Cisco Switching/Routing :: NAT Multiple External IPs On RV180?
Dec 25, 2012
how to properly route multiple external IPs to internal ips assigned to several servers. Where I'm getting a bit lost is that I have two levels of routing - one from the outside into a comcast business class cable modem, which also creates its own internal network. Within that internal network, I have my RV180 router, which creates another separate internal network in which the servers live (don't want the servers to have access to other computers within the Comcast Modem's internal network). I want to map the external ips to servers within the RV180 second level network.
To diagram:
Comcast Cable Modem
/
RV180 Computer(s)
/
S1 S2
An internal IP is assigned to the RV180 router. Suppose it is 192.168.1.100.
The cable modem itself supports NAT as well. Do I use NAT twice (on both cable modem and RV180) to route the external IP to S1 and S2?
Or do I modify the routing table on the cable modem? Then use One to One NAT on the RV180 to map the external IPs directly to the internals?
View 2 Replies
ADVERTISEMENT
Mar 24, 2013
I have setup a new RV180 and it appears to be connected to the WAN, however, I cannot ping the external IP. In some of the documentation, there are references to default access rules, however, there does not appear to be any rules setup. What other settings need to be made to allow the firewall to be pinged on the WAN interface?
View 1 Replies
View Related
Aug 30, 2012
I need to connect three sites. I also need to support some roving PCs connecting to the sites via VPN. With the RV180, can I support multiple ptp vpn connects between them, and at the same time, have the roving PCs connect to the RV180s.
View 0 Replies
View Related
Nov 10, 2012
I purchased the RV180 to replace a dead Linksys BEFVP41 to connect a home office to HQ. The Linksys was configured with three IPSEC tunnels to connect to three different subnets all through the main HQ gateway. Note that each tunnel is independent with its own pre-shared key. I can configure the same tunnels on the RV180, and each one works correctly, but I can only get one to run at a time. I have to disable the other two. Enabling a second tunnel results in the No phase2 handle found error. I could not use the Basic VPN setup as it complains that the remote endpoint is already in use. I had to use the Advanced VPN Setup to create the IKE and IPSEC policies. In a different discussion [URL]
View 3 Replies
View Related
Mar 9, 2010
Is it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.
View 5 Replies
View Related
Jul 19, 2012
I have an SG300, configured with several VLANs. I'm replacing a E3000 with the RV180, I've got it in the environment, but I can't seem to get to the internet from hosts on the SG300.
I have Port 4 on the RV180 connected to Port 20 on the SG300...Port 20 is in the native VLAN (VLAN1) and VLAN1 is configured as a trunk. I'm relatively new to networking so I'm not sure where to start troubleshooting. I have the default route on the switch and I have the static routes for the VLANs on the router, should I be using tagging someplace?
View 3 Replies
View Related
Aug 2, 2012
I have a client that needs a VPN with multiple network address ranges on the far end of the IPSEC tunnel. Is this possible with this RV180 unit?
View 1 Replies
View Related
Jul 11, 2012
I have an rv180 and I'm trying to setup a custom service that contains both multiple disjoint ports (some UDP some TCP), as well as a TCP port range. This has lead me to a couple of questions.1) Is it even possible to have a single custom service with disjoint ports? Is it just going to be necessary to define multiple partial services for this?2) Is it possible to forward a range of ports? It's clear how to define a service with a port range, but the port forwarding table interface only allows me to select one LAN-side port for any service. Is there a secret notation that I need to do here that will just forward to the same LAN-side port as the WAN-side port---effectively one-to-one NAT forwarding, but just for the selected service?
View 8 Replies
View Related
Dec 26, 2011
We have a working config with 1 external IP, we need to a second webserver (https) and it should be routed via a second public IP address. I already tried some suggestions from the community but haven't been able to find the solutions.
xxx.xxx.xxx.194 is going to the internal IP of 192.168.60.1 for OWA (https)
xxx.xxx.xxx.195 should go to a new webserver on 192.168.60.3
both server should be connected using SSL This is the current configuration :
ASA Version 8.3(1) !hostname fwdomain-name domain.localnames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.60.250 255.255.255.0 !interface Vlan2nameif outsidesecurity-level 0ip address xxx.xxx.xxx.xxx 255.255.255.0 !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone CEST 1clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00dns server-group DefaultDNSdomain-name domain.localobject network obj_any subnet 0.0.0.0 0.0.0.0object network NETWORK_OBJ_192.168.70.0_26 subnet 192.168.70.0 255.255.255.192
[code].....
View 3 Replies
View Related
Oct 16, 2011
I have been looking over the manual for my rv016 but cannot find the information I need.
I have 4 external ip addresses that I need to be able to forward to specific internal ips.
A couple of the external addresses will be forwarding with the same ports so just simple port trggering or forwarding will not work.
Can this be accomplished with the rv016 or do I need to look at another device?
View 4 Replies
View Related
Nov 18, 2012
We have a Router with one External IP and a couple of VLANs. We have got a Teleconferencing Unit that needs almost every port known to man to work, so decided to get the unit its own External IP.
We have the IP now and how to get it in the router and then also to use it only for the Video unit (From outside straight through to Video).
Im comfortable adding lines to the router but just don't know what the lines should be.
The new IP's purchased are 116.199.222.200/30 (Only need to use one address, lets say 116.199.222.200). No idea what the subnet mask should be...
The router config below stripped of irrelevant stuff:
interface FastEthernet0
no ip address
!
interface FastEthernet1
[Code]......
View 11 Replies
View Related
Jan 24, 2012
Can operate simultaneously multiple external DB in ACS 4.2?Mutiful External DB server is AD and Token server
View 1 Replies
View Related
Feb 7, 2012
We currently use ACS 4.2 for authentication of corporate users who are accessing the network in 2 different ways:
1) VPN client (via ASA5510)
2) Wireless (EAP-PEAP)
For all users who currently access the network via either of the above 2 methods, the Password Authentication under User Account settings in ACS is set to query an RSA SecurID Token Server.
We would like to try achieve the following in ACS:
IF an access request comes from the ASA (VPN clients), THEN we would like the user's password authentication to be handled by the RSA SecurID Token Server as it currently is. IF an access request comes from the Wireless LAN controllers THEN we would like to use EAP-TLS authentication. (We are aware that we would obviously need to configure the WLC, clients, PKI infrastructure etc accordingly for eap-tls).
View 1 Replies
View Related
May 23, 2011
I have an existing pair of PIX 515E that has two interfaces. One connected to the public internet via my ISP and one internal.
I recently ran out of IP's and had the ISP route an additional block to public IP of my firewall. This isn't working for some reason and I'm trying to figure out why.
The "ip address outside XXX" command defines the outside address and I don't see any way to add a secondary sub net.
I tried just adding a rule to the firewall for one of the IP's in the new subnet, but I can't seem to get traffic to pass though the device.
View 1 Replies
View Related
Mar 5, 2013
I have a little problem with a redirection. When I type my external ip, I am directly connected to my Cisco 861 ( through port 80 (HTTP))
Even if I do a factory default, I always have the same problem. I try to make another redirection on another internal ip , but always same problem...
View 7 Replies
View Related
Oct 6, 2011
if possible with the RV042.Primary External IP address uses port forwards for some ports, all okay.I would like to have other external ip addresses assigned to machines on my lan.Basic host multiple web servers, on different IP addresses, using port 80. [code]
From what i am reading, it looks like the RV042 can do this, but I am not real clear what my rules should look like.
I would think my high priority rule for each external IP address would be to deny all traffic first for each machine on the lan.Then create one entry with source 202.x.x.2 port 80 -> 192.168.168.2 ?
How should I set my rules to do this, and what settings should I have on the Nic of the second machine?
View 3 Replies
View Related
Oct 18, 2012
Due to special circumstances we have 2 ISP links on an ASA5510. I am trying to terminate some L2L VPN tunnels on one link and others on the second ISP Link, eg below:
LOCAL FIREWALL
crypto map outside-map_isp1 20 match address VPN_ACL_Acrypto map outside-map_isp1 20 set peer 1.1.1.1crypto map outside-map_isp1 20 set transform-set TS-Generic
crypto map outside-map_isp2 30 match address VPN_ACL_Bcrypto map outside-map_isp2 30 set peer 3.3.3.3crypto map outside-map_isp2 30 set transform-set TS-Generic
crypto map outside-map-isp1 interface ISP_1crypto map outside-map-isp2 interface ISP_2
crypto isakmp enable ISP_1crypto isakmp enable ISP_2
route ISP_1 0.0.0.0 0.0.0.0 1.1.1.254route ISP_2 3.3.3.3 255.255.255.255 2.2.2.254
Establising the VPN tunnels in either direction when using ISP_1 works fine establishing in either direction from remote access users and multiple L2L tunnels (only showing one for example).
On ISP_2
1. Peer 3.3.3.3 device establishes a VPN tunnel, but the return traffic does NOT get back to devices on 3.3.3.3 tunnel.
2. The local firewall does NOT establish a VPN tunnel going to 3.3.3.3
It would seem to indicate that the problems lies with this multihomed firewall not directing the traffic correctly to either return down and establised VPN tunnel (point1) or to intiate a tunnel if none exists (point 2).
Reconfiguring the VPN tunnel peer for 3.3.3.3 to be on ISP_1 of the local firewall, all springs into life! There are sufficient license etc...
View 4 Replies
View Related
Mar 20, 2013
I have an internal DVR system that I am trying to share to the outside world. We recently put in an ASA5505 and I am having trouble getting the settings correct.I want to use an external IP to access the DVR system from anywhere and have my ASA5505 redirect the traffic to the internal IP address. I assume I need to use a NAT and a route policy however can not figure out how it would be.
View 11 Replies
View Related
Oct 27, 2011
6509-E compact flash Internal vs External
View 1 Replies
View Related
Nov 13, 2012
we recently upgraded from an RVS4000 router which didn't have this issue.
the problem; Internal users from Site A cannot access the external owa address.From Site A i can successfully ping both the external/internal IP addresses/names and they resolve correctly, including pinging the address ('mail.company.com") resolves correctly to the external ip address.
[code]...
View 1 Replies
View Related
Apr 14, 2011
We have a Cisco 871W working as PIX, controlling external VPN connections to our private network.The configuration is very similar to the one described here - "Cisco Router as a Remote VPN Server using SDM Configuration Example" url...
About once a week, it stops working, without aparent external intervention.The ping to the external IP stops answering, and the internal IP stops answering pings also.The solution is power-off and power-on, and it starts working again ...
What is the correct way to debug this situation ?I can connect a HyperTerminal using direct cable to the 871, but dont know the relevant commands to debug this situation.
Is there any LOG I can have a look into ? Yes, I am quite new to Cisco world .By the way : "show version" says Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3)
View 20 Replies
View Related
Nov 16, 2011
Can the SRP547W be configured to allow traffic on port 25 from an external ip range to an internal address?
View 0 Replies
View Related
Oct 7, 2012
I am observing some strange behaviour related to the routing table, almost all external routes and some inter-area routes are getting refreshed every 10 seconds.
I am getting more than 1000 entries after running 'sh ip route | i 00:00:0', these external routes are being advertised by a neighbor 6500 which redistributing these static routes.
Platform is 6500 with SUP-720
View 3 Replies
View Related
Feb 20, 2012
I am working on replacing our Checkpoint Firewalls with ASA's, and am running into the following NAT problem. On some of our Checkpoints, there are external NAT's that are mapped to multiple internal hosts based on ports.Is there any way to translate that to the ASA? I'm not sure the ASA will let you have multiple internal hosts mapped to one external IP using static NATs. The main issue, is these are alarm panels that receive data from external hosts (the traffic is initiated externally on the Internet) so I can't use dynamic PAT with this.
View 1 Replies
View Related
Oct 24, 2012
I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
View 2 Replies
View Related
Feb 15, 2013
We have two Cisco 5505 firewalls connecting to two ISP's . The two internal LAN's on the firewalls are 192.168.184.0/24 & 192.168.186.0/24. We also have a Cisco C3560x layer3 switch with vlan interfaces 184.3 & 186.3. We have two DGS-3100 Dlink layer 2 switches connecting our users to the Layer 3. Ip routing is enabled for intervlan communication & I can reach the Switch interfaces & firewall gateways from machines on both on the vlans.We have pbr enabled on the 3560 & users only on the .186 network can get to the internet. The switch is running the ipservices license & the sdm template is "desktop routing" .
Users on the .184 cannot access the internet but we can ping the layer3 interface & the firewall gateway. [code]
View 20 Replies
View Related
Apr 3, 2013
1. How I can manage those devices, the Switch and the router? What is the BEST SOLUTION to manage this devices?
2. I want to monitor the traffic on this environment, how I can do it? How I can monitor the traffic from customer A, Customer B, and my own LAN traffic, in terms of bandwidth that has passed throught my devices? Is it possible to monitor on MY LAN, or I have to monitor from the EXTERNAL switch?
3. How I can limit the bandwidth? I was trying to configure it using access list, with policy-map, etc....and limit this on each interface. [code]
The interface does not support the specified policy configuration and/or parameter values.Assigning a policy map to the output side of an interface not supported.With I few reading, I could see that the SWITCH 3750 doesnt support this configs.My INTERNET LINK is 30 Mbps, the ports on the Switch (WS-C3750X-48P-L) are Gigabit Ethernet.How I can limit the bandwidth here? For example, How I can limit a interface to 3Mbps..I was thinking about this:
- Limit the interface to 10Mbps: speed 10
- and limit the interface with 30% of this speed: srr-queue bandwidth limit 30
Does this work for both UPLOAD and DOWNLOAD?When the packets passes that 3Mbps limitation, will they be droped?
View 28 Replies
View Related
Mar 21, 2012
I am desperate to make some kind of translation which convert an outside IP Address of our web server to its inside ip address so that requests can be routed internally to the server.
This is what we have: A wireless network with an SSID to serve visitors. We also have an in-house web server which can be accessed internally and externally. We have a ASA 5520 that protects the internal network, including the Web server, and also routes all traffic from the all visitors connected to the public SSID to the outside. The DHCP server for the wireless network for visitors is configured to give the 8.8.8.8 as dns server. The problem with that is that the www.ourwebserver.com is resolved by Google's dns server to the public IP Address of our web server! The traffic then is sent to the outside interface of the ASA 5520. The visitor who wants to access our web server cannot connect!
How can I configure the ASA to route that traffic to our web server with the public ip address to the inside ip address of the web server?
View 2 Replies
View Related
Mar 19, 2012
Where can I find a list of supported external HDDs or NAS devices for a Cisco 857w router?
View 2 Replies
View Related
Oct 23, 2012
I recently set up a Cisco 881 to cover a small business network. The router is currently set up and working as expected. We recently decided to move to VoIP phones and here is where I'm running into some issues.
First an overview: We run a network with a cable internet WAN connection, this connection is DHCP, however we have a static IP through our ISP. We also have a block of 30 additional IP addresses for one to one mapping as we need them. The new VoIP system is being run over T1 lines throughout the township (we are a municipal organization) and the VoIP system is being run to about 5 buildings in the township.
This brings me to the topic of VLANs. As the phone engineer explained it to me, there is a network set up over the T1 that allows the VoIP equipment to talk to one another and operates all of the VoIP phones on one network. The equipment that is being installed at our building connects to the network over the T1 and "talks" to the other equipment on the network. The engineer wants to create a VLAN and run it on ports fa1 and fa2, with the fa2 port being connected to the actual "MPLS" (their term) that connects to the T1 and into the cloud, and the fa1 port connected to the internal phone switch.
TLDR; The problem is this: When we attempt to set up the VLAN on ports fa1 and fa2, we have no connectivity with the other units in the external VoIP cloud. Pinging while directly connected to the "MPLS" yields successful pings, while pinging from the router with the "MPLS" connected to fa2 yields failures. I'm going to post the running config below, I feel like what we're doing should be working. I asked around about subinterfacing, but others seemed to think this was not necessary.
ROUTER CONFIG
Building configuration...
Current configuration : 4909 bytes
!
! No configuration change since last restart
version 15.1
[Code].....
View 10 Replies
View Related
Mar 11, 2012
I am trying to configure a Cisco 871 router.I have 3 servers on my network that need static public IPs but also still need to communicate on the local network.
I have given my WAN interface the first IP in the block and set up PAT for the rest of the computers on the network which is working fine. Next I set up static NAT rules for the servers translating 3 of the remaining public IPs to the internal addresses of the servers.
I can access those servers internally using the public IPs but not from outside the network. A tracroute from outside the network gets dropped when it gets to my ISP.
I've never configured more than one static ip for a network before and i know i've just missed a step here. Do I also need to set up static routes? Will that update the next hop's routing table?
View 2 Replies
View Related
Apr 12, 2013
I have two Cisco Small Business SF 100D-16 switches, one was a spare. I have run out of ports on the first one and would like to run the other one in series to new devices across the office. I'd prefer not to buy a bigger switch at the moment, but can I run one switch into the other without any adverse effect on the network.
I'm running an optical broadband connection and so far the system is fast and stable, running 8 VOIP phones, 8 laptops and 4 printers.
View 2 Replies
View Related
Apr 17, 2012
Anyone got a single VSM (albiet in HA) managing two vDS split over two ESX clusters connected to a single instance of vCenter?
View 0 Replies
View Related
