Cisco WAN :: 2800 - Allowing Vpn Connection Out To Extranet

Aug 25, 2011

We have a cisco 2800 router and are now required to allow users to be able to connect to another company's extranet. Having tried this it wont allow this connection so I have added this to the access-list 101

access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 192.168.0.246
access-list 101 permit ip any host 192.168.0.247

[Code].....
 
I dont think the gre is being allowed back in. I have attached a cut down copy of the config. I have just general experience of cisco routers and not cisco qualified.

View 2 Replies


ADVERTISEMENT

Wireless Connection Not Allowing To Connect To Internet

Mar 4, 2012

got an old computer to use from a family member and it is not alowing me to connect to the internet. it shows all my wireless connections but wont alow me to connect and use the internet. how do i fix this problem?

View 1 Replies View Related

Cisco Switching/Routing :: RV180W Not Allowing Internet Connection?

Mar 4, 2013

I recently saw it for a good price online, and required a new router (had a netgear that died, and my backup was a really buggy Belkin which I'm currently using).I'm having an issue with the internet, in that when I connect my ADSL modem to the WAN port it seems to work fine, however the PC can't connect to the internet. When I go into the settings it says that the WAN connection is OK and even shows my external IP. I have it set via the stardard DHCP setup.Should I have done anything specific to my ADSL modem before plugging it into the RV180W? The Modem (D-Link 320B) also has a DHCP server on it, however I assume that this causes no issues when connected to the RV180W.

View 1 Replies View Related

Cisco :: 1811W Stopped Allowing Wireless Connection Of Domain Laptops

Nov 8, 2011

I have a Cisco 1811W that after several years in service suddenly stopped allowing any wireless connection to laptops on the domain. It allows hard wired connections and devices that are just using the wireless hot spot like iPads and Iphones but not devices on the domain. These same laptops connect wirelessly without issue at our other facilities which use the same hardware.
 
Here is the config file of the router in question...
 
router#show run
Building configuration...
Current configuration : 11776 bytes

[Code].....

View 2 Replies View Related

Cisco WAN :: Multicast Routing Between Vrf (Cat 3750) - Multicast Vpn Extranet?

Feb 19, 2013

I try to pass multicast traffic between two vrf on the same 3750 switch. I have IP services IOS and sdm template routing.
 
here is my config:
 
ip routing
!
ip vrf vpn2
rd 1:1
mdt default 232.1.1.1
route-target export 1:1
route-target import 1:1

[code]....
 
Now I'm stuck - I don't know what to do to pass multicast traffic. Do I have any chance to run this config on 3750 chassis?Perhaps "Configuring Multicast VPN Extranet Support" document will be useful, but it concerns Catalyst 6500? [URL]

View 0 Replies View Related

Cisco WAN :: 2800 / Route Out Redundant Internet Connection?

Dec 26, 2012

We have a six node MPLS network, all nodes route to our main office for a variety of services (email, core, fire shares, Internet, etc). Therefore, the link to our main office is crucial. In the event that the MPLS link to/from our main office becomes unavailable, we would like to establish a secondary route into our main office via virtual private network. Our main office and two branch offices have redundant broadband internet connectionsWe currently have Cisco 1921 routers as our branch routers and a Cisco 2800 as our “core” router at the main office. We also have two SonicWall TZ-200 series firewalls at the two branch locations and a SonicWall NSA-2400 at our main office. The VPN connection seems to work okay.How would I configure my branch routers to advertise and route traffic out the VPN connection in the event that the MPLS leg to/from our main office is down?

View 3 Replies View Related

Cisco VPN :: 2800 Remote Site For Customer Which Only Have 3G Connection

Feb 11, 2012

We have a new remote site for customer which only have 3G connection and to add more pain to that they have dynamic IP address.the easist possible solution was EZY VPN.....client has 2800 router with 3G and at our end we have ASA.....the issue is that , that always server (clients nehind) asa initiate connection to the remote site ie to 3G.....the rule of thumb is that whenever client(ie EZY VPN) will initiate conection the tunnel will establish.

View 1 Replies View Related

Cisco WAN :: 877 / 2800 - Use Static ADSL As Backup Connection

May 3, 2011

We have a few WAN connecting sites to ISP using BGP. we are looking at getting backup link for 1 site.

We have decide to use an IP WAN ADS L link. we will have 877 and 2800 for each link. from understanding, we have a static routing on IPWAN service. means when both BGP WAN and IP WAN connected to the ISP. ISP will use ADSL as primary ignore the BGP link. so other sites will see a BGP route coming from ISP via the ADSL link for this location.
 
So we have find a manuel solution, leave ADSL unplugged of power but setup same LAN ip address and connect the cable towards the core switch. when WAN link fail, switch on ADSL. So the static route will advertise to the rest of sites. 
 
just want to know is there any auto solution can disable the ADSL link/ ppp link when the 2800/WAN route is up. and enable the ADSL port when the WAN is down. not sure if HSRP/backup interface/tracking will work? and how?
 
site office switch - > 2800  - >  ISP  - > ADSL ->  ISP 
(need this link to be backup and protocol down, so the ISP will not able to connect to this link and advertise as next hop)

View 5 Replies View Related

Cisco :: Allowing Traceroute Traffic Through ASA?

Apr 24, 2012

I need to allow traceroute traffic through ASA running version 8.0.2.This traffic is natted. what configuration is required on ASA to allow this natted traceroute traffic.Traffic is coming from inside and going outside.Also can we capture this traceroute traffic on asa using capture feature.

View 12 Replies View Related

Cisco :: Allowing IP Range Of 2 Hosts Through PIX?

Jan 30, 2012

I'm new to this site, fully Microsoft certified but only just getting in cisco and looking to pass my CCNA later this year. Actual commands and general use on Cisco's im quite good at but general networking knowledge on networking (subnetting and network layers) I kinda suck at so will be studying a lot on this side of things[CODE]

View 5 Replies View Related

Cisco Firewall :: Allowing Netbios 137 / 138 Through ASA?

Sep 10, 2012

I've recently had to move an AS400 system behind an internal ASA firewall and now users are unable to browse to it.The ASA is running Version 8.2(5)? I get these messages: Sep 11 2012 17:09:59: %ASA-7-710005: UDP request discarded from 172.19.241.35/137 to outside:172.19.241.255/137?Is there a way to enable these ports without enabling NAT?No VPN's involved, just an inside and outside eth interfaces?

View 12 Replies View Related

Allowing Traceroute Through Ip6tables?

Sep 12, 2012

We all know that MS traceroute and *nix traceroute work a bit differently. *nix works by sending UDP packets with low ttls to random high UDP ports.

Of course this creates a problem when trying to create an ip6tables rule where I want to allow traceroute. Anyone got something clean that will make this work? This is an example of current drops in my firewall log:

View 1 Replies View Related

Allowing VPN Through D-Link Router?

Feb 20, 2012

I have a DI-604 Version E3 D Link router and I'm trying to allow VPN through the router but I'm not exactly sure how. I have the VPN set up through my PC's but I need to configure the router aswell. Trying to set up the VPN so multiple locations can access it,

View 1 Replies View Related

Cisco :: ACL - Allowing Only One Host To Connect To Internet?

Jul 15, 2012

I've got an 1841 router acting as the firewall for a LAN. It also does NAT and acts as the dialer for a PPPoE DSL line to the internet.

All is working fine, except now I need to allow a Tivo device to connect to certain ports on the Tivo servers on the internet. I want only the Tivo to be able to do this. The problem is that NAT is happening before my outbound ACL is checked, so even though I've got rules to allow the Tivo's LAN address out on all ports, it never works. I've verified this using a syslog server, and can see my external DSL IP trying to connect to the Tivo servers and being denied.

I've done things like this at work by NATting the appropriate internal host to its own external static IP address, which allows me to write rules allowing only that external address to do stuff. But I don't have multiple external addresses to work with here.

I tried applying my outbound ACL to the LAN interface of the router in the "in" direction (and removing the same ACL from the Dialer interface in the "out" direction), but that broke other things like the router's own ability to ping out to the LAN or to see a TFTP server on the LAN. I could maybe fix all of that with rule changes and inspect statements on traffic going out toward the LAN (not sure of this, think so), but I'm wondering:

Is there a better way to let just the Tivo makes outgoing connections to certain ports?

Config pasted below:

!
! Last configuration change at 17:15:10 CDT Sun Jul 15 2012
! NVRAM config last updated at 16:27:14 CDT Sun Jul 15 2012 by someguy
!

[Code].....

View 3 Replies View Related

Cisco :: Allowing CRC Error Connections To Forward?

Oct 25, 2012

This is actually on my home television network.... Uverse which uses one of those dumb 2wire modem, router, wifi, 4 port 10/100 switch combo devices. it is NOT my internet source. It is just for IPTV services from ATT. Short of replacing the 2wire gateway with a new one from ATT I have a good learning experience question to ask.

I have two switches available at my home to work with on this issue. A EHWIC-8 port Gig Switch in my router and a 24 port 3750E gig switch.

When ever I plug, any port, any cable, both crossover and straight, on the 2wire uverse device into either Cisco switch there are masses of CRC errors generated by the cheapy 2wire thing.

CRC being a layer1 issue in nature I have tried everything short of replacing the 2wire and that is next. There is one caveat.

When the CRC errors are generated and logged on the 3750 it just seems to continue to forward those frames to whereever they need to go regardless albeit a ton of errors.

On the EHWIC 8 port in my 1921 router it seesm to stop forwarding after about 10 secs of encountering CRC errors. What gives? Is there something special command wise that tells a switch to forward frames regardless of CRC errors? Is the 3750 able to deal with them and just forward away and the EHWIC card not able too?

View 3 Replies View Related

Cisco Firewall :: ASA5520 Not Allowing Traceroute

Oct 31, 2011

I've got an annoying problem with my ASA 5520.I have traffic going from the inside interface (security level 100) to the outside interface (security level 0) with a global PAT applied to the outside interface address for all inside traffic - and I can't seem to traceroute through the firewall.The ruleset is simple - basically, allow any IP from inside to outside. The NAT is simple - PAT all traffic unless exempted to the IP address of the outside interface.If I do the trace from my internet edge router it works fine - so I know it's not soemthing my uplinks are filtering - but if I do it through the firewall, I get perfect responses until the hop where it hits the firewall interface - then nothing.Is there something I am missing that I need to do to allow traceroute to just work with all the rest of the traffic?

View 2 Replies View Related

Cisco WAN :: C3560 Switch Is Not Allowing Telnet Or SSH

Oct 8, 2012

I have got my ccna voice lab configured and is up and running, my switch is configured with 2 differents Vlans (Data & Voice) and the fa 0/1 is configured as trunk port connecting to the CME router.  I can telnet or ssh to all the devices on the network but only the switch in not accepting the request the only message I am getting is "request timeout".

View 12 Replies View Related

Cisco :: Allowing Only Static IPs On 5508 Controller?

Nov 29, 2012

We have a customer that is looking to allow only static IP addresses onto the wireless network via the new 5508 we are putting into place. I can see where to require DHCP but not the opposite.

View 4 Replies View Related

Cisco :: WLC5508 Not Allowing Client To Connect

Dec 27, 2012

There is a problem with my WLC, it is not allowing an specific client to connect. It gives an 802.1x failure log but I am not using it, anyways the WLC puts this client in the excluded clients list and I didn't add it manually, in fact is a new laptop.
 
I attached a couple of screens from my WLC.
 
IOS is 7.0.98.0

View 7 Replies View Related

Cisco Firewall :: 7100 Allowing NAT / PAT From Router Through ASA

Mar 17, 2013

I have a 7100 router that has some servers behind it. I need to translate each server to a public IP. The only thing is that between the outside world and the router is an ASA. We have a small data center where the ASA is connected to a core switch on the inside and the ISP on the outside. How would I do the NAT/PAT translations on the 7100 and then have them pass through the ASA? for example:

View 6 Replies View Related

Cisco Firewall :: 881 Router - IOS ZBF Not Allowing IPv6

Oct 4, 2011

I am trying to configure Zone Based Firewall (IOS 15.2T) on Cisco 881 router for IPv6. Current setup is simple:

Zone:
LAN --> WAN zone security LAN
zone security WAN
!
class-map type inspect match-any Internet-cmap
match protocol dns
match protocol http
match protocol https
[ code ] ........
 
Current configuration behaves as expected for IPv4, but blocks all IPv6 traffic. If zone-security is removed from WAN interface IPv6 works normally (connected to Internet). As soon as zone-security is enabled on WAN interface all IPV6 traffic is discarded when connecting to Internet from local LAN.
 
Error messages on console: Half-open Sessions source destination tcp SIS_OPENING/TCP_SYNSENT
 
Are there any special settings for ZBF which should be turned on for IPv6 protocol?

View 1 Replies View Related

Cisco Switching/Routing :: Allowing RDP On 891w

Sep 24, 2012

I am trying to allow RDP through my 891w.I have tried a few different yjing to no avail. [code]

View 23 Replies View Related

(transport Local Ssh) But Its Still Allowing Telnet

Feb 7, 2013

I have "transport local ssh" but its still allowing telnet??This is a 2960 switch Here is the end of running config:
Code:

View 6 Replies View Related

WBR-1310 Router Not Allowing Static IP?

Feb 9, 2013

When I set a static IP on my device, it works for a short time, then it won't connect again unless I do DHCP. It's like the router chooses an IP for the device, and only allows it to use that one.

The same thing happened a while ago with my desktop, I wanted to set a static IP so I could access it from another building, and the router, being the piece of crap it is, reset all the IPs, and wouldn't allow the computer to connect.D-Link WBR-1310, Hardware B1, Firmware 2.02

View 2 Replies View Related

Cisco Routers :: WRV210 Not Allowing To Delete VPN Client

Sep 27, 2011

I have a WRV210 router that is not allowing me to delete a VPN client that I had perviously set up. When I go to remove this client on the VPNVPN Client ACCESS table the s/w re-directs me to the Status VPN client table. There I cannot flag/check the disconnect box. I have version 2.0.1.5 s/w which is the latest.

View 0 Replies View Related

Cisco Firewall :: Allowing FTPS Access In ASA5510

Apr 13, 2012

We had an ASA 5510 as a firewall in our environment, and there is a requirement to access an ftps server from our location. Currently from the server location they configured everything by allowing our public ip to their server and gave the following details to access ftp.Please suggest which traffic needs to be allowed in our ASA to access the ftp server address as mentioned above. From my initial analysis, it's found that 989 port is also enabled for the access, but that was not mentioned by them.

View 1 Replies View Related

Cisco Firewall :: Allowing Traffic From Inside To Outside ASA5505 7.2(3)

May 15, 2012

Let me start by saying that I'm just starting to study for CCNA, so the ASA seems to be a bit above me yet.  The ASA's we are using is for VPN to our corporate office and only allowing access to our Citrix environment, so no direct internet allowed.  We have a person who works in the remote office who has need for a caption telephone that requires direct access to the internet.  The phone only supports DHCP, and getting the ASA to do an ARP reservations is proving difficult.  For now I wrote an access list to allow it's DHCP address out but it still isn't working.  The access list I wrote is:
 
access-list 101 extended permit ip host xxx.xxx.xxx.124 any log
access-list 101 extended permit ip any any
access-group 101 out interface outside
 
When I do a show access-list I'm seeing that traffic is hitting the access list as the hit counter has increased.  When I do a show conn I'm seeing one of the IP's that the phone should have access to, however the flags are: saA, so I'm assuming they are not getting a response.  According to the manufacturer, only outbound connections are needed, no incoming ports required.  All traffic is TCP.

View 8 Replies View Related

Cisco Firewall :: ASA 5505 - Allowing Multiple Networks On DMZ?

May 22, 2011

I have 3 networks coming on DMZ (VPN) interface. Only one network is able to ping the DMZ interface. See below networks coming i on the DMZ.
 
10.132.24.0/2410.132.25.0/2410.132.26.0/24 Only the 10.132.26.0/24 netork works as it is in the same range as the DMZ interface.
 
allowing the other two networks to communicate. I've attched the diagram and configs for your perusal.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Not Allowing Incoming Traffic

Mar 15, 2012

I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall.  I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one.  Unfortunately, my script is not working with the 5505.  What I am doing wrong with the following script?  I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults.  I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network. [code]

View 7 Replies View Related

Cisco Firewall :: ASA5520 Allowing / Blocking Skype

Sep 17, 2012

I have the following: redundant ASA5520s on v8.2(1)proxy server/web filter for blocking access to websites for staff/studentsusers who want to use SkypeCisco Catalyst 4507 corea dozen VLANs for staff/student/WiFi etcCisco core policy that routes 80/443 to transparent proxy on a WiFi VLAN Windows desktops have direct proxy settings in IE .Pretty much all outbound ports are closed with 80/443 and a handful of specifics for various things open. Because of this Skype attempts to use 80/443 which are sent to the proxy server but bnecause they're not HTTP/HTTPS they cannot be understood. Skype attitude is to open 1024-65535 which is just plain stupid!
 
There's no way to specify which port(s) Skype uses for outbound. I tried opening 33000-33099 which worked perfectly for 2-3 devices (Win laptop, iPad) but others failed all the time.I've seen people mention using an AIP-SSM module in the ASA for blocking Skype (and other things eg torrents). Is it possible to use this module to allow Skype eg on ports 1024-65535 whilst blocking any other application from using those ports?

View 2 Replies View Related

Cisco Firewall :: 2811 Not Allowing ICMP To PBX Through Same Interface

May 31, 2013

Attached is our network diagram showing the details of our remote office and the corporate side which are connected via private fiber. The workstation (10.10.102.84) can ping the 10.20.0.31 IP address of the PBX but not the .30 address and I know if we can’t ping it we can’t remotely manage it. The 2811 router, ASA 5510 and the 6509-E can ping both IP addresses on the PBX. The ASA logs the error "Denied ICMP type=0, from laddr 10.20.0.30 on interface inside to 10.10.102.84: no matching session" when the workstation pings the .30 address.
 
We changed the default gateway of the PBX from 10.20.0.2 to 10.20.0.1 (2811 router) and we were able to ping both IP addresses from the workstation but the SIP trunks from the Internet stopped working (they NAT to the .30 address). Because calls may be forwarded from the PBX to the corporate network (via IP phones) we will eventually need to change the default gateway to10.20.0.1 and still need the Internet SIP trunks.
 
My two questions are, how do we resolve the issue of pinging the .30 address from the workstation and then when the time comes how do we resolve the issue with the SIP traffic reaching the .30 address when we change the default GW of the PBX to the 10.20.0.1 address of the 2811 router.

View 9 Replies View Related

Cisco Firewall :: ASA 5550 - Acl Allowing Guest Access

Jan 26, 2012

I have an ASA 5550 at our main site with an external ethernet interface to our ISP for internet access.  I would like to allow 10.100.41.x/24 http / https access but block this network's access to all other internal networks including 172.17.x.x,,  10.100.1 - 40.x, and others.  I'm having trouble identifying what IP address to use as the desitination for the permit rule for access to the internet.  The rule that comes after the permit is to deny 10.100.41.x/24 access to internal network addresses. 

View 1 Replies View Related

Cisco Switching/Routing :: 2950 Switch Not Allowing To Set Up SSh

Feb 8, 2013

After setting up the domain name I try to use the crypto key and it is no where to be located. Below is some of the information I copied from TeraTerm
 
Switch-1(config)#ip domain-name justin.lab.comSwitch-1(config)#crySwitch-1(config)#cry?% Unrecognized commandSwitch-1(config)#crypto key ?% Unrecognized commandSwitch-1(config)#crypto key ^% Invalid input detected at '^' marker.
Switch-1(config)#?Configure commands:  aaa 

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved