Cisco VPN :: VPN Setup On ASA5505 With Multiple VLANs?

Jun 17, 2012

I'm trying to setup a VPN connection for the two PC's in the graphic below. I have the link between the two locations setup and secured, now I just working with the routing elements.what I need to add to the firewall config in order to get this to work? Here is what I have:
 
SITE A------access-list mpls_vpn_sitea extended permit ip host 172.168.199.1 host 172.168.199.2 access-list mpls_vpn_sitea extended permit ip TEST-LOCAL 255.255.255.0 TEST-REMOTE 255.255.255.0crypto map mpls_vpn 1 match address mpls_vpn_siteacrypto map mpls_vpn 1 set peer 172.168.199.2 crypto map mpls_vpn 1 set transform-set ESP-3DES-SHAcrypto map mpls_vpn interface MPLScrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
SITE B------access-list mpls_vpn_siteb extended permit ip host 172.168.199.2 host 172.168.199.1 access-list mpls_vpn_siteb extended permit ip TEST-LOCAL 255.255.255.0 TEST-REMOTE 255.255.255.0crypto map mpls_vpn 1 match address mpls_vpn_sitebcrypto map mpls_vpn 1 set peer 172.168.199.1 crypto map mpls_vpn 1 set transform-set ESP-3DES-SHAcrypto map mpls_vpn interface MPLScrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

do I need to specify a route between the two networks? What do I need to have for NAT statements?

View 10 Replies


ADVERTISEMENT

Cisco VPN :: ASA5505 - Multiple Distinct Inside Subnets And VLANs?

Nov 17, 2011

The ASA device is going to be the gateway for multiple distinct inside IP subnets.   We can have have a unique outside IP address to correspond to each inside IP subnet if needed, but we need some means for a VPN client or a site-to-site VPN to have acess to a pre-definied IP subnet (i.e. if customer A establishes a VPN connection, they have connectivity to IP subnet X; customer B establishes a VPN connection, they have connectivity to IP subnet Y, etc.).Currently, the two inside IP subnets are 10.10.0.0/16 and 10.20.0.0/16. We will be adding more.The problem we are facing is that we cannot reach the VLAN 201 from the ASA we believe this is because. I have setup two addresses on port 0/1 Vlan1, 10.10.20.2 and 10.20.20.1 as an alias. How can we make traffic for the 10.10.0.0/16 subnet untagged and traffic for the 10.20.0.0/16 subnet tagged for VLAN 201.

View 1 Replies View Related

Cisco Switches :: SG-200 To 887 Setup Trunking Between These 2 Devices For Multiple VLANs

Mar 28, 2012

We have a Cisco 887 router and a Cisco SG-200 switch.We'd like to setup trunking between these 2 devices for multiple VLANs on the switch to be made available on the router.
 
With previous routers, you could set the router up in the configuration 'router-on-a-stick' and VLANs worked like a charm but the 887 no longer support sub-interfaces.So how can you get trunking working between the 2 devices?
 
Is there a VTP configuration menu for the SG-200 which we can setup in order for it to talk 'VTP' with the 887 router??

View 1 Replies View Related

Cisco Switches :: SG300-10 / Setup Multiple Routed VLANs Going Back To FiOS Actiontec Router

Aug 13, 2011

I just received a new Cisco SG300-10 and am configuring it in Layer 3 mode.  I am trying to setup multiple routed VLANs going back to a FiOS Actiontec router.  My configuration is as follows.
 
Fios Router: 192.168.1.1
Assigning DHCP 192.168.1.2 through 100.
 SG300-10 has VLan 1 ip 192.168.1.5 used for Mgmt.
VLAN2 is 10.0.2.1
VLAN3 is 10.0.3.1.
 
I have a static route set on the fios router for both subnets setup as follows.
 
Destination 10.0.3.0 Gateway 192.168.1.5 Netmask 255.255.255.0 Metric 1
Destination 10.0.2.0 Gateway 192.168.1.5 Netmask 255.255.255.0 Metric 1
 
I have a laptop connected to Gi8 on the Cisco (Vlan 3) and statically assigned 10.0.3.3, with a gateway of 10.0.3.1.  DNS set to the fios router (192.168.1.1). 
 
Everything pretty much works EXCEPT, I cannot get out to the internet from either vlan.  Traffic routes between vlans/and the default subnet on the fios without issue.
 
When I ping out, DNS resolves, but will not go past the fios router.  Am I missing a setting somewhere?

View 3 Replies View Related

Cisco Switches :: Multiple VLANS And SG300-28P Switches Setup?

Aug 20, 2012

I'm going to have several SG300-28P switches to setup.  I'll need to create multiple vlans for data, voice, and wireless traffic.  I have the following questions in setting up this configuration:
 
VLAN 1 Management
VLAN 100 Data
VLAN 200 Wireless
VLAN 300 Voice 
 
1) For managing the switches via IP, will LAN1 be the default management network?  Should I create a seperate VLAN for managing the switches?
 
2) For uplinking the switches together, I plan to trunk a port to connect the switches together.  What's the configuration on the trunk port to forward all vlans from one switch to another?
 
3) On some ports, I want to configure a trunk for two vlans (Data and Voice) where the phone has a pass through for PC.  The phone supports tagging for the PC and the VoIP traffic.  For example on port 10, would VLAN 100 and 300 be set to tagged?

View 3 Replies View Related

Cisco Wireless :: C1131AG - Multiple SSID With Multiple VLANs Configuration On Aironet AP

Oct 21, 2012

how i can configure a second ssid for guest access in our environment. this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
 
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
 
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time. My AP config is attached below.
 
Do i need to redesign the whole network to have a native vlan other nthan the data vlan? Does the access point need to be aware of the voice vlan? Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?

View 1 Replies View Related

Cisco Wireless :: Configure Multiple SSID With Multiple VLANs And DHCP Pool WAP4410N

Sep 18, 2012

My question is if I can configure 3 ssid, for 3 different VLAN and add the DHCP address from a WAP4410N AP, when you upgrade to the latest version of IOS I can have this functionality?

View 2 Replies View Related

Cisco Switching/Routing :: 6509 - Configure Multiple Dhcp Pools On Switch For Multiple VLANs

Mar 9, 2010

Is it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.

View 5 Replies View Related

Cisco Firewall :: Using VLANs With ASA5505 For Private And Public Internet Access

Oct 2, 2012

I am trying to provide internet access to public and private SSID's on Cisco AP541n using VLAN's connected directly to ASA5505.  VLAN1 is inside interface (private) and VLAN12 is wlan interface (public SSID). The AP541n is plugged into switch port 0/7 on an ASA 5505.Port 0/7 is configured as trunk mode.  I have internet access when connected to private SSID but no internet access when connected to public SSID. why I can't access internet on public SSID? 
 
logging class ip history emergencies
mtu inside 1500
mtu outside 1500

[Code].....

View 5 Replies View Related

Cisco :: DHCP Server With Multiple VLANs?

Jan 26, 2013

How to configure DHCP server if i have 2 vlans. I know how to configure rest of the network, just i don't know server.I use packet tracer and i attached file with my network. PC1 is on VLAN1 and PC2 is on VLAN2.I want ip addresses in vlan1 to be from 192.168.1.2 and in vlan2 from 192.168.2.2. I would like to do it just like in the designed network, without router.

View 5 Replies View Related

Cisco :: Multiple VLANs Inside The Same Subnet?

Apr 4, 2013

The network topology is like this. Router with DHCP_Server on it.

VLAN 10
VLAN 20
VLAN 30

My question is how to configure the router so that all devices on all 3 VLANS can obtain IP from the router. I've tried to enable proxy arp on all interfaces and create sub interfaces and trunk them to their appropriate vlans, but I can't specify the gateway on all trunked sub interfaces because I get a warning that addresses overlap. Then I tried to set access-group on all sub-interfaces and still doesn't work.

View 5 Replies View Related

Cisco Switches :: Multiple VLANs Between 2 SG300-10

Aug 26, 2012

I have 2 SG300-10 switches, and I need two VLANs, one for internal network and one for WiFi APs.I need ports 1->4 on both switches to be part of 1st VLAN  and ports 5->8 on 2nd VLAN; and port 10 uplink to 2nd switch.How I set up the VLANs and interface VLAN mode?
 
[code]...

View 1 Replies View Related

Cisco Switching/Routing :: Multiple VLANs On 881?

Oct 23, 2012

I recently set up a Cisco 881 to cover a small business network. The router is currently set up and working as expected. We recently decided to move to VoIP phones and here is where I'm running into some issues.
 
First an overview: We run a network with a cable internet WAN connection, this connection is DHCP, however we have a static IP through our ISP. We also have a block of 30 additional IP addresses for one to one mapping as we need them. The new VoIP system is being run over T1 lines throughout the township (we are a municipal organization) and the VoIP system is being run to about 5 buildings in the township.
 
This brings me to the topic of VLANs. As the phone engineer explained it to me, there is a network set up over the T1 that allows the VoIP equipment to talk to one another and operates all of the VoIP phones on one network. The equipment that is being installed at our building connects to the network over the T1 and "talks" to the other equipment on the network. The engineer wants to create a VLAN and run it on ports fa1 and fa2, with the fa2 port being connected to the actual "MPLS" (their term) that connects to the T1 and into the cloud, and the fa1 port connected to the internal phone switch.
 
TLDR; The problem is this: When we attempt to set up the VLAN on ports fa1 and fa2, we have no connectivity with the other units in the external VoIP cloud. Pinging while directly connected to the "MPLS" yields successful pings, while pinging from the router with the "MPLS" connected to fa2 yields failures. I'm going to post the running config below, I feel like what we're doing should be working. I asked around about subinterfacing, but others seemed to think this was not necessary.
 
ROUTER CONFIG
Building configuration...
  
Current configuration : 4909 bytes
!
! No configuration change since last restart
version 15.1

[Code].....

View 10 Replies View Related

Cisco Switches :: Configure Multiple VLANs On SG 200-18?

Jun 22, 2011

I am having problems accomplishing these tasks with my new SG 200-18.
 
I have a LinkSys WRT54G2 connected to port 1. I would like ports 2-8 to be in one VLAN with access to the Internet and to be able to share their printers, hard drives, etc. with other computers on ports 2-8. I would like each of ports 9-16 to be on a separate VLAN with access only to the Internet and no other ports on the switch. I would like to be able to manage the switch from any of the ports 2-8.
 
After I create the VLAN 1009 (see screenshot below), port 9 can browse the Internet and cannot see the other ports on the switch which is correct. However, ports 2-8 can no longer access the switch at 192.168.1.20 in order to manage the switch.

View 10 Replies View Related

Cisco WAN :: ASA5505 - Getting Multiple Public IPs?

Sep 20, 2011

For a branch office we have an ASA5505 connected to the ISP with an DHCP provided public IP "locked" to the local MAC This works ok!Now - the ISP may provide up to 5 public IP's (all DHCP assigned).Is it possible to configure 2-5 public interfaces in the ASA?? As IP's are DHCP assigned there must be something (a interface) to request the address.Would this be possible, and if so - what license would be required??NAT routing on the inside should be possible as well.

View 4 Replies View Related

Cisco Firewall :: ASA5505 With Multiple WAN IPs?

Jul 24, 2012

We are trying to utilize a 5 ip block of addresses provided by our ISP. What we have assigned from them is like this: 10.10.10.46 - 10.10.10.50 is our ip range. 10.10.10.45 is the gateway. Subnet is 255.255.255.248. If we assign 10.10.10.46 to the outside interface how do we accept inbound traffic from the other addresses?

View 6 Replies View Related

Cisco Wireless :: 1300 Multiple VLANs Between The Bridges

Feb 20, 2008

I have two Cisco 1300's acting as bridges only.  I have created an infrastructure ssid on VLAN 2 and assigned this to the radio.  I am carrying multiple VLANs between the bridges (using subinterfaces on the fastethernet and radio ports).I have enabled WPA-PSK, but how do I check that this is being used between the bridges? Also - I have a switch connected at each end of the bridge.  When I make VTP changes, the remote switch does not pick these up - is this because VTP goes over VLAN1 regardless of the Native VLAN (2 in my case)? Do I have to carry VLAN1 over the bridge to get VTP working, or is there an alternative solution?

View 7 Replies View Related

Cisco Routers :: RV180W And Multiple VLANs Over Same Port?

Sep 27, 2012

I have a RV180W and a EnGenius EAP350 Access Point.  The EnGenius supports multiple SSID's and VLAN tags them.  If port 1 on the RV180W has VLAN 1 untagged and VLAN2 tagged, any connection to the EnGenius always gets an IP from the VLAN 1, even though they are connected to the SSID which is tagged with VLAN2. 

View 3 Replies View Related

Cisco Switches :: SGE2010 / How To Implement Multiple VLANs

Jun 21, 2011

I have SGE2010 switches and I want to implement Multiple VLANs. Im a newbie and starting to study VLANS's.
 
I want to implement 5 VLAN's on my test lab network and here as follows:
 
192.168.1.x default
 192.168.2.x
 192.168.3.x
 192.168.20.x
 192.168.100.x
 
The .1 is exclusively for my test-lab servers.
 
The .2 is general test-lab Win-XP workstations.
 
The .3 is general test-lab Win7 worstations
 
The .20 is general test-lab production worstations
 
The .100 is for test-lab IP PHONES.

View 4 Replies View Related

Cisco Switches :: RV016 - Multiple Vlans Configuration?

Aug 19, 2012

I have to configure multiple vlans served with a unique DCHP server . As first step, I just will The DHCP server to serve 2 vlans. The following is the hardware and configuration that I implemented :

[code]...

But If I connect the DHCP server on a trunked switch port and adapt the DHCP server gateway 172.16.0.1 to 172.16.0.254, hosts receive ip address properly.I have to connect the DHCP server directly to the router. How can I do that, what is wrong in the configuration?

View 14 Replies View Related

Cisco VPN :: ASA5505 And Spoke VPN Between Multiple Sites

Aug 12, 2012

I currently have a "hub" ASA 5505 that links to 4 sites running 877 routers. From the hub network i can connect to all sites fine but what i would like to do is to almost compartmentalise the various VPN links into little clusters.The hub ASA 5505 basically provides IP telephony through the VPN's from a PBX allowing the users at the other end of the VPN to make outgoing calls and recieve incoming calls. However, a couple of the sites would like to be able to call between eachother internally via the hub. This obviously requires traffic to be allowed between their various networks. Currently when you attempt an internal call it rings but there is no audio either way. I assume this is due to access list restrictions. I am not even sure whether what I am trying to achieve is possible. I've attached the hub and 2 spokes below. The ideal end result would be interconnectivity between the two spokes via the hub, from reading up it would seem that its possible but i can't quite get my head around it! Would it involve using different subnet masks at the hub?

View 1 Replies View Related

Cisco Firewall :: ASA5505 Multiple Public IP NAT

Mar 9, 2013

I have three public IP:s from /24 network like 83.x.x.10, 83.x.x.25 and 83.x.x.41 all using netmask 255.255.255.0.

I'm using 83.x.x.10 on ASA outside interface and trying to do static nat for inside servers with those other IP:s, but not yet solved it.
 
Using Cisco ASA 5505 software v9.02
 
Config:
object network obj_guest
nat (guest,outside) dynamic interface
object network obj_any
nat (inside,outside) dynamic interface
object network w2008
host 192.168.1.10

[code]....

This works other networks that are like whole network with /29 mask and have router in front of ASA using bridge. But in my case i just have DSL modem bridged in front of ASA. This static nat works like should if i use like Zywall USG series fw and this same configuration works in my customers, but they have those scenarios i said having mask /29 and router in front...
 
It seems that the problem is in ASA, like i won't show those public IP:s to public router from my operator. Because if i roll those other public IP:s on my ASA:s outside interface: i will use 83.x.x.25 and 83.x.x.41 on outside interface and after that put back my original 83.x.x.10 then my static nat is working just fine, atleast few hours, but not in next morning because ISP router flushes ARP cache.

View 4 Replies View Related

Cisco Switching/Routing :: Accessing Multiple VLANs On SG500

May 9, 2012

Switch: SG500 VLANS: 1 (default) xxx.xxx.0.0/24 network, 150 (device management vlan) xxx.xxx.150.0/24 network I am plugged into port 1. This is a trunk port with VLANs assigned as follows: VLAN 1 (Default) - UntaggedVLAN 150 (dev mgmt) - Tagged  Device is plugged into port 2. This is an access port with the following VLAN assigned: VLAN 150 - Untagged  Why is it I cannot communicate with the device on port 2?

View 1 Replies View Related

Cisco Switching/Routing :: Multiple Vlans On Catalyst 2950?

Sep 13, 2012

I have a above said switch at my remote office (600KM) which is connected with L2 Point to Point leased line. Both the ends I have Cisco 3950 catalyst switches with Vlans configured at both the ends. Now, for obvious reasons I should remove the other end 3950 switch and replace with Cisco 2950 switch. The other end 3950 is having 4 Vlans configured on 4 ports. Now my requirement is, I should configure 3 Vlans (one for P2P, one for 10 Desktops and one for to bring traffic from other network).

View 1 Replies View Related

Cisco Switches :: Linksys SRW248G4 And Multiple Membership In VLANs?

Jun 26, 2012

I can't figure out how to configure a port membership with multiple VLANs. My setup:

- VLAN10
- VLAN20
- port settings tab: port24 in general mode
- ports to VLANs tab: untagged everywhere, when I set port 24 membership to VLAN10 I can't set port 24 membership in VLAN20 because when I do that port 24 membership in VLAN10 dissapears and vice versa
- but I can set port 24 membership to both VLANs in VLANs to port tab, but I think it doesn't work because:
- when I connect hosts to ports 23 (port 23 is a member of VLAN10 only) and 24 (member of VLAN10 and VLAN20)
there are not any connectivity between them
- but connectivity is working when I set the same PVID for both ports 23 and 24 in port setting tab, I can't set multiple PVID in here.

So, is it possible to configure port membership for multiple VLANs on this linksys. [URL]

View 1 Replies View Related

Cisco Wireless :: Wlc2112-k9 802.1x Dynamic Vlans On Multiple Ports

Mar 16, 2013

I have a wlc2112-k9. I have succesfully setup a WLAN with 802.1x authentication and dynamic VLAN assignment. The issue I have (and maybe it isn't an issue and just the way the controller works) is that if the vlan interfaces I have defined are connected to different ports from which the default interface for the WLAN it doesn't work.So for instance, I create my WLAN and set the interface to the management interface (which is connected to port 1). I then define all my other vlan interfaces that could be returned by my radius server.[code]
 
Port 1 is configured on the switch on vlan 21. If the radius server returns a VLAN ID of 102, 104 or 106 my client successfully connects to the WLAN but it gets put on VLAN 21. However if I move the vlan interfaces above over to port 1 the client correctly gets put on the correct VLAN.All ports on the switch are configured as trunk with the native vlan set to the corresponding value that is set on the WLC.
 
Is this just the way the controller functions? That it can't assign a client to a different interface that is connected to a different port from the default one setup when the WLAN is created? I would have just though that if the radius server returned VLAN 102 that it would find that interface and connect the user session via that interface regardless of the port it is configured on.

View 11 Replies View Related

Cisco WAN :: 7606 Allowing Multiple Vlans On Access Port

Sep 27, 2010

I have the following configurations in cisco CISCO7606 (R7000). Its meaningful to have the below configuration, wherein , we are allowing multiple vlans on the access port?

interface FastEthernet4/45
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 124-127,423,478,493,578,699,751,787,895,987,1981
switchport mode access
end
interface FastEthernet4/46switchportswitchport trunk allowed vlan 124-127,423,478,493,578,699,751,787,895,987,1981switchport mode accessend

View 3 Replies View Related

Cisco Switches :: SG 300-10MP Multiple Vlans But Shared Up-link

Aug 30, 2011

I have 8 apartments that have a single internet connection coming into the building, I then have a PoE Access Point in each of the 8x apartments.
 
What I would like to be able to do is to have each apartment within its own vlan, but to be able to use the internet via one of the non-PoE ports (port 9 say) but do not want residents in different flats to be able to see each others devices on the same network.
 
I have a Cisco SG 300-10MP which has 8x PoE ports and 2x Ethernet ports, one of which my Internet connection is plugged into (using WiMax).

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - How To Implement NAT On Multiple Internal VLANs (DMZ)

Apr 4, 2011

I've got a cisco asa 5520 and setting up the NAT for multiple DMZs on it. 

 I want to use PAT on the outside interface.
 
internally ive created subinterfaces for the VLANs and connected to a trunk port on a switch.
 
configure NAT for this scenario. I've got only 1 external public IP address.

View 1 Replies View Related

Cisco Wireless :: Bridging Multiple VLANs Across Pair Of 1310 APs?

Apr 24, 2013

We have a pair of 1310's (running 12.3(8)JEA3) connecting 2 buildings together.  The wired side of each AP is connected to switchports configured as access ports. 
 
But, now we need to extend multiple VLANs across the wireless bridge.  So I'm thinking I just need to configure some sub-interfaces on the radio side and ethernet side and bridge them together.  But I'm unclear on if I need an SSID for each bridge group.  I would hope not.  But after reading this, I'm not sure.  Most of the documentation seems to be dealing with wireless clients.  Well, in this case I don't have any wireless clients and just need to extend VLANs. 
 
These 2 sites are hundreds of miles away from where I am, and I don't have any 1310's to test this out on.  Should I be able to load similar software on other AP's (like 1142's) and have them function as bridges to test this out?

View 3 Replies View Related

Cisco Switching/Routing :: 1760 - DHCP To Multiple VLans

Mar 13, 2012

I can not get dhcp to work.I can ping from the switch to both vlans...
 
here is my config for the router.....
 
Router is a 1760
Current configuration : 1379 bytes
!
version 12.4
service timestamps debug datetime msec

[Code]....

View 1 Replies View Related

Cisco Switching/Routing :: 2960 - Multiple VLANS On 1 Switchport

Apr 30, 2012

I have a a hardware server running a VM hosting virtual servers which are all on different VLANs. My challenge now is to configure the switchport that the server is connected to, to see all the VLANs needed by this VM. The VM has an IP that is used for managing the server VMs which is on a different VLAN also.
 
My switch is a 2960 switch and it is presently trunked from the core switch.

View 3 Replies View Related

Cisco Wireless :: 1142n - Multiple Vlans With Single SSID

Oct 12, 2011

I have two 1142n LWP ap converted into standalone, as client doesn't have any controller there. They just want to extend their network via wireless.
 
L3 switch (trunk port gig 1/48) -----> connected to AP1
L3 switch (trunk port 2/48) -----------> connected to AP2
 
client is looking for 3 vlans on the floor ( users might multiple vlans might associated same AP ). They have a dedicated DHCP/DNS server and he will be configuring 3 vlans on L3 switch with correct ip helper address on SVI interfaces.
 
I'm i allowed to created 3 SSID's on 1142n standalone AP ?
 
What would the various optiosn to achieve this requirement ? Is there any simplest way to achieve this ? Do i need to go for 802.1x ? I remember client told their users are authenticating by using AD for wired network. This is their first request for wireless environment

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved