Cisco Switching/Routing :: 2601X / NAT Translations DHCP And Access To Internal Servers
Jan 19, 2013
I'm using a 2601X router connecting to a broadband connections. The following NAT connections is working but I need to do NAT exemptions to set up my VPN appliance on the DMZ. I see a lot of documentation on how to use a pool of public addresses to do that, but I only have the one dhcp address from my isp.
!
boot system flash:c2600-adventerprisek9-mz.124-25d.bin
!
!
!
interface FastEthernet0/0
[code]....
View 5 Replies
ADVERTISEMENT
May 1, 2012
I can't seem to find any info on how to configure 2 DHCP server pools on a C3750, to use with 2 user vlans. The purpose is that users in vlan 1 should get an IP address from DHCP server1, and users in vlan 2 should get an IP address from DHCP server2. Both DHCP servers are configured in a stack of C3750 switches, which acts a a L2 switch.
View 2 Replies
View Related
Apr 1, 2012
Do you have the ability to setup DHCP servers on this layer 3 switch? I know I can with my old 3550 switch. Want to upgrade and make sure this model supports setting up dhcp servers on it.
View 3 Replies
View Related
Apr 3, 2013
I am having some trouble accessing some backup Email (Outlook Web Access) and Citrix servers located behind an ASA 5505 firewall at a remote datacentre. Simply put, when I go to the specific URL (e.g. [URL]) I do not arrive at the splash page, I just get a message saying that the server took too long to respond in the web browser. I'm wondering whether I have missed something on the configuration or the firewall itself is not letting my requests through. The remote servers are located at a remote Disaster Recovery site and use the subnet 192.168.4.0/24. I am at head office which is connected to the DR site via a VPN using 192.168.1.0/24.
[Code] .....
View 2 Replies
View Related
Oct 13, 2010
I recently cut over from a WRT54G to a RV120W. I am having an issue where I type [URL] (for a server running on my network) in my web browser while on the internal network and it always comes back with the router login page. Basically it is supposed to go out of the router and then come back in on the public IP address and hit that server. There was a function on the WRT54G called "Filter Internet NAT redirection" which when turned off would allow this to happen. I am not seeing a feature like this on the RV120W
[URL]
View 29 Replies
View Related
Jan 26, 2012
I have an 891W router that requires a firmware update to fix a bug wth the internal AP where all you get when accessing it via the CP Express ("Launch Wireless Application", which is just opening another web browser to your AP) is an Enter button. This issue seems to be common so I found a thread, though for the 881W (but same process) where the fix is to update the AP's firmware.
So I downloaded ap801-rcvk9w8-tar.124-21a.JY.tar from cisco.com, set it up in my tftp server, and at the console ran the following from the router:
Router#service-module wlan-ap 0 session <enter>
This brings me to the AP.
I then type in:
InternalAP#archive download-sw /force-reload /overwrite tftp://192.168.0.71/filename.tar <enter>
It seems to go through the process of re-imaging the fw but the end result now after it is done is that I cannot access the ap at all and the hostname has been screwed up. So now when I go to the AP (via Router#service-module wlan-ap 0 session <enter>), this is what I see:
AP6400.f177.d0ee>
If I type "enable", I get no username prompt but I do get a password prompt, however my pw no longer works. Also the IP address of the AP (192.168.0.2=) is no longe rpingable.
I did save the log of the console session for the (failed??) firmware upgrade process - the only odd thing I recall was that it seemed like it was trying to enter part of the update process commands but instead the router was interpreting them as a DNS lookup or something. Kind of stupid process it seems but anyway I am quite lost. Don't know what it'ssuch a challenge to update firmware.
View 9 Replies
View Related
Oct 31, 2011
i cant resolve one problem in may 1921 isr router, i have a web server in my internal lan , i set up static nat for accessing that web server from outside and it woks fine but i cannot view that site from internal workstations can you suggest me what to do. as i know when request gets to router it performs static nat and sends packet to the web server, but the server responds with its private source address instead the public address witch workstation expects and connection cannot established.
View 3 Replies
View Related
Dec 7, 2012
Need to Have both ISP to access internet/servers configure a Cisco 2911 router, It has two ISP one as primary 216.140.140.0, and secondary for backup as 216.150.150.0. I need to be able to access both the ISP's using the same interface Gi0/1. Since we have servers that have to have specific IP both when accessed and when accessing the internet so I used static Nat for the servers and Dynamic for all others. I did the following configuration but it does not work as i want it, if i unplug the Primary ISP from the unmanaged switch the secondary cant access the Internet or network.The secondary only works when the primary and secondary are both connected and have an equal cost Administrative distance, hence it is not available when the primary is down . Even though I can use a sub-interface instead of a secondary Ip address (which worked when I used it) I need to use the same interface using a unmanaged switch to which the outside interface of the router is connected and the two ISP's. Below is my configuration.
interface GigabitEthernet0/0
ip address 10.0.0.254 255.255.255.0
ip nat inside
[Code].....
View 1 Replies
View Related
Apr 24, 2011
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
View 10 Replies
View Related
Dec 24, 2011
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
View 1 Replies
View Related
Jan 27, 2013
i have to Bridge the AP to VLAN1 which has the DHCP pool. For some reason when I try to do this from iOS console it tells me that gig0 is not a bridgable interface. I am newb to Cisco iOS (24 hours new ). I got the Cisco Configuration Professional working and would like to fix my issue through there if possible? why my AP wont get anything but APIPA addresses?
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 13 Replies
View Related
Sep 24, 2012
we've an infrastructure were the Access is based on Cat3750G Stacks connected to both Cores using L3 connections.On the Access Switches are implemented the following features DHCP Snooping, IP Source Guard and Dynamic ARP Inspection and all is working fine since years...the DHCP Servers are on a dedicated stack which act as a SFarm.
On the Access Switches the port configuration is the following:the Uplink Ports to both of the Cores are configured in TRUST for DHCP Snooping and ARP Inspection the Access Ports, where the end-device are connected, are UNTRUST for DHCP and ARP Inspection with IP Source Guard Active Right now I've to add a new L2 switch on one of the Access Port and I'm wondering if this is possible since I've to keep on the Stack Access Ports all the security feature active and I've also to implement DHCP Snooping on the new L2 switch to avoid rouge DHCP Server...
I suppose that the uplink to the L2 switch on the Stack Access Switch should be left as it is connected to an end device...but the uplink port on the L2 switch should be set up as TRUST...isn'it? Keeping in mind that I want to implement DHCP Snooping also on this L2 switch to avoid that Rogue DHCP Servers will impact the end-device connected to this L2 switch...is this scenario possible??? or I can't do that and should leave DHCP Snooping only on the Access Stack.
View 2 Replies
View Related
Feb 27, 2013
I have a Cisco 2951 Router and I am trying to set it up to use DHCP and for security purposes I need to use the "IP Access-Group in" command. The DHCP will not work when I have this command on the interface that I need to run it through, DHCP works fine when I do not have the "IP Access-Group in" command in the configuration. When I check the log after the failed DHCP attempt it shows up as denied, as if it's being blocked. The IOS I have is c2951-UNIVERSALK9-m 15.0 (1) M3. Conf Reg 0x2102.
View 6 Replies
View Related
Nov 11, 2012
I have some DHCP trouble since I subnetted my network with a 2921. My clinets are in 172.16.2.0/23 and DHCP servers are in 172.16.5.0/24.Sometimes, randomly I guess, I get NACK from my DHCP server, and if I look into DHCP logs I got something like this:
15,11/09/12,09:52:27,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:28,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:29,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
[code]....
View 6 Replies
View Related
Apr 3, 2012
Have a client wanting to hand out public ip addresses to all clients from a PFSense Firewall terminating the internet connection.
How do I allow the Cisco Switches currently in place, configured with private ip addresses in the 10.10.x.x ranges and Vlans, where the main 3550 layer 3 has defined dhcp scopes for each vlan, to relay dhcp requests from all vlans to the PFSense firewall?
I assume I would take off the currently defined dhcp scopes for the vlans and configure each vlan/switch with the ip helper address and specify the PFSense firewall and that Nat would have to be disabled onthe firewall?
View 1 Replies
View Related
May 26, 2011
i am trying to use windows server 2008 R2 as a host machine, and i will be using windows server 2008 R2, and windows server 2008 serverCoreR2 as guest virtual machines. I have two NICs on my computer, and my computer has the memory, the hard drive space, and the cpu to handal this.
View 1 Replies
View Related
Mar 26, 2013
Cisco ASA 5510 directly facing the internet on E0/0 (1 Public IP only) with internal LAN on E0/1. Exchange 2010 OWA working fine with ACL and NAT rules configured.Problem:
•1. Cannot publish internal web servers to outside, have tried PAT.
•2. Have multiple web servers to publish with all on one protocol (HTTP) to a single public IP which I don’t know if it’s possible on a ASA.
•3.When SSL VPN is configured with Local user database, connecting from Anyconnect client gives a certificate error. Upon viewing the certificate it points to the internal mail server.
View 7 Replies
View Related
Sep 18, 2012
I've tried a bunch things but it didn't work, I'm about to gave up! :-/
I have the following scenario:
ASA5510 - v8.3(2)
Interfaces
ETH0/0 = outside = 189.xxx.xxx.129
ETH0/1 = inside = 10.xx.1.15
[Code]....
What should I do to get the SIP and 8080 port working on my Public IP, likewise just as access from my browse the http://189.xxx.xxx.129:8080 and get through directly to my internal server 10.xx.xx.61 ?
View 5 Replies
View Related
Oct 25, 2012
I have a cisco ASA5505, it runs a wide site to site VPN network and has 4 servers connected to it
10.50.15.4 > fileserver
10.50.15.5 > domain controller (exchange)
10.50.15.6 > terminal server
10.50.15.7 > terminal server
Now yesterday i removed 10.50.15.6 and replaced it with a new terminal server with the same ip address, ever since the ASA is blocking traffic between it and the domain controller (example)
2Oct 27 201214:51:0510600710.50.15.655978DNSDeny inbound UDP from 10.50.15.6/55978 to 10.50.15.5/53 due to DNS Query What has me baffled is the only thing different between today and yesterday is the new server is windows server 2008 and the old one was windows server 2003. The new server has the same LAN ip address as the old one to make the changeover seamless for the users.
why all the sudden my ASA has decided to block the traffic between those machines? all the other machines can talk to it fine just not the domain controller, and seeing that this is a terminal server naturally you can see the problem i face!
this router has worked flawlessly for 2 years now without any config changes and i cant work out why its blocking traffic between those 2 machines.
View 15 Replies
View Related
Dec 19, 2011
I am implementing a guest wireless network to work alongside my internal network. The guest network will use the existing switching network and will be separated by VLANs. I have the ASA set so that traffic can get to it and out to the Internet. I can set up a workstation on the same VLAN as my guest network and can route inside my network (strictly doing this for testing purposes). Where I am having problems is with the Catalyst 4506 switches and the ip routing. I had two separate "ip route" statements defined on my switches.
ip route 10.200.2.0 255.255.255.0 10.200.2.254
ip route 0.0.0.0 0.0.0.0 10.100.100.254
I have discovered that the traffic is always following the default route despite the fact that my IP address on my test workstation falls in the 10.200.2.x network. I was looking at documentation and found that it is possible to set up policy-based routing on the core switches. Can you have two "ip route" statements defined like this to segreate traffic or do I have to use PBR for routing (or a combination) in this case? If I define PBR then how does that impact my existing routing? I need to make sure that I can still route the existing traffic while I'm configuring this change.
View 9 Replies
View Related
Sep 20, 2012
I just moved from a Linksys wired router to the Cisco EA2700 wired/wireless router.I have three web servers on my network that serve up content via standard web URLs. For example, pretend www.domain.com pointed to the WAN side of my EA2700. Port forwarding routes port 80 traffic to the server, located on an internal, private IP (ie, 192.168.1.21).All works well when accessing these servers from outside my network (I checked this via my mobile broadband connection). But when I'm on a workstation internal to the same network as the servers, I cannot connect to the servers via the web URL. Of course, I can hit them via the IP or an internal-only DNS network entry. For example, when on 192.168.1.55 on a desktop machine, and I type the URL in the form www.domain.com, it just hangs and times out. I was able to do this on the old Linky router. Traffic should go stop at the router and be re-routed back internally to the port-forwarded server - but it does not.
I have to route properly via the web URL and not the internal DNS name or IP addy, as I am running virtual web servers on IIS on one of the servers.Is there a setting I failed to set on the EA2700?
View 6 Replies
View Related
Dec 5, 2012
Since the power failure two days ago, my -ASA stops forwarding traffic to internal servers, for no apparent reason. Packet trace shows all OK, packet capture buffer stays empty when I try to http into the mail server. The only way to get it working is to change the Outside Ip to the one used for mail, then to change it back. It will work OK for a few hours, then stop, with nothing obvious in the logs.
View 2 Replies
View Related
Jun 13, 2012
DHCP conflict on 881-W with the internal AP?I have (12) 881-W chassis in the field. They are running DHCP services to the wired users as well as to the internal AP for reachability / management / etc. The scope for the internal AP is a /30 so only one address is in the scope and it is intended for the internal AP. This serves a a point to point link between the internal AP and the internal Router inside the 881-W chassis.
Somehow the 881-W DHCP server is getting out of synch and a conflict is occurring. It seems at some point, either at boot-up or lease expiration/renewal, the DHCP server is performing a ping to verify that the address is not in use. The AP has this address assigned prior and replies to the ping causing a conflict. I noticed an AP down today, checked the 881-W uptime and the conflict correlates to the same time. I have to manually clear the conflict and everything works as it should.The existing 12 881-w's could grow to 100's over time, so the manual intervention of clearing the conflict is not going to scale. I really want to stay away from static reservations.
View 1 Replies
View Related
Feb 24, 2013
We have:
ASR1000-RP2
ASR1000-ESP40
ASR1000-SIP40
SPA-10X1GE-V2
SPA-10X1GE-V2
!
Kiwi Syslog Server
ASR performs the function of ISG. The number of subscribers until 10000. This number is constantly growing. Because of the economic address space subscribers surf the Internet through NAT.
Now the task to keep logs of all translations or binds. Need to store the information about what time, certain internal IP address using the external IP.
I've tried:
!
ip nat log translations syslog
!
logging trap debugging
logging host xx.xx.xx.xx transport UDP port xxx
no logging console (so as not to load the CPU)
!
Error stopped publishing but logs do not come. I think of the huge number of translation per second, it can not send them as fast. How can this problem be solved or otherwise obtain and store information about a translations?
View 1 Replies
View Related
Jun 9, 2011
My computer won't connect to any of Google's servers. ANY of them. Gmail, docs, reader, nothin. I can visit youtube, but I cannot get to the log-in page. EVERY other site works pretty well. Heck, even using a site that uses a Recaptcha it doesn't load the recaptcha!Nothing wrong with my hosts file.
Tracert results in 6 successful hops and then times out (I think at my ISP?)
the last 2 successful hops are
chnddsrj01-ae2.0.rd.ph.cox.net
And then
langbprj02-ae2.rd.la.cox.net
Then all time outs
My other PC is connected to the SAME wifi network right now, and I'm posting from it, and it works fine. Both are on XP. Reboots haven't worked. Happens on all browsers. Every other website I can find is just fine.
View 9 Replies
View Related
Dec 1, 2011
I have received a sup720-3B from Cisco with an internal 512MB flash(sup-bootdisk). I want to verify what IOS image is on the disk and do not have an spare 6509 chasis. Can I remove the 512 MB flash disk and insert it to my disk0: on my production 6509 with the sup32 that the 720 will repplace and view what is on the disk without corrupting?
View 7 Replies
View Related
Nov 3, 2012
I tried to upgrade the IOS on my internal AP and now I am in a reboot cycle. I have tried to manually boot the old and new IOS images from the rommon but neither are working. here is the output I am getting:
ap: dir flash:
Directory of flash:/
2 -rwx 6563840 <date> ap801-k9w7-tar.124-21a.JY.tar
4 drwx 256 <date> ap801-k9w7-mx.124-21a.JA1
152 -rwx 548 <date> env_vars
153 -rwx 2775 <date> cpconfig-ap801.cfg
154 -rwx 2775 <date> back_up.txt
155 -rwx 3763 <date> config.txt
[code]....
View 2 Replies
View Related
Aug 22, 2011
The two controllers are having two internal DHCP servers with the same range in LAN (enx1,enx2). but i have specified which is primary DHCP server(enx3) in WLAN interface.
Now if a new user added into network, will he get IP address from primary dhcp(WLC) or AP connected WLC.
if two users connected to 2 diff AP's which are connected to 2 WLC will get the same IP address? since having same address pool configured.
View 11 Replies
View Related
Apr 7, 2013
This isn't a big deal as the rest of the ACL works fine, but this is an annoynace since the web auth redirects to our company website (internal for now) after successful login.We have a Cisco WLC that provides access to our production and guest wireless environments. The guest environment of course is in a separate vlan (10.10.50.0/24). So I created this ACL:
access-list 107 permit udp any host 10.10.2.13 eq bootpc <----internal DHCP server
access-list 107 permit udp any host 10.10.2.13 eq bootps
access-list 107 deny ip any 10.10.0.0 0.0.255.255 <---all internal networks
access-list 107 deny ip any 172.28.16.0 0.0.0.255 <----DR Network
access-list 107 permit ip any any
int vlan 50
Desc "Guest wireless network"
ip access-group 107 in
This ACL basically gives the wireless guests access to an internal DHCP server and full access to the internet. For the 10.10.50.0/24 scope, the DHCP server assigns Internet DNS servers and my rationale is that wireless clients would access it via the external IP address but I suppose it doesn't work quite like that with the website being behind the same router as the client machines.
View 1 Replies
View Related
Sep 6, 2012
there is something I find strange on C6500 about QoS: C6500 derive an internal DSCP value for it's internal use, but when configuring the qos mapping on output interfaces, only a cos value (I guess, an internal cos value) can be used. Is it a misunderstanding from me, or is it really illogic?
View 2 Replies
View Related
Mar 20, 2013
I have an internal DVR system that I am trying to share to the outside world. We recently put in an ASA5505 and I am having trouble getting the settings correct.I want to use an external IP to access the DVR system from anywhere and have my ASA5505 redirect the traffic to the internal IP address. I assume I need to use a NAT and a route policy however can not figure out how it would be.
View 11 Replies
View Related
Apr 28, 2012
How can i route internal VLANs on a 3750X , my current network its small ( about 8 -10 subnets) so i dont wnat to add overhead using maybe dynamic protocol , My scenario is my stack of 3750X ( 2 switches) will be my CORE SW, i will have 2 stack more (2960S - 4 switches ) and it will connect to the 3750X with a trunk port etherchannel each link connected to a different switch, ( i was planning to use a L3 routing in the 3750X but not sure how it will works )
My core SW 3750X it will be connect with a firewall for aVPN , by a Layer 3 interface (using a static or dynamic protocol)
View 2 Replies
View Related
Nov 25, 2012
I am wondering if the folowing is a valid configuration:
WLC2504
AP2600
I need 3 SSID/VLAN, 1 for corporate devices, 1 for coporate smartphones, 1 for guest.
Port 1 on the 2504 should be used for management and corporate devices and connect to the corp network. Port 2 is for smartphones/guest and will be connected to a Cisco ASA 5515 that is connected to a second ISP.
Corp devices should get IP from an Windows DHCP. Smartphones/guest should get IP from the WLC. Is this possilbe? I read this in a document "To use the WLC as a dhcp, you need to enable DHCP proxy as it is required." Some how I am imagining that this will mess with the Windows DHCP. Is it better to use the ASA as DHCP for smartphones/guest?
View 4 Replies
View Related
