have a home grade Internet connection, so therefore no static IP. Also, they're not going to pay for a router to create a S2S VPN.
Also, from one of the remote sites for which there is a VPN ( the 192.168.6.X/24 site), the audio is only one way. The phone guy says "i need to open ports both way through the VPN), but I feel like that's already been done??
For my other site ( 192.168.15.0/24 ) I have an IPSEC over GRE tunnel going, I don't know about the status of the voice phone there..or if its even made it there
Here's my config...i'm redacting things like public IP's, VPN keys, and the like
#show run
Building configuration...
Current configuration : 6525 bytes
!
! Last configuration change at 14:51:00 EST Wed Jan 2 2013 by ctouch
! NVRAM config last updated at 14:57:46 EST Wed Jan 2 2013 by ctouch
[Code]...
I'm just setting up a Cisco rv180w router to replace our aging Belkin. I need to allow a range of ports through the firewall to a particular PC on our internal network that runs our VOIP/SIP Trunk phone system.
The Cisco's Port Forwarding looks like it can only forward one port at a time, but for our phones I need to allow a full range of ports (in this case ports 49152-64512) to one machine at 192.168.x.xx.
On the Belkin I used something called 'Virtual Servers' which allows you to enter ranges of ports. Anybody know what the equivalent might be for the Cisco router?
I want to prioritize League of Legends, a game which uses ports of ranging between 5000-5500. Does the WRT54GL "Application Priority" section allow for port ranges. If yes, have I put the range in correctly.
View 2 Replies View RelatedIf the load balancing is set to src-dst-ip, will a layer 2 switch forward based on that information? Particularly talking about a 6500, with trunk interfaces, since those packets never go to the layer 3 engine, will the load-balancing work as intended?
View 2 Replies View RelatedThere is no "blinking light" indication on my E3000 at the Internet (Yellow label) and Ethernet port no 4. I tried plugging in 2 cables at all of the ports. I got the blinking indication at Port 1 through 3. The same cable's have no response at Port 4 and Internet port. As a result my I am not able to connect to the internet.
View 2 Replies View RelatedI am trying to trouble-shoot / map out a large network with a freaking butt load of over lapping IP addresses
View 8 Replies View RelatedIs it possible to connect two different ips together? A proxy server : 192.168.1.1. All the connections are going through this Server, everything is working fine if the ip range is 192.168.1.XXX Now, when i changed the ip range from 192.168.1.XXX to 192.168.2.XXX im not able to access network, Note: default gateway is the proxy server itself..
View 2 Replies View RelatedAlright, well I have a Cisco 891w router and have just about everything up and ready to deploy. I'm primarily using Cisco CP 2.4 to provision the router with minor tweaks being done in the CLI. I want to set up a filter to allow access to roughly 20 websites for the majority of my network which is all on the same VLAN. The ip ranges are x.x.x.10 - x.x.x.169 which I have set into a Network Object group called limitac. The second group ranges at x.x.x.170 - x.x.x.199 and is called allowac. I have set up DHCP bindings for all the devices that will connect to the network but I want to set up a web filter for only the first group. I cannot seem to find anything in the Cisco CP manual or the IOS manual for setting up filtering for a range of IPs only. Primarily there are a few computers that need full access to the web while the others should only have access to the sites I set up in the filter.
View 14 Replies View RelatedIs there anyway to connect two different IP address ranges without setting up vlans? Trying to setup something so I can test out a device that uses "BACnet Broadcast Management Device" and I dont have two switches to create a vlan.
On site they have a couple of ranges setup with vlans
A 10.169.51.xx 255.255.255.0
B 10.169.52.xx 255.255.255.0
C 10.169.53.xx 255.255.255.0
D 10.169.54.xx 255.255.255.0
I want to know what IP ranges are belonging for example to the AS714.
How do I get this information?
I know how to do the reverse way, which is easy with whois. But the other way doesn't seem to be that easy.
I have multiple AAA Clients that I need to add. The way I manage the clients, I often make changes of moving IPs from one group to another. I require that all clients use "IP Ranges". I try import the following IPs (8.8.8.1;8.8.8.3;8.8.8.9-10;8.8.8.25) I need them all to be ranges, but what happens is after I import it, I then go to that AAA Client, it makes them all "IP Range(s) By Mask" and siplays it like this.
View 4 Replies View RelatedI’ve been trying to figure out this for quite a while. I have a range of public IP addresses directly assigned on my dmz servers. The inside interface of ASA 5510 has one of those public IP addresses assigned (the default gateway for all dmz servers). Now I have a new range of public IPs that I also want to directly assign to new dmz servers. My goal is to have two distinct public IP ranges on dmz that should communicate between them. The inside ASA interface should be the default gateway for both networks.
View 1 Replies View RelatedI'm trying to block internet access to a range of IP addresses using the Access Control function of the DIR-655 router. Unfortunately, the router does not allow me to block a range of IPs. Instead, I can only create policies based upon individual IPs or MAC addresses. I have over 60 machines I want to block Internet access and I'd hate to have to type them in individually. How do I go about blocking all Internet access (HTTP/FTP/email/everything) for a range of IP addresses? They will have to be able to continue to use the internal LAN.
View 3 Replies View RelatedBest practices for an ASA5520. I'm currently running a pair of these as internal firewall for my organization, and have about 750 rules dictating traffic. A lot of the rules are for individual ports to specific server(s), some of them having 50+ ports opened. For example, Exchange has about 115 ports opened right now, anywhere from port 25 to 55000.
My question is that would it be better (faster, less strain on the ASA) to open a port range, (ie 52000-55000) or would the individual ports (ie: 52112, 52336, 52698,53441,53495, etc...) be ok?Obviously the individual ports are much more granular for security, but I don't want to take that into consideration now. Just strictly individual ports vs ranges.
we have an SG300 latest 1.3 firmware, we have it acting as our DHCP server, we have a 10.10.1.x range, 10.10.3.x range, and 192.168.24.x range, they are all on seperate VLANs and all can talk to each other which is what we want. However we have someone who wants to use the 192.168.1.x range to add IP cameras to our network using there own switch. I figured I'd just setup our server to do DHCP etc and it would communicate with the 10.10.1.x range of IP addresses no problem. It turns out the SG300s can't do DHCP for that range, so if he has all static address on the 192.168.1.x range how can i setup inter VLAN communication so we can talk to that range?
View 1 Replies View RelatedI am wondering if I can make our WAP4410 fall under two ip address ranges. I want to have a network for the office users and one for the guest users. We currently use a Safe@Office500WP Checkpoint router. It allows us to create multiple network ranges. We have the office users wireless under 192.168.0.1 ip range and the Guest Wireless is under the 192.168.200.1 range. Do I need two access points or can this be done with just the one?
View 7 Replies View RelatedI have an ASA5510, and site-to-site VPN with several remote clients. I have to add another client but their network range overlaps an existing tunnel. Both are using 172.16.0.0/16. I would like to 1-to-1 NAT them as 172.17.0.0/16.
Is it possible to perform the NAT on my device, post-decryption, or is it necessary that I have them perform the NAT at their end?
I have a client that needs a VPN with multiple network address ranges on the far end of the IPSEC tunnel. Is this possible with this RV180 unit?
View 1 Replies View RelatedI have this cisco 4507 switch that I need to configure multiple ip ranges on. The problem is that I can only configure two ip ranges on it, one ip range on the management vlan and the other ip range on vlan 2. After I have configured these 2 vlans with different ip ranges, I can route between then and get them to talk to each other, but that is all I can do. If I add another vlan with a different IP range I cannot see it from the switch or get any of the otehr ip ranges to see it.
I am doing something dumb because this is a layer 4 device so it should be able to route the ip ranges. I have tried everything just cannot get it to work. I have assigned the IP range directly to the port number and directly to the vlans. Just wont work.
we have a RV082 and have the DMZ option enable for a range of IPs within the same sub-net of WAN IP and this works great. I have another range of Public IPs from our ISP that is not in the same sub-net of the WAN IP and do not see a way on the RV082 to include this 2nd bank of Public IPs in the DMZ.
Our ISP internet feed plugs into the RV082 WAN port and we have a switch plugged into the DMZ port of the RV082 that is used to connect the public devices in the current DMZ. Both banks of Public IPs from our ISP come over via the ISP internet feed plugged into the WAN Port.
My question is, if I cannot configure a DMZ rule to allow this 2nd range of Public IPs to "travel" to the RV082 DMZ port, how I can do this without one-to-one NAT or port port forwarding? The device I am deploying needs to be at the border of our network (like in the DMZ) and have some ability to talk to a device on our LAN.
Any explanation regarding these different operating temperature ranges? I would think it doesn't matter the enclosure that the switch is in, it will either work or fail at a certain temperature.,-40C to +70C (Vented Enclosure Operating),-20C to +60C (Sealed Enclosure Operating), -34C to +75C (Fan or Blower equipped Enclosure Operating).
View 0 Replies View RelatedI have a Cisco 880 (supplied by my company and as such I have little access to the control panel). I have a Linksys (Cisco) E1200 to use as an access point. Cisco setup (love it!) but the simple setup gives the E1200 an ip range starting at 192.168.1.1 while the Cisco 880 range is 192.168.185.113. I need to have all connections in the same ip rage (192.168.185.xxx) for remote monitoring. What is the best way to accomplish this? Bridge mode (I don't need Guest Mode which I read is not possible in bridge mode)? Disable DHCP on the E1200?
View 1 Replies View RelatedI am trying to make a server in the game Halo combat evolved for the PC, but i need to forward 3 ports, ports: 80, 2302, and 2303, i did them all, but it still says they are all still closed, when I scan them or they say, its times out.I have a D-Link router.
View 5 Replies View RelatedI built a pc asrock z77 pro3 mobo, i5 3570k 3.4ghz, ati 7950, 8gb kingston ddr3 1600mhz ram, corsair 650w psu, a hyper 212 evo and a 500gb hdd with a 128gb ssd all in a cm haf912 case.My problem is that everything works fine except for the inbuilt gigabit lan port. I'm accessing the net through an old pci-e slot network card i found, and I'd really like to use the inbuilt gigabit port. The realtek drivers do not appear under device manager. I installed the latest network drivers from asrock - (Realtek Lan driver ver:7048 for 64-bit win 7), I tried various things I read online like removing the ram for a few minutes, disabling the NIC and sleep mode. I always get this message when installing the driver: "Realtek ethernet cable was not found if deep sleep mode is enabled plug the cable" I've done everything I've read online and from reformatting to removing the ram.In the bios, i made sure the adapter was enabled. another thing is that there is no light coming from the port when the lan cable is inserted into the port. there is a light from the pci adapter so i'm not sure if it's faulty. I've also checked that the cables are fine. I hooked them up to my macbook and ps3 and the network was fine.
View 1 Replies View RelatedRecently, something weird occurred. My Motorola Surfboard cable modem (on PenTeleData/Service Electric) and my D-Link DIR-655 don't seem to be getting along.If I plug a network cable directly from the modem into a computer, it works fine. However, if I go from the modem to the router's WAN port, it doesn't seem to want to connect to the router at all (no matter what DNS settings I change on the router (including spoofing the MAC address of a working computer) or which network cables I use; the "activity" light on both the router and the modem remain off).Also, if I take a network cable and plug one end in one of the LAN ports on the router and the other end in the WAN port, it works (well, the "internet" activity light on the front of the router comes on and the status page at http://192.168.0.1/Status/Device_Info.shtml says "Cable Status: Connected; Network Status: Incorrectly configured - check logs" instead of "Cable Status: Disconnected; Network Status: Disconnected").
View 11 Replies View RelatedI'm having a problem with port forwarding on my 1941W router.I would like to forward ports 8001 and 2001 TCP from Internet to a local host on the internal network.I am able to connect to the local host from the internal network, but it does not work from the Internet.
Here is my config:
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
[code].....
We are try to connect ssh via outside system (from Internet) its was not getting connected.
When we try to connect from outside pool of ip than its working.
We just purchased 8 managed switches POE to swap out our existing in preparation for our new phone system. We installed them all after configuring with static IP. Deployed... and all but two work fine. Any tips for troubleshooting why two of them do not work? There are a couple other switches in the building. Could it be that a switch "upstream" from the two non-functioning switches is causing an issue? If so, how do I find out? When we put back the two "dumb" switches all was fine.
View 1 Replies View RelatedI'm a newbie in wireless, recently I got a WLC2006 and AP1130 - IOS: 12.4(10b)JDE
- The AP has been changed LAP mode already
- AP-manager port and management port are PORT 4
- I have configured the WLC's "Internal DHCP server"...
When I plug the AP to WLC port 2 and 3, it can get the IP address from DHCP however, when I plug it to WLC port 1, it gets nothing. and the IP address is 0.0.0.0
Does it mean the port is damaged already? Or can I do anything to check or enable the port 1 again?
Based on the business requirement, I have installed one more 9 port FE Switch in addition to existing one, NM is discovered but when we connect PC or IP-Phone it is not working, current IOS is flash:c2800nm-advipservicesk9-mz.124-3h.bin with 64MB Flash
View 5 Replies View Relatedi have a DSL-2730U WIRELESS N 150 ADSL2+ 4-PORT ROUTER which i have been using for the past 2 months.It was working fine,but since the last 5 days when i plug the lan wire into the PC port, nothing happens...it doesn't get recognized..the green light in the port is always glowing..i've tried another cable..same problem...i've tried it on another laptop..it works FINE....
View 1 Replies View RelatedMy custom built desktop is not recognizing an ethernet cord. The lights are not coming on when I plug it in. The device manager does not show network adapters. Im not sure where to find it/ not sure its there.
View 6 Replies View Related