Cisco :: VPN Can't Access Subnets Behind 2nd Router

Mar 11, 2012

I purchased an ASA 5505 and placed it between my Cable Modem and Cisco 3745 router. The outside interface on the ASA is dhcp, the inside interface is 192.168.100.1. The outside interface of the 3745 is 192.168.100.2 and the inside is 192.168.1.1. The VPN pool is 192.168.200.10 - 192.168.200.10.

1. When I establish a VPN session to the ASA, I can ping and access any resources dierectly connected to the ASA's interfaces and on the ASA's internal 192.168.100.0 network. However, I cannot access any resources behind the 3745. I cannot even ping 192.168.1.1. Even directly connected hosts on the ASA cannot access Hosts in the 192.168.1.x subnet. There appears to be no traffic between 192.168.100.0 and 192.168.1.0.

2. Although I believe that I sent up split-tunnel, I cannot U-Turn back to the internet once connected to the VPN.

Here is my network topology as well as my ASA config and Router config.....

ASA ......
ASA Version 8.2(5)
!
hostname poog-fw1
domain-name poog

[code]....

View 7 Replies


ADVERTISEMENT

Cisco Wireless :: 877 As Access Point And DSL Router To Subnets

Sep 3, 2012

I have been using an 877 to provide DSL access and wireless access point from two separate wired subnets. The idea is that traffic from one subnet will be routed to the DSL connection. The other subnet provides a bridged connection to wireless clients. Both subnets being isolated from each other. In the former case the router acts as DHCP server, whilst in the latter case a separate DHCP server is used. Despite all apparently working, recent introduction of a wireless client did not work and seemed to be acquring a DHCP lease from the router rather than the external DHCP server. It seems that broadcast traffic from the router DHCP server was traversing to the wrong interfaces, despite (I hope) only the wireless and the second wired subnet being in the bridge group.
 
The salient parts of my config are enclosed below. I have anonymized the public addresses using q1.q2.q3 therein.

!dot11 ssid MYSSID   authentication open eap eap_methods    authentication network-eap eap_methods    authentication key-management wpa   guest-mode!no ip source-routeip cefno ip dhcp use vrf connectedip dhcp excluded-address 10.10.10.1ip dhcp excluded-address q1.q2.q3.15 q1.q2.q3.254ip dhcp excluded-address q1.q2.q3.1 q1.q2.q3.8!ip dhcp pool sdm-pool1   import all   network q1.q2.q3.0 255.255.255.0   domain-name
[Code]....

View 4 Replies View Related

Cisco VPN :: 3745 - Can't Access Internal Subnets Behind 2nd Router

Mar 10, 2012

I am really new to this and studiying so I know that I am doing something dumb. Anyway, I purchased an ASA 5505 and placed it between my Cable Modem and Cisco 3745 router. The outside interface on the ASA is dhcp, the inside interface is 192.168.100.1. The outside interface of the 3745 is 192.168.100.2 and the inside is 192.168.1.1. The VPN pool is 192.168.200.10 - 192.168.200.10.
 
Here's are the problems...
 
1. When I establish a VPN session to the ASA, I can ping and access any resources dierectly connected to the ASA's interfaces and on the ASA's internal 192.168.100.0 network. However, I cannot access any resources behind the 3745. I cannot even ping 192.168.1.1.
 
2. Although I believe that I sent up split-tunnel, I cannot U-Turn back to the internet once connected to the VPN.

View 11 Replies View Related

Cisco Firewall :: ASA 8.4 / NAT Some Subnets To One IP And Other Subnets To Another IP?

Aug 15, 2012

I need to NAT some subnets to one IP and other subnets to another IP. The range command want work because some of the subnets are out of order.For example  subnets 192.168.1.0 - 192.168.7.0 and 192.168.25.0, 192.168.28.0 nat'd to 1.1.1.1.  subnet 192.168.26.0-192.168.27.0 nat'd to 1.1.1.2

View 2 Replies View Related

Cisco Routers :: RV110W Unable To Access Other Subnets When Using PPTP VPN

Jan 1, 2013

I've encountered a problem when using PPTP VPN to access my network. I can connect in and able to ping the hosts connected to the RV110W. [code] On the local network, I am able to ping the hosts in 192.168.250.x from 192.168.251.x and vice versa.Static routes are configured to ensure that all networks are reachable.The problem comes when I tried to VPN (PPTP) in from a remote location using the Windows XP's built in default VPN dialer.When connected, I can ping all the hosts on 192.168.254.xxx segments, but when I tried to ping the hosts in 192.168.250.xxx and 192.168.251.xxx segments, I get a request timeout.
 
The routing table on the RV110W shows the gateway for 192.168.254.240 (the VPN IP address) as 0.0.0.0 and interface is WAN.What am I missing and how should I configure the RV110W so that I can access the other subnets through VPN?

View 6 Replies View Related

Cisco Routers :: 3750 / RV042 And Multiple LAN Subnets Access To Internet

Nov 27, 2011

We have RV 042 deployed for internet access/firewall purposes. Due to growing number for Wireless devices and also to separate WLAN traffic from wired devices, we have created a separate VLAN/IP Subnet for the wifi devices. We are having trouble accessing the internet from the WiFi VLAN/IP Subnet.  Cisco 3750 is layer 2 and layer 3 device. We have VLAN 1 (10.10.10.0/255.255.255.0), all wired devices and RV 042 are part of VLAN 1. Connectivity to internet from VLAN 1 is good. VLAN 2 (192.168.1.0 / 255.255.255.0) was created for wifi devices, 3750 does the inter-vlan routing, I have enabled the multiple subnet feature on the RV 042 and added 192.168.1.2 / 24 to the subnet list, we still have issues accessing internet from vlan 2 devices.
 
As a workaround, I shutdown vlan 2 and added 192.168.1.0/24 as secondary address to the VLAN 1 interface on 3750 and i was able to access internet from 192.168.1.0/24 network with wifi devices also on vlan 1, we want wifi devices to be on separate vlan / ip subnet. Looking at the documentation for RV series routers, it talks about supporting multiple subnets access to internet by enabling multiple subnet feature but it doesn't seem to work.Are there restrictions on having multiple vlans?

View 4 Replies View Related

Cisco Firewall :: ASA 5520 - Allowing Guest Wireless Network Access To Internal Subnets

Jan 23, 2012

We have a Cisco wireless infrastructure in place that includes a guest network with its own subnet that is a sub interface of the inside interface on our ASA 5520.  There are no routes for it to be allowed access to the internal subnets.  So it can only access the internet.  This is primarily used by the public, but we have several non employee personnel that we only want to give internet access and force them to access the internal network through our clientless SSL vpn portal or through other internet facing internal resources such as webmail.I have done packet traces from within the ASA and the break appears to be there is no ACL allowing the traffic back into the network once the web resource replies to the request and the traffic is attempting to come back into the network from the web resource.  Is that as clear as mud?
 
I know that this has to be a common problem and a way around this is to allow the guest wireless network access to the internal network but only for the select resources that they require.  And that this can be done seemlessly by network specific routes and or alternate DNS entries, but I would like to keep this simple and just allow them to access the web resource, webmail and VPN, from the guest wireless using internet DNS servers without route trickery.

View 8 Replies View Related

2 Subnets + Both Legs Of Router On Same L3 Switch?

Sep 6, 2011

This might be ridiculously bad for security but I'll ask anyway. Is it ok to have two routers on the same subnet? One router/firewall will do NAT for hosts that don't need a real IP/or care to manage their own firewall and the outward facing router.

View 2 Replies View Related

Home Network :: Connecting Different Subnets Without Router?

Apr 12, 2012

I have a home network. There are a total of 3 PCs. Each runs Server 2008 32 bit. One PC - Lets say Server A has 2 NICs with Ip addresses, 10.0.0.10/30, 10.0.0.2/30.Other two computers Server B and Server C have single NIC with addresses 10.0.0.1/30 and 10.0.0.9/30 resp. So as you can see that there are two subnets 10.0.0.2 - 1 and 10.0.0.9 - 10. I can ping B and C from A. I want that B and C can also ping each other and if I run tracert on B or C, it should give me the route to the destination via A. All this without any other hardware. Like using route add... etc eg. if I write tracert 10.0.0.9 on B, it should return a route like 10.0.0.1-----10.0.0.10------10.0.0.9. Refer to the image that I have Attached

View 7 Replies View Related

Multiple Public IP Addresses From Different Subnets On 1 Router

Feb 20, 2012

Is it possible to have multiple public IP addresses that are from different subnets going through one router? I have been told that this is not possible with most routers and that I would have to spend a lot of money on a router to be able to do it. I am still not totally clear on what defines a subnet even after reading up on them. What I am trying to achieve:

-My office has 10 computers.

-All would be connected to one router.

-My internet service provider has provided me with 10 public IP addresses, that are all very varied (which I asked for)

View 3 Replies View Related

Constantly Using Portable Wireless Router On Different Subnets

Apr 25, 2011

I work in the field at multiple accounts on machines/subsytems which have internal private wired lans within each particular subsytem. I use my laptop with a 3G connection to access the internet while onsite. I also connect wifi, to a portable router I carry, to the sybsystems wired network. Each particular machine/subsystem always has it's own particular private lan/subnet. I only work with a single machine/subsystem at a particular time.What is the easiest or best way to do this without having to always change the ip address on the wireless router (to match the subnet addresses on that particular machine) I use for each scenario. Is there a way to keep the router ip address the same always and add routes or something using a script or something that I can automate? I need my internet 3G connection (which is always my default gateway) as well as a connection to machine's internal network simultaneously (2 different subnets using 2 diffent adapters (3G and Wifi adapter)).

There is never any existing routers on these internal networks. Sometimes there is a DHCP server though. In the case where there is a DHCP server, can I just connect the WAN port of the Wireless Router to the internal network and let the internal network with it's DHCP server act as though it is the "so called internet/broadband connection"?In the event there is no DHCP server on the network, will I have to just continue to alter the address/range in the router?Also, I always have DHCP disabled in the router when using.

View 3 Replies View Related

Linksys Wired Router :: Cisco RV042 With Two Subnets For A Web Server?

Dec 21, 2011

I have a static DSL connection and my ISP is giving me 4 static IP's. I have connected my RV042 to the DSL modem and I have now 1 subnet at 192.168.0.0. What I want to create is a WEB server/ Email server, but to sit on a different subnet - 192.168.5.0. For now I have connected the server to the DMZ port, but I am unable to to access it from WAN, only from LAN. how to configure properly the 2 subnets (192.168.0.0 and 192.168.5.0) and how to forward my static address to the server which I which to be on the 192.168.5.0.

View 1 Replies View Related

Cisco VPN :: 5520 Cannot Connect Remote Subnets Via ASA To Draytek Router VPN

Jun 19, 2011

my local site has Cisco 2811 router connecting locally to ASA 5520. Remote site A has Draytek Vigor2950. I have working vpn between local subnet 10.0.0.0/24 and remote site A 10.100.6.0/24. I have remote sites B (10.100.7.0/24) and C (10.100.8.0/24). I would like to route traffic from local site to remote sites B and C via the local-to-remote A vpn. On Draytek routers B and C, I have added to subnet 10.0.0.0/24 to the remote network profile list. On local router, I route traffic for subnets 10.100.7.x and 10.100.8.x to the ASA. On ASA I have added these subnets to the profile for local-to-remoteA vpn.But the vpn will not establish when I attempt to ping from local to remote B or C.

View 5 Replies View Related

Linksys Wired Router :: Connecting 2 RV042 With Different Subnets And DSL

Apr 30, 2013

Small office, 2 RV042, 2 DSL connections. 1 is used striclty for the business side, and the other is for our CCTV network. They also have seperate DSL connections as we have 2 external IP address for clients to connect remotely. We don't want to take away our exisring setup, but would like to bridge both networks so a few of our internal clients can connect to our CCTV network and use some of the devices. Right now they come in on VPN but its not as fast.Is this doable without adding additional hardware? Both networks need DHCP enable as well.

View 1 Replies View Related

Cisco Routers :: RV220W Find Router That Can Do Port Forwarding To Other Subnets

Mar 31, 2013

I'm trying to find a router that can do port forwarding to other subnets. My current linksys has IP of 192.168.1.1, and only allows me to port forward to 192.168.1.x, but I need to forward to 2.x, 3.x, 4.x
 
I can see how to do this on the RV215W through the online emulator, but Cisco suggested I use the RV220W. Looking through the device emulator, I can't seem to figure out how I would set it up.

View 6 Replies View Related

Cisco Switching/Routing :: 887 - IP Multicast Routing Between Subnets Same Router

Feb 21, 2013

I’ve been trying a few days now to implement multicast routing on my home network in order to make airplay work between subnets. Specifically between an iphone and a hifi separated by different vlans. Failed, as I have no experience in multicast routing. we have a clean configuration and simple network which consists of two SVIs

Vlan 10: 192.168.1.0 255.255.255.0
Vlan 20: 192.168.2.0 255.255.255.0
 
ios platform cisco 887

View 5 Replies View Related

Routers / Switches :: Connect 2 Subnets With Two Switches And One Router Using SIM Software?

Apr 23, 2011

how to connect two subnets with two switches and one router using router sim software?

View 1 Replies View Related

Connection Between Two Subnets

Apr 12, 2012

I have a home network. There are a total of 3 PCs. Each runs Server 2008 32 bit. One PC - Lets say Server A has 2 NICs with Ip addresses, 10.0.0.10/30, 10.0.0.2/30. Other two computers Server B and Server C have single NIC with addresses 10.0.0.1/30 and 10.0.0.9/30 resp. So as you can see that there are two subnets 10.0.0.2 - 1 and 10.0.0.9 - 10. I can ping B and C from A. I want that B and C can also ping each other and if I run tracert on B or C, it should give me the route to the destination via A. All this without any other hardware. Like using route add... etc eg. if I write tracert 10.0.0.9 on B, it should return a route like 10.0.0.1-----10.0.0.10------10.0.0.9.

View 3 Replies View Related

Two Subnets Across Same Link

Aug 24, 2012

I have two subnets, that need to share a common link, and each with its gateway at the opposite end. What kind of switch do I need for the two red boxes?

View 7 Replies View Related

Same MAC Addresses In Different Subnets?

Nov 20, 2012

I have an exercise with picture you find below. The question is: Will the network shown in the diagram work correctly when you consider that the MAC-addresses PC0 and PC8 are the same, and why?

View 1 Replies View Related

How To Connect Two Subnets

Mar 26, 2013

I have 2 DSL Lines going into a load balancing router. The load balancer is set up to distribute the traffic equally on the two lines, hence doubling the bandwidth. Though great at load balancing, it cannot handle DHCP for the 50+ users on our network, and therefore we are using another router for DHCP, which is running DD-WRT firmware.DSL 1 - 10.1.0.1DSL 2 - 10.2.0.1Load Balancer - external 10.1.0.2, 10.2.0.2 internal 192.168.10.1. DHCP Router - external 192.168.10.2, internal 192.168.1.1All other devices - 192.168.1.xThe load balancer has many options to direct traffic to one WAN port or the other based on IP address, which we would like to implement. But right now, since all my devices are on the 192.168.1.x subnet, it can't see anything but the DHCP router. So essentially it thinks it has only one client.

View 1 Replies View Related

Cisco :: Designing A Network Using Subnets?

May 5, 2011

I recently added a post lately referring to drawing a topology of a large network with a high number of hosts. Now with project itself, I'm designing a network for a large organisation with a different number of hosts at each location.These are, 500,18,52,236 and 12. The location with 500 hosts is the head office, to which every other branch has a wide area network connection through a serial link.How many subnets would I require? I wrote down subnet details, but only for 5 subnets, a subnet for each location. Is that all I need? Or do the WAN connections count as subnets

View 9 Replies View Related

Cisco :: Communication Between Subnets On 5510

Sep 13, 2011

I am working on a Cisco 5510 with multiple interfaces and requirements. I have experience with Cisco IOS, but not too much with the ASAs. I seem to be getting a bit confused on the NATing and ACLs on a firewall that was started by another employee, who is no longer here. With my current config I can get the firewall in place (we are currently using an older PIX) and most basic functions work except for two key things: 1) communication from the finance interface to the inside interface. The finance subnet has some restrictions that you will see in the ACL- we are trying to limit connections to the those systems, but they need to be able access an e-mail server on the inside. 2) communication from the DMZ interface to the inside interface. Maybe related to the first problem?

View 2 Replies View Related

Cisco :: Multiple Public Subnets On Asa

Mar 2, 2012

I've currently got my ASA (5505) serving a /28 public subnet. I've ran out of IPs, so my DC has issued me an additional /24 subnet that they have routed to my ASA. What needs to be done on my ASA so be able to use these new addresses? I've been trying to search and not been able to find a good answer (some say I shouldn't have to do anything, everything else references NATing, which I currently don't do and would rather not do).The servers I assign these to, I'd like them to have the public ip assigned directly to them.

View 5 Replies View Related

Cisco :: Connecting 3 Subnets On 1 Switch?

Mar 31, 2012

I have 1 Cisco switch 24 ports and 12 computers. The 12 computers are divided in three groups and every group is a different network segment.

question 1: I need that every group has communication with its own set of computers but no communication with the computers on the other segments.If I connect the computers to any port on the switch, can they communicate within its own groups? Can the switch pass the network traffic for all of them?

question 2; What I need to do on the switch to have them to reach the internet?

View 9 Replies View Related

Cisco LAN :: Connecting 2 Subnets Using 2921?

Feb 12, 2013

I have a cisco 2921. I have 2 networks that has its own router
 
192.168.1.0 network is connected to watchguard firewall 192.168.9.0 network is connected to the cisco 2921 router.
 
I want to connect the 2 subnet using one of the interface of the cisco router. How I can get this work? It is not connected via vpn tunnel but we want to have LAN speed when accessing resources on both network. Each network is connected to a dell switch.

View 22 Replies View Related

Cisco :: 5508 Will Not Discover AP's On Other Subnets

Nov 8, 2011

I have a 5508 controller that has 14 APs connected to it. I installed them without an issue. The 2 new APs are on a different subnet. I can ping them from the 5508 controller ping command, but they do not self discover from the web interface. The 2 new APs are at a differnet physical location.

View 21 Replies View Related

Cisco VPN :: ASA 5520 Not Processing RRI Subnets

Jun 18, 2012

I am coming to this forum because TAC and several CCIEs are having trouble finding me a solution to my problem.
I have Two 5520s each running 841 connected in two different data centers with two different internet providers. I have 100+ 5505s that have the capability to connect to either 5520 via EZVPN to either 5520. Up to now there has not been a need for a 5505 connected to one 5520 to talk to another 5505 on the other 5520. Each 5505 accesses network resources as in any enterprise network. Our company recently started telecommuting and I have been giving 5505s and a VOIP phone out to people. What was discovered is, if you are on one 5505 connected to a 5520 and the other 5505 is connected to the other 5520 the audio in voip does not work. If both the 5505s are connected to the same 5520 than everything works fine. Conversely a 5505 on one 5520 cannot ping a 5505 on the other 5520. 5505s on the same 5520 can ping each other no problem.
 
My problem: All 5505's are configured for a 172.18.xxx.xxx  255.255.255.224 subnet. This subnet is not used anywhere else. So I have a 100 Class "C" subnets carved up into 255.255.255.224 networks. If I look at a specific route for a subnet on one 5520 I see it pointed to the outside interface via RRI. I can look for the route in the 5520s connected CORE switch and I see the route pointed to the 5520. We have a fiber connection to the CORE in the other data center. The route is in this CORE switch as well. When I look for the route in the 5520 connected to this core it is not there. I have all other routes visible but not this particular route which should show on the inside interface. All I show on the 5520 are the 5505s connected to this ASA. So the 5520 is not processing the RRI subnets from the other 5520 and vise versa. Thats why a 5505 on one 5520 cannot ping a 5505 on the other 5520. I only see 172.18.0.0/27 on the outside interface of both 5520s. I do not see any 172.18.0.0/27  on the inside interface on either.
 
I have had numerous TAC cases open on this and no one seems to either understand my problem or have a solution for me. My local sales rep CCIE says the problem looks like a bug in 841 (which I am running) and that the ASA is not processing RRI from eigrp which I am running as well. The whole network is running the same instance of EIGRP including the 5520's.
 
My questions:
1) Is it possible the 5520 is not allowing 172.18.0.0/27  on both the outside and inside interface? Even though all subnets are masked proper the ASA maybe thinks it is being spoofed? I have not been able to confirm this using the real time log.
2) Could this really be a bug? I have looked at all the release notes and have not found anything resembling my problem. TAC has not recommended that I upgrade or downgrade my IOS.

View 6 Replies View Related

Cisco Switches :: SF-300 24 - 2 Subnets And Uplinks

Oct 6, 2011

I have 2 sub nets and 2 up links
port g1 = 211.122.10.x
port g2 = 210.211.10.x
 
Can use 1 switch (sf-300 24)
assign port 1-12   up/down to g1
assign port 13-24  up/down to g2

View 1 Replies View Related

Cisco Routers :: RV082 NAT To Other Subnets?

Jan 12, 2012

Is it possbile to NAT to other subnets with the RV082. It is on a 192.168.41.x and I have a phone system on a 192.168.20.x. After searching all over others are saying no.

View 4 Replies View Related

Cisco :: 2504 - Wi-Fi Management Across Different Subnets

Jul 29, 2012

Is it possible to use a 2504 wifi controller to manage compatible AP's across different subnets ?

View 2 Replies View Related

Split Network Into 3 Subnets?

Oct 9, 2012

I need to split a network: 10.0.4.0/24 into 3 subnets with the following hosts per subnet:

Subnet 1: 80 hosts
Subnet 2: 10 hosts
Subnet 3: 120 hosts

split into 3 subnets?

Im thinking something like this:

Subnet 1
Network 10.0.4.0
Subnet Mask 255.255.255.128

[Code].....

View 1 Replies View Related

How To Find Out Range Of Subnets For Given IP

Jul 7, 2011

if some gave me an IP address and subnet mask, and they told me to identify the range of valid subnets I have no clue how to do it. I know how to work out the total number of subnets and hosts, you just look at how many subnet bits have been borrowed and use the 2^ formula. For example with the IP 172.28.123.0/25 I know the default mask for a classs B address is 255.255.0.0/16 so in this example we have borrowed 9 subnet bits to give mask of 255.255.255.128/25 and 7 host bits remain. In order to find the total number of subnets you do, 2 to the power of 9 because we borrowed 9 bits, which tells us that there's 512 subnets and to find out how many hosts we do, 2 to the power of 7 because we have 7 host bits, so that gives us 128 hosts in each subnet. Now this is where I get lost, how do I find out the number of the first and last subnet? I know there's 512 subnets and each subnet has 128 hosts. But I don't know the number of each subnet, the range to be more precise. How do I workout the first, second, third, fourth etc subnet address

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved