Cisco VPN :: 1841 Connected But No Access To External LAN
Mar 12, 2012
my configuration of Cisco 1841.
I was able to configure the cisco to accept VPN connections from clients. But when i am connected i can not access the VPN LAN. My cisco VPN client shows all the time Packet Decrypted: 0 when connected. I tried the split tunneling configuration based on the example on cisco.com for split tunneling.
I include config for better understanding. The outside interface is fa0/1 with ip 10.0.0.2 w LAN 10.0.0.0 Inside interface fa0/0 with ip 192.168.10.9 w LAN is 192.168.10.0
Recently my laptop, which is successfully connected to the wireless network, has failed to recognize shared folders on my desktop and the external hard drive connected to it. Laptop running 7, desktop running XP Pro. 2 days ago it was working fine. Yesterday it stopped working. I have made no changes that I can think of. All of the folders on the desktop and external drive that I want shared are set up for sharing. So, my question is, what do I need to do to again be able to read and write to these folders, especially the ones on the external hard drive. I believe the adjustment has to be made on the desktop, either in the network connections or the file sharing, but the laptop may need adjusted as well.
Our bank is required to do disaster recovery testing. We are doing this offsite at one of our director's businesses. His setup is as follows: His ISP is Time Warner which provided him with a wall unit and a switch He has a Cisco 1841 router out from the Time Warner switch and then down to his internal network, so TW wall unit --> TW switch --> Cisco 1841 --> internal network.The IPs provided to them from TW are 74.219.xxx.1-254 We are trying to use the external address of 74.219.xxx.222, which his business is not currently using internally The Cisco 1841 router holds and NATs all of these addresses currently. We have a Cisco 800 series that is a dedicated router that needs an unused external static IP setup separate from their network. We were trying to plug into their Cisco 1841 and give the 800 series an internal address of 192.168.xxx.222. This will not work for our bank's core processing data center. It has to be out of the TW switch and have an address of the 74.219.xxx.222.
We tried plugging into the TW switch and making the 800 series router parallel to the 1841 router. Communication is not functioning when set up this way. This was tried on a laptop before using the 800 series router. Is there a way to pass through the 74.219.xxx.222 address internally through the Cisco 1841 so we can connect the 800 series directly to this address and the 1841 doesn't use or NAT it in any way?
We had contacted TW support and they made it sound like we would have to block out some addresses and resubnet our director's network. This probably will not be an option. Basically we need to pass the 74.219.xxx.222 addresses internally and have the Cisco 1841 pretend not to see it at all.So we would like to have 74.219.xxx.1-254 into the TW wall unit --> TW switch --> Cisco 1841 --> all 74. addresses resolved to 192.168.xxx.1-254 to internal EXCEPT 74.219.xxx.222 which would pass through to the Cisco 800 series router.
I recently purchased the dir-655 router, and am impressed by it's speed. I had no problems configuring the router to my liking, and have found that all of my wireless devices communicate with it flawlessly.
However, my main reason for purchasing this router was for the USB port. I had hoped to connect my 2TB external drive and have it accessible by all wireless devices in my home. To my understanding, the USB port relies on the use of the Shareport Utility. I've installed the Shareport Utility to my laptop for wireless access to my media files for streaming.
Here's my problem. How can I access my media on my external HDD connected to the dir-655 with Apple TV2? I've read several options for PS3 users... and they all seem to involve leaving the pc/laptop running. I would ultimately like to bypass the necessity of leaving my laptop on... but if that's not a possibility, I can live with it being left on.
Therefore, is it possible to access the external drive connected to the dir-655 with my Apple TV 2 by using the laptop as a bridge? Can I access the content via Apple TV by using Windows SMB just as I currently do to access media stored on my laptop?
To summarize, I want to have access to the media on my external drive connected to the dir-655 via Apple TV2.
I have 3 sites. Each site has a Cisco 1841 as its WAN router with a 10Mb direct internet access circuit connected to Fa0/0. The sites are then connected to each other via site-to-site IPSEC VPN. (The LAN switches in use at each site are Cisco 3750 series) [code]
Now, Site A has already been set-up with VoIP telephony. The plan is to extend this to the other 2 offices.Auto QoS has been set-up on the switches and data and voice VLANs created in the same way for each office.
how should/do we extend the QoS for the voice over the WAN to ensure voice quality remains for site to site calls. And what special considerations do we have to make for it being IPSEC VPN connectivity between the sites? The actual IP telephony system itself is being set-up by a 3rd party and not a lot of information on their requirements has been forthcoming so far – essentially all we have really been told is that they would like us to “reserve” a certain amount of bandwidth for the voice traffic between each site.
I'm not exactly sure if this is a networking problem or a Windows problem. I have a Linksys ea3500 router to which I have connected a WD My Book external drive via the USB port. When I view the router's webpage, I can see my drive listed under the storage tab; however, I cannot map the drive on my laptop. Whenever I try to do so, it gives me the 0x80070035 error. If I run the Windows diagnostic, it tells me the drive will not accept the connection.
I just realized that my internet is slow when my antenna is on top of my computer. I have a pci card with an external antenna connecting to it. If it's on top of my computer, my internet is slow, but if I move it three feet in front of it, it's fast. This makes me think that my computer is somehow blocking or conflicting with the signal. Is this normal, or is there something I can fix in my computer? Download speeds with the antenna on top are around 0.54Mbps, and if I put it as far away as I can, I get around 20Mbps.
I now have a shared drive shortcut on my desktop from the external drive I have hooked to the EA4500. Is there a way to share this folder to Android phones or Ipads? Looking to backup my phone data to the share (photos)
Transfer speed for sending or receiving files from a USB external HDD connected to the router is slow? Speed ranging from 2MB - 4MB/s. The HDD is definitely capable of at least 80MB/s if plugged directly into the PC. Is it meant to be this slow or there's a fix somewhere which I'm not aware of? Thought it's suppose to be the top of the line products but seems so inferior if I were to compare with other high end routers in the market which performs better, faster and definitely much cheaper.
I have a web server on 192.168.1.2 and adsl modem/router on 192.168.1.1 when i access my computer from external ip by i get popup login window of adsl modem. Now how can i acess 192.168.1.2 or what changes in settings i have to do ?
We would like to have the ability to connect to a VPN of a business we recently acquired. When connecting to it directly from the Internet (no firewall), it is accessible. However, behind our firewall, there is no access. We are using Cisco ASA 8.2 (2).Currently, we have an entry as follows:
-object-group service PPTP tcp -port-object eq pptp
access-list inside_access_in extended permit tcp any host object_name object-group PPTP. we want any device within our network to be able to access the VPN via PPTP.
There is VIP that is used by ACE for load balancing web servers. Internal users succeed to this VIP. ASA (connected to Core 6509 switch) is performing static NAT (VIP-to-External IP). External users cannot open web page while requesting for this IP. ASA is allowing request for any port. Also there is such string when issuing "show nat" on ASA: Untranslated hits . What can solve that problem?
I have new DIA Internet service coming in and unlike the last vendor who provided a router, I am configuring my own. This is my first full Cisco config - I've been looking at this for 3 days now. I have SIP signalling, rtp and default traffic on a (3) t1 multilink (4.5mb). My lan and firewall uses dscp tags and passes them to the 1841 for outbound. The ISP only prioritizes by destination address so I just need the 1841 to respect the tags internally. Inbound, I have only port numbers to go by to differentiate voice traffic and I want to tag EF and CS3 accordingly for use by the 1841 and the rest of my network.
Below is part of my proposed config. I have read tons of Cisco docs and looked at all the queuing methods and this one I understand the best. I am getting the error: "CBWFQ : Can be enabled as an output feature only", so I presume that something is wrong on an input definition somewhere. For now all the firewall functions are done at the actual firewall (Sonicwall NSA) so other than limiting ports to the PBX everything else is just pass-through. Any changes required. IOS is 12.4(4)T1.
I recently setup a Camera (DVR) system for a good friend of mine who just opened a restaurant. We are able to access the cameras just fine internally (LAN), but not externally (WAN).
I port forwarded, or 'pinholed' as this router uses, ports 9000 and 80 (changed the routers web port to 81 so there would be no conflict). I grabbed the external ip for the network and immediately tried connecting from home (I was doing everything remotely), and could not access the cameras, neither with the dvr software, nor with internet explorer.
EDIT: I believe he has a dsl line. I wonder if we'd need to change the configuration in the modem itself?
I have several drives that are accessed through a LAN but as soon as I connet to another drive through VPN all the drives get disconnected. According to the IT people this is a feature of VPN for security reasons and there is no way to access those drives.Anyone knows if there is a way to connect to the VPN drive and the local LAN drives without getting the LAN drives disconnected?
I am having an issue where I cannot access certain files on websites. It looks as though the files are accessed via ftp. Could my router be blocking it. I have a Cisco 2801 router acting as a firewall.
So, i have set up a working Anyconnect solution, (see attached picture)
Firewall is a 5585-x ssp20 running 8.4.3 Core is cat 6500 Anyconnect client version: 3.1.00495
Configured vpn with a tunneled default route to 172.19.16.1 (Core - cat6500) No split tunnel is configured, everything has to be tunneled and monitored by WCCP in Firewall. Authorization is by Certificate Only.
I can reach inside servers (for example 172.18.254.37) i can reach DMZ server (for example 192.168.138.36) i can surf the internet on regular HTTP (port 80)
but, i cannot surf the internet or DMZ servers using HTTPS (port 443) also, ftp does not work. i have tried to reach external ftp servers who are open to all.
both https and ftp works from the INSIDE network.
I have tried to change the port for Anyconnect, to 444 (for dtls as well) and i can see that all the vpn traffic is going over 444, so 443 should be undisturbed.
but this is not working.. could it be a certificate problem, or am i missing something? NAT/PAT?
Basically we have different customers using the same 5510 firewall. We have created one sub interface for every customer on the inside interface. There are differed NAT rules for every customer all using the same block of public IP addresses on the outside interface. They do not have access to each other’s network so I cannot make any exemption rules between two sub interfaces. The problem is for all our customers that they cannot communicate with each other over Internet, Email, Applications etc. using the external IP address. A work around is to use a proxy server, but they do not agree with that. I cannot make exemption rules between sub interfaces for security reasons.
I have a branch office connected to the Head Office through a VPN Tunnel in cisco 1841 Router. If i enable Internet for any pc in Branch Office through cisco router i cannot access it remotely from Head Office. [code]
I have a 1841 router with two wan access from two different ISP:throught dialer with fixed ip obtained from dhcp - ATM interface,thought fastethernet 0/1 with fixed ip and a specific gateway - can be use for Internet traffic if dialer is down.I can't manage to make them accessible at the same time (ping and ssh).In a second time I would like to have a VPN client access on one wan and site to site VPN on the other, instead of having the two on one wan.
I have a Cisco 1841 router that is connected to a switch. I have WAN/LAN configured on the router and the switch is handing out internal IP's. The issus that none of the client machines can access the Internet. From within the router console, I am able to ping external domain names, my ISP DNS servers.
Once the client machines picks up an IP they are unable to ping any external domain names or IP's and not even the ISP DNS servers, but they can ping the Cisco router IP. As a note I have tried my ISP DNS servers and as a test Google's DNS servers, but neither will allow access to the Internet.
Below is the current running config:
Current configuration : 1440 bytes ! version 12.4 service timestamps debug datetime msec
I'm working on setting up a couple of new WAN sites with 256K frame relay circuits back to our main building. Each new site has a new PVC, and both are pointing back to a PVC on a T1 at the main building. The main site has a 2801 with a single CSU/DSU WIC, and each new site has a 1841 with a 3560 connected to fa0/1. At both sites, I'm able to get the circuit up, and the serial interfaces at both new sites show up/up, and the subinterfaces at the main site also show up/up for both sites. Routing is being done by EIGRP, and both sites are able to establish the 2801 as an EIGRP neighbor, and I'm able to ping/tracert anywhere on our network by name or IP, so routing and DNS appear to be working. I can also ping both new routers from the main site. However, that's about all I can do. I'm not able to access any resources on our network (email/shares/internet/intranet/etc) from the two new sites. I can ping the new routers/switches from the main site, but can't ssh to them. I can ssh to them locally. There are no firewalls in the equation, and I don't think there are any ACL's in the picture either.
Can ping and tracert just fine anywhere on our network (from both the 1841, a PC plugged into the 3560, or a PC plugged directly into the fa0/1 port on the 1841), including out to the internet, by name or ip.Can ssh to local router, but not to anything that isn't localDNS is workingDHCP not working using ip helper pointing to DHCP scope on server at main site, have to use static IPCan't rdp to anythingCan't get emailCan't browse windows sharesCan't get to any websites, external or intranet. IE says "Website found, waiting for reply..." but eventually times out.
I did some testing for communication over certain port numbers using telnet and nmap, and found the following:
Can telnet to url.. and local intranet webserver on port 80 (http)Can telnet to two of our Exchange Servers on port 25 (SMTP)If I run an nmap scan on url...com, or our intranet webserver, it confirms that 80 and 443 are open, but the pages will not load. I am able to telnet (port 23) to a state mainframe via the internet that some of our employees use, and I do get the expected login screen. I tried erasing the config one of the new routers, and just added back the bare minimum config to get the circuits up (serial/ethernet interface configs, eigrp), but saw the same symptoms.
One other thing to note: the 2801 at the main site has three other frame relay sites connected to it on the same WIC as the new sites, all of which are working fine.
I just don't understand why I can ping everywhere I need to be able to ping, and port scans show that communication is open over needed ports, but the applications don't work.
I have setup a remote access on our 1841 device, with split tunnel.
now i am able to connect via the vpn tunnel, and even ping and telnet into the cisco device, but when i try to ping any device past the 1841, the ping fails and no traffic is even been encrypted to go over the vpn traffic (looking at the vpn client statistics).
From the ciscos side, pings to the vpn client is failing, yet i see the vpn client in the routing table.
Here is my config:
cisco1841#sh run Building configuration... Current configuration : 7682 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname cisco1841!boot-start-markerboot-end-marker!logging buffered 51200
I'm trying to setup my home network so that I can access it when away from home but I've ran into problems and I can't figure out what is causing the problem.I've setup the router to forward incoming requests on port 80 to be directed to my PC running WAMP. The PC has a static IP and if I access it from another PC on my network I get the WAMP page load as expected.I've also setup an account with no-ip.com to resolve my (dynamic) ip. If I use the address they have setup while I'm on my network I get the login page for the router, again this is what I expect.The problem begins when I try and access my home address (whatever.no-ip.biz) from outside my network. I've tried it from 2 different locations and via a dial-up account and I get nothing.
Our secondary site accesses the internal intranet via a link, which is basically:
[URL] where externalip is the IP address of my router.
* This used to work fine before we migrated from ADSL (6mb up / 0.5mb down) to Fibre(70mb / 20mb) *
Internally, I access the same link, but via [URL] Internally it loads in 2 seconds, externally it is taking 68seconds(ish)..
I can't work it out, the fibre shouldave made things loads quicker but is infact very slow. I'm wondering if something network wise is going on.
The intranet is a php intranet sitting on apache, and using postgresql as the database. Other pages load fine, this specific index.php page does quite a lot of DB connections and so on, but as I say before, it worked fine before the migration.
I have a Samsung TV, which I can use to stream media from my computer. I also have a Western Digital My Book Essential external hard drive connected via my router. I was wondering if it was possible to access media on that drive, even when the computer is off (that's the goal here).