Cisco WAN :: 1941 / NAT Translation Based On Destination Network?
Feb 12, 2013
1. the LAN network (multiple subnets) needs to access server 1(outside) - NAT translation works fine no issues
2. a subnet from the LAN e.g SUB-TEST currently acceses server1 but I need to change it to access TESTserver 2 (outside) instead (temporarily)
I dont want to change the original setup .I am trying to implement NAT on the local router such that
- any traffic from SUB-TEST that enters the inside interface and is going to Server1 then change the destination and NAT it to TESTServer 2
- all other LAN traffic is allowed to go to server 1.
i am using a 1941 router for this
View 1 Replies
ADVERTISEMENT
Jul 12, 2012
Our ISP has set up a Cisco 2431-16fxs IAD (dual WAN) in one of our locations. It is used to connect the devices (PCs and SIP phones) on our LAN to internet (via 1st WAN port) and ISP's MPLS-based voip network (via 2nd WAN port).
We have 2 LAN subnets - the first subnet (PCs) requires internet access only, so it goes out via the 1st WAN port. The 2nd subnet (SIP phones) is connected the MPLS network (via 2nd WAN port).
We would like to have the SIP phones (that connects to MPLS-based network 192.168.1.x) to be able to access the internet. Is it possible to configure the IAD so that the phones are routed based on destination network; i.e. anything to 192.168.1.x via 2nd WAN port, anything else to the internet via the 1st WAN port?
View 1 Replies
View Related
May 15, 2012
Few are the issues that I am facing on IOS Version 15 and Cisco 1941 Router , this router is currently in production on clients.
•1. I do PAT on router interface , and it has public IP on it , when I send request to Internet via Browser from LAN client , Page does not open and when I check NAT TRANSLATION on router , Router does translate the packets. The work around I found is that when I disabled CEF on router , Web starts browsing , Why does this happen and why I need to disable CEF ?
•2.I have Public IP Pool its subnet mask is /29 , one of the Public IP from this pool is live on the interface. When I perform STATIC NAT a web server resides in LAN , then I can access this server from anywhere in the world by IP. After few days Static NAT stopped working , I again Static NAT it on other Public IP , the same issue rise again , I am not able to access this server from Internet. This issue has been faced at two clients. The same pool i have checked on 1841 router and static nat works fine on the same public IP .
View 2 Replies
View Related
Sep 25, 2012
we're looking to use an ASA5505 or 5510 as our firewall but want to see if one of them can prioritize traffic. I know it does QoS but we're wanting to dedicate x amount of our bandwidth to traffic based on destination IP address. Is that possible and does it take a license upgrade?
View 3 Replies
View Related
Jun 24, 2012
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1
| Router |
ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes
!
! Last configuration change at 05:18:56 UTC Mon Jun 25 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 26 Replies
View Related
Jan 18, 2012
How do I...add a dos based computer to a network running windows 2003
View 1 Replies
View Related
Nov 22, 2012
We've got an application that is running on our LAN that is using IP addressing to connect to the server (they refused to use DNS).The server is now being moved to a VM which will be on a different subnet. The supplier is now concerned that there will be a big down time due to him having to reconfigure each device (about 100) with the new server IP. If the server was external I know I'd be able to do NAT on the FW to make this work but can it be done internally on my 6500s? I want to have the devices pointing at their hardcoded IP address off 1.1.1.10 and NAT the destination to the VMware servers IP 2.2.2.10? Is this possible using cisco NAT?
View 13 Replies
View Related
Apr 18, 2011
How Stuff Works "How Network Address Translation Works"."This is where NAT (RFC 1631) comes to the rescue. Network Address Translation allows a single device, such as a router, to act as an agent between the Internet (or "public network") and a local (or "private") network. This means that only a single, unique IP address is required to represent an entire group of computers." so let's say 6-7 pc's can have access to the internet using the same IP. doesn't this causes any problems? what if one of those pc's was used fore doing something illegal? how can they spot it later on? or what if 2 or more pc's access (from that subnetwork) access the same website with the same IP?
View 3 Replies
View Related
May 23, 2012
I am trying to create a passcode for 1 IP Phone in a Network and have the following configuration in place as shown below: The plan is that when this IP Phone wants to dial out they will have to dial out the a 4 digit number 5798 followed by the number they want to dial out.The Router i am using is a CCME.
View 1 Replies
View Related
Aug 4, 2012
I have site to site vpn between cisco asa and cisco 2911 router.asa is static ip and cisco 2911 side is dynamic ip. my site to site vpn is working fine. I am just trying to make PAT over the vpn means i want forward one ip in my public pool to one of my local ip in the cisco 2911 side.
View 2 Replies
View Related
Jan 19, 2013
Is it possible to perform static Nat's through an internal network?I have a ASA 5510 with a public outside interface (let’s call it 68.68.68.1), and I have an inside private IP address (192.168.1.2/24). The inside IP address leads to a 4900m with that interface being configured with a 192.168.1.1 (no switching). On the 4900 M I have several VLANs one of them is an internal DMZ of sorts. (192.168.2.0/24). Within this DMZ network are several Web servers which need to be associated a public IP address (68.68.68.x).
Every time I configure a static Nat to associating a public IP address with an internal IP address within the DMZ, packet Tracer on the ASA informs me that the packet gets dropped at the static Nat and I cannot figure out why this is so.Safe it to say my question still stands is it possible to Nat (68.68.68.222 to and 92.168.2.60) given the configuration above, and how would I go about configuring in such the manner above so that I acn apply static nat through the 192.168.1.0 network to reach the 192.168.2.0 network.
View 11 Replies
View Related
Mar 24, 2011
In my router I can set rule that all traffic incoming to router's extAddr:8888, is forwarded to my intAddr:8888. But I also need reverse rule that packets originating from intAddr:8888 are translated to extAddr:8888. Can I do that? What technique can I search on google to find more information, because it is not port forwarding. I would calll it reverse port forwarding or static port address translation, but I do not find anything useful in internet searching these keywords.
View 3 Replies
View Related
Mar 9, 2011
I am wondering if all routers that have a USB port to which network storage can be attached, support the functionality to enable that storage to be accessed from outside the network. If this is true how (in a conceptual sense) can the router be configured to do this and what are the security implications?
View 2 Replies
View Related
May 19, 2011
I'm using a Cisco 1941 router with two WAN interfaces. One is directry connected to our ISP and one is connected to another router wich is then connected to another ISP. Hosts on the LAN cannot access the Internet at all but the router has Internet access, im guessing its something simple but i cant seem to spot the error, i have removed the ZBF configuration from the interfaces. [code]
View 3 Replies
View Related
Jan 2, 2012
I am looking to add a new DMZ zone to our network with have a standard 1941 (1x LAN / 1 x WAN port) and so I need a 3rd routable L3 interface to create the DMZ.
Is the HWIC-1FE what I am looking for or is there another way to do this?
View 12 Replies
View Related
Jun 14, 2012
I have been recently asked to design a network. What I have for equipment is four 2960G's and one 1941 router. One switch is a root switch and the other three will have end devices on them.I have decided on three V lans to go with: VLAN20 Data, VLAN30 ISCSI, and VLAN99 Management each with seperate trunk links and redundancy (see picture below).
I have a seperate trunks for each V lan using the switch port trunk allowed. With exception to the Data V lan.My design has the Data V lan as the native because it is going to be receiving untagged traffic from the external network. I have set up inter v lan routing on the 1941 via sub-interfaces to allow them to talk to each other (or because of allowed they cannot?). I have one port coming from my router to my switch via Ethernet cable which is my bridge out. I have my external port doing a NAT translation for my inside addresses and a Default route set up ip route 0.0.0.0 0.0.0.0 gig0/0. I am using rapid- PVST to prevent loops and provide my zero downtime convergence when a link goes down. As it stands right now I cannot talk out of my network or inside of my network.
You can see it is highly redundant and I do not want to change it. This network is going to be deployed but there will never be anybody physically there to manage it which is why I made it as redundant as humanly possible.
View 10 Replies
View Related
Mar 26, 2011
I live in an apartment where my internet is included in the rent. In all the rooms there is an ethernet socket buillt into the wall. I'd like to know how to connect a router to this for wireless internet. I have tried one router, but it buggers up the ip address and brings down the network for the entire apartment complex. I've done this twice now and don't fancy waiting another week for the technician to call out to reset things. I had a friend who lived in a simalar complex, rj45 sockets on the wall etc. He has a thomson router, which has a little black box plugged into the ethernet socket on the back of the router. Into this little black box goes the ethernet cable from the wall socket and bam, he has wireless internet, even though he has no access to the main router or switch of the apartment block. It's not failed once either. Both the router and the little black box need mains power.I think it was originally for a WIMAX connection. It's small, maybe 2"X3" inch?
View 3 Replies
View Related
Feb 9, 2011
is it possible for a windows7 laptop to back up to an external hdd that is usb attached to a mac ? ie. we are a mac based office for a small building contractor firm and one of the lads has a sony laptop that comes to the office each day... we need all our files backed up in the office somewhere as simply as possible...
View 1 Replies
View Related
Mar 23, 2012
How to implement certificate based 802.1x authentication network access using ACS5.3 & external identity store as AD.
View 13 Replies
View Related
Feb 24, 2011
Why would someone bother with VPN which is difficult to set up (I am told) when I can use a web based proxy many of which offer an ssl option?
View 5 Replies
View Related
Apr 11, 2013
I would like to make a monitoring system of my network based on Zabbix . I would like to use SNMP protocol with the Cisco RV180W but in that case, i need its MIB table to generate appropriate OID for CPU and memory using and network information. Where i can find this kind of information ?
View 1 Replies
View Related
Oct 29, 2011
I have been researching this for some time now and I can't find a solution to fit my needsI'm deployed in Afghanistan and on the base the local company they brought in has a hard wired network setup which makes you log in for internet. I want to setup wireless off of that with my own router and charge a smaller price. I know this sounds bad but they charge a pretty absurd amount. I would like to lessen that amount for the guys in my unit by splitting the price between everyone. I would like to make it look good though.
The login for the existing internet is a web based login. So, what I have come across so far is I need a router that will support logging into a web based login and support a landing page that will charge/ accept Paypal payments for new accounts and will expiredaily/weekly/monthly based on what they choose. I would like to set this up like you as a customer were loging in at a regular hot spot if that makes sense.
View 12 Replies
View Related
Apr 13, 2011
XYZ Corporation currently employs eight people but plans to hire 10 more in the next four months. Users will work on multiple projects, and only those users assigned to a project should have access to the project files. You’re instructed to set up the network to make it easy to manage and back up. Would you choose a peer-to-peer network, a server-based network, or a combination of both?
View 1 Replies
View Related
Jan 21, 2013
I work at a hospital and one of our department uses specialized software created by Varian Medical Systems. It has been brought to my attention that one of those applications has trouble opening during the day. I had the users demonstrate the issue and from what they explained to they are supposed to be able to open the application, log in, and be presented with a list of radiology images to choose from. Unfortunately, during the day this fails often and they have to try 3 or 4 times before it actually works. It behaves differently after 4 pm, and seems to work after the 1st or 2nd time at that time of the day. According to what I've been told this has been an issue as long as they can remember.
Varian has told me that they have done a number of things on their side to rule out their software and they think it is a network issue. We used Solar winds Engineer's Tool set (specifically the Network Performance Monitor) to monitor their switch and it is reporting no errors and the utilization graphs show that the ports involved have very little utilization. The most heavily utilized port is hovering between 10 and 5 person (Fa0/40). I've included a network diagram, but basically we have 1 10/100 Cisco 3350 switch (c3550-ipservices-mz.122-25.SEB4.bin), 4 clients, and 2 servers involved. They all are connected to the same switch at A-Full/A-100mbps. Although the Network Performance Monitor doesn't show any errors or over utilizaton of the ports in the the CLI I do see 35 output buffer failures and 35 under runs on the port connected to one of the servers (Fa0/40). They were a little higher and I cleared them about two weeks ago and then rebooted the switch, because I found that it could alleviate these types of errors.
They say the software use ports 5000, 55000, 55010, and 55020. We tried a packet capture, but I didn't have enough experience/knowledge to get anything useful out of it. I also checked the event logs on the clients and servers and nothing there indicates a issue in the software. They want us to replace the switch with a gigabit switch, but we have a REALLY limited budget and I would rather not if it isn't necessary. What I could try in order to rule out the network?
View 4 Replies
View Related
Jun 16, 2011
currently I face problem with outside nat translation and Im not sure how to solve it. I gotta 881 router
int vlan1
ip address 10.10.10.1 255.255.255.0
ip nat inside
[code]...
and remote server 100.100.100.25 routed to interface fa0/0. So the problem is that hosts from V lan 1 and V lan 2 want to communicate to this server, but they cannot route, which means, that I have to "give" them some IP from their range as fake address of this server and translate it. So I did
ip nat outside source static 100.100.100.25 10.10.10.7 (for Vlan 1)
ip nat outside source static 100.100.100.25 20.20.20.7 (for Vlan 2)
but I get
% 100.100.100.25 already mapped (10.10.10.7 -> 100.100.100.25)
As far as I understand router doesn't allow this translation, because if the communication would be started from outside (initial packet would come from server side), router wouldn't know how to translate its source address.
View 2 Replies
View Related
Jul 24, 2011
I have a situation which requires some non best practice stuff to be done. There is a box behind an ASA that has a lot of code that references public DNS names and therefore needs access to itself and a number of other boxes on the same subnet via the public DNS names (that obviously resolve to public IPs). This traffic is dropped on some pretty fundamental ASA characteristics.I know this isn't really ideal, and it should be handled by DNS nstead, but I'm in somewhat of a bind and need to know if the ASA can allow this traffic.I figure I could match the traffic and exempt it from state-checking and that would probably work, but it's not a very graceful solution.
View 2 Replies
View Related
Aug 24, 2012
I am going with ASA 5520, know how many NAT translation is possible.
View 2 Replies
View Related
Aug 1, 2010
My remote VPN clients aren't able to do anything network wise once they have connected to the VPN. The ASA keeps coming up with "no translation group found" in the log.
Result of the command: "show running"
: Saved:ASA Version 7.2(2) !hostname ciscoasadomain-name office.propertyfinder.comenable password ######## encryptednamesdns-guard!interface GigabitEthernet0/0 description Office Network Interface nameif Office-LAN security-level 100 ip address 10.121.10.4 255.255.255.0 ospf cost 10!interface GigabitEthernet0/1 description 4Mbps BTNet Internet Connection nameif Internet-Primary security-level 0 ip address 213.121.253.33 255.255.255.248 ospf cost 10!interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address!interface GigabitEthernet0/3 description Office Wireless Interface nameif Office-Wireless security-level 10 ip address 172.16.0.1 255.255.255.0 ospf cost 10!interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ospf cost 10 management-only!passwd 2KFQnbNIdI.2KYOU encryptedboot system disk0:/asa722-k8.binftp mode passivedns domain-lookup Office-LANdns server-group DefaultDNS name-server 10.121.10.20 name-server 10.121.10.21 domain-name
[code]....
View 13 Replies
View Related
Jan 5, 2012
I am looking for the SNMP OID to monitor the sh ip nat translations on a cisco 881.
#sh ver
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Thu 26-Feb-09 06:01 by prod_rel_team
[code]....
View 1 Replies
View Related
Apr 8, 2012
We have a VPN configuration currently using a VPN3000 device. According to this [URL] and some others I seen DNS payload can also be translated in NAT configuration.How can I doing it with the VPN3000 box ? On my configuration DNS payload aren't translated, but it is maybe an option I need to set or unset !
View 1 Replies
View Related
Oct 18, 2011
I have 5 static public IP addresses assigned by my ISP. I like to use one of these static public IP addresses to access one of my PCs in my office from the outside. So I like to configure something like:65.11.22.44 <-> 192.168.1.100.This translation is good for all protocols and all ports. Where I can configure this on the DIR655?
View 2 Replies
View Related
Feb 27, 2013
I configured dns on the router on this command ip name-server 4.2.2.2when i tried to ping www.google.com showing no valid routeTranslating "www.google.com"...domain server (4.2.2.2) [OK]Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2800:3F0:4001:807::1013, timeout is 2 seconds:
View 9 Replies
View Related
Aug 2, 2012
a) one router with two ethernet interfaces (LANs) and a serial interface. The serial interface is connected to the internet, dynamic nat is used for hosts in the two lans. A web server has a private address of 172.168.50.10 and it is being translated to the internet with serial's interface 68.32.x.x (public ip) with static nat. Clients in the internet type the public address to access the web server.
b)Problem: clients inside the LANs cannot access the web server by typing the public address, they use the server's private address instead, this create a problem with DNS static entries in the HOSTS file in the OS. It is a test server and is only available to authenticated users (lock and key ACLs), so no need to make a real DNS record. The entry in the HOSTS file points to the public address.
c)Question: how can a create a route map to change the public address in the HOST file to the private address of the test web server everytime a user in the LANs type the domain name.
View 6 Replies
View Related
