Cisco WAN :: 3560 / 2811 - NATing To Surf Some Of IPs
Feb 28, 2011
I am facing problem in my setup which includes cisco 3560 and cisco 2811 router.Actully I am ruuning BGP in 3560 l-3 switch.Some of the customers are connect to 3560 switch via 2811 router,all of those customer having same rate-limit.Some of the customers are directly terminated in 3560 switch where i configure vlans,all vlans has different rate-limitsPROBLEM:I need to do nating to surf some of the ips only for one customer on the 3560 switch.so i m using route-map using acl on switch and doing natting on router.Using route-map i m redirecting traffic to my routers loop back interface, where i m doing natting and send it back to the switch.
Interface Speed Local pair Pair length Remote pair Pair status --------- ----- ---------- ------------------ ----------- -------------------- Gi0/40 100M Pair A 2 +/- 4 meters Pair A Normal Pair B 2 +/- 4 meters Pair B Normal Pair C 2 +/- 4 meters Pair C Short Pair D 2 +/- 4 meters Pair D Short
From the command
test cable-diagnostics tdr int gi 0/40
It's normal?If not, then. the problem is on the cable or on one of the interfaces?The interface is connected between a fastethenert on a 2811 router and a 3560-48 switch.The cable is a straight through cat 5e cable. (I have changed several cables with same result).
I have just received 4 static ip's from my isp, i want to be able to point these ip's at different services on my internal servers, for example: [code]. The firewall I have is Cisco PIX 515, how to set the NATing up or commands?
I have a client with an ASA 5505 who has several networks he's trying to get communicating over a VPN tunnel with a remote office. One of the networks is not working because it's also in use on the management interface of the other side of the tunnel and neither side seems willing to re-IP their internal space.
Their proposed solution is to NAT the conflicting network on the firewall on this side to a different subnet before passing it across the tunnel. How do I implement a NAT that only the VPN tunnel uses while keeping the rest of the traffic that comes across this device un-NATted?The network in question is 192.168.0.0/24. Their desired NAT target is 172.16.0.0/24. ASA config is attached.
I am currently trying to apply a reverse NAT on asa 8.2 and not sure how to do this. I have done this on asdm 6.2 for asa 8.3 but the options are not simiar on 8.2. Is there a CLI equivelant?
I am trying to Achieve the object below for any traffic coming from outside interface to the inside interface with any source address to destination 10.X.X.58 then translate it so that it become 192.X.X.X to address 192.X.X.58. This is so that communications can traverse internal network as the server is not ona DMZ.
I have done this on 8.3 (shown below) but do not know if it is possible for 8.2, I have tried replicating the same command on 8.2 but commands are not recognised.
nat (outside,any) source static any 192.X.X.X destination static 10.X.X.X 192.X.X.58
Should I just upgrade to 8.3? never done it before so not sure of the consequences.
Our ISP gave us a /30 for our external connection (with one IP being their side, and the other our firewall's outside int) and they then route a /28 down to us to give us 14 public IP addresses. Usually we use static NATs to give internal servers a public IP, and it works fine.
However, now I need to setup another VPN device with a public IP from our /28 pool. How the heck do I nat that? Should I give it's external int a private IP, and then NAT it at the first firewall? The 2nd firewall will be a VPN end point, and I'm afraid the NAT will break that.
I just migrated our office network router to a RV082. While configuring it, I came across three problems:
(1) From our ISP we have four public IP addresses which I want to make use of for outbound traffic. With the previous router we used we could configure LAN IPs(ranges) to map to static public IPs. Does RV082 support this? I could not find an option for that at the web-interface. From what I understand the 1-1 NATing only goes both incoming and outgoign ways and actually is 1-1 and not the many-to-one I am looking for.
(2) How is it possible to configure incoming port forwards to use a specific WAN interface? Will it always be the primary WAN interface?
(3) Does the telnet access provide more configuration options? I could not log in to it with the same user credentials as with the web-interface.
Serial Number : NKS1532xxxxFirmware Version : v4.0.4.02-tm (Jul 4 2011 13:30:56)PID VID : RV082 V03Firmware MD5 Checksum : 1f84d8d0a2a8b99f9bfa4409e64547aaLANWorking Mode : Gateway
We have a RA Vpn split_tunnel setup in one of our locations which is working fine in all areas except for traffic destinged for one specific website using https. This vendor only allows the HTTPS connections to them to come from certain outside IP addresses. ssentially it should work like this:RAVPN_client (10.4.4.0/27) --> https request to vendor_ip (208.x.x.x) ---> ASA55XX --> NAT_to_outside_ip --> https request to vendor_ip (208.x.x.x) need to understand how you would go about NATing ONLY this specific https traffic from the RA VPN while not having to alter the setup otherwise. Internal hosts (aka behind the ASA physically) do not have any issue getting to this site, as its nat'd to the outside ip address as we expect.Here is what we are using for the NAT Exemption list he 10.2.2.x, 192.168.100.x and 172.23.2.x are other remote sites that we have. RA VPN users are using the 10.4.4.0/27 do not have any issues connecting to them, no matter the protocol.
I have the following network connected and configured to a single Cisco 1800 router.
VLAN 2 (10.1.20.0/24) | int vlan2, ip address 10.1.20.1 | Cisco 1800 ----- int fa0, public ip address ---- Internet | int vlan3, ip address 10.1.30.1 | VLAN 3 (10.1.30.0/24)
VLAN 2 is server vlan with a webserver. VLAN 3 is clients.
NAT configuration: VLAN 2 and VLAN 3 is using NAT to access the internet, and both is configured as inside interfaces.fa0 is configured as outside interface. Now I don't know if this is about NAT, but I've tried several things without luck.
Problem: A client in VLAN 3 tries to access a domain on the webserver in VLAN 2.It starts by sending a DNS query to a DNS server located at the ISP, and gets the ip address for the domain, which is of course a public ip address. Then nothing happens because the client tries to access the domain on the webserver using the public ip address, and the webserver have a local ip address 10.1.20.20 which is on the local LAN (VLAN 2).
I've tried NAT because I have to change the destination ip address, but I can't seem to get it right.
I have a Cisco 881 VPN Router (TX) which connects to the Concentrator at our corporate office (NY). The TX subnet is 10.16.x.x. The corporate subnet is 10.1.x.x, 10.2.x.x, 10.9.x.x.Right now, the 881 router is only used for VPN to corporate, but, I would like to use it our primary router. We have to ISP's, and I would like to allow traffic to come in on either interface to our internal LAN to a few servers.
Now, if I want to ping from the DMZ to INSIDE, I get an error message "no translation group found for icmp src DMZ: ...... dst: INSIDE...."
I fixed is by adding "NAT 0" onto the INSIDE interface so that packets originating from "INSIDE" that are destined for "DMZ" do not get NAT'd.
Now my question is, becasue these are all directly connected networks, how come the firewall does not route the packets, but tries to NAT them instead.
I have a doubt on how do nat 2 internal ip addresses to 1 public ip for FTP uses.
As I know Cisco ASA cannot use to nat 2 internal ips to 1 public ip as the ASA cannot read the host header. It there anyway to control it by using acl or network object group?
My current configuration for nat 1 internal ip to 1 public ip:
static (firewall-dmz,firewall-outside) tcp 210.19.xx.xx 21 172.16.101.11 21 netmask 255.255.255.255 dns
I have a DVR installed inside my network with local ip address 10.0.0.117/24 and i need to access it from the internet. there is a pix 515e (ios ver. 6.2) between the internet and my internal network. I've configured NAT from inside to outside to allow my internal clients to access the internet. but i need to allow external clients from the internet to access the DVR. I've tried to configure it on my pix but i found it doesn't have more options for nating like ASA.
is there any way to do that on pix and if so what the correct commands to do that.
I have Router 2800 series Global nating is configured on it.
ip nat inside source list 111 interface Dialer1 overload ! access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 111 permit ip 192.168.1.0 0.0.0.255 any
My object is that i want give internet access only for few users ip E.g IPs addresses from range 192.168.1.0-10 can acess intenet access other all are deny.How i do this with ACL .
I have a Cisco ASA 5520 (Ver 8.2(4)) with all four interfaces in use (Public, Private, DMZ, Local offices) and an IPS module, so there are no spare interfaces. I have used all of Public IP's on the current interface for various services (these need one to one mapping, so I can't port map mainly due to SSL certificate issues) and I need to add another Public IP range. The secondary option on ASA interfaces does not exist as on routers/switches and I need to use an additional non contiguous IP address range for additional services advertised on the Public interface that are NAT'd to be servers in my DMZ.
I have seen an example of adding a static arp on the Private interface to allow a secondary gateway to be used for outbound traffic, but I need to allow 14 new IP addresses to be NAT'd from the Public to DMZ and possibly also for outbound NAT'ing (from either Private or DMZ to the Public). I have a L2 switch between the ISP router and the firewall, so using VLAN's is not an option unless the ISP can be persuaded (highly unlikey) to add the seondary IP's as a sub interface with tagging. Anyway if this was actioned then we would have a massive outage on our current IP range during the transistion.
I have an ASA5510 running version 8.2(5) I am having an issue with routing/natting from an internal network to the outside interface IP on port 443 which has a nat back in to another internal address. i works externally in from a public address. i also see log messages to do with IP Spoofing
I woke up this morning to find that I cannot surf the web anymore. I was able to last night just fine. My set up is this: Verizon Fios router(192.168.1.1)> Netgear gigabit switch> SMC router smcwbr14s-n3 (192.168.1.201) the Fios router is has a build in wireless but is in another building and i am not within range of it. I have a cat 5 cable that run between 2 house's... the cable comes into my house and into my switch then to my SMC router (smcwbr14s-n3 ) that is running in bridged mode to function as an AP. I can connect to a lan port on the switch or router and connect to the web (im currently in a lan port now.) Here's the thing, I can still connect to the wireless, it's just so slow (1Mbs -6Mbs)that i am unable to get anywhere... I do have security setup (WPA2) an im going to kill that to see if it resolves the issue... but it has been working fine with the current security setting for the last 5 months, so i dont really thing that is the issue.
my TWC connection and I can surf the net everywhere but when he takes it to his home and connects through his DSL he can pull up Google and can even search through Google but he cannot go to yahoo.com or Aol.com. Malwarebytes comes up with no infected files. I did a restore and the same problem. I did a recover! And same problem. I pulled up a Cmd window and run an ipconfig. I am used to seeing a 192.168.x.x address but on his I get a 10,x,x,x number.
I set up my D-Link DIR601 and set the password for the internet, though I can't surf on the internet. but I can connect, like it says im connected but it won't allow to surf.
I can be connected to the internet (i.e. surfing, emailing) and suddenly loose my connection. I can then ping sites but not be able to access via IE or Firefox. I am running Windows 7 Home Premium and Norton. I have had the problem on multiple networks. I have DSL at home and connect wireless to the network. When this occurs my wired machines still work fine.
I have windows xp on sony laptop. I use dial-up, cricket broadband and wifi. When on wifi I can surf. I cant cannot get off the homepage nor change it when I connect to my cricket broadband. Cant surf because it keeps going to Crickets homepage and when closing or opening another window, it will revert back to cricket and it keeps changing homepage
I have a Asus EEE PC 900 laptop running Windows XP Home. I DO NOT use a modem or router. I connect wireless to someones network (which of course i dont know who it is or how far it is from me) I connect to a Linksys unsecured network. I get good to very good (some times excellent connection from it) The name of my adapter is: Atheros AR5007EG wireless network adapter.Two days ago i was on the internet, and all of a sudden i Lost service ( usually when this happens i wait it out and it comes back)But it hasn't.So I'm checking through my settings and i noticed that im sending way more network packets than receiving. Last i checked it was around 40,000 sent and 5 received. So I wait and wait and wait and the most packets it would go up to is 90 while as sending is still in the thousands.It also says im successfully connected with good to very good connection status (but yet i cannot surf the web because i do not have enough network packets)
I tried different locations in my house (that didnt work)I uninstall and reinstalled my network adaptor (that didnt work)I turned off and on the wireless switch(that didn't work). Im wondering if this has something to do with my laptop or the other persons network? how can I increase the received network packets?
I'm having trouble getting any web browser to work/recognize my connection. I've confirmed that I am indeed connected to the internet (I know this because, for example, I have no problem at all downloading games via Steam). For some reason, though, when it comes to surfing the web using a browser it's as if I'm not connected (even Steam can't load the Store page, I can only download games via the Library).I moved an infection a week or two ago, and I suspect it altered something that is causing this issue. I did get some advice to open the browser and go to Tools>Internet Options>Connections>Lan Settings and make sure "Automatically detect settings" was checked, and "Use proxy server for your LAN" was not checked.I did this, and in fact "Use proxy server" WAS checked while Automatically detect settings" WAS NOT checked.
I cant surf the net on my Galaxy S2 through my home wifi connection but I can access files on my phone through Kies Air wirelessly from it. How do I fix this?
I set up my linksys wireless router as I have before. I am using Verizon PPOE DSL with modem in bridge mode I am online in that I receive email in outlook and can use IM. However I can't surf to any web page. All the troubleshooting I have done has come up short. I can ping yahoo, my dns, gateway, and local ip.
this is weird my laptop DV67000 HP running vista ,suddenly stops connecting to any sort of webpage.funny thing is my other programs like MSN can with no problem.my desktop can surf no problem.i noticed that i loose internet connection when i surf too then i diagnose. It reports thats there is nothing wrong. this is puzzling me this only happened 3days ago i have done scans on my hole computer and even tried defraggler.oh i use firefox and Internet Explorer .
this has been a new developing problem i have been having it its starting to be a pain in the you know what. Recently i have been losing connection off the network countless times a day then to have problems getting back online. I have a Belkin Surf and Share Wireless N router that was working perfectly. i have a laptop sitting next to me that doesnt go offline when i do. Seems like im the only person in the house hold experiencing problems. I even tried a different wireless card and still have the same issue. im clueless on what to do. i tried flushing my DNS several times. I have a connection of only .30 mbsp from this issue as well.
I am experiencing a great inconvenience with my relatively new Belkin Surf+ N300 wireless ADSL router.I am confident that the router has been doing this since I got it, however I have not noticed until now. Whenever I try to access a URL with the word "router" anywhere in it (e.g url...) it will take me to my router's settings page (usually comes up when the router's LAN IP is entered)Yes this is very handy if you don't know the LAN IP, or are less skilled in router management, however if, like in my case, you like to access websites with "router" in their URL, you have a serious problem. I have tried factory resets, and have scoured through the settings of the router but have been so far unsuccessful.
