Cisco Switching/Routing :: Configure 881 To Split Incoming Internet Connection Between Two ASAs?
Jan 15, 2013
is it possible to configure a Cisco 881 router to split the incoming internet connection between two ASA's? If one ASA fails then the router would switch traffic over to the second ASA. The 2nd ASA would takeover from the primary ASA through the active/standby failover configuration and crossover cable. I'm trying to avoid configuring the switch to control the traffic using VLANS if possible.
View 3 Replies
ADVERTISEMENT
Dec 19, 2011
We have a Cisco 2911 Router and have configured via BT Infinity Broadband for out going internet access etc. Are there any incoming restrictions ACL settings etc. that will stop us using for ISA VPN, Exchange connections, Intranet, Sharepoint etc. We have reserved 13 Static IP Addresses from the ISP.
View 1 Replies
View Related
May 6, 2011
i have window 7 instaled..my problem is that i use wateen usb for browing in office.where as my pc is conected with other pcs..when i disable the lan the wateen usb works but than i cant acess othert pcs..previouslyi was using same window and usb but there was no problem..after i have installed the window this problem has occured.
View 3 Replies
View Related
Mar 29, 2012
is it possible to connect UCS FI directly to C2960S using Twin Ax Cable (3M long) ?
View 2 Replies
View Related
Apr 11, 2012
We have a switch gc2960. It has ports configured on vlan 27 and vlan 29.It is connected to switch ch3550. It has presence of vlan 27 vlan 29 and also vlan 18 and several other vlans.Our internet firewall is connected to ch3550. It is a fortinet product, so this is not indicated on the diagram.
When the two switches were connected on vlan 29 access ports, pc's on vlan 29 on gc2960 worked as expected. vlan 27 clients of course did not work.When we switched the connecting ports to trunk ports, some weird stuff happened. Clients on gc2960 on vlan 29 could ping and resolve dns, but not browse the intenet. The same was true for clients on gc2960 vlan 27. We verified that packets from the web were coming in through the firewall. What we were thinking, is that they somehow were not being tagged to vlan 29 even though we were trunking.
When we set native vlan 29 on the trunk, then clients on gc2960 vlan 29 operated as expected. However, clients on gc2960 vlan 27 are still having this problem, we can ping and resolve dns but not browse.Consider the other switch ch2960-jstreet which has presence of vlan 18 and vlan 27. It is also connected on trunk to ch3550. We are not using native vlan on this trunk, and traffic works as expected.Is the lack of presence of vlan 18 a factor as to why gc2960 is not receiving the tagged packets correctly? Should the interface vlan18 on gc2960 have an ip address on the vlan 18 network?
View 5 Replies
View Related
Oct 2, 2012
Is there a way to configure a DHCP server for my internal subnet of 192.168.20.1 which is on a 3550 layer 3 switch from my 5505 ASA Firewall.My subnet of 10.1.1.0/30 is connecting my 5505 to 3550. All I'm trying to do is run a DHCP server down to my hosts. The only options on ASA 5505 is
dhcpd address 192.168.20.1 - 192.168.20.254 outside or inside, which conflicts with my subnet of 10.1.1.0 used to connect my internal subnet of 192.168.20.1 for the whole network.
When I used my router it did not need the (inside, outside) keywords and just an ip helper-address command. How do I configure my my firewall DHCP server to propagate the 192.168.20.0 network through my 10.1.1.0 connection.
View 3 Replies
View Related
Mar 14, 2013
i've configured Cisco VPN CLient on a router 2821, and it is working fine.I could access inside resourses normally>the problem is that when i connect with VPN i lost connectivity to internet? What is wrong with my configuration? Below the running config of the router.
CISCO2821#sh run
Building configuration...
Current configuration : 5834 bytes
!
version 12.4
[Code].....
View 3 Replies
View Related
Mar 13, 2011
We have several branch offices that only have a Cisco ASA 5505 connecting clients to the Internet, our main office and other networks. Some of the branch offices uses Site-to-Site VPN to connect to our main Office, other uses a VPN-service delivered by our ISP.
The networking is working fine, but we are having problems with figuring out how to handle dns lookups. I see that the ASA DNS Client can use conditional DNS forwarding, but it cannot act as a DNS server for our clients on the inside network.
We want to do the following:
- Default dns quires should use the DNS servers for the site's local ISP (some sites also uses dual ISP, so we are using DNS1 and DNS2)
- The domain name: company.local should use our main office DNS server (acces by Site-to-Site VPN or our ISP's VPN)
- The domain name: sitea.company.local should use our SiteA DNS server (acces by Site-to-Site VPN or our ISP's VPN)
etc...
We have solved the issue by using Windows DNS server's conditional forwarding for the branch offices that has a local Windows 2008 domain controller.
our branch office's that only have a Cisco ASA 5505 Security Applience?
View 3 Replies
View Related
Mar 30, 2012
Do the cisco 4503 switches support virtual clustering feature ? I have a requirement where switch ports on two different 4503 switches need to combined in the same Link aggregation group . This is needed because the firewall notes say that the aggregated interfaces need to be conected to a single switch and combined in the same LAG . So according to the diagram below , the interfaces marked RED need to be in the same LAG in the switches , same for the interfaces marked BLUE . I have done the same setup using Juniper switches where it uses VIRTUAL CLUSTERING to group the different switch ports in the same LAG.
View 2 Replies
View Related
Feb 7, 2011
Is it possible to configure split tunneling for default Windows VPN Client and ASA 8.0? Everything works fine with Cisco VPN Client
View 3 Replies
View Related
Jul 24, 2012
how to configure a backup route to the internet. My client has 2 ISP and basically they want to use 1 ISP and in case the ISP fails, use the other one as backup route to the internet.
The problem I’m facing is that each ISP is plugged to a dedicated ASA 5510, so 1 ISP in one firewall and 1 in the other. Both ASA are plugged to an internal network in a dedicated VLAN with a L3 switch and that L3 switch manages the internal network.
My question is, how can I tell my switch to use ASA1 to go out to the internet and in case the ASA 1 OR THE LINK TO INTERNET used by ASA 1 fails, use ASA 2? It would be great if I can send traffic to the internet thru both connections at the same time. Also, I know the ASA has High Availability configuration, but that applies only if both licenses in the devices are the same and I have a mismatch with the SVPN license, and also I don't know if with my current topology I can use the High Availability model, so I think I can’t use that option and the solution must be applied in the L3 switch, but I don’t know how to tell it to use ASA1 and if failure of the device or the outside interface plugged to ISP 1, then use ASA2. Besides, I would like to know how to optimize this config to do the switch between internet connections seamless to the users if possible (there are VoIP calls on this floor, so I don't want to drop the calls).
View 5 Replies
View Related
May 19, 2012
We have a site with two inbound circuits, one for internet and one for our MPLS. Each circuit is being terminated by a 2921 Router and matching ASA 5510 Firewall. For the internal network, the Internet ASA's inside interface (172.16.0.1) is the default gateway for all hosts. OSPF is the routing protocol between all the routers and ASA's and routing is working. In fact, ICMP is working as well. From an inside host (172.16.0.81), we can ping anything on the MPLS network. But when I try to use telnet (for example), the connection fails. If I add a route to 10.10.10.0 to the host, or re-configure the host to point to the MPLS ASA (172.16.0.254) as it's default gateway, connections will establish.
Both ASAs are running 8.4(3), and have the following commands:
same-security-traffic permit intra-interface
interface Ethernet0/0
nameif outside
[Code]....
And from the MPLS nodes, I can see a tcp request is made.
View 6 Replies
View Related
Jun 29, 2011
I need to split a connection so I can get internet to two computers.
View 11 Replies
View Related
Oct 27, 2011
We inherited a soundbooth configuration Current Configuration:
1. Networked Projector interfaces directly with a PC through a second NIC
2. We can then control the projector through a web interface via the PC and the IP of the projector.
Desired New Configuration:
1. Maintain current configuration - but ADD a second computer (an iMac)
2. I want to split the connection coming from the projector to the 2 computers so that we can interface with the projector from both computers.
I was thinking I would need a switch but didn't know if there is any configuring I would need to do to get it to work.
View 3 Replies
View Related
Jan 29, 2012
We have a new internet connection from DSL cisco router 800 Series (877).
You has been delivered it to us with Cisco Router 800 series (Ver 877), when we connect it to the PC directly it’ll work fine with the static IP.
We configured the OSPF between the Switch and the Router. and we can reach to the DSL router IP from our LAN any where. but we can't exit from the router to the internet.
DSL router 877 ---------------> Core Switch 6509 ----> PC
Router 877 (DSL):
-----------------
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
[code]....
View 5 Replies
View Related
Jul 21, 2012
We have ASA 5520 acting as the VPN Server and Cisco 1941 router as EZVPN client. Since last few days client is not able to establish vpn connection. 1941 router is continuously generating the below log messages
001569: Jul 22 12:19:05.883 ABC: %CRYPTO-4-EZVPN_SA_LIMIT: EZVPN(VPNGROUP) Split tunnel attributes(51) greater than max allowed split attributes(50)
001574: Jul 22 12:19:07.835 ABC: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=vpn_user Group=VPNGROUP Client_public_addr=<client public ip> Server_public_addr=<server public ip>
004943: Jul 22 11:32:42.247 ABC: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer1: the fragment table has reached its maximum threshold 16
View 3 Replies
View Related
Sep 4, 2011
Actually all service from site to site is permitted, without restriction.I want to insert an ASA to block some internet traffic on main site.I try to configure my ASA5510.No problem for outgoing connection or to permit a single service on main site.But impossible to give access to all service/connection from all remote site to main site. [code]
View 7 Replies
View Related
Jun 13, 2012
I just got a Cisco asa 5505 with the next OS and ASDM info ASA 5505 OS 8.4(3) ASDM 6.47 I configured and enter all rules to allow incoming traffic to LAN but it's not working also, I have one host inside that is configured in a second IP and create the rule to allow traffic to it but it doesn't work too.
Problem 1 I have VNC running in port 5900 tcp and I want to connect from Internet using port 6001 and this has to forware the connection to the real VNC port. In the configuration I have a few host with the same configuration but I use different outside port to get it.
Problem 2. I have a second IP with services: SMTP, HTTP, HTTPS and port 444 all TCP forwarding to a server in the LAN.
Facts: SMTP. Every time that I do telnet to the second IP looking for the SMTP port, the firewall doesn't let the incoming connection goes through and the LOGGING screen doesn't how that connection.PORT 6001 (outside)this port is configured to work with the IP in the outside internface and it was to send the incoming connection to a host inside to the real port 5900.Can any one check my configuration if I'm missing anything? for sure I'm but I didn't find it. Bellow is the configuration, I masked the Public IPs just left the last number in the IP, also I left the LAN network to see better the configuration.
CONFIGURATION.
: Saved
:
ASA Version 8.4(3)
!
hostname saturn1
domain-name mydominio.com
enable password SOMEPASS encrypted
[code]....
View 4 Replies
View Related
Sep 24, 2012
When i open Skype it try to allow incoming connection to port 57502.
Both times Little Snitch caught it. Attached are two images.
What would this connection be, I read this port is dynamic/private?
View 9 Replies
View Related
Mar 4, 2013
I recently saw it for a good price online, and required a new router (had a netgear that died, and my backup was a really buggy Belkin which I'm currently using).I'm having an issue with the internet, in that when I connect my ADSL modem to the WAN port it seems to work fine, however the PC can't connect to the internet. When I go into the settings it says that the WAN connection is OK and even shows my external IP. I have it set via the stardard DHCP setup.Should I have done anything specific to my ADSL modem before plugging it into the RV180W? The Modem (D-Link 320B) also has a DHCP server on it, however I assume that this causes no issues when connected to the RV180W.
View 1 Replies
View Related
Jan 2, 2013
I have a problem with my switch. The model no. of the switch is as follows:
Linksys SRW2048 10/100/1000 48 Ports
Serial No: RJT00GC00395 GGR2906 MM
1. I am creating a home computer lab. I do have 3 servers HP ProLiant DL 385 G1. Two of them have 6 gigabit ports where as the third server has 2 gigabit ports.
2. Installed ESXi 5.1 on two servers where as installed FreeNAS on the third server and configured it as iSCSI storage and NFS storage.
Problem:
1. Every port works perfectly fine. However, when I keep connecting the ports of the switch to the ports of servers, internet gets disconnected.
2. Interestingly, my wireless internet also gets disconnected, the ports of the switch does not have any internet now.
3. This happens till I connect above 8-9 ports of the switch to the servers.
3. However, when I remove the connection between the switch and the servers, internet comes, wireless internet starts working; and the port of the switch also gets internet connection when I check the internet connection of the individual ports one at a time.
Some more information:i do have internet service provided by Time Warner Cable. My internet speed is as follows:
Download Speed: Up to 15 Mbps
Upload Speed: Up to 1 Mbps
I do have a modem *** router by Motorola which has 4 gigabit ports.Model no: Motorola SURFboard SBG6580 i am assuming it is some thing related to bandwidth of the internet.
View 4 Replies
View Related
Aug 22, 2012
I'm pretty new to this, and I've been trying to read up on what I should do. Here's my situation: we have a new 15mps internet connection coming into our building. We also have a new 891 router. We would like to devote 1.5mbs at the highest priority to one LAN which is just used for VOIP phones. We would like to allow one of the other tenants to use up (but no more than) to 5mps for their LAN, and we'd like to be able to use up to 13.5mps for ourselves if it's available, or at least 8.5mps (15-1.5-5=8.5).
From searching in here and reading the various articles on policing and shaping, I'm thinking that we'd want to set up Class-based weighted fair queuing on a per-interface basis, and have one interface connected to our VOIP switch, one connected to the other tenants switch, and one connected to our firewall. Does this sound like the right way to go? And would anyone have an example of a configuration which achieves this?
View 15 Replies
View Related
Aug 26, 2012
My firewall outpost detected incoming connections on port 80 and blocked them.I think that the router must block incoming connections on port 80, right? But it does not.
[URL]
View 5 Replies
View Related
Feb 7, 2013
I recently downloaded Deluge and while I can download torrents without a problem, I always have the "NO INCOMING CONNECTIONS' warning. I've tried single port forwarding, port range forwarding, turning UPnP off and on ... in short I've tried a lot of stuff and the only thing that clears the message is to remove the router out of the equation. The message disappears as soon as I connect the pc directly to the modem.
View 3 Replies
View Related
Mar 19, 2012
we using Linksys router for Internet for different vlans now we take 3750 as core switch for another different vlans 10,20 we create v Lans 20,20 also create cpd servers and we need Internet for vlans 10,20 through linksys router how should we configure?
View 5 Replies
View Related
Nov 12, 2012
I have been reading for awhile now on all the Cisco forums on the 3560 and shaping egress traffic but I wanted to verify my thoughts on this. I have 3560 that connects to the ISP that is policing at 10Megs, I want to shape my egress traffic going to the ISP, I do not want to provided QOS to any specific traffic type but only shape all traffic outbound. Will my config below shape "all" egress traffic going to the ISP on the 3560, on a port that is physically connect at 100Meg Full duplex?
int gi0/1
srr-queue bandwidth shape 40 40 40 40
I gathered these numbers using the formula of 100* 1/weight, which would equal 2.5 and if each queue has 2.5 meg that would = 10Meg. However another concern is that I don't think I have the full 100Meg on the interface to use (correct?)
View 3 Replies
View Related
Jan 25, 2012
i'm already has one internet connection is conecting directily to the Core Switch 6509, and the Switch is route any internet request with default route:
SW6509-conf)# ip route 0.0.0.0 0.0.0.0 10.170.10.10
10.170.10.10 is --> Next hop for the DSL router internal IP, and it's working fine.
We have a new internet connection with another ISP/ with another DSL router, how to connect both of them to exit from the Core Switch 6509.
is it ok if i make another default route to the Next hop to the new DSL router as:
SW6509-conf)# ip route 0.0.0.0 0.0.0.0 10.80.10.10
10.80.10.10 is --> Next hop for the new DSL router internal IP.
View 6 Replies
View Related
Nov 5, 2011
I got cable modem broadband and need to share that Internet amongst my home, my home office and the apartment I rent out to a tenant on the second floor. I also need them to be on separate networks/LANs/zones so they can't see each other (but still sharing the same Internet connection). How do I do this?
View 3 Replies
View Related
Dec 31, 2012
Im about to move into a sleepout which is about 20 metres away from the router. I was thinking of laying a network cable out to my room which would connect to a switch then use network cables to connect up my PS3, TV and Computer. Is this all going to work?
View 1 Replies
View Related
May 27, 2013
I'm configurig a VPN profile with NO split tunneling. The tunnel is working to the inside, but I'm not able to get internet access. Below are the NAT statements that I created.
nat (outside) 2 0.0.0.0 0.0.0.0
global (outside) 2 (ip address)
I'm familiar with 8.6 nat statements, but with 8.2 it's not letting me put in the same commands.
View 2 Replies
View Related
May 5, 2013
I've just started styding for CCNA. Bought a router 871W recently and spent two days straight trying to configure internet connection with no luck! I use console port to do the configs and SDM/CCP. How to do simple internet connection configs. I googled everything but it's still confusing. I can't assing any IP to FA ports 0 - 3. I used VLAN instead. But all tutorials use FA0 and when I try to assign an IP to FA0 it gives me some L2 can't be assigned or something... :/ And I'm also confused what IP address should I use for WAN. I plugged the cable from Modem to PC's LAN port and wrote down some IP addresses which I think I'll have to use to configure the router for internet connection. And here they are:
ISP IP: 76.114.54.255
SUBNET: 255.255.248.0
GATEWAY: 76.114.48.1
DHCP: 69.252.97.4
DNS: 75.75.75.75
75.75.76.76
View 32 Replies
View Related
Apr 20, 2011
getting internet access via a easy vpn tunnel on a cisco 877 router. Basically we would like roaming users to be able to use the internet via the vpn rather than using a split tunnel. The reason for this is we have multiple sites that are tied down via external IP access lists for some services. We would like roaming users to be able to interact with these sites through the central router and use the routers external IP address to acess the secured sites. I know we can use a proxy but we also use some other non proxy bases services at these sites so would rather direct routed access.
View 1 Replies
View Related
Mar 16, 2011
which product has the capability to receive multiple incoming connections
View 1 Replies
View Related
