Cisco Switching/Routing :: ASA5520 - Commands To Apply NAT On Interface?
Feb 15, 2012
configuration of NAT on an ASA 5520. On the ASA I have 1 x WAN connection and 1 x Internet Connection as well as the Inside and DMZ. I want to translate traffic from certain subnets on the inside (say 10.1.2.0 255.255.255.0) to an outside address (say 1.2.3.0 255.255.255.0). I'm assuming the ASA using the number after the brackets to distinguish what to translate? So if I had another entry with a '2' after the brackets, any of the '1' entries wouldn't translate to this? I have access-lits inbound on the INSIDE interface, I'm assuming these are applied before any NAT and only items allowed through the access-list are allowed to NAT?
I also have an address I would like to statically NAT with a certain port number, how do I do this? After I've configured this, what are the commands to apply NAT on the interface?
View 9 Replies
ADVERTISEMENT
Nov 1, 2011
I've set up my 3560 to do routing. Now, I'm looking for a way to apply acl restrictions to the vlan interface ip address itself.
View 1 Replies
View Related
Aug 20, 2012
I am trying to configure 802.1x wired on a 3560 switch and don't see the required commands under the interface. I am running c3560-ipbasek9-mz.122-55.SE6.bin. I was thinking it might not be available on the ipbase image, but I do have the commands on a 3750g running the ipbase image, so I'm not sure about that.
View 4 Replies
View Related
Dec 27, 2012
recently i removed the squid cache from the 7200 router so that i could apply the Qos on the router my topology is simple i have 7200 with two working interfaces
GI0/1====>LAN
Gi0/3====>to isp and working bgp
have 550 Mega BW from isp . at the rush hour , the quality of browsing becomes worse .i just need a Qos to apply it on the 7200 router so that the priority for my traffic as follow:
1- browsing has the highest priority
2-youtube has the 2nd priority after browsing
3-download & other applications have the 3nd priority.
View 8 Replies
View Related
Dec 7, 2011
Access-group only allows me to set the mode.access-group > mode > prefer > port > int g2/1,Those are the only options available to me, it doesn't allow me to go.ip access-group <name> in or out or access-group <name> in or out.
I realize the commands may be a little off, I don't have a switch nearby. When I get on our 3750 there are no issues, it allows you to apply the ACL the conventional way. I just can't seem to find any way to apply an ACL on an interface on the 6506 though.
View 1 Replies
View Related
Apr 17, 2012
We have an ASA5520 running ver 7.0(8), nat-control is disabled. On the "outside" interface we have a closed network which is publicly addressed i.e. no access to Internet. We also have two Vlan interfaces on a trunk connection i.e. "inside" interface (Vlan7) and "dmz" interface (Vlan802). Traffic from the "outside" to "inside" is statically NAT'd such that the public IP is translated to a private IP when accessing the "inside" interface. However, our OSS servers on the "dmz" interface need to be able to receive packets from the public IP addresses on the "outside" . All is okay with the outside to inside traffic and traffic initiated from the OSS servers on the "dmz" to the outside works okay (snmp gets etc) i.e. the servers receive reply packets from the public addresses of the outside devices.
However, traffic that originates on the "outside" interface (snmp traps etc) which is destined for the "dmz" is actually being routed to the "inside" interface and therefore the public source address is being NAT'd by the static NAT command. The access-list "in_on_outside" has relevant entries to allow connectivity from outside to dmz, we have tried a static nat command (outside, dmz) to maintain the public addressing but this made no difference and also a nat exempt. With ########nat-control disabled - do I still need a translation or NAT exempt for the "outside" <> "dmz" traffic flow, if so how should this look ?
View 11 Replies
View Related
Jan 31, 2013
i want to apply a QOS for my trafic LAN, in my ASR 1001 , the LAN is connected with ge0/0/0 interface and it configured with the service instance to bridge vlan 1 ( i do that for OTV ) i put service policy in "service instance 1" to marking data with ef31 but i noticed that the class "plateform_datacenter" match the trafic and the ACL associate to this class not mach any trafic trafic !
tha policy-map march trafic for Datacenter :
sh policy-map interface gigabitEthernet 0/0/0 service instance 1
GigabitEthernet0/0/0: EFP 1
Service-policy input: MARKING-OTV
Class-map: Platforme_DC (match-any)
[code].....
View 9 Replies
View Related
Mar 21, 2013
I got this 3640, trying to apply a service-policy (output and input), but seems like I do it something wrong...because he only apply the output policy... here the config, I already try to config the service police inside the fa0/0, but is not showed at all, he only show the output, its like I never apply that
View 1 Replies
View Related
Apr 17, 2007
I can not apply the LLQ to ADSL ATM interface. the system take the command with out any error message, but no in the show running config. Any Cisco link can explain this? [code]
View 2 Replies
View Related
Jun 30, 2010
How to configure SSH on a ASR 1002 and apply it to the Management Interface?
View 3 Replies
View Related
Apr 22, 2012
Here is my configuration below , i have upgraded my C-3750 switch IOS from IPbase to IPservices , after upgrading i have tried to apply PBR on my Vlan 4 and failed , when i am tying to apply route-map to Vlan4 the command was taking but i am unable to see the route-map when sh run , i am giving the command as "ip policy route-map TTSL" in my Vlan4 , below is the configuration.
In Vlan2 i have connected one ISP and Vlan4 I have connected one ISP , my local subnets are 192.168.1.x and 192.168.2.x , now i want to route the 192.168.1.x traffic from Vlan2 and 192.168.2.x Traffic from Vlan4 .
sh boot
coreswitch#sh boot
BOOT path-list : flash:c3750-ipservices-mz.122-35.SE5/c3750-ipservices-mz.122-35.SE5.bin
[Code].....
View 9 Replies
View Related
May 1, 2013
I have a 3560G that I cannot apply a policy route-map to one of the VLAN interfaces. I am running up to date software, c3560-ipservicesk9-mz.150-2.SE2 and it accepts the command, but does not show it in the sh run of the interface. I updated to this code as I had seen previously someone said it needed to be version 15 before you could apply route-maps to VLAN interfaces.
View 4 Replies
View Related
May 23, 2012
I´m a IOS CLI fanatic. Its the first tiem that I have to configure a SB switch. Its very confusing, I want setup a voice vlan id as 200. but I don see that this value change when I try to apply the smartport macro to the interface.Its possible change a smartport macro?
View 1 Replies
View Related
Sep 25, 2012
I need to apply DHCP snooping on 4500 series switches working as L2 in my Network. We have external DHCL Server in another location connected with 6500 series switch.
Running EIGRP Configured Voice & Data Vlan both
DHCP Server -------- 6509 switch<----------------------------------->6509 Switch -------- 4500 switch ----------------------------------------------------------Ip Phones.
(ving Redundant) (ving Redundant)
I need to know whether the configuration which I mentioned in scenario is enough for apply DHCP snooping in my network.
View 4 Replies
View Related
Jul 9, 2012
Example config
int g2/24
service-policy output test
#and/OR
int g2/24.10
encap dot1q 10
ip address 10.1.1.1 255.255.255.0
service-policy output test
View 5 Replies
View Related
Sep 15, 2011
I have a 4510R-E chassis with SUP7-E running IOS XE version 3.01.01.SG. I am unable to create a port-channel and apply auto-qos for VOIP.If I configure auto-qos on the physical interfaces, I get this message when I try adding them to the port channel:
"The attached policymap is not suitable for member either due to non-queuing actions or due to type of classmap filters."
Auto-qos is not an available command in the port-channel interface configuration, but if I try adding the service policies that were created by auto-qos to the port channel manually, it lets me apply the input policy but on the output policy I get this message:
"A service-policy with queuing actions can be attached in output direction only on physical ports."
With the input policy applied to the port-channel interface, I tried addign the output policy to the physical ports and I got this message:
"A service-policy with non-queuing actions should be attached to the port-channel associated with this physical port."
Is there a way to get the auot-qos policies applied to the port-channel properly?
View 3 Replies
View Related
Jan 31, 2013
We are replacing two 3750E switches with 4500X using cat4500e-universalk9.SPA.03.03.02.SG.15111.GS2
1. is there a command reference available for this ios - can't seem to find out
2. Im using GLC-T gbics and we normally would set the speed to either 100 or 1000 now that option does not seem to be available.
3. when I entered username etc. I got a message " CLI deprecated soon".
View 1 Replies
View Related
Feb 8, 2012
I do not have the option to run sh mls qos commands. I am trying to look at the cos-map on my 7200 router. The code I am running is c7200-p-mz.122- 25.s9.bin.I also do not see the mls qos command listed globally and it is not an available command in config t mode.
View 1 Replies
View Related
Jul 30, 2012
SSH commands not available in IOS cat4500e-universalk9.SPA.03.02.00.XO.150-2.XO.bin I just recently upgraded to universal k9 as the k9 versions usually include the crypto, shh commands however I still do not have access to these commands, is there anything I must to to enable these?
View 2 Replies
View Related
Oct 11, 2012
I am looking for soem best-practice and useful logging commands on 6500 and 3750 platforms. Some of them I have listed below. Is there any important ones I am missing Also, I need to know what kind of recommended logging level is for buffer and what is loggign level for syslog server?
View 1 Replies
View Related
Oct 6, 2012
We have a 4500x Switch in this ssh commands are not available.its running on (cat4500e- UNIVERSAL-M), Version 03.03.00.SG) IOS XE.
View 2 Replies
View Related
Nov 13, 2011
I've got two routers, Cisco 2911's with 15.1(4)M1 on one and 15.0(1)M5 on another.
I'm trying to set up ip sla for vrrp tracking but the commands seem gimped? I don't even have an option for ip sla <operation number>. All I've got is ip sla responder/server/key-chain.
View 1 Replies
View Related
Jun 7, 2012
I just started a evaluation license for IP Base on my 3850 switches. But i can't configure HSRP cause the commands are not there (I rebooted allready). Do you need enterprise for HSRP on the 3850?
View 2 Replies
View Related
Oct 30, 2011
I have a 3750E stackable swtch and I need to configure neflow on it. Are there any IOS versions that support netflow on the 3750E? Is there any possible to configure netflow on a 3750E? I do not see any netflow commands available on the switch?
View 2 Replies
View Related
Mar 8, 2013
I have a Cisco 2811 router and i want to experiment on the IOS firewall.The thing is, none of the commands that are proposed in online guides - like ip inspect, ip audit, etc. - seem to be working. I just get "unrecognized command" on a router that is supposed to support such features. I'm wondering if it has something to do with the IOS image.
My show version output is this:
Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.3(11)T9, RELEASE SOFTWARE (fc3)
Technical Support: [URL]
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 13-Dec-05 08:24 by ccai
[code]....
View 5 Replies
View Related
Jan 22, 2013
We are upgrading from 3550 - 3560 switches.On the 3550's we have this on each interface: [code] The 3550's wont accept the wrr-queue commands. How to set these on the 3560's.
View 1 Replies
View Related
Jan 27, 2013
I am running a 15.1 or so version of the IOS on a 1921 router. I have plugged in the external PoE injector into the router, and the PoE light on the front of the case is lit green. I have no options in the IOS to enable power on the EHWIC ports. I have most licenses enabled, including data and security.
View 6 Replies
View Related
Sep 15, 2012
What are recommended commands to get input for network documentation (for disaster recovery)?
I've got 6500 with these modules: WS-SVC-FWM-1,
WS-SVC-IDSM-2, VS-S720-10G, WS-X6704-10GE, WS-X6748-SFP and dozens of WS-C3750E-48TD in couple of buildings.
So far I have these commands: Code...
View 3 Replies
View Related
Sep 8, 2012
I want to give limited access to our first level support so that they can execute certain basic commands like, port vlan change, access port shut/no-shut on Cisco 6509 and 3750E switches IOS based. I want to restrict them to only few options so they can not make changes to uplink (TenGig) ports and can not issue reload command etc. We do not have TACACS. What is the best way to achieve this?
View 2 Replies
View Related
Oct 11, 2009
Unable to enter global QoS commands on the 4500E chassis? We're using 12.2(53)SG. If I go to 'conf t', there is no 'qos' command. In the configuration manuals I've seen for the 4500, the following commands seem to be supported:
qos
qos trust dscp
qos dbl
qos dbl exceed-action ecn
qos map dscp 0 to tx-queue 2
qos map dscp 8 10 12 14 to tx-queue 1
qos map dscp 16 18 20 22 to tx-queue 4
qos map dscp 24 26 28 30 to tx-queue 4
qos map dscp 34 36 38 to tx-queue 4
[Code] .....
View 3 Replies
View Related
Mar 6, 2012
I have a problem for config switch sge2000. I can not console mode to get the prompt to type commands
View 1 Replies
View Related
Apr 22, 2012
I went through the configuration guide for 4500 series switches for NSF/SSO for failover between Sup's. I just wanted to know that that are we supposed to run the SSO command on both of the supervisors? Secondly, are we only supposed to run the nsf process under EIGRP on the secondary supervisor and routing peers and not on the primary supervisor?
View 2 Replies
View Related
Dec 18, 2011
I was reading my book when I found :
redistribute ospf 2 external 2
The book says only ospf external routes of type 2 will be redistributed.But when I tried to configure the above command on router, I was not able to configure it; there was no external or internal option available with redistribute ospf command.
Below is the output:
R2(config)#router rip
R2(config-router)#redistribute ospf 1 ?
match Redistribution of OSPF routes
metric Metric for redistributed routes
route-map Route map reference
vrf VPN Routing/Forwarding Instance
<cr>
R2# show version
Cisco IOS Software, 2600 Software (C2691-ADVIPSERVICESK9-M), Version 12.4(15)T6, RELEASE SOFTWARE (fc2)
Do we have such command for eigrp? For example If i want to redistribute only external routes from eigrp into ospf, do we have any command such as :redistribute eigrp 1 external ?I understand there is several ways to achieve to same goal however I am just curious if we could acheive the same goal using single redistribute eigrp command without any route-map.
View 1 Replies
View Related
