DNS resolution works and I can surf the web without fail. But if I try to ping any external hosts (I can ping inside interface of ASA fine) from the LAN I get timeouts. I can ping anything from the ASA without fail.
I also want in internal NAT, but only for certain external hosts, so when they connect to any of the above, their source address is changed. I've attempted the following so an external host (172.16.2.254), has it's source changed to 172.16.1.100.
I've got an aol engineer visiting Thurs.to examine connection loss (since last Weds). But I'm convinced the problem is with the router. But from the tone of the aol tech questions I suspect he's already briefed his engineer to do his best to represent the problem as being either with my computer or positioning of router/filters/condition of wall-sockets - usual getouts.The talktalk router is neww, issued Feb 12, after my original router, speedtouch, started suffering idle timeouts every day.
I can connect to this router via Lan and have no problems.Via Wi Fi it connects but will not communicate with the router or see find the router vias ip address..I have turned on auto ip finding in network settings for Lan and for Wireless but wi fi still does not allow access to internet. It just says local only.when i go to Command prompt and do ipconfig /all it says all DHCP enabled are off!!
I am working on replacing our Checkpoint Firewalls with ASA's, and am running into the following NAT problem. On some of our Checkpoints, there are external NAT's that are mapped to multiple internal hosts based on ports.Is there any way to translate that to the ASA? I'm not sure the ASA will let you have multiple internal hosts mapped to one external IP using static NATs. The main issue, is these are alarm panels that receive data from external hosts (the traffic is initiated externally on the Internet) so I can't use dynamic PAT with this.
i am having trouble connecting my msi laptop to my talktalk to router i have another laptop that i cant really use however i turned it on to c if i can connect it to internet and i can but can not not matter what i do connect this one.
I'm migrating our network objects from our current firewall to a new ASA 5520 configuration. I'm using ASDM 6.4 for configuration.
We have a range of IP addresses for hosts that we need to add to a firewall rule/ACL. In the previous FW software I could create an object that was a range of IP address. For example there is an object called emailservers that is defined as 192.168.2.25-192.168.2.50.
Is there a way to do a similar thing on the ASA 5520?
I can see how to create subnets, but in this case I only have a range of IP addresses, no subnet mask.
I've just taken over a new network with a Cisco ASA5520. Everything is working fine, except I am being bombarded with 106001 alerts from a few internal hosts to one specific internal host. The description in general is "Inbound TCP connection denied from 10.1.0.1 to 10.1.0.5 - both of those are valid internal hosts and the TCP ports are also valid. I tried looking at the log and getting it me to tell me which rule was causing these alerts, but it just came back with 'It's not possible for these type of alerts'
- How is it possible for the ASA to even pick up on this when, in theory, the source host wouldn't be going near the ASA since it's on the same subnet?
- What might be causing this?
- How can I turn it off!! (I guess that'd be fixed by point 2)
I have set up a remote access ipsec vpn on an asa 5520. I can connect, and ping internal ip addresses, however I cannot ping back out to the internet, nor can the internal network ping the vpn clients and dns resolution internal or external does not work. I am seeing nothing blocked in the logs on the asa.
I am working on adding a mapping to our external address for our mail server - let's call it mail.example.com
I would like to be able to access mail.example.com internally for our user's smartphones - if they access our company WiFi they are not able to get mail using the mail.example.com as the server name in their phone setups. However, once they leave the office and use any other WiFi it works fine. Also, I am unable to ping that address from any internal device. I believe also this is the reason Exchange accounts do not work on our site to site VPN connections.
I have a ASA 5520 and work primarily in the ASDM 6.4 to do configurations in the main office and have 5510 in our site to site connections.
I have an ASA 5520 with a DMZ with private addresses that I SNAT to my outside network. From inside the DMZ I can reach servers by both the internal private IP and the public IP, except if the IP is from the server trying to connect. So, say I have server1 and server2. I can connect from server1 to server 2 with both public and private, but can't connect from server1 to server1' using the public IP. ASA logs show that packets are being denied due to land attack. DNS doctoring is not an option for me.
I have installed quite recently a cisco ASA 5520 replacing a linux based firewall I have only 2 zones ..one is internal netowrk and other external the internal network has web servers, dns and mail server all having public IPs Every thing is OK but i have seen that if I try to ping an external server for example [URL] i cannot ping says
I am desperate to make some kind of translation which convert an outside IP Address of our web server to its inside ip address so that requests can be routed internally to the server.
This is what we have: A wireless network with an SSID to serve visitors. We also have an in-house web server which can be accessed internally and externally. We have a ASA 5520 that protects the internal network, including the Web server, and also routes all traffic from the all visitors connected to the public SSID to the outside. The DHCP server for the wireless network for visitors is configured to give the 220.127.116.11 as dns server. The problem with that is that the www.ourwebserver.com is resolved by Google's dns server to the public IP Address of our web server! The traffic then is sent to the outside interface of the ASA 5520. The visitor who wants to access our web server cannot connect!
How can I configure the ASA to route that traffic to our web server with the public ip address to the inside ip address of the web server?
When I place the phone on a different subnet, registration failed. The connectivity between the two subnet should be working because I have a desktop computer hook up behind the Avaya phone and the computer can talk with the server without problemThe phone has gotten the IP from DHCP server can I can even ping the IP from phone server. but on the phone it shows "Discover 10.0.10.10" then reboot, again and again. 10.0.10.10 is the IP of phone server. And there is no firewall rules blocking the traffic between the two subnet.Like I said before, if I place the phone on the same subnet as the server it worked. The setting of the switch remain unchanged
I have a 5505 with the security plus license. I have a web server in the DMZ that needs to talk with a server on the inside network but it doesn't seem to be able to. Im guessing there is something I need to do to enable the DMZ to talk to the inside network.
I am trying to config my wireless lan controller (WLC) 2106 to discover my new 3500 access points.I followed the example Cisco configuration doc.69719.I am using a Cisco 3760 switch to interconnect the AP and WLC.I set up DHCP in the switch. [code]
I have my modem then a switch, and two gateways a Cisco 800, and a sonicwall tz170.The Cisco isn't managed by me, it's on a 172.18.2.x subnet and I only have about 12 addressable IPs.I manage the sonicwall and have all 254 addresses open. The computers have to stay behind the Cisco because it connects to a VPN that the line of business software uses.
I can't connect the two gateways by VPN because I cant control the Cisco.How can I get these two to talk? I have a new server on the sonicwall network and an old server on the Cisco network. I want the computers to be able to see both servers
I want to connect my home phone to the pc and make aqlls through voip. I do not want to use the headphone as it is not good to be used in the office.Or if I have a modem, can that be converted to make voip calls on a pc?
I have 2 sites located 500 meters away and i connect it via 2 x RVS4000. I managed to get the site to site VPN up Via internet and from my network 192.168.1.x able to reach 192.168.2.x. -where 192.168.1.100 (user try to acces my FTP server 192.168.2.99) has no issues but it's slow due to my internet connection speed.
So i setup another link via wireless( wireless bridge ) purpose is to resolve slow connection via internet.
But some how i try to set traffics divertion from 192.168.1.x to 192.168.2.99 via local LAN faild.
how possible to setup the network such as picture attached with RVS4000?
to ask a very legacy network technology - IBM's SNA how it working on TCP.The topology as shown at the attachment SNA topology.png (backgroup is banking sector)
1. At HQ, AS400 mainframe physically connect to router (with SNA feature license). This router connect to peer router across WAN (for security purpose, built the IPSec tunnel with 3DES encryption). 2. HOW really the router can do SNA ov IP? how the router can talk with AS400 using SDLC, and then route through using TCP/IP? 3. read on cisco documentation, i just couldn't know what kind of scenario need to use STUN? as well as DLSW+ ? can please guide when to use either STUN or DLSW+?
Do the devices connected to the DAP-1522 communicate directly with each other or do they communicate through the router.My DAP-1522 is set up as a bridge connected to my DIR-825. The reason I ask is I've set up an HTPC connected to the DAP-1522 and I also have media devices connected to the DAP and am wondering if they'll communicate with each other directly or if they have do it by going to the router and back. That way I can use my HTPC to serve media to my devices at local speeds.
We have an inside interface, 192.168.10.0/23We have an outside interface, public ip...We have the ASA connected to 5 site to sites, this is working fine and through the internal interface can access all remote sites and vice vera. These are 192.168.20.0/24, 192.168.30.0/24, 192.168.40.0/24, 192.168.50.0/24 and 192.168.60.0/24,When a user connects via Cisco VPN Client they can see the inside network but can't talk to the remote networks connected, for instance 192.168.40.0/24... whereas an internal user can. I understand that the VPN client connection is seen as an outside connection, not an inside connection... but then I read [URL] and I am confused even more.
I have a new Lenovo Ideapad laptop and Im having problems connecting to internet using ethernet cable. The thing is this problem occurs only at one particular place (dorms) because Im having no internet problems at other locations.
It looks like this: I connect using ethernet cable, Windows 7 identifies the network and everything looks normal, but there is no internet when I open a browser (I tried IE, Firefox and Chrome). It just loads and loads and sometimes it loads my Google homepage, but only after approximately 30 seconds or it does not load it at all. The same applies for other pages - they do not load or they load after a minute, but the pages are incomplete, they look like HTML
When I do a ping at CMD, it shows the same problem, the replies are slow or it shows "request timed out". I tried pinging various pages or IPs with same results. The only thing Im able to ping normally is the IP of my network adapter. My IPv4 is set to automatic, but I also tried manual parametres, just in case.I tried 3 different cables, switching antivirus and frewall off, did spyware search, switching IPv6 off, switching WiFi off, reseting the main dorm router etc etc...
Strange thing is that my laptop works perfectly anywhere else (home, work...) so I suppose there is no problem with the configuration of my laptop or network adapter, BUT the internet provider says there is no problem with their network or router since other laptops works normally at THAT location (even my other laptop does work there), so mine Lenovo is the only laptop which is having problems... and when I check the properties of the network, upload is always higher than download, but generally both are very small one more strange thing: I can watch live stream videos using one particular software and I can download torrents quite normally, but loading Google and other pages is a major problem, even Outlook or Google Earth/Talk does not work properly
I was assigned a task to configure an SG300-28P to have 3 different vlans.Now on VLAN1 their will be only one device configured with static IP 192.168.0.230,On the other 2 VLANS there will be a separate router connected on each one of them and will also act as a DHCP server.
I have setup two different subnet 192.168.1.0 and 192.168.2.0 on the same 'inside' interface. They are unable talking to each other. I can ping from firewall to both subnet. Both side unable talking to each other unless I add route on the both side systems.I have added the followings in ASA5510. [code]
I'm trying to get a couple clients to talk to my Active Directory servers. I've created sub-interfaces on my ASA. So, my clients are on Gi0/1.139 and my two Active Directory servers are on Gi0/1.132. I've enabled traffic on TCP 53-5000 port range according to Microsoft. My clients still can't join the domain. What ports I need to open up? My AD servers are Windows 2003.
Okay so for the past week i have battled with my two routers trying to make them talk to each otherMy main router (router A) is a dlink dir-615 ver. BMy second router (router b) that im trying to make talk to router A is a dlink router dir-615 ver E1 flashed with dd-wrt custom firmware.I have looked at every setup guide people have posted online and youtube videos to no avail
As titled have older linksys USB wifi adapter but Network magic wont add because 'other software' controlling adapter. Picked up a Dlink adapter dwa-131 usb wifi adapter but same issue, software conflict?Ive added several computers and laptops, different operating systems. Ipad, Ipod, blueRay, printer with no issues. But this USB wifi adapter has me completly stumped. This cant be this hard...dense I can be but... Is there a way simply that Im not seeing, adding a computer using a USB wifi adapter to my network thats compatible with NM?? Computer is an older Dell 8200 with XP sp3. I contacted support but maybe because my question was related to NM response was basically "your question was 'too technical call xxxxxxxx" -
I have a c3560 that on Port 1 I can not get any device to talk to the DHCP server.Previously there was a client connected to this port however over the weekend he stated he lost connectivity.
In my troubleshooting I have connected that client to another port and now he is good to go...I connected my laptop and tried to connect to the network however I could not.I checked the logs and did not see anything that lead me to think it was having problems.
Is there another way to shut this down and hopefully start it back up without having to restart the entire switch?