The remote office is connected to hq via site to site vpn. I have 1 static IP (on the remote site)that I use for the site to site. I need to publish a web server at the remote site. My question is can I use the same IP for VPN and web server publishing, I am having trouble getting the web server to publish
View 2 Replies
I'm configuring a Cisco ASA 5505 ASA Version 8.3.1 I want to publish my web server is in the DMZ (10.30.30.1) and server address is 10.30.30.30 but it still fails.I have only one public IP, and hope that when they call the Public IP, my web server appears, another problem I have is that when I assign the public IP to my interface OUTSIDE my LAN loses internet connection.I have to do to publish my web server and the LAN computers have internet access?
View 16 Replies View RelatedI want to know if is possible to publish a port of an internal server to be accesible from internet but only from a specific IP.I know that in Setup menu exists Forwarding but it allows to publish ports to all internet no matter the source IP.
View 1 Replies View RelatedCisco ASA 5510 directly facing the internet on E0/0 (1 Public IP only) with internal LAN on E0/1. Exchange 2010 OWA working fine with ACL and NAT rules configured.Problem:
•1. Cannot publish internal web servers to outside, have tried PAT.
•2. Have multiple web servers to publish with all on one protocol (HTTP) to a single public IP which I don’t know if it’s possible on a ASA.
•3.When SSL VPN is configured with Local user database, connecting from Anyconnect client gives a certificate error. Upon viewing the certificate it points to the internal mail server.
configuring an ACL for a 857 Cisco router for web-server traffic. I've configured a NAT for the inside network and added ACL entries for port 80 access but dont seem to have any luck accessing the website remotely. I suspect there's an ACL rule blocking access.
Setup Internet === Router === Webserver
Router address: 10.0.10.1 Web-server address: 10.0.10.77IP from ISP address: XXX.XXX.XXX.XXX
(masked for security)
I have my webserver (30.30.30.50) located at DMZ zone. The public IP of my webserver is (119.2.116.191). From outside i can ping my webserver using public IP thats fine.The issue out here is, if i want to ping my webserver using public IP from Internal LAN then i cannot ping but i can ping my webserver using private IP.I am using ASA5520. [code]
View 2 Replies View RelatedWe're running three networks (inside, outside and dmz). Inside is 10.0.1.0/24, dmz is 10.0.2.0/24, outside is a static ip allocated by our ISP. We'd like to configure the following:All traffic from the outside to [static provider ip] on port 80 should go to 10.0.2.200 port 8080.
View 14 Replies View RelatedI have one webserver which open for public via http and https. The server sit behind Cisco ASA 5510. Today our webserver have been hacked by someone. The index.html has been replaced by hacker own index.html file. Is it anyway to detect who did (by IP) this? is my Cisco ASA can give any clue about it? How to prevent from this happening in Cisco ASA? FYI, my ASA only allow HTTP and HTTPS port from outside to internal. This ASA is solely dedicated to protect the webserver.
View 3 Replies View RelatedASA 5510I'm trying to add a static NAT for to allow access to an internal webserver on my DMZ. I've added the config, however i'm still unable to get to it from the outside. I'm able to ping and browse the server from the LAN and I'm also able to ping the external interafce from the outside, but just unable to browse.I've turned on logging and the error I'm getting is "Inbound TCP connection denied...flags SYN on interface outside"
View 0 Replies View RelatedIm currently working on setting up a small network at home. I have a Dell 2716 and a dell 2650 server running windows server 2003. Ive already setup the dns and domain controller on my server. I have 3 desktops that will connect to the server. so far I have the following setup. ISP---> Dell 2716 --->dell 2650/ computers. I set the computers prefered dns to the servers ip. Im able to join the domain and log in but is there a better way to set it up. Also the server and computers are set to static ip.
View 2 Replies View RelatedI am running a webserver locally and I am unable to resolve it by domain name (e.g. mydomain.com) when I am inside my network. However, I am able to hit it internally (e.g. 192.168.0.10) just fine. When I try to access mydomain.com from inside my network it comes up with my Actiontec router's admin page on 192.168.1.1.Here is my configuration:Actiontec FIOS router 192.168.1.1 (connected to internet)DHCP disabled Netgear Router 192.168.1.2 is in the DMZHas cable running from Actiontec's LAN port to Netgear's WAN port[CODE]
View 7 Replies View RelatedI am running a websever on virtual machine on ubuntu .how can i forward all traffic coming to my ip to virtual machine which is 192.168.1.4 on my LAN.here are my configs.
OS - Windows 7
Router - DLink
Virtual machine network Setting - Bridged adapter.
I have a sg300-10 switch. i update the firmware with the last one. Things are complicated when i create 2 VLAN. ( really 1 VLAN cause the first is native ).So i have the first VLAN with the interface 192.168.1.254 ans the VLAN 2 wich IP is 192.168.2.254
I'm connected with my workstation ( ip : 192.168.1.2/24 with GW 192.168.1.254 ) and i try to ping a web server on VLAN 2 ( ip : 192.168.2.2/24 GW 192.168.2.254 )
Ping is OK ! But when i try to reach any ports of the webserver : Nothing.
I configurated ipsec remote vpn at catalyst 6500.
192.168.14.0/24-- my servers are assigned this subnet
vpn user:10.10.10.0/24
192.168.10.229 ---- webserver ip address
[code]...
I've tried to get my head around this but beeing used to Juniper and Watchguard devices I just can't get my home webserver published to the outside interface.I have a ASA5505 with ASA version 8.4 and ASDM version 6.4 and the basic license.
Outside interface is X.X.X.32/255.255.255.248 so I have 5 static IP:s on my external interface, .34 is in use for the outside interface.
Inside 10.10.10.0/25
DMZ 10.0.0.0/24
I have a webserver in DMZ located at 10.0.0.253 and would like to publish it to the external IP X.X.X.35.I've tried to make the static NAT but every time I do either nothing goes in or out of the DMZ zone or you can't access the webserver from the outside interface.Right now I deleted all trials since none of them work so only the basic config is applied. Everything get's NAT:ed to the external interface .34 IP.
I've configure two ACE 4700 in a SLB modus http to a web server.To understand how the ACE works and to see if all are ok, I want to test it? but how?
How do I do to initiate a http connection between my test pc to the webserver through the ACE?
I have the syntax correct and thought process down right on a solution to allowing guest wireless users access to an internal webserver. (DMZ discussion aside)
We have an ASA5510 with interfaces setup as:
outside - 65.x.x.x address
inside - 172.20.1.2
guest_inet - 10.2.1.1
Internally clients resolve our website to 192.168.40.40 and that part works as it should. Clients outside of our network resolve our website to the correct external address (lets just call it 1.1.1.1). We have a NAT statement static (inside, outside) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 and an ACL to permit tcp any host 1.1.1.1 eq www
Clients on our guest_int use an external DNS server and hence resolve our website to 1.1.1.1. However it seems traffic goes out and back in our outside interface and this connection never occurs.
What I'm wondering is the correct NAT statement / ACL to add that would allow our internal clients on the 10.2.1.x network to access our internal website. Would that be: static (inside,guest_inet) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 ? Since there is already an ACL permitting port 80 traffic to 1.1.1.1 we should be taken care of on the ACL side of things, right?
I have home network with my Linksys E-4200.
My HP Microserver (Ubuntu +Samba+Apache) is connected via LAN. I have notebook (Windows 7). To my server (FILE+WEB) I have access only when I connected via LAN cable. In windows 7 i see my server and have access to the files. Webserver works also properly: access with the name of the server in web browser.
But by WiFI connection, there is no access ! The server has the reserved local IP-address, like 192.168.1.200.
What should I do to solve it? By typing "192.168.1.200" i see the localhost page, but nothing more!
I'm trying to test fast roaming using a Cisco 2100 Series controller and 2 1140 APs. The initial authentication succeeds fine and the wireless connection works ok using WPA2+CCKM and LEAP with a Cisco ACS radius server.The problem is that the client does not attempt to preauthenticate with the other AP because the RSN Capabilities IE in the AP beacons and probe responses do not set the RSN Preauthentication capable bit. I can't figure out what it takes to get the APs to indicate to clients that it can do preauthentication. I'm been crawling through all the documentation I can find, to no avail.
View 1 Replies View RelatedWe are about to share a 10 MBit ISP connection with 2 others companies, and they are going to split the bill up into 3,3 and 4 Mbit, so we where thinking that we could setup a switch before their and ours router and provide them with a static IP from our ISP. But is it possible to set a bandwidth limit on the ports of a Cisco Catalyst 2960-8TC, so that we can set a limit of 3,3 and 4 on 3 ports.
View 1 Replies View RelatedI want to PAT my project of WLAN and i attached the document, how I create the Testing Criteria of the said scenarios, PAT document includes WCS 7.0, WLC 5508, MSE 3310, Cisco AP 3502e and ACS 4.2.
View 0 Replies View RelatedI have cisco ASA5510 firewall using in my network but unable to bolck Url's unwanted. can i block the [URL] on the asa by using regular exp.
View 3 Replies View RelatedI have 7 POE switches that have ESI IP phones attached. I have two VLANS, 1 and 2. VLAN 2 is used for voice and is defined in each switch.The ESI IP phones connect to my POE switch ports and the pc attaches through the ESI IP phone.
I have had voice quality issue between floors in my building. Talking to others on my floor via the IP phone, there are no voice quality issues. [code]
is it possible to connect Cisco Ap-1242AG with non-cisco wireless router to work as repeater?
View 1 Replies View RelatedI am looking at a config on a 5550 FW, and am trying to make sense of the syntax of the following rules. I have been to the Cisco site, but can't find much on the syntax.
View 8 Replies View RelatedI currently use a device called the Access Enforcer which runs OpenBSD. I have 3 stable, working VPN tunnel's where the other side's device is a Cisco ASA 5520 or 5540. I was setting up my 4th VPN where the other side used a Cisco ASA 5520 and ran into issue's. The Cisco side can bring up the tunnel. Once the tunnel is up each side can talk to the other side. However, when the tunnel is dropped, the OpenBSD side cannot bring up the tunnel. The error received is on the OpenBSD device is "isakmpd[29581]: transport_send_messages: giving up on exchange from-XX.X.X.0/24-to-XX.XXX.XXX.240, no response from peer XX.XX.XXX.141:4500". I have been trying to figure this out for weeks now and can't seem to find the cause.
View 3 Replies View RelatedI am trying to configure a 3750G that has been sitting on the shelf for several months and am getting the following error -
% Error: Unable to create flash:/microcode_update% Error: It must not already exist
Normally, getting an error during POST isnt a good thing. My first thought was that flash was corrupted or flagged RO somehow. I did fsck flash: with no change. I next tried fsck /test flash:. It tested 77 blocks and performed 0 erasures. It had been running for about 15 minutes with no problems reported so far. Multiple reboots of the switch still report the same error.
I have reviewed the history of what I have done on this switch and finally think I found the problem. I noticed a microcode_update directory that I am not used to see on a 3750. Deleted the directory using the rmdir command and rebooted the switch. On reboot, I noticed that a front_end/ directory was listed as being created as well as fe_type_1 and fe_type_2 were created. The switch now boots up without any errors.
I have two Cisco Aironets 1401 connected to a Cisco Catalyst 3560 Switch. When users log onto the Wifi the APs authenticate with a Freeradius that then authenticates with LDAP.
Recently users have been getting kicked off of the network but I'm not sure why.If so how do I set these APs to roam with my setupd?For all I know there could be an issue with the switch I'm just not sure where to start when it comes to troubleshooting this issue.
Guys I am using a cisco 2911 router with three interfaces: Gi0/0 connected through a switch to all my servers and Gi0/2 which will connect to another server, and Gi0/1 is my outside interface connecting through a switch to two ISP's.I have webservers and Terminal servers/File Servers with 10.0.0.0 network address connected throught My Gi0/0 interface.Now I want to implement a Cisco Advanced firewall for security on my router using CCP.I want the firewall to work such that it allows external users to access the servers on Gi0/0 through ports 0,23,25,20,21,53, 110,3389. and to access the SIP server on Gi0/2. My issue is can i just create two DMZ's for both interface Gi0/0 and Gi0/2 without creating an inside zone and Gi0/1 as outside zone as my internal traffic is mostly server based and the users connect remotely through terminal server to access resourcess using RDP, secondly how do I open the relevant ports.I have checked alot and all I have seen is just basic process on using the wizard I have no idea how to go about this issue.
View 19 Replies View RelatedI bought a new cisco 3550 switch to prepare for my Cisco certification prepration. Actually i dont know how to connect the cisco switch to a laptop with only usb ports....... earlier i used to do my practise using Cisco packet tracer but i think for CCNP switch that is not enough thats y i bought second hand switch. how can i connect that switch with my toshiba laptop which has only USB ports. do i need to buy some sort of convertor or other hardware. And if so what does u call it and how much does it cost?
View 5 Replies View RelatedI am struggling to have my PPTP traffic to get routed through NAT to reach other Server LAN segment. I am using Cisco 2921 router as a PPTP server.This Cisco 2921 router is working as PPTP server and doing NAT also to reach Server LAN segment (LAN-B).My problem is after PPTP connection establishes I cannot reach any of the LAN segment, but after connecting PPTP I can browse Internet without any issue, but none of the LAN element is reachable. Please have a look on the configuration I am posting 2921 router configuration to suggest something, I have also attached the network setup for better understanding…Just to update Clients in LAN-A can access Internet as well as servers (LAN-B). [code]
View 2 Replies View RelatedI would like to know the IOS which supports :ACL Support for Filtering on TTL Value feature on my Cisco 7600 device. I check on cisco and found the Cisco 12.4T release but this software doesn't fit onto my chasis. which software should I upgrade to on my cisco 7600 to have this feature.
View 5 Replies View RelatedI have a cisco router I would like to reset the password for. Its the first password that is entered. for exampleUser access verificationPassword:I have changed the en password using this command:router(config)#enable secret cisco123 <---example password
View 5 Replies View Related
