I'm working on setting up a couple of new WAN sites with 256K frame relay circuits back to our main building. Each new site has a new PVC, and both are pointing back to a PVC on a T1 at the main building. The main site has a 2801 with a single CSU/DSU WIC, and each new site has a 1841 with a 3560 connected to fa0/1. At both sites, I'm able to get the circuit up, and the serial interfaces at both new sites show up/up, and the subinterfaces at the main site also show up/up for both sites. Routing is being done by EIGRP, and both sites are able to establish the 2801 as an EIGRP neighbor, and I'm able to ping/tracert anywhere on our network by name or IP, so routing and DNS appear to be working. I can also ping both new routers from the main site. However, that's about all I can do. I'm not able to access any resources on our network (email/shares/internet/intranet/etc) from the two new sites. I can ping the new routers/switches from the main site, but can't ssh to them. I can ssh to them locally. There are no firewalls in the equation, and I don't think there are any ACL's in the picture either.
Can ping and tracert just fine anywhere on our network (from both the 1841, a PC plugged into the 3560, or a PC plugged directly into the fa0/1 port on the 1841), including out to the internet, by name or ip.Can ssh to local router, but not to anything that isn't localDNS is workingDHCP not working using ip helper pointing to DHCP scope on server at main site, have to use static IPCan't rdp to anythingCan't get emailCan't browse windows sharesCan't get to any websites, external or intranet. IE says "Website found, waiting for reply..." but eventually times out.
I did some testing for communication over certain port numbers using telnet and nmap, and found the following:
Can telnet to url.. and local intranet webserver on port 80 (http)Can telnet to two of our Exchange Servers on port 25 (SMTP)If I run an nmap scan on url...com, or our intranet webserver, it confirms that 80 and 443 are open, but the pages will not load. I am able to telnet (port 23) to a state mainframe via the internet that some of our employees use, and I do get the expected login screen. I tried erasing the config one of the new routers, and just added back the bare minimum config to get the circuits up (serial/ethernet interface configs, eigrp), but saw the same symptoms.
One other thing to note: the 2801 at the main site has three other frame relay sites connected to it on the same WIC as the new sites, all of which are working fine.
I just don't understand why I can ping everywhere I need to be able to ping, and port scans show that communication is open over needed ports, but the applications don't work.
The Linksys is connected to a cable modem and a Dell Vostro system, the Netgear is connected via Cat 5 to the Linksys and the Linksys is the DHCP provider to the Netgear.The Vostro shares hard drives, folders and printers to the networkBoth have wireless and wired users.They are each DHCP providers to their users.How must I configure each to provide users on both routers access to all network resources
I have two places that I work out of. One is in Romania and one in Bulgaria. In Romania, I have a small office/home network set up. It has at least 8 computers (including the three that I have with me currently - some wireless and some towers) and a couple of android phones and Ipods. I have no trouble accessing any of the computers shared folders or them accessing mine. There are a varity of operating systems used there from XP, Windows 7 and Mac.Everything works great. All the computers can access each other shared resources. All the computers are set to get IP automatically from my DLink DIR - 600 router. I have brought my three computers to Bulgaria (tower and two laptops). They are all set the same- no changes in settings. However, in Bulgaria, All three computers CAN access the internet but NOT each other.
I have easy vpn on my PIX 515e and working normally everywhere, except when my users go FRANCE, the vpn client connect, but, can't ping or access any inside network resources. when same user try any where here in EGYPT, it works normally.
After I change my router, I recently found out that I cannot access remote network resources after VPN tunnel is established. I use CISCO System VPN client. I can see the connection is successful. I cannot ping server on the remote network
I have a Cisco 881 setup with the following VPN config.
[code]...
The client is able to connect just fine to the network via VPN, but I am unable to gain access to any of the local resources. I know 192.168.1.1 has SSH running and 192.168.1.50 has telnet running but if I try to connect to either using the correct program they just timeout. I am really at a loss on why the vpn connection connects but I can not gain access to any of the resources on the VPN network.
VPN connects and I get an IP of 192.168.8.100 from my pool. I can ping my cisco at VLAN1 (192.168.4.1), but I cannot access my local resources. I guess I miss a NAT configuration.
I've set up a VPN using a fortigate 50b wifi and forticlient ipsec VPN. when I log into my office from home, I cant see anything on my network at all. I can however remote desktop into other PC's and can access stuff that way. I was under the assumption that ... one a VPN connection is made in the LAN you should be able to see other pcs and servers in the workgroup. Is this not the case or do i need to configure something?
I have an RV042 with the PPTP server configured, which is working because I can connect with my iPad and droid phones, however, I'm unable to access resources on the RV042 side (192.168.1.X) when my local network is the same ip scheme (192.168.1.x). It works fine when I'm on a different network like 3G or someone else's Wifi network (192.168.11.X).
I have 3 networks coming from the DMZ (VPN) and only one works:10.132.24.0/24 Not working10.132.25.0/24 Not working10.132.26.0/24 Working The thing is, the one that works is on the same network as the DMZ(VPN) interface. The other two do authenticate and they get an IP from the VPN Pool. but they just cant access anything.
I am connected with qvpn, I can log in to the router bios remotely, but when I try to map the network drive from my remote location it does not work.I can detect the machine on the network, but it will not go further and tells me that "said IP was found but could not locate G". Does this mean it is behind a firewall on server side and that I need to create a rule to allow the incoming traffic? Or could it be something else.
I am having an issue with my Cisco VPN Client. I am new to VPN setup, so this is probably something easy I am missing. I have a 2611XM router acting as my internet gateway for my local lan, and my VPN Server. I am doing all my testing from a company laptop with a mobile broadband card. The VPN will connect, but anytime I ping anything within the inside network, it comes back with the public IP of the outside interface. I have NAT overload configured so everything on the inside network can access the internet, which it looks like might be causing my problem.
When i remove the nat overload on my fa0/1 interface, the vpn will connect to any resource on the inside.
I know this *should* be simple but having a devil of a time getting it to work.
I have 2 routers. Both have a static ip. Each is setup for a different private subnet. At the moment they are not connected to each other. Consider this setup (made up numbers obviously):
RV016 has 13 lan ports, 2 internet ports, 1 dmz port Internet port: 10.10.10.10
[Code].....
I'd like clients on the rv082 lan to be able to access the printer on the rv016 lan, and use the rv016 as an alternate internet connection (optional). I would prefer the rv016 client not be able to access the rv082.
2504 contrller with 1042N ap's. NPS and group policy (for computers) is setup. Certificates are setup.Logging on as a domain user I can connect to the wireless network but am only getting Internet access. I can not access any domain resources.DHCP is handled by a domain controller. I can ping servers and printers, but cannot access them. Can't map a drive, add a printer or access services on the network.
I want to use Cisco VPN Client to VPN to my SA520 to manage a UC320W. I can establish a VPN connection to the SA and ping both the SA and a switch that I have on the network, but I cannot ping my UC. I've set up firewall rules to allow ANY-ANY access from LAN-WAN, and a WAN-LAN rule to allow a certain range of IP addresses (the IP addresses assigned from the VPN DHCP pool, in this case, 192.168.12.x) access to the UC.
My SA IP address is 192.168.75.1 and my UC is 192.168.75.2 (I can ping both when I am directly connected to a LAN port on either equipment).
I managed to set up an ipsec vpn between the RV 120W (responder) and Shrewsoft vpn client.The virtual ip and dns for the client pc are manually set. The tunnel is enabled, but I see no traffic between the local and the remote LAN.I can't ping or reach any pc behind the router.Using the command ipconfig /all on the client pc, I see that no gateway is assigned to the virtual vpn interface.So it seems that the RV 102W is unable to pass to the client the address of the default gateway for the lan, and I think this is why I can't access any resource.
Since we upgraded our ASA from 8.3 to 8.4(4), VPN users cannot access resources. This worked fine until the appliances were upgraded. We get the message:
I have an RV042 with the PPTP server configured, which is working because I can connect with my iPad and droid phones, however, I'm unable to access resources on the RV042 side (192.168.1.X) when my local network is the same ip scheme (192.168.1.x). It works fine when I'm on a different network like 3G or someone else's Wifi network (192.168.11.X).
I configure for our office site to site VPN project. Now I configured already Site to site vpn between ASA 5510 and 1841 router.
HQ LAN Branch LAN 10.2.1.0/24 >>> ASA 5510>>>>> 1841 >>> INTERNET <<<<<< 1841 <<<<<< 10.30.3.0/24 ^^^^ Call Manager 2851
Now can access from Branch LAN to HQ LAN each other. I face the problems that are
1) In branch LAN , they can access HQ LAN & resource , but cannot access internet. I didn't configure NAT on PH Router
2) Can I access internet from BRANCH LAN through HQ LAN to INTERNET. Or Can I access Internet from Branch LAN from PH Router directly while access to VPN to HQ LAN ?
3) In Branch Site , hard phone cannot work but soft phone on PC can call to HQ. Hard phone IP are same in Remote Network (172.16.1.0/24 ) . Is it problem ? how can I configure separately ?
I have a couple of users who randomly can't get access to any resources. The port they connect to doesn't have port security, the have an IP phone and PC. IP phone is fine since it's always on the same port. There PC get's an IP from DHCP (DHCP is on a windows server) but they can't ping any devices nor can I ping the PC from the switch. I checked if there were any mac access filters applied on the switch (and there aren't any). The log doesn't show any events on the ports in question so I don't know if the switch is going or there is a config issue some. Doesn't happen to all users, just 1 or 2.v
I have VPDN running on our Cisco 1921 router running 15.2(1)T. Previously I was using Cisco 2801 router running 12.4(24)T4. I copied the config from the 2801 to the new 1921 router before replacing the router but now the VPDN isn't working.
Basically the users can connect and authenticate to the VPDN, but once they get the IP 192.168.12.10-20 IP, they can't access the internal servers (i.e. 192.168.12.120).
Is there any bug in the 15.2(1)T relating to VPDN?
Here's the VPDN section of the config:
vpdn-group TESTVPDN ! Default PPTP VPDN group accept-dialin
I have recently deployed a Cisco ASA 5510 Security plus firewall on my companies network, but there is a problem that I am finding hard to get by and I think it is ASA related.
From (inside we are not able to hit any of our sites that are on the (outside). I have nat policies in place to translate the public to private, but I think I that I need some thing more. This seems to be occuring mainly with our external web sites as well as another animoly with regards to FTP (but it may be fixed if the http issue is resolved.)
I was hoping some with a lot more knowledge on ASA firewalls than my self can spot the error in my run-cfgs.
So here is my issue. I have two sites, each with a Linksys RV042 on thier site.
Site 1: External: 142.142.142.142 Internal: 192.168.25.0/24
Site 2: External: 143.143.143.143 Internal: 192.168.26.0/24
We have setup a site-to-site VPN between these sites, and all traffic is running back and forth without isse.
At Site 1 we have configured the Client VPN for use with the QuickVPN software. Again, for site 1, this is not an issue. We are able to access all internal resources at Site 1 without issue (expect for some DNS related problems).
The problem that we have is attempting to access Site 2 resources via the QuickVPN connection at Site 1. Even though they are not suppose to exist, we are able to ping 192.168.26.1-6 (which are ghost addresses likely created by the RV042's) but no actual systems on at Site 2.
I have added the Client VPN connection at Site 2, but it has the same problem accessing resources at Site 1.
We have a two separate businesses in the same building who will both need access to shared resources and the same internet connection. They will need to remain on separate subnets and cannot communicate directly to each other. The current switch is a Cisco ESW-520-48P and we are looking at purchasing an SG-300-20P for the new business moving in. Heres how we envisage setting it up:
ESW-520 will host Company A's network. Workstations, servers etcSG-300 will have two VLANS. VLAN1 will host all Company B's network. Workstations, servers etc. VLAN2 will host the shared resources such as printers. The internet gateway is a UNIX based system with 3 NICS. 2 NICS are taken up by ADSL connections while the other NIC is the LAN, which would connect to VLAN2 on the SG-300. We would like to define which ADSL connection to route through depending on which subnet traffic is originating. The ESW-520 will need access to the shared resources and internet gateway on VLAN2 on the SG-300.
How do we begin troubleshooting a wireless device accessing the network that a user is complaining slow accessing network recources? We are getting complaints that it is slow, when connected to internet we get about 20 MB. There is only one user connected.
We switched to 2.4 GHz 802.11n from 802.11 bgn, but are told that did not work. We also have it on its own VLAN.
Product Identifier:AP541N-A-K9 Hardware Version:V01 Software Version:AP541N-K9-2.0(0) Device Description:802.11n Dual Band Access Point - Single Radio
I’m configuring a L2TP IPSEC VPN on a 5505 asa so that windows 7 clients can natively connect. It connects correctly during Phase 1 and 2, but I can’t ping anything or access resources on the internal network. This is my first time working with an ASA.
Master# sh run : Saved : ASA Version 8.2(2) ! hostname Master domain-name service.local
At our small business, we have one person who brings in Windows 7 laptop. When she does, it hijacks all network resources: The printer will not work, any new computers that come in will not be able to connect to wireless network, etc. This is consistent --every time the person brings the computer.
I want a simple remote client-initiated VPN for employees to access corporate resources from home simultaneously with being able to access the internet. I am using CCP and seem to have several options including Easy VPN server, SSL VPN. I also can choose "Full Tunnel" or not.I have a 2911 router. I have a static range of internet IP addresses. The router is already functioning with inside to outside and outside to inside NAT, etc.
I'm trying to configure my BRI interface in "network protocol-emulate network" and "layer1-emulate network" but i don't have this second command.Is someone have allready to that with this type of interface ?I've to configure this because the ISDN line of my telco is in user mode only.
I have new DIA Internet service coming in and unlike the last vendor who provided a router, I am configuring my own. This is my first full Cisco config - I've been looking at this for 3 days now. I have SIP signalling, rtp and default traffic on a (3) t1 multilink (4.5mb). My lan and firewall uses dscp tags and passes them to the 1841 for outbound. The ISP only prioritizes by destination address so I just need the 1841 to respect the tags internally. Inbound, I have only port numbers to go by to differentiate voice traffic and I want to tag EF and CS3 accordingly for use by the 1841 and the rest of my network.
Below is part of my proposed config. I have read tons of Cisco docs and looked at all the queuing methods and this one I understand the best. I am getting the error: "CBWFQ : Can be enabled as an output feature only", so I presume that something is wrong on an input definition somewhere. For now all the firewall functions are done at the actual firewall (Sonicwall NSA) so other than limiting ports to the PBX everything else is just pass-through. Any changes required. IOS is 12.4(4)T1.
I was able to configure the cisco to accept VPN connections from clients. But when i am connected i can not access the VPN LAN. My cisco VPN client shows all the time Packet Decrypted: 0 when connected. I tried the split tunneling configuration based on the example on cisco.com for split tunneling.
I include config for better understanding. The outside interface is fa0/1 with ip 10.0.0.2 w LAN 10.0.0.0 Inside interface fa0/0 with ip 192.168.10.9 w LAN is 192.168.10.0
I have a branch office connected to the Head Office through a VPN Tunnel in cisco 1841 Router. If i enable Internet for any pc in Branch Office through cisco router i cannot access it remotely from Head Office. [code]