I have four networks:
172.19.0.0/16
172.20.0.0/16
172.21.0.0/16
172.22.0.0/16
I understand that the summarize route is 172.16.0.0 (255.248.0.0)However I'm trying to understand which other networks fall under this route and how
I am currently trying to understand Subnetting via CCNA. My progress is going well,I understand the class below:
Class A 0-127 Max IP 2^24 = 16777216
Class B 128-191 Max IP 2^16 = 65536
Class C 192-223 Max IP 2^8 = 256
However I have seen an example from an ip calculator website, and noticed this :
Address: 192.168.1.0 11000000.10101000 .00000001.00000000
Netmask: 255.255.0.0 = 16 11111111.11111111 .00000000.00000000
Wildcard: 0.0.255.255 00000000.00000000 .11111111.11111111
=>
Network: 192.168.0.0/16 11000000.10101000 .00000000.00000000 (Class C) - I would have thought this would have been Class B?
Broadcast: 192.168.255.255 11000000.10101000 .11111111.11111111
HostMin: 192.168.0.1 11000000.10101000 .00000000.00000001
HostMax: 192.168.255.254 11000000.10101000 .11111111.11111110
Hosts/Net: 65534 (Private Internet)
Is this an invalid IP/masks as the max hosts is 65534 (which should be class B?). If so shouldnt the IP address range from 128-191- eg 172.16 (I know that CIDR is the amount of 1's. ).What calculates the class is it the netmask or the range of the first octet?
I need to understand why change audit report reports an unused username Name of the user who performed the change. This is the name entered when the user logged in. It can be the name under which the LMS application is running, or the name using which the change was performed on the device. #The User Name field may not always reflect the user name. The User Name is reflected only when: A config change was performed using LMS. #A config change was performed outside of LMS, but the network has username-based AAA security model, wherein authentication is performed by an AAA server, which could be TACACS/RADIUS or local.
View 2 Replies View RelatedASA 5505 Version 8.2 or older nat (inside) 1 10.0.0.0 255.255.255.0nat (INTF4) 1 10.0.4.0 255.255.255.0nat (INTF5) 1 10.0.5.0 255.255.255.0nat (INTF6) 1 10.0.6.0 255.255.255.0nat (INTF7) 1 10.0.7.0 255.255.255.0global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224global (outside) 1 interface
I believe this setup does the following. The inside interface and interfaces 4,5,6,and 7 will translate using this line....
global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224
and if the addresses run out is will start using the ouside interface IP address to translate, so traffic is not disrupted and is based on the line of configuration.....
global (outside) 1 interface
My question, does it do this because of the order of the configuration..
global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224global (outside) 1 interface
or would it do it that way even if it was like this?
global (outside) 1 interfaceglobal (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224
and if so why?Now let's convert the above configuration to ASA 5505 Version 8.3 or newer.
object network OUTSIDE-NAT-POOLrange 209.165.200.235 209.165.200.254object network INTERNAL-SEGMENTSsubnet 10.0.0.0 255.255.248.0nat (any,outside) dynamic OUTSIDE-NAT-POOL interface
My question is how does it know to use the outside interface as a backup when the OUTSIDE-NAT-POOL is depleted?Also why do I need to define the INTERNAL-SEGMENTS ? Doesn't the "any" in the (any,outside) take care of that?Also wouldn't the "any" in (any,outside) cover interface 3 or DMZ which could be an issue?
I need to understand security bundles. I purchased a Cisco Security Bundle, Advanced Security, 64F/256D. part number CISCO3825-SEC/K9. My expectation from this device was that I will get an IOS based firewall with no need for an additional firewall module. however, the supplier is telling me that I have to buy a firewall module to use the feature. Isn't the bundle supposed to come with all I needed since is a bundle?
Is there any command I can use to verify if this device is really what I paid for? what can can I check for in the sh inv and sh ver commands? I don't see any information from these commands.
Understanding and configuring windows gateway
View 1 Replies View RelatedWhen I connect to a public wi-fi connection (e.g. library, hotel, Starbucks), am I sharing the same IP address?
View 19 Replies View RelatedAny document which expalins what you need to know when looking at purchasing an ASA5505. Which clearly describes the verious permitations and combinations of these lovely little boxes?
I recently purchased a basic: ASA5505-BUN-K9
I realise now this comes with 10 internal users, 2 ssl and no anyconnect mobility. All these can be purchased as additional licenses.
Its my understanding that to support unlimmited Internal/Inside hosts - I need to purchase the L-ASA5505-SEC-PL (Security Plus License)
1) What is the model I should go for if I want to support unlimmited interneal. Can a 5505 be purchased with with security plus?
I currently have 2 5505 SEC BUN as Primary/FO Firewalls and I am considering purchasing the ASA5510-AIP10-K9 for use as a dedicated IPS device. Looking at [URL] I see that for service updates, CON-SU1-AS1A10K9 is available for this product, providing "IPS Signature and Engine Updates" and "OS Updates."It is my understanding that in the ASA5510-AIP10-K9 there are 2 OS:
1. ASA OS
2. AIP SSM-10 OS
My question is: Are both the ASA and AIP SSM-10 able to receive "OS updates" with this service contract?
Looking at the logs RV220W I can read the following lines:
[rv220w]Fri Aug 19 18:28:54 2011(UTC) [rv220w][Kernel][KERNEL] Clearing the ISR a800000003378400
[rv220w]Fri Aug 19 18:30:39 2011(UTC) [rv220w][Kernel][KERNEL] Clearing the ISR a800000003378200
[rv220w]Fri Aug 19 19:23:04 2011(UTC) [rv220w][Kernel][KERNEL] Clearing the ISR a800000003378e00
[ code] ....
What are they?? and what should be done ????.
I am a D-I-Y type of guy and have managed to setup Apache on my LAN and make it accessible via WAN over port 80 and Tomcat on port 8080.I aim to possibly get a home web server up (will calculate the costs), but I need some questions answered about networking.
My understanding on ports are that they can be a risk if left open (which I have done) if there is no service or application listening on my side on those ports.So I take it that leaving those ports open and removing the services or applications that run on my side for these ports is a major security risk?
I noticed though that Xampp (1.8.1) does not allow requests over WAN unless I set my password for Apache. Does setting this password imply that Xampp is safe to use in a production environment?
We've recently inherited a platform with little handover and also minimal networking experience.We're going 100 miles an hour in learning, but I'm a bit confused with the idea of a L2 switch with no IP assignments to ports, so using VLANs, and a L3 switch with IP assignments. And the combination of both.We have 2 Cisco 3750 switches, along with a whole host of other hardware, so we're starting at this "gateway" to start breaking things down.
View 7 Replies View RelatedI've been working on breaking down and understanding the default auto qos configuration on a Cisco 3750 in the hopes of putting together a QoS strategy that will fit our environment. I'm having some difficulty understanding how the "mls qos queue-set output" syntax works.
From another post, at [URL], the author offers the following example and explanation;
mls qos queue-set output <1/2> threshold 2 400 400 100 400thresshold 1: 400%
thresshold 2: 400%
thresshold 3: 100% (implicit, not configurable)
reserved: 100%
max: 400%
However, I'm having trouble understanding what is meant. Here, it looks like it's saying, for example;
mls qos queue-set output 1 threshold 2 400 400 100 400
How come there is syntax stating "threshold 2" when in the succeeding part the 400 refers to thresshold 1 and threshold 2 again? The syntax 400 400 is, apparently, already referring to thresshold 1 and 2, no?
I have been trying to understand from a long time about the throughput capacities of variety of Cisco Routers and Switches. Have searched over a million pages on cisco.com for data sheets/documents/etc. but havent succesfully got a single document highlighting all of what i need.
I have got queries on the below issues:Which model of Router can support upto 2Gig's of WAN Internet connection running BGP? Any list of routers and switches supporting variety of throughput's from 1 MB to 1 GB.I have heard some experts stating "Switches don't have throughput concerns as they switch the traffic and don't need to route traffic" How true is the statement?? and if it is, Why do we require 6500's instead of 3560 Distribution Switches.
I need to understand the USB interface.
View 4 Replies View RelatedI've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
I have ICMP inspection and icmp-error inspection enabled.
i would like to know that how can I route two network in two different location over the internet?
View 15 Replies View Relatedi have cisco asa 5505 Security adaptive firewall. my inside network is 192.168.1.0 255.255.255.0 . i want to add static route another network i have that network id is 192.168.2.0 . 255.255.255.0.how i can add the route.
View 9 Replies View RelatedI am using OPEN VPN in order to connect to a Canadian VPN server.I want ALL internet traffic to ONLY use the VPN connection and no traffic shall pass through my local ISP under any circumstance.In the event the VPN disconnects, I DO NOT want any internet traffic automatically sent via my LOCAL ISP connection. Can I simply disable my LAN network adapter in windows AFTER the vpn is connected? (since vpn uses its own TAP adapter?)
View 2 Replies View RelatedI am unable to get traffic from any VLAN to communicate outside of the router, as well as get any traffic from outside of the router to communicate with any device on either VLAN. I am able to ping the router from each device on each VLAN, and vice versa. However, the traffic seems to die at the router, and I cannot figure out why. I know it's probably a small, easy fix, but I cannot seem to find any kind of documentation on it.
View 13 Replies View RelatedI have this topology: ( I use OSPF instead of EIGRP for routing between PE CE. The customer vrf name is cusA, they have 4 sites: CE from site 3 have 2 links to 2 PE ( one for backup). CE from site 3 has exist point to internet and how can i choice 1.1.1.2 is next-hop for default-route
View 2 Replies View Relatedi have asa 5505 , so i wanna my inside network to access to the internet. my internet gateway is 155.155.155.1
: Saved
:
ASA Version 8.2(1)
!
interface Vlan1
[Code]....
I have the above router on 10.10.10.1 which I'm quite familiar with but I need reaching a VM residing on one of my internal MAC's. My cisco route table is as follows:
Gateway of last resort is 93.97.20.1 to network 0.0.0.0
93.0.0.0/21 is subnetted, 1 subnets
C 93.97.16.0 is directly connected, ATM0.1
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, BVI1
S* 0.0.0.0/0 [1/0] via 93.97.20.1
The internal physical machine that contains the VM is 10.10.10.9 whose routing table is:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.10.10.1 UGSc 6 8 en0
10.10.10/24 link#4 UCS 5 0 en0
10.10.10.1 0:1b:2b:cc:7:8a UHLWI 7 1248 en0 284
10.10.10.9 127.0.0.1 UHS 0 86171 lo0
10.10.10.11 0:23:54:2a:6:d3 UHLWI 0 234 en0 150
10.10.10.30 0:9:34:28:60:2e UHLWI 0 25 en0 857
10.10.10.111 0:1d:ec:2:2d:2d UHLWI 1 1599 en0 721
10.10.10.255 link#4 UHLWbI 2 18609 en0
10.37.129/24 link#8 UC 2 0 vnic1
10.37.129.2 0:1c:42:0:0:9 UHLWI 1 2 lo0
10.37.129.255 link#8 UHLWbI 2 14046 vnic1
10.211.55/24 link#7 UC 2 0 vnic0
10.211.55.2 0:1c:42:0:0:8 UHLWI 0 2 lo0
10.211.55.255 link#7 UHLWbI 2 14046 vnic0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 5 214223 lo0
169.254 link#4 UCS 0 0 en0
The VM has a static IP of 10.211.55.5 and can obviously ping out to the rest of my lan but as of yet my router and other machines on the 10.10.10/24 subnet cannot reach the VM. I sort of presume this is a simple task of adding some kind of static route on my router and then all other machine will know how to get to the VM. So what do I need to do as I have about 40 or so customers already connected of whom I do not wish to suddenly halt their access due to my inexperienced attempts to create this route or new link(s)
I purchased a WAP4410n for our small office to provide wireless access to our internal network to laptop users. I have configured the device as simplistically as is possible, but although I can get my laptop to connect to the AP (verified by managing the device wirelessly as well as by pinging the IP address) I can not get to any other IP address on my internal network nor the internet.I gave the device a static IP address - 192.168.1.50 subnet 255.255.255.0 with a default gateway of 192.168.1.254 which is my 2811 router. I set up a WPA-secured SSID.
A second problem I have is that if I set up my laptop wireless card to get its' IP settings form a DHCP server, it picks up a 169.xx.xx.xx ip address - it is as if the AP is not passing my DHCP broadcast / response through.
The host IP 84.204.x.x unable to announce through BGP
BGP configuration on Cisco 1841:
!
interface FastEthernet0.1201
encapsulation dot1Q 1201
ip address 172.18.11.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
code]....
I have Cisco 7200vxr doing BGP with 2 directly connected ISP's over ethernet. I am receiving default routes only, and have added a higher weight to my routes learned from my primary ISP. below is my configuration (ip addresses changed of course)
router bgp 100 no synchronization bgp router-id x.x.x.x bgp log-neighbor-changes network 100.100.64.0 mask 255.255.254.0 network 100.100.71.0 network 100.100.78.0 mask 255.255.254.0
neighbor <ISP_A-IP> remote-as 200 neighbor <ISP_A-IP> weight 175 neighbor <ISP_B-IP> remote-as 300 neighbor <ISP_B-IP> weight 150 auto-summary
Advertising my rotues to the primary ISP is fine
7206vxr.rb#sh ip bgp neighbors <ISP_A-IP> advertised-routesBGP table version is 7, local router ID is x.x.x.xStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path*> 100.100.64.0/23 0.0.0.0 0 32768 i*> 100.100.71.0 100.100.64.57 0 32768 i*> 100.100.78.0 0.0.0.0 0 32768 i
Total number of prefixes 3
However, advertisements to the secondary ISP inlcludes the defautl route learned from the primary 7206vxr.rb#sh ip bgp neighbors <ISP_B-IP> advertised-routes BGP table version is 7, local router ID is x.x.x.x Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 <ISP_A-IP> *> 100.100.64.0/23 0.0.0.0 0 32768 i*> 100.100.71.0 100.100.64.57 0 32768 i*> 100.100.78.0 0.0.0.0 0 32768 i
Should I not just only be advertising just the networks that i specified in my configuration?
My laptop have 2 NIC attach it, the cable NIC and Wireless NIC, the cable one connect to my lab network environment and the Wireless connect to office network environment (connect to internet) which both have differen segments [code] when my Wireless was turn off my pc can ping to all segment on my lab network environment, but if the wireless was turn on, i cant ping to others segment but only my laptop segment and i still could surfing to the internet without any problem.then i tried to add a new route from my laptop using "route add x.x.x.x mask x.x.x.x (gateway)" in command line and after that i can ping back to all segment in my lab network environment eventhough my wireless was onwhy i have to create a manual route into my laptop so that i can have connection between my laptop and my lab environment in the condition my wireless turn on ??
View 8 Replies View RelatedI work in a small village in Africa and Interent access is often very unreliableTherefore I have 3 different ways of accessing the Interent from my home.The cheapest is Wifi from a local provider, but that doesn't always work. More expensive and still often unreliable is a 3G access. Then, when WiFi and 3G don't work I still can access the Internet via a Inmarsat BGAN satellite terminal, but that is very expensive.What I'd like do is to connect several computers to the same WiFi, 3G, BGAN Satellite Interent (all Ethernet) access via a home WiFi network.Now the questions I have:- can I just connect everything to a switch and then to the Wan-port of a wireless router?- how do the prioritisation works? When there is 3G available, I dont want to access the Internet via the BGAN, bacause that's too expensive?
View 2 Replies View RelatedI'm learning about iptables, but I don't fully understand the chains of NAT table (prerouting, postrouting and output).I'm specially in doubt about prerouting and postrouting. As far as I know, DNAT can be made with prerouting and SNAT can be made with postrouting, so I think prerouting is for input and postrouting is for output, but the material I'm reading (and another sources) are not clear.
View 4 Replies View Relatedis it possible for a client to choose a WAN to use when being routed through a Multi-WAN router? Something that could be configured as default route in linux or default gateway in winxp ?Or is this decision totally up to the router itself ? [code] Could now a client on the subnet 192.168.0.0/24 choose 1.1.1.1 as a default route for example? And if not, could this be possible if the router hat some secondary internal IPs for both WAN interfaces.
View 3 Replies View RelatedI wanted to know if I can somehow setup my network to use a proxy for all connected devices?
For example I can go into Firefox proxy settings and setup to browse using proxy. Is there any way to do this at the router or switch level to not have to configure every device individually I have a wndr3700 router and a HP procurve 1810g switch and am thinking of building a pfsense box.
Currently i am having a scenario where i have setup RV042 and which is connected to Microsoft Forefront 2010. PPTP works fine only on rv042 subnet but i am not able to access the "internal" network of TMG.RV042 (172.16.1.1) ---> TMG [external] (172.16.1.2) ---> TMG [internal] (192.168.1.1) Is there any way through static route to access the TMG internal network through RV042 pptp server?
View 1 Replies View RelatedI have a NAT/Port Forwarding going on for which I need to deny all traffic except the one mentioned in my ACL/route-map, So, port forwarding from host A to host B, all else, deny. The port forwarding works, but for some reason.
View 2 Replies View Related
