Cisco Routers :: RV 220W - Custom Services And QOS
Aug 9, 2012
I have some questions regarding the addition of custom services and their use in QoS for RV routers (I use the RV220W). Suppose I create a custom service as:
Name: My Service
Port: TCP 60000
1. Does this port number refer to the port number used by my LAN computer or the port number on the other side e.g. some computer on Internet I am using this service to connect to? Some services use the same port number on the side that initiates the service and the receiving end but there are services that use different ports for the initiating and receiving end. So, what is the meaning of the port number when creating a custom service?
LAN Computer : (port TCP 60000) <----> Internet computer : (some TCP port, not necessarily 60000) - or -
LAN Computer : (some TCP port, not necessarily 60000) <----> Internet computer : (TCP port 60000) ?
2. Suppose I create a QOS profile binding configuration with respect to this custom service for a specific IP address on my LAN. QOS is applied to the outgoing network traffic only. How is this profile going to work?
A. Applied to traffic originating from my LAN device with the specified IP address and port TCP 60000 - or -
B. Applied to traffic originating from my LAN device with the specified IP address to another computer's port TCP 60000 ?
RV220W - I'm trying to create a one-to-one NAT connection to a PC on my network. I have 5 static IP's assigned by my ISP. I've gone through the step of 'registering' each IP in turn on the WAN port, and pinging that IP from an external device until it starts to respond, then I set the WAN IP back to the one I want to use to manage the device.
I think what I want to do is simple. I simply want to NAT ALL traffic hitting my 2nd IP address, let's call it 24.15.120.73 (not the real value) to 192.168.1.10 internally. I want ALL ports both UDP and TCP to be forwarded. This Server is then going to be one end of a VPN tunnel going to another site, but I don't want to complicate things with that for now. So I can't even seem to get one-to-one NAT working! I created the one-to-one NAT on the Advanced tab of the firewall and created rules for all ports for UDP and TCP, but I can still never 'see' the internal server from the Internet. Also, the server will not get out to the Internet (can't hit Google, etc).
I'm wondering if there is a possibility to get my homepage provider's custom dynamic DNS service working on my Cisco SRP541W Router as I'd not like to be forced to sign up for either DynDNS or TZO which are available through the web frontend.
Our firewall just died - it was a windows server 2003 rackmount running Microsoft ISA server. I'm shopping for a replacement, but would like to get an appliance rather than have to purchase a whole server, which just seems like overkill.
We had four network ports on the old box - one for internal, one for the cable modem, one for guest wifi, and one for the VPN (We have a dedicated Barracuda VPN appliance, so we won't be using the VPN functionality on whatever new router we purchase)
What we'd like to do is have a set of rules similar to what we had on the ISA server. We denied everything by default, and then for example: Allow outgoing HTTP, HTTPS, FTP access from guest wifi and internal network to the internetAllow access from the VPN subnet to certain ports on certain machines on the internal networkForward incoming access from the internet on port 443 to the VPN boxetc.
From reading the manual for the RV180, i could get a rough configuration going by putting internal, guest wifi and VPN on different VLANs, and disabling inter-VLAN routing for the guest wifi. However this doesn't get me the detailed control that I am used to - guest wifi and internal would be able to see the whole internet, and the vpn would be able to see anything on the internal network.
Does the RV180 can actually give you this level of control? What would be the most cost effective router from Cisco that could do this for me?
I have an rv180 and I'm trying to setup a custom service that contains both multiple disjoint ports (some UDP some TCP), as well as a TCP port range. This has lead me to a couple of questions.1) Is it even possible to have a single custom service with disjoint ports? Is it just going to be necessary to define multiple partial services for this?2) Is it possible to forward a range of ports? It's clear how to define a service with a port range, but the port forwarding table interface only allows me to select one LAN-side port for any service. Is there a secret notation that I need to do here that will just forward to the same LAN-side port as the WAN-side port---effectively one-to-one NAT forwarding, but just for the selected service?
My ISP sends various services through VLAN. Internet, TV and Telephone.Now I wonder, is it possible to use this router to distribute these VLANs through the wan port to eg my IPTV box?
I need to access a shared folder over a VPN connection. Very simple host network: no Microsoft server, no AD. Just a WRVS4400N router and a peer-to-peer network.
Purchased a second WRVS4400N router to create VPN from SOHO and configured via VPN Setup Wizard.
When at the office, I can map a drive letter to a share on the other computer, as follows
net use f: \192.168.1.111MyShare /User:MYSELF mypass
However, when try same command over VPN, I receive the response:
System error 53 has occurred. The network path was not found.
I also cannot net view the other computer -- same error. However, I can successfully ping 192.168.1.111.
More info:
Routers have latest firmware.
Over VPN I cannot browse network via Windows Explorer (Win7 Network Neighborhood shows only my own PC. In the office I can see the other computer and the NAS appliance "NAS01").
I also cannot connect by entering \192.168.1.111MyShare into Windows Explorer's address bar (although I can do that successfully when at the office), or by choosing Map Network Drive from "Computer".
However, over VPN, I can get into NAS administration via https://192.168.1.3 and I can print to the office TCPIP printer (192.168.1.222)
Recently I'm having issues with accessing local services via external IP. Short description of configuration:
- sub.mydomain.com pointing to my external IP.
- few web services running on my local server with reverse proxy on Apache 2
- firewall on router enabled
- ips on router disabled
- single port forwarding: WAN 80->Lan 443, WAN 443->LAN 443
- accessing my services via sub.mydomain.com/service1, sub.mydomain.com/service2, etc
- I had to create a new rule in internet access policy allowing LAN, any, any to
Basicaly if I go no matter if I type http or https I will be redirected on 443. That configuration has beed working without any issues for a month. Recently I have increased the amount of DHCP users and suddenly it's not working any more. I can still access my services from outside but not from LAN.Restarting router does the trick for a while,sometimes for few minutes, sometimes longer.Enabling IPS is the way to go but then I'm limited to around 22Mbit/s. I have no idea what happend.What I can't understand that it was working, suddenly it's stopped and there are two solutions, either to enable IPS or to restart router?
I have two servers behind the RV180 and a list of ports I would like to open to the public (80, 443, 21, 3389).In that case, I have to setup 8 Access Rules. I am OK in the first time setting up.But later on, if I would like to change the external IP <-> internal IP mapping, I have to change the Access Rules one by one for all related ports.
Does it has a setting for grouping the ports together so that I can set the Access Rules by one time only ?BTW, the summary view of the Access Rules in RV180 is not very clear, I can't differentiate the Rules for different Destination NATs ... I have to click into the details one by one ...
We recently moved to a new office and currently have three ISPs(DSL, SAT, 4G) because we are unable to get Cable nor Fiber services. We have anywhere between 7-20 Remote Desktop connections(with lot of file transfers) and 8 VOIP lines. Basically, we need to bind certain services to specific WAN links in order to make everything work somewhat decent because of the limited bandwidth and/or latency of each ISP.
I would like to double check if the bindings are working for the specific services, and it has been difficult to verify if the settings in the RV016 are working. I believe it's not working 100%, and I need a way to check and make sure that my settings are being followed.
What would be the best way to check the current connections to see if the service is being routed via the WAN link specified in my setting? My RV016 is HW ver 3, but not the latest firmware. Purchased about 2 months ago.
Today I had to reset the router completely to factory default, if I was adding services to the forwarding or UpNp service management, suddenly it stopped adding the new ones.Now after starting all over it's having the same behaviour, see below my services, normally you can have 30 rules in this list but I cannot add new ones now.
Now I want to insert a new service IMAPS for port 993 so I go to service management.Then press "add to list" see below for result.It is there, then press OK and the screen closes, now if I choose a service from the list, it is not there !!
I have 25 of these routers installed behind various providers and transport (DSL, Cable, UVerse). At sites where I have static IP, I can't reach any service inside, and in fact can't even reach the router for Remote Management. At all times the users indoes can do whtever they like, the have Internet access.
At sites where we draw a dynamic IP or use PPPoE, I can reach services and manage the router until a known issue stops the inbound traffic.
we are desperately trying to set a custom password of our WCS database in order to use it for direct SQL queries (Cumbersome over Web surface). To my knowledge there is a way to reset it however this password would be randomly generated and not available in plain text.
Until version 6 there was a feature to directly set a password via the dbadmin command.
whats the difference between custom and standard discovery? There´s a line on the help page: "The Use Policy Configuration Settings radio button will be enabled only after adding a Default Credential Set Policy."The radio button is not enabled although I´ve two default credential sets and two default credential sets policy configuration.
I would like to create custom reports using the Report Designer (Reports -> Report Designer -> Syslog) and filter certain syslogs from being seen when I run the report like permitted ACL entries, 802.1x successful authentications. It seems like there is only the option of displaying what you want to see, not what you don't want to see.
Using a command prompt, how do I discover the internal IP of an unused router, which I set to a custom value and forgot? The router is not currently in use for internet access. I would like to access the control panel of the router without resetting it.I attached my netbook to the router with an RJ45 cable and disabled the netbook's wireless adapter to avoid conflicts with my current network. Using an elevated command prompt, I did an "ipconfig /release", rebooted and ran "ipconfig /all", but the gateway entry is blank. An "arp -a" returns 169.254.190.120 as the only interface. A "netstat -a" returns 169.254.190.120:xx...'s, 127.0.0.1:xx...'s, and 0.0.0.0:xx...'s, but no router internal IP address.Is there a way discover the attached device without resetting?
How to flash a DIR-601 Rev B1 with any of the custom firmwares out there? I've tried all of them this morning and haven't had any luck. I set the router to recovery mode and tried openwrt, dd-wrt, tomato, and gargoyle. I tried with chrome, firefox, ultra simple web browser, and ie 8. Every attempt resulted in "Upgrade Failed". I know Rev A1 is supported by DD-WRT, just sucks newegg sent me a B1. Looks like several other routers run similar hardware, so it's got to be doable.
I try to make custom web-auth bundle for WLC 2125. User authentication from this custom page work fine, but any error messages about wrong login/pass not work.
Is this supported function for custom pages? If yes, could you result a working html-code?
Creating several Inventory-Report Templates via Report Designer I was asking myself how to export/import these templates for use on other systems, performing backup.
I have been tasked with migrating from ACS 4 to ACS 5.3. I havent had any training and so i am finding it a bit different. Currently i have this issue -
I have a group in the ACS 4 for users accessing via wireless on the ACS - Code...
is there a way to have multiple instances of user custom attributes and insert those as multiple instances of the A/V Pair in the authorisation profile in ACS 5.2/5.3 ?Background: We have to migrate a ACS 4.2 to 5.3. In ACS 4.2 our client used the multiline attribute
Number #Name #Description #Type of Value #Inbound/Outbound
[code]....
to specify multiple routes to various networks in the RADIUS reply spcific for every single PPP username of routers dialing in.Using the internal user database, extended by a string attribute and using that attribute as source of a dynamic value in the access-policy works basically. But as I have only ONE single line instance of the attribute for every user, I can only return ONE framed-route.We have lots of cases where multiple routes have to be assigned to one router.I 'd like to avoid defining a seperate access profile for every remote RAS router for external PPP Dial-In...[URL]
Any comprehensive list of custom settings for NBAR V6 that will block most P2P traffic. The built in list seems incomplete. Either that or a way to better block P2P traffic at the router level.
I've installed Cisco ACS 5.3. After I created several internal users (defined password and enabled password), Identiy Groups, Access Polices, Network Devices and AAA Clients (e.g. Cisco 1841) for Radius and configured my Router like this:
... aaa authentication login VTY group radius local-case aaa authentication enable default group radius enable ....
Now I'm able to login successful using my internal User. But if I try to use enable to enter the enable level I'll receive the message "% Error in authentication." when I use the defined enable password.
In the ACS logging I'll can see that "$enab15$" is missing. If I setup a user name "$enab15" I can login to enable level, but what have I to do, to use the custom enable passwords?
Step 1.2 - 1.5 is requiered for both (Radius and Tacacs). Then you have to switch to 2.1-2.7 for Radius or 3.1 - 3.7 for Tacacs authentication.
I have a Netgear WNDR3400 router and I would like to just dabble with it and see if I can't get any more performance out of it. I checked dd-wrt already and it isn't supported yet. Any other place to get custom firmware for my router type?
I am in need of playing a stream (generated by s program like VLC) on more than 3 TV's. The TV's are dumb lcd's with just hdmi connectors (no lan). I thought about getting some media players that I connect to the local network which will then pick up my stream and stream it further to the TV's.
I have a ACS 5.1, My mailing server does not run on standard port number of smtp (25). Need to know if i can customize the port number suiting my mailing server requirement.
we're currently evaluating how we can attach our web based business application to the AD Agent in order to perform Single Sign-On against it. Our users are connecting via VPN to an ASA 5510 which is configured to use our Active Directory for authentication. After access granted the users may access a web server with our business application and should be automatically logged-in there without having to re-type their credentials.
For server load balancing, does the ACE4710 support custom protocols? We'll be using HTTP for server health monitoring, and to determine if a server is up or down. But the client/server application is custom, and includes a lot of non-standard ports. Can the server VIP handle generic TCP connections? For example client1 connects to the VIP on http, but then later client1 switches to using tcp842 (a custom protocol, not http).
Using Custom Reports from Reports> Report Designer> User Tracking to create an end host report we get this error message: the syntax is not valid the system cannot find the path specified.
how to add tacacs custom attribute to ACS 4.2 for Nexus 1000V:shell:roles="network-admin admin-vdc"In the interface configuration I've added new service, service - shell, protocol - tacacs+.In the group settings I've enabled this attribute configuration. And it is not works. Default privilege level is assigned to any user with access allowed.
