Cisco Routers :: SRP547W - Selecting NAT IP From Static Range
Feb 18, 2012
I have a SRP547W which I'm trying to replicate a configuration I had on an old Cisco 847 that recently died.
My ISP has allocated me a /29. The DSL configuration means that the IP address on the PPP session is assigned randomly. I have a mix of internal devices on a private IP range and a few devices with publically accessible addresses. All of the devices on the internal network need to be NATted to a public IP from the range allocated to me.
I can see that I can use the software or hardware DMZ to set up the servers, but I can't see any way to configure the external NAT address.
i see that the wifi on the SRP Freezes. If i am connected via lan, i can still surf the net or connect to another access point on the network and surf. But the wiress devides connected to the SRP loose connectivity even though it shows that the wifi connection is connected. I am running on the latest firmware. this problem has started occcuring only recently
There are a few discussions on this topic but nothing I can find indicated definativley shows that this can be done with this model.I have an ADSL service that came with 1 IP address and then we later purchased an additional 4 IPs (2 usable) for the same service.On our network we have SBS2011 and also a dedicated web server. What I would like to do is forward HTTPS to the web server on our inital IP and then forward https for OWA to one of the IPs on the additional set.Our initial IP is xxx.yyy.104.112 which I would like to forward port 443 to 192.168.0.12 - web server
The additional IPs are :
aaa.bbb.30.24 (Gateway Address) aaa.bbb.30.25 aaa.bbb.30.26 - I would like to forward this to 192.168.0.2 - SBS box aaa.bbb.30.27
I have tried as suggested in other thread setting up a software DMZ that sends public IP aaa.bbb.30.26 to 192.168.0.12. The xxx.yyy.104.112 to 192.168.0.12 works with a port 443 forward fine.
When I do this I cant connect from outside. If I change the port forward on 443 to go to 192.168.0.2 I can get to the SBS box from outside using the aaa.bbb.30.26 address .I have also tried creating a subinterface for the aaa.bbb.30.24 addresses and this also doesnot seem to work. Just I am basically asking for confirmation that this can be done with this model, I have put in the latest firmware.
I've got a network of SRP547Ws connected with site to site IPSec VPNs. But I can't get to the administrator loging page of the remote SRP547s over the VPN. Is there a setting or method I need to use ?
I have looked at the remote administration settings but this appears to be for adminsitration over the WAN interface rather the the IPSec VPN
Currently, I have setup a demo lab with the UC320W + IP Phones and OnPlus Network Agent all connected to a SG300-28P. I have just obtained an SRP547W because I wanted to use the 3G/4G internet connection via the router as my demo lab is an isolated network.Now, I tried to a couple of 3G modem (UMG181) and 4G Telstra modem (MF821) on the SRP547W but none of these work. I had a look at the compatibility tableI guess those modem models are not listed there. However, when I went on say the Optus website to scout for a more compatible model, none of them hit it right on the mark. The matrix says it can support E180 (while Optus has the E188), E353 (while Optus has the E353). I have already wasted my money on getting the earlier stated 3G/4G Modems and I ain't going to take a chance again.
I have an SRP547W hooked up as the office router with the standard office phones connected via the telephone ports at the back of the unit using 2 SIP lines as well as the PSTN by dialling hash first. We have just added a new staff member and bought an SPA303 with the intention of connecting it through registered SIP lines on the SRP547W, and hopefully have the facility to use the PSTN line when the SIP lines are busy.
The problem is, it connects to VLAN100 and gets its IP address and initializes fine however no lines show as configured and it can't make or receive calls. What do I need to configure on the SPA303 to tell it to use the SRP547W as its SIP Server/Proxy (not sure of the terminology).
I've purchased a router SRP547W and I would disable DHCP server. On the control panel I can't see anything about disabling this function. I don't need dhcp server on router and I don't need dhcp relay. My firmware version is 1.2.4_003.
We've run into some difficulty trying to take advantage of multiple WAN IPs in conjunction with the SRP547
What we're trying to acheive is the ability to port forward from our distinct public IPs to different internal servers. Looking at the options under Port Forwarding it looks like we can only configure forwards at the "WAN interface" level, but our problem is that we can't work out how to set up separate interfaces for each of our Public IPs...
Our ISP provides us with a fully managed NTU/router with a single "Internet" ethernet port, which we can use by statically configuring IPs on our end. For this configuration this port has been directly patched to the WAN ethernet port on the SRP547W.
We have been allocated a 255.255.255.248 (/29) subnet, giving us 5 usable IPs after the ISP's gateway address is taken into account, like so: a.b.c.208 Network Address (/29 subnet) a.b.c.209 ISP Gateway a.b.c.210 IP1
[Code].....
I should mention at this point that we're running on firmware version 1.02.01 (023).
Is there a CLI or other method of configuration that might work if the web interface won't?
We installed one of these devices as our gateway a couple of weeks ago, flashed the firmware to 1.2.4(003) and it worked perfectly until this morning where it keeps resetting the ADSL every minute and losing the web interface to the unit.
The log endlessly reports this: Feb 24 11:26:00 SRP547W cron.info cron[8779]: (root) CMD (/sbin/check_gn) Feb 24 11:26:00 SRP547W cron.info cron[8781]: (root) CMD (/sbin/check_ps)
I have a SRP547W that I have configured the following way:
LAN 192.168.15.1/24 VLAN1 LAN 10.10.10.1/24 VLAN10 LAN 10.10.2.1/24 VLAN100 PPPOE ADSL Software DMZ going to 10.10.10.x and another to 10.10.2.x - this is working OK
I now want to use the Advanced Firewall features to block all ports except those that I need as the software DMZ forwards everything. When I try to create the rules I get "the values are invalid" message no matter what I try.
I want to create explicit allow rules, followed by a deny all rule for each of the IP addresses used for the software DMZ
Have I got the Subnet Mask Correct for the Destination IP? Or should it be 255.255.255.0? It doesnt make a difference either way
Policy DetailsNameValueSource IP Address0.0.0.0Source Subnet Mask0.0.0.0Destination IP Address10.10.10.xDestination Subnet Mask255.255.255.254ProtocolAnySource PortAnyDestination Port443ActionPermitScheduleEverydayTimes24 Hours
I have an ADSL connection and have configured the PPPoE subinterface on WAN1 (ADSL) this connection has a static IP, and I know that the ISP gives that to me through DHCP however I have 4 or 5 additional IP addresses also provided to me on that same link, and they are not given to me via DHCP.
How do I configure this router to have multiple fixed IP addresses on a PPPoE interface?
I also need to port forward some ports for each of the IP's but I assume this will be easy after i have the IP addresses setup.
As per the title, I just require 3 to 4 VLANS with inter-VLAN communication enabled.
In the past I have used this router with each port of the internal switch set to a different VLAN, with each in turn hooked up to an unmanaged switch. This has work fine for me but I want to dip my toe in the world of .1q VLANS and gain some added flexibility and neatness.
I have recently purchases a Cisco srp547w for my organisation. It is working fine with one SSID enabled. I have configured everything with no problems using the Web interface. However, whenever I click the Edit button, in the Security column, in the Wireless Table under Basic Wireless Settings I get a pop up message which says :"Some values have been changed. The router must restart the wireless module to take effect.Please wait several seconds" I have tried this using 3 different browsers and get the same behaviour in each browser.
Ive changed the IP address of a laptop to connect to the router with IP 192.168.15.1 but now want to change the router IP address from the defaul to another subnet, so that it is accessable with other workstations on the LAN, but I could not readily find the option to set the Ip address on the router.
I'm signed in with user admin.
I also wanted to add addiontal users. The help indicates there is a User List Add Entry option but from the Administration bar, the left hand menu option shows User Management & User Privileges options. On User Management, it is possible to change the 2 default user names, but I wanted to leve them and create new ones.
I am trying to create a VPN between an SRP547W and a Cisco IOS router, in this case a UC540.I am running firmware 1.2.4 (003) Jan 11 2012. Now I can do this with an SRP527W and many other routers successfully. Including other IOS routers 1801, 1941 etc.
The issue I have is on the SRP547W I cannot create more than one IPSec Policy through a single IKE policy. I require this to route multiple v lans to our remote site. When I try to add an additional IPSec Policy I am give the error "IKE policy has been used by other IPSec policy"
This is possible to do on the SRP527W with latest firmware. I have tried rolling back to earlier firmware but instead I am given an error about overlap. Latest release note for this firmware suggest this issue was already resolved.
The SRP547W supports creating both Wifi Voice and Data vlans.Can I configure a Wifi IP Phone to connect to the SRP547W Voice Wifi Vlan and have the SRP associate it with Line 1 (in lieu of a standard phone connected to the Line 1 FXO port - without additional hardware)?
Today I installed the 1.0.2.6 Firmware on a RV180W. I only have now two problems regarding the Static DHCP support in the GUI.
1. Via the Networking > LAN (Local Network) > Static DHCP I have no buttons to Add a new static Lease. 2. Via the Networking > LAN (Local Network) > DHCP Lease Clients I can thick a Lease and click on Make Static IP. The result is an error: Operation failed.
I have DSL service with AT&T and I have a Motorola 3360 modem. We also have a /28 network of static IPs from AT&T. When I login using PPPoE on the modem it gets x.x.x.190 as it's address. Our range is 177-190. I have two ASA 5510s in an active/passive failover configuration with the Ethernet port of the modem and one interface of each of the ASAs on a dumb layer 2 switch.
I want to setup this DSL connection as a backup to our main Internet connection. I cannot figure out what setting on the DSL modem to use to make this happen. I know I cannot use PPPoE in a failover setting so I can't have the modem in bridged mode. There is some mode where it passes the 190 address to the connected device and when I plug in a PC directly to the modem and set it for DHCP it does get 190 as it's address. So do I configure the ASA interface as 190 with one of the other addresses as it's standby? What do I set my route on the ASA to for use of this connection? Can I then make use of these other static addresses when plugging other devices into the layer 2 switch?
I wanted to move to the cisco arena, and having a bugger of a time figuring out simple nat/pat rules combined with access lists. I've been reading Richard Deal's Cisco ASA configuration book, googling the heck out of this simple problem and can't see what I'm missing.
I have an ASA 5505 unlimited security plus license running 8.2(3) and a simple network, 192.168.0.x internal, 192.168.3.x dmz (not even touching that yet!) and outside I have a /29 subnet of addresses, 25 is the gateway, and 26-30 are my addresses.
I have simple dynamic nat set up on the .26 address to nat to 192.168.0.x. All I'm trying to do is port forward a simple tcp port I set for my linux server (192.168.0.2) on the inside, for arguement's sake, it's 2222 (it's not really). My outside vlan 50 is X.X.X.226 255.255.255.248 , can I make a static nat (inside,outside) x.x.x.226 192.168.0.2 netmask 255.255.255.255 ?
I tried using (inside,outside) x.x.x.230 192.168.0.2 netmask 255.255.255.255 and that didn't work either. Is it not possible to use two external addresses to hit the entire /24 range AND a single server?
My access rule for this nat is permit tcp any 192.168.0.2 eq 2222 (where I'm using 2222 for my ssh port). then I apply that access list to the access group interface "outside".
I thought the outside interface would do a proxy arp (since I do not have the sysopt noproxyarp command) for my 227,228,229, and 230 addresses where .226 is my internal nat for all my internal machines i.e. 192.168.0.1 -> x.x.x.226 . I had this working like a charm before with my fortinet, so I know I have systems listening.
Region : Australia Model : TD-W8960N Hardware Version : V4 Firmware Version : TD-W8960N_V4_130205_Beta ISP : TPG
I have an Optus Home Zone (mobile cell tower) that requires ports open.
Port 123 UDP 500 UDP 4500 UDP
I have assigned the Home Zone a Static IP outside the DHCP range and set the above Ports on the NAT, Virtual servers to that IP address.
I have used nmap to scan the ports and it provides open/filtered status for all of them.
Here is the kicker for me, i use a DGN3500 netgear (which keeps dropping WiFi hence its replacement) and enter the ports and it works straight away. Un plug and put the Tp-Link and nothing.
I use Eset Smart Security, could that be the problem?
I'm installing a new SRP547W for a client and am having trouble setting up a site-to-site vpn. They are using the WAN1 ADSL interface for their internet connection. When I add a sub interface to it I am unable to see the 'Connection Type' drop down like I can see on a WAN2 ethernet sub interface. I have followed the instructions on page 29 provided here: how I can get a a site to site vpn set up on this router using either PPTP or L2TP over the ADSL interface.
Trying to select a router that will work well networking a computer with a nettalk duo, on a limited bandwidth connection: .3/3Mbps up/down. From what little I've been able to find on this, QoS bandwidth control seems critical, yet the list of recommended routers from Nettalk seems to favor routers that don't have this feature. On the other hand, the list apparently hasn't been updated in a year and a half.
I am researching routers for a large emnterprise application, and their useability as firewalls. Also, is their one that is considered to be better over another?
I would like to upgrade my older router to a new one that I can connect my laser printer and storage via USB. I was looking at the Belkin N750, but it seems to get bad reviews. Is there another router that someone would recommend that has 2 USB ports (one for printer and one for storage)?
I look after 5 sites in total.All sites are connected together via MPLS. Two of the sites, HQ1 and HQ2 are also connected together via 1Gb Metro so traffic is just switched between the 2 networks.EIGRP is fed into BGP to pass the routes between the sites with all sites in the same EIGRP AS.
All sites are configured with the same AS number (55555) and connect into the same service provider network so each site is connecting to a neighbor in the same AS (444).
I want all incoming traffic from the 3 sites to come in through HQ1 always. Can I influence the service provider's network to make sure this happens? Is this done via "set local-preference 20" on my side or do I have to get the service provider to make changes on their side too.
I recently got a cable modem. It is Netgear CBC-382d1. It has one ethernet port and no wireless.I have 3 laptops (one will be using ethernet not wireless), 2 iphones, 1 ipad and a PS3 that needs to go online. All but one laptop are wireless. Which 300 Mbps wireless 4 port ethernet router is recommended?
The problem is.....When I log in, the client does its start-up bit, and then displays a "This certificate is intended for the following purpose(s):" message. If I decline the certificate, it gives me the error message shown in the image, but I can otherwise continue and establish my VPNs with no problem.
Unfortunately, the certificate it selects has nothing to do with my organization ( in fact, the certificate is for "*.whitepages.com" - see images). To make matters worse, I can not find this referenced certificate anywhere under my user context in Windows.
I have tried removing, rebooting, and re-installing - it does no good.How do I force the client to stop using this incorrect certificate, and to at least use one that belongs to my organization?
I am having anyconnect version 3.1.03103, windows7 & 8 and asa 5520 (8.4). I have gone through alot of work to solve this issue but it not hapening. On clientless ssl vpn it prompts me for manual certificate selection but on anyconnect client it is not. profile configuration is mentioned below. In the highlighted line below i have changed UserControllable="true" still no results.
