Cisco VPN :: 5505 LAN-To-LAN VPN With Multiple Networks
Sep 20, 2011
I currently have a hub-and-spoke VPN configuration with 6 ASA 5505's at remote sites all connected to an ASA 5510 at HQ via IPSEC lan-to-lan tunnels. My current configuration allows hosts on the remote site networks to talk to hosts on the HQ network, but not to hosts on the other remote sites.I have receieved a request to allow comminucation between the remote sites as well, with traffic all routed through the 5510 at HQ.
View 1 Replies
ADVERTISEMENT
May 22, 2011
I have 3 networks coming on DMZ (VPN) interface. Only one network is able to ping the DMZ interface. See below networks coming i on the DMZ.
10.132.24.0/2410.132.25.0/2410.132.26.0/24 Only the 10.132.26.0/24 netork works as it is in the same range as the DMZ interface.
allowing the other two networks to communicate. I've attched the diagram and configs for your perusal.
View 1 Replies
View Related
Jan 20, 2013
I have a problem configuring a Cisco ASA 5505.Our company established a second facility, that should be connected using VPN to our headquarter.I used the ASDM "Site-to-site VPN wizard" to create a connection, which works fine with our main network.
Following structure:
Headquarter:
Cisco ASA 5505, firmware 9.1, ASDM version 7.1
Outside: fixed IP
Inside: IP of the interface is 192.168.0.1/24 (data network)
Now I have a second network 192.168.1.0/24 (VoIP network), PBX address is 192.168.1.10.Both networks should be accessible via VPN.
New Facility:
Cisco ASA 5505, firmware 9.1, ASDM version 7.1
Outside: fixed IP
Inside: IP of the interface is 192.168.2.1/24
I already created a connection, so that a PC from the new facility reaches the data network. E.g. a ping from 192.168.2.100 to 192.168.0.100 is possible.Now, I would like to add some VoIP telephones to the new facility, that can reach the PBX on 192.168.1.10.In the connection, I already added both networks as Remote network:
object-group network Testgroup
network-object 192.168.0.0 255.255.255.0
network-object 192.168.1.0 255.255.255.0
access-list outside_cryptomap extended permit ip object-group Testgroup object Remote-Network
My problem is now, I don't know what to set as "Gateway" on my PBX.I can't use 192.168.0.1 because it is another subnet. Also I can't set a second IP 192.168.1.1 to the interface of the ASA., how I can realize this, so that both subnets are accessible via VPN and all the devices have a gateway set?
View 5 Replies
View Related
Feb 14, 2012
I am having trouble setting up two networks.Basically, i want one 'private' network and one public network. The problem is, the private network can't access the internet.(Network 2)
Network 1(Public) works fine as i don't want them to access Network 2.Here's how it is setup.
Internet
|
Router/Modem (Network 1)
|
Server NIC1
Server NIC2
|
Switch - (Network 2)
Network 1 can access the internet and shared files on the server.
Network 2 can access Shared files on the server (which is what i want) but cannot access the internet.
Router/modem IP is 10.10.1.254 subnet 255.255.255.0
Server NIC 1 IP is 10.10.1.252 subnet 255.255.255.0
Server NIC 2 IP is 10.10.1.251 subnet 255.255.255.0
How can i get computers in Network 2 to access internet?
View 5 Replies
View Related
Aug 30, 2011
Explain the risks of not using multiple networks on a 300 host LAN
View 1 Replies
View Related
Jan 11, 2012
I have 3 Macs (OS 10.6.8) and one PC (Windows 7) at work. They are all connected to the company network for internet and access to shared network drives.The computers are used for media (mostly video) production and we need to move large files between the computers easily and quickly. The current network (company wide) is slow and unreliable, so I would like to create a separate network for these four computers and have them connected to both the company network and the office room network. Each computer already has two network ports and I have a router I can use.
View 3 Replies
View Related
May 19, 2012
We have 36 cctv cameras slowing down our oracle network pc's all in same subnet. I want to remove the dvr's of cctv to a separate network to improve performance. How to accomplish that with a Rv042 linksys router? Or is there any other better way around. 5 Users access the cctv cameras all the time.
View 2 Replies
View Related
Feb 16, 2013
I am currently working on a project that needs to install a router (or just a network device) that can offer 2 or more DHCP networks. We have been searching a network device for this but haven't gotten any good news yet. Any model or device that can fulfill this requirement?
View 6 Replies
View Related
Jan 24, 2013
I have a Windows 7 Pro Desktop with an on-board Ethernet and an Axis USB To Ethernet adapter. The on board Ethernet is configured as dhcp and obtain the address 10.162.146.123 with 255.255.255.0 subnet. The Axis USB to Ethernet adapter is static ip configuration with 10.38.25.37 and 255.0.0.0 as subnet. Under the adv settings I have also another ip 11.38.25.37 with 255.0.0.0 subnet. When the Axis is communicating 10.38.0.1 network I can not access the internet using the on board Ethernet 10.162.146.123. I have to disable either one of the cards to access one network at a time.
View 3 Replies
View Related
Aug 3, 2011
How do you setup multiple networks on one router? Is it as easy as changing subnets?
View 8 Replies
View Related
May 20, 2013
Im using 2 TP-Link TL-WA7510N to bridge a internet connection the connection is using a captive portal for my guests via pfsense. What i would like to do now is run a pc on the same connection without using the captive portal .So basicly i would need 1 secure network for my single pc and the one with captive portal for my guests.
View 1 Replies
View Related
Jul 3, 2012
I would like to associate multiple IPv4 networks with one physical interface in the router. All those multiple networks share the same broadcast domain(VLAN 5). I am aware that it's not possible to have multiple subinterfaces in the router with the same "encapsulation dot1Q 5". Am I correct that only option here is to configure all those networks as a secondary network to router physical interface? Or are there other possibilities than secondary addresses?
View 4 Replies
View Related
Sep 4, 2012
I am setting up a customer site. One side is RV180W and the other side is Checkpoint 500W.
RV180W side
LAN - 192.168.100.0/24
Checkpoint side
LAN - 172.26.1.0/24
VOIP - 172.26.2.0/24
Need to setup an ipsec tunnel between the site. However, from the RV180W side, I can only ping the VOIP network, but not LAN. I have heard that RV180W only can talk to one remote network via ipsec, correct? workaround this other than changing out the RV180W?
View 4 Replies
View Related
Nov 19, 2012
My neighbor and I were wondering if it is possible to combine our respective internet connections in order to gain a faster connection overall. What would be ideal would to have a wireless router in one of our houses, that is simultaneously connected to both of our ADSL routers, and to which both of us are able to connect. Do I need a specific type of router?
View 5 Replies
View Related
Jan 9, 2011
Adding a second DAP-1522, They have 1 DAP-1522, they set that up useing the WAP(button on the side), This one is running in the frontroom of the house and the 2nd bridge will be running in the bedroom of the house.She has tried to click on the WAP button on both Dap-1522's and then the router to sync but thats not working, from what we can tell. I think I will need to manually config them now that a second one has been introduced.the frontroom Bridge is 192.168.0.50, but we cant find the ipaddreess for the second dap-1522 at this time. So question to all, if I can - Is there a way to identify all of the Dap-1522's on the network or anything that is connected on the network. as the DIR-655 is only showing 2 things connected?Right now I wish she would have listened too me and had her house wired for ethernet when the house was being built.
View 1 Replies
View Related
Sep 9, 2012
I am using an ASA 5520 running 8.2(4). My objective is to get a VPN client to access more than one network on the inside of the network, i.e., I need to VPN in with an IPSec client and be able to establish tcp connections to servers at 192.168.210.x and 10.21.9.x and 10.21.3.x, I believe I am close to having this resolved, but seem to have a routing issue.
View 5 Replies
View Related
Feb 3, 2013
I currently have an 867vae router and a 1131ag ap setup with 2 vlans and 2 ssid's. I am in the process of baby proofing the house and would like to use the cisco plsk400 homeplug system to relocate my wap. I use 2 networks to seperate and filter the kids internet traffic from my own. It also allows me to shut the kids vlan when they shouldnt be on the internet.
As far as i can tell the plsk400 homeplug doesnt support 802.1q.... so is there any way i can keep the seperate networks/SSID's and the abilty to filter and turn off one of them at will without a trunked link to the router?
View 2 Replies
View Related
Apr 10, 2013
I am looking to create an office network with each person having internet access but on a private network. however everyone will need to be able to access a communal printer. would they be able to see it if they were all on a different subnet or would i need to set up vlans?
View 4 Replies
View Related
Jan 23, 2011
I'm going to move offices into a shared situation with 3 companies. Each company will want its own private network so there's no snooping between companies. I am planning on using VOIP for the phone system (Nextiva cloud based). Is it possible to set up the system so that each company has access to the VOIP system but yet remains sequestered in the their own network for everything else. I was hoping to do this with one data port at each workstation using Cisco SPA-303 phones. The way I understand this, is that the phone plugs in to the data port and you daisy chain the workstation off from each phone. Is this possible to do this while having the system I described? Another wrinkle is that I'd also like all the networks to be access shared printers.
View 7 Replies
View Related
Feb 11, 2011
setting up networks with multiple locations and multiple wireless points.For example: My sisters' home has here modem in her main computer room, it has a Belkin router hooked to the modem. Then a line goes from there to my nephew's room where I tried to expand their network by adding another router. I really just wanted an access point, but they don't seem to sell these as much as they used to. Anyway, I had it working, but it was two different networks, NETWORK1 and NETWORK2. So they had to swap networks when moving around the house. what would be the best hardware setup to provide both sides of the house with some Hardwired access as well as wifi access? Right now, we have two routers, a DIR615 (or something like that) and a Cisco E1000, and again hardwire going from the main computer room to my nephew's room.Also, in my house, I have lots of stuff... I have an Actiontec Router from FIOS, feeding a small hub as well as a switch in my main room. Which then feeds a Ps3, Wii, laptop, Denon reciever, and Access Point... and also feeds my Apple TimeCapsule, which also feeds my printer. My wireless devices range from cameras, iphones/ipads, and a wifi unit (I forget what it's called, but it connects my DVR wirelessly to my network, and the DVR itself doesn't have wifi).
my question about my setup is, should everything be on one network... as in let the ActionTec handle most of the duties and use switchers and accesspoints to extend the network. Should everything be on the same wireless network and channels? Like if I used my access point to extend, do I want the same settings as my main wireless router, and would that be the same for the Apple Airport Extreme?Also, does having all these wireless networks going create any kind of hinderance on my performance. For example, the PS3 has some sort of wifi in it... it produces a SSID, but I never connect to it. Should I make sure that's off? And in my main room, should I go with just the AirPort extreme over using it and the Wireless Access point.
View 1 Replies
View Related
May 7, 2013
I would like to configure a Cisco ASA 5505 with Dual ISP (ISP 1 and ISP2) and two networks (network 1 and network 2). My customer need that clients in the network 1 connect to Internet with ISP1 and clients in the network 2 connect with ISP2. If a failure occurs in ISP1 (just an example) the network 1 clients connect with ISP2.
View 10 Replies
View Related
May 7, 2012
1. I currently have a Comcast Business Class Gateway, Cisco 2100 Series WLAN Controller and a Cisco ASA 5505 all connected together to supply LAN and WLAN internet connections on my network.
2. I also have a Card Access Security System on it owns network. It currently does not have internet access.
I would like to put my security system on the internet so that I can support it remotely. To do this, it has to be on a firewalled internet connection.Can I put the two networks on my ASA 5505 and keep them seperate? I don't want to provide a path into the Security System through my current LAN & WLAN. But I do need a frewalled internet connection on my Security System. I am trying to avoid purchasing a seperate firewall.
View 1 Replies
View Related
Jan 7, 2012
I'm fairly new to cisco and the ASA 5505 I have the asa connected to the internet on 0/0 I have a computer connected to port 1 and on port 2 I have a netgear router. the asa is 192.168.1.1 and the netgear router is 10.1.5.1 I cannot get the computer connected to the asa to communicate with the devices on the netgear router and visa versa. Here is the show version.
ASA Version 8.0(4)!hostname ciscoasaenable password Yn8Esq3NcXIHL35v encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address dhcp setroute!interface Ethernet0/0switchport access vlan 2!interface (code)
View 1 Replies
View Related
Dec 4, 2011
i have Cisco 5505 and i configured a remote VPN clients. here is my scenario
Cisco switch 2950 === holds two private network 192.168.8.x and 192.168.4.x
vlan 2 outside interface - Eth 0/0 155.155.155.x
Vlan 1 inside interface -- Eth 0/1 192.168.8.180
VPN pool ip address = 192.168.8.100 --110
I drag i cable from my Cisco switch and put in to Eth0/1. and i want to access this two private networks 192.168.4.x and 192.168.8.x . Now i can access to 192.168.8.x . But i can't access 192.168.4.x ..
View 3 Replies
View Related
Nov 6, 2011
I'm using asa 5505 with 8.4(2) and have the following problem.I have 2 Networks. each Network has it's own externel Internet-Ip and also Mail-Server.
[code]
Now I want a communication between the two Mailservers with their external Ip-Address.I did a static NAT from ipnt any to int any or also from int routed to int routed, but nothing worked.Packet tracer showed at NAT-Lookup where the externel adress of the second Mailserver is passed: Info Static translate Network1 to Network1
But it should show a translation from network1 to network1-external.Due to Security reasons, I cannot paste the whole config.Under 8.0 I did the same configuration with Policy-Nat and it worked.
View 1 Replies
View Related
May 16, 2013
I have an ASA 5505 with Security Bundle license.
I am able to create 2 LAN networks (192.168.9.0 and 172.16.9.0) Vlan1 and Vlan12 respectively. I also setup 2 outside interfaces (outside1 and outside2).
Network 1 (192.168.9.0 - VLAN1) has no issues going out via Outside1, however I can't get Network 2 (172.16.9.0 - VLAN 12) to go thru outside2.
I put in a static route (route outside 172.16.9.0 255.255.255.0 x.x.x.x), the x.x.x.x is the default gateway of my ISP.
View 7 Replies
View Related
Feb 18, 2013
I am new to Cisco ASA and have been configuring my new firewall but one thing have been bothering. I cannot get internal networks and routing between them to work as I would like to. Goal is to set four networks and control access with ACL:s between those.
1. Outside
2. DMZ
3. ServerNet1
4. Inside
ASA version is 9.1 and i have been reading on two different ways on handling IP routing with this. NAT Exempt and not configuring NAT at all and letting normal IP routing to handle internal networks. No matter how I configure, with or without NAT I cannot get access from inside network to DMZ or from ServerNet1 to DMZ. Strange thing is that I can access services from DMZ to Inside and ServerNet1 if access list allows it. For instance DNS server is on Inside network and DMZ works great using it. [code]
View 13 Replies
View Related
Nov 7, 2012
We recently changed locations and acquired a new circuit from our provider. They also connected our remote branch office to our main office through MPLS. Now, as I understand it, the branch office basically connects back to the main office through our providers network (MPLS). We have a new router at the branch office which has a gateway of 192.168.1.225. The clients in that office have IP's of 192.168.1.96 - 100, using the gateway of 192.168.1.225.
The main office network is 192.168.0.0 (Gateway of 192.168.0.1)
At this end (Main office), I also have a new Cisco 2900 provided by the ISP, with port 0/0 for the outside connection (connected to the 0 port on my ASA 5505). The ASA's port 1 obviously running into my network hub. The provider tells me that port 0/1 on the 2900 is or should be used to connect the branch office back to here and has an IP of 192.168.0.225, as that's how the provider provisioned it. So, I plug that into the ASA's Ethernet port 0/2. And I'm assuming they have a route setup either on the 2900 or the router in the branch office so that 192.168.1.225 can reach me here at 192.168.0.0.
There is already a static route setup on the ASA: (192.168.1.0 255.255.255.255 192.168.0.225 1). As soon as I plug in the cable, the IP phones at the branch office work, but they can't access the internet or any resources in the main office. My questions are:
1. Shouldn't I be able to just go straight from the 0/1 port on the Cisco 2900 to my hub. At first I was plugging right into the ASA, but I don't think I need to do that, why go from the branch office through my ASA to access resources and then back out the ASA for internet. If they're already coming from 192.168.1.225, through the MPLS network, then they should go right to my network and then back out the ASA.
2. They have to route through the ASA first, in which case, do I need to setup another VLAN for that branch network in conjunction with a static route? I can ping the router and hosts in the branch office through the ASA only!
Below is the running sanitized config:
Result of the command: "show running-config"
: Saved:ASA Version 8.2(2) !hostname ciscoasadomain-name audiology.orgenable password ulzaQiFnKVzDwUmW encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.0.1 255.255.255.0 ospf cost 10!interface Vlan2nameif outsidesecurity-level 0ip address 1.2.3.4 255.255.255.240 ospf cost 10!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!boot system disk0:/asa822-k8.binftp mode passiveclock timezone EST -5clock summer-time EDT recurringdns server-group DefaultDNSdomain-name audiology.orgsame-security-traffic permit inter-interfacesame-security-traffic permit intra-interfaceaccess-list
[code]....
View 16 Replies
View Related
Jan 17, 2013
A customer has a ASA 5505 with a remote access vpn. They are moving their internal network to a new scheme and would like users who come in on the vpn to access both the exisiting and new networks. Currently the can only access the exisiting. WHen users connect to the remote access vpn, the asa gives them an address of 192.168.199.x. The current internal network is 200.190.1.x and they would like to reach their new network of 10.120.110.x.
Below is the config:
:
ASA Version 8.2(5)
!
hostname ciscoasa
[Code].....
View 2 Replies
View Related
Aug 30, 2011
I'm usually not working with this product, but this is what I'm trying to do.I have 2 internal networks setup on our Cisco ASA 5505 firewall. (not done by me, I'm a new to this product)I'm trying to access a server on one network from a PC located on the other internal network. (preferable through the web gui)When I try "Packet Tracer" from interface "Trust4" it fails on the NAT phase.(Source ip: 10.0.4.99, Destination ip: 10.0.6.99)
When I check the NAT rule, it says:
Type Source Interface AddressDynamic any outside outside.
View 3 Replies
View Related
Feb 22, 2011
I use a ASA 5510 and a ASA 5505 and want to connect 2 networks via VPN ASA software version is 8.41. Network 1 has address 192.168.90.0 Network 2 has the address 192.168.5.0 I use site to site VPN wizard on both asa and create the VPN connection. do I need to create acl after that?the PCs on network 1 must have access to a resource in the network 2 how do I create static routing to connect the both Network.
View 1 Replies
View Related
May 19, 2011
I just installed a new ASA 5505 for an office with three internal subnets. The three networks can each get online fine and ping eachother, but cannot browse to shares on the two internal networks other than their own. How do I configure the ASA to allow all traffic between these three inside networks?
192.168.152.0
192.168.152.0
192.168.154.0
[code]....
View 21 Replies
View Related
Jul 24, 2012
I have Cisco 3560X L3 Switch. We have done Inter VLAN in our internal networks. Below are the VLAN details
Default VLAN1 IP 192.168.125.2 (Gi0/1, Gi0/23, Gi0/24)
Interface Gi0/1 (Port Configure as a Trunk)
Interface VLAN 10 SERVERS_SW (Gi0/2 to 0/6)
IP Address: - 192.168.0.1 255.255.254.0
Interface VLAN 20 USERS_SW (Gi0/7 to 0/18)
IP Address: - 192.168.152.1 255.255.248.0
Interface VLAN 30 SPARE_SERVER_SW (Gi 0/19 to Gi 0/22)
IP Address: - 192.168.8.1 255.255.248.0
We have Sonicwall NSA2400 Firewall and we have setup Site-to-Site between our other offices who has Sonicwall TZ210 firewall. It works fine and they are able to access all the above networks.
Now the problem is we have one more site which uses Vigor Firewall (with Internal Network 192.168.100.0). We have setup the site-to-site vpn between Sonicwall NSA 2400 (Lets say SITE A) and Vigor (Lets say SITE B) but SITE A is unable to ping to SITE B Firewall but SITE B is able to *ONLY* SITE A firewall.
SITE A is trying to ping from User VLANs whose local ip is 192.168.152.0 range.
How to add route to 100.0 so that we will be able to ping and access SITE B networks.
View 5 Replies
View Related
