Cisco WAN :: CCENT Requires Urgent 857 NAT Multiple Static IP
May 7, 2011
I am fairly new to the Cisco world and aim to take my CCNA in the coming months.I am now working with a customer who has several Cisco 857 (UK PPPOA ADSL over POTS)The have sonicwall firewall VPN devices that needs to have one block of 8 static ip addreses from the ISP at each site.The current configurations use the network address on the VLAN interface use Static NAT to a private IP address to connect to port 23 on the VLAN interface. Why would you set up the router this way?,I thought that from a block of 8 IPs the first would be the network address the last the broadcas address, one for the router (on the VLAN interface) leaves 5 usable for the hosts attached to the ethernet ports on the VLAN.
I am trying to configure a Cisco 871 router.There are 3 servers on my network that need static public IPs but also still need to communicate on the local network.I have given my WAN interface the first IP in the block and set up PAT for the rest of the computers on the network with that IP which is working fine. Next I set up static NAT rules for the servers translating 3 of the remaining public IPs to the internal addresses of the servers.I can access those servers internally using the public IPs but not from outside the network. A traceroute from outside the network gets dropped when it gets to my ISP.I've never configured more than one static ip for a network before and i know i've just missed a step here. Do I also need to use static routes? Will that update the next hop's routing table? Do I need to make an ACL to permit any host to the servers? If so, do I use the internal or external address? [code]
Is it possible to have 2 IP addresses on wan and setup specific routing rules for each IP ? Or do I need to use another router for that and if which one ?
I am setting up a Cisco ASA 5505 first time for My organisation, I usually setup Cisco Router, I have 10 Static IP, & Have 6 Server (S-1, S-2, S-3, S-4, S-5, S-6), Traffic Should be pass through the ASA and is distributed to the destination server that is specified in the packet. LAN servers can be separated into discrete networks for security. For example, a private LAN for internal traffic accessed only via remote dial-in VPN sessions and Want to Configure DMZ for Server (S-4, S-5, S-6) that allows public web traffic.
I have Attached My Network Diagram I have some question,
1:- Can we Configure Multiple Static IP On ASA 5505 ?
2:- If Diagram is wrong what change need to be done ?
I am trying to configure a Cisco 871 router.I have 3 servers on my network that need static public IPs but also still need to communicate on the local network.
I have given my WAN interface the first IP in the block and set up PAT for the rest of the computers on the network which is working fine. Next I set up static NAT rules for the servers translating 3 of the remaining public IPs to the internal addresses of the servers.
I can access those servers internally using the public IPs but not from outside the network. A tracroute from outside the network gets dropped when it gets to my ISP.
I've never configured more than one static ip for a network before and i know i've just missed a step here. Do I also need to set up static routes? Will that update the next hop's routing table?
We have a need for an inside address to have more than one static NAT outside addresses. I know this wasn't possible before 8.3.X code. I still can't quite get it to work with 8.4.X code yet.
our inside network is 10.17.197.X/24. the current NAT we have in place is 10.21.197.X/24.
we need to add an additional NAT of 10.22.197.X/24 and I also have networks that will need to hit the address with no NAT.
I do know the source networks where I need each of the three cases:
from 172.20.X.X I need to hit the inside of 10.17.197.X natively, no NAT. from 192.168.X.X i need to hit the inside of 10.17.197.X with 10.21.197.X NAT from 10.10.X.X I need to hit the inside of 10.17.197.X with 10.22.197.X NAT
I need to replace an ASA with an IOS firewall router, and am not sure how to migrate the NAT configuration. Specifically, there is an interface "3rdparty" that has onward connectivity to other private addresses, so our internal addressing is hidden. For some reason there are static NAT rules in different directions across the interface, but at present I cannot see why. Thinking in router terms, all that springs to mind is the inside and outside tags for the interfaces, but also that it might need "overlapping" NAT to be configured.
I am at a loss on configuring a new ASA5505 for multiple static port translations.I would have expected to simply add several service command to a network object to complete the task, however, the service command overrides the previous and replaces rather than adds to the translations. [code] However, if entered in that order the 8443 overwrites the 8080 static translation.What is the correct procedure to establish multiple translations? If someone could also provide the "old" style for pre 8.2 release, I'd like to compare because I thought I used to do this with an access-list somewhere.
I have 8 RVs4000's to built a test system with. On each side of the network is 2 servers, both with 2 NIC's. Both are on different /24 networks.
The idea is to simulate a WAN link, with the RVS4000's G1 & G2 running in "Gateway" mode to simulate the WAN. All other RVS4000's will be in Router mode ('R1,R2...etc..') All networks in /24 range. As I understand it, the RVS4000 CANNOT take 2 diverse networks on the LAN side: - ie 192.168.168.1 & 10.1.1.1 on the LAN side. The NIC's on the server only need to communicate to the similar type of addresses on the other side - 192.168.168.1 on server 1 to 192.168.170.2 on server 2, but NOT 192.168.168.1 to 10.1.2.1 on server 2. The G1 & G2 link is so that all communications are routed between this link - as a testing point.
So, my questions are this: 1) Will this work? Is there any easier way of doing this? (Bear in mind this is the only equipment i have to do this). 2) Is the static routing I have thought of work? (see below)
I know using the RVS4000's inbuilt RIP may be easier, but I've never configured RIP routing. As this is a test environment, using static routing would be enough to get it going. No security lock down is required, all I'm trying to enable is for the servers to communicate with each other (NIC1 on both servers e.g 10.1.1.1 on server 1 to 10.1.2.1 on NIC 1server 2, and NI 2 on server 1 192.168.168.1 to NI 2 on server 2 192.168.170.1) The 10.1.x.x networks DO not need to talk to the 192.168.x.x networks. THe G1 & G2 link is just for testing - but all communications must pass through here and be routed to their relevant networks on the other side.
I am trying to set up my ASA5510 the fail over of ISP when it can't ping three different IP. I create three different tracking to three different IP using sla monitor & track rtr. But when I do
the last route will replace the previous two and only the last route command takes effect.Is there anyway I can set up the fail over to ISP2 only when it can't ping three different IP from ISP1?
I've got a server that is connected to the network through one physical ethernet adapter. From my ISP, I got 4 static, public IP adresses, one of which is in use on the Host-Server itself, the remaining three each on a virtualized server. All 4 Servers are running on the same machine.Everything is running smoothly, however, I need to do some Bandwidth Management and Port Mapping, this is why I bought a ZyWall USG20, thinking it would be perfectly capable of doing what I need. is it possible, with a ZyWall USG20, to have all my four IP adresses being forwarded to the one physical machine, and apply some bandwith shaping and port mapping to it?
I configure multiple static RPs and one of the ACLs denies a source will it move on to the next entry that covers it in another acl? [code] i.e. 1.1.1.1 will be used as the RP for 224 to 238 and 2.2.2.2 will be used as the RP for 239.Will that work correctly, i.e. if a source is trying to register with the router and its for the group 239.1.1.1, will it be denied against the first RP and then permitted against the second RP?
I am trying to configure a BT Business ADSL Router (BT2700HGV) to work in bridge mode in front of a Cisco RV120W router and cannot get this to work.I have followed numerous posts I have come across in configuring the BT router for bridged mode and this has been configured as follows:
ATM Encapsulation - Bridge LLC DSL and ATM - VPI=0, VCI=38 (also tried VCI=35) ATM PVC Search - Disabled Connection Type - Direct IP (DHCP or Static) Disable Routing - Yes
There are also some other options on the same configuration page for 'Broadband IP Network' (which I have left on DHCP) and also a 'Public IP' which has been left blank. After setting the above options this removes the LAN DHCP configuration, the PPPoA logon details and sets the internal IP address of the BT router to 192.168.1.254.
My understanding of 'Bridge' mode is that this router will now act simply as a modem and configuration details such as logon details and WAN IP address information are configured using the Cisco RV120W router?The configuration of the Cisco router is as follows:
Internet Connection Type - PPPoE Username and Password set Authentication Type - Auto-Negotiate (options here are PAP, CHAP, MS-CHAP and MS-CHAPv2) Routing Mode - Router (Other option is 'Gateway (NAT))' - I have tried both options
The WAN interface on the Cisco router is connected to one of the LAN ports on the BT router. The 'Broadband' light is on the BT router but the 'Internet' light isn't. The WAN status on the Cisco router is 'Connecting'. I am sure I am missing something simple.We have been assigned a range of static IP addresses from BT so am trying to get these working too (x.x.x.24/29 - 5 usable statics), another option available (other than PPPoE) for configuring the WAN interface on the Cisco router is a 'Static IP', not sure if this is the correct option but have tried messing with it, I have tried assigning a static IP from the range given to us (.30 - the router address specified by BT) along with the subnet mask, however don't know what to put as the default gateway, would this be the peer address (but assume that would change anyway), in any case, using the 'Static IP' option does not give an option to supply the BT logon details which I assume is required?
In bridged mode, what is the peer address assigned to, the BT router or the Cisco router?Does the BT router need to be configured with a public IP address?
Is there any way to have my Cisco 877W Router alter from using one static route to another static route when another router on the network is reporting destination host unreachable?
Router 1 (192.168.2.253) Dialer0 -> ppoe to internet Vlan1 -> local 192.168.2.0/24 Router 2 (192.168.2.254) Dialer0 -> ppoe to managed VPN (172.16.28.1) Vlan1 -> local 192.168.2.0/24
Router 2 is connected to another network through a managed VPN and that network also has internet access. I want to be able to have two routes to the internet on Router 2. And when Router 1 internet goes down packets get routed through the VPN instead.
I currently have on Router 2
ip route 0.0.0.0 0.0.0.0 192.168.2.253 ip route 10.0.0.0 255.255.255.0 Dialer0 ip route 0.0.0.0 0.0.0.0 172.16.28.5 250
Which does nothing when Router 1 has its Dialer0 interface shutdown, or goes offline completely.I suspect I could reverse the setup and have everything routed through the VPN by default and then if / when Dialer0 interface goes down it would switch to using Router 2, but if the problem is in the remote network and interface Dialer0 stays up, it would probably do the same thing... nothing.All devices mentioned are Cisco 877W routers with ADSL and a bunch of fast ethernet interfaces.
I have a Cisco Valet wifi router that works fine with my laptop and my computer that has a usb wifi adapter. The problem is that for some reason when I try to connect my moms computer to the router it can only connect to the guest router and when I try to connect to the regular router it just fails even when I use the correct password. I have tried uninstalling the driver and re-installing it for the usb wifi adapter for my moms computer (NetGear N150 USB Adapter) and its nothing works. Her computer by the way is an Acer Windows XP SP3 machine.
I just got Charter cable internet and decided to purchase my own cable modem instead of paying 5 dollars a month to rent one. I got a D-Link DCM-201. I know it is a little old but it was brand new/unused so I figured it would work out well. Ever since we got it hooked up every few hours we lose internet connectivity. The power, cable, and status lights are solid green and the Ethernet light is blinking green. The only fix I have found for this is to power cycle the modem. The problem is this happens about once every 4 hours...having to reset the router every few hours is making having cable internet a much more painful experience than it should be.
I just bought a Westell modem 6100 model online, and when I try to change the profile, I get a message saying: The server 192.168.1.1:80 requires a username and password. The server says: Modem Secure."
I'm currently trying to setup a Linksys SRW2048 switch.
The switch came with version 1.0.0 of the firmware (circa 2005), which worked fine with Google Chrome and Safari on OSX.
However, I recently upgraded to 1.2.2 (circa 2009), and the in-built web configuration page doesn't seem to work in anything except for IE6 or IE7.
Chrome and Safari give me a whole bunch of resource not available errors, and the page itself doesn't render properly at all:
Firefox also doesn't render it properly either:
It seems a bit strange on Linksys/Cisco's part that they'd release an updated firmware that meant their switch could only be used by Internet Explorer.
Or failing that, are there any known workarounds to get this to work with Chrome, Safari, Firefox - anything other than IE? Or anything on OSX or Linux?
Also, I heard that firmware 1.2.1 still works on non-IE browsers - any archives of older Linksys switch firmwares?
As indicated in the subject, wireless users are finding that it is either unattachable (shows up in the list but fails to attach) or if you manage to authenticate and get in, it's painfully slow or simply drops out. Security is WPA-PSK. Only noticed the issue after a couple of Windows 8 laptops came into the household, but the problem still seems to be there when they are off so not sure if they are connected in some way or not. Updated to the latest firmware - no change. Wired connections are fine and when it's initially restarted, so is the wireless, seems to happen sometime after wireless services are restarted. Only the one Wireless SSID, nothing fancy, max users around 5, all on laptops or the odd pad. I changed channels done narrow wide etc, (using mixed mode - some Wireless N laptops some Wireless B/G. Nothing seems to make any difference. No log entries until the Wireless system is restarted, doesn't require a reboot of the router, just a SUBMIT of the existing wireless settings to force it to restart.
I use a cisco asa 5520 to terminate multiple site to site VPNs. Due to the configuration of a parteners network, i have had to install 2 routers into this parteners network, i have been supplied static private IP addresses for each router each router has a unidue LAN subnet which is the VPN's protected network.The partener use's PAT with only one public facing IP address.The VPNs are initiated from the parteners network using an IP sla ping.
Upon installing my first VPN router in the partenrs network, once NAT-T was enabled on the local ASA the VPN started working fine. After installing the second VPN router i tried installing the new config on to the ASA but via CSM, the ASA complains that it can not have 2 VPN's with the same peer address configured.
I understand ip addressing and what a subnet is.But why is it sometimes I connect two things together,it always requires a subnet mask, and other times no? For example when I try to connect two computers together, it requires both IP and subnet mask.But if I use FTP software all it ask for is IP.Same thing when connecting to a website through their ip, doesn't require subnet.
I've been having this issue where my wireless network completely disappears from my computer and it requires a restart to fix.I know for a fact that it is not my modem/ISP as my iPad still connects just fine to the network.My network disappears about after 10-20 minutes of being logged on.
Shareport recognizes the printer only after resetting the DIR-825 router. I don't know if this is a Shareport issue or an issue with the DIR-825 disabling the USB port.This happens after there is no PC connected to the router for a number of hours such as overnight. I have 1 laptop and 1 desktop running Win 7 64-bit and 1 laptop running Win 7 32-bit. The desktop is connected directly to the router and the laptops connect via wifi. All PCs work perfectly when the DIR-825 is reset.This isn't a big issue but it's extremely annoying and shouldn't happen. I use a Cisco WAG320 in my office that has similar USB functionality and this never happens.
DIR-655(A3) 1.33NAb02_HNAP_beta I used to be able to send notifications on log full etc... When my ISP was still allowing outbound email w/opt out of block on port 25. This worked on my old DI-524, and used to work on my DIR-655.In an effort to clamp down on spam my ISP formerly SBC now AT&T began requiring SSL. Secure Authentication is not required. With the ever increasing concern for controlling spam DLink really needs to get in gear and provide the support customers need and back the efforts of ISP's to control spam. Otherwise it's wasted code occupying space. On that note if space is a concern, need space for the code ~ throw SecureSpot out !
[URL]
On the Outgoing Server (SMTP) Settings window click Edit and verify:
# Server Name - displays smtp.att.yahoo.com. # Port - displays 465.
Note: When updating the secure server settings, check SSL checkbox first to update the port setting.
* Under Outgoing mail (SMTP), the box next to server requires a secure connection (SSL) is checked. This works flawlessly with Thunderbird and other mail clients therefore it is clearly a shortcoming of the firmware on the DIR-655 i.e. no SSL? This is totally inadequate.
Currently, we have the AnyConnect client authenticating our users to our AD environment. All is working as desired. Now our Controll Agency is requiring a two step authentication for VPN access. Is it possible (and if so how do you do it) to also configure the AnyConnect client login to send a PIN to the AD usres registered Cell Phone and then require that PIN to be input to make complete the VPN login process?
We have 3 sf-300 series switches in Layer3 mode deployed in different offices. We have found that approximately every 2-3 months at all 3 locations users experience a serious reduction in bandwidth. Only after rebooting the cisco does the problem go away and we're okay for another few months. some setting/feature that may be contributing to this? We are only using several ports and 1 static route on each switch. We are not using any of the bells and whistles on the switch. 2 of the switches are using the original firmware, whereas the other is using the newest firmware. Maybe this is just what we should expect from a Small Business switch?
I have taken over a couple of LMS 3.2.0 standalone servers (two different networks). When I reboot them they tend to be slow coming back up (20-30 min). I"m thinking this may be due to the fact that LMS was reinstalled on both of them as I see an old CSCOpx folder (CSCOpx_old) as well as the current one. I assume that someone reinstalled and the registry may be dirty and service dependencies may be jacked up but honestly I don't know how this works for LMS and I haven't found much good info in the user guide for common services for service dependencies or registry keys in general.
Also, one of the servers never comes up fully on reboot or restart of the daemon manager. I troubleshot this and found that Tomcatmonitor and Apache are always down after reboot/restart. Tomcatmonitor says that it was shutdown by the administor in a pdshow and Apache says that it was never started. I have to go into the server and manually start these processes with a pdexec to get the application up.
I have one ASA 5510, a primary ISP (cable, the single public IP lives on the ASA), and a backup ISP (ADSL, separate router that hosts its single public IP). I use IP tracking to detect link down on the primary. When I pull the plug on the cable modem and go to "Route monitoring", I can see the ASA's default route is now the backup ISP default route.That conforms with [URL] Pings to 8.8.8.8 fail however, and when I do a packet trace the ASA complains about the dynamic nat rule that still points to the primary ISP's interface.Only when I change the existing dynamic NAT rule (on my inside interface) to use the backup ISP's pool (which is a single 192.168.x.y address) , does 8.8.8.8 reply to my pings. So it kinda works but it's not full auto . I can't add a second dynamic nat rule on the same inside interface, nor can I select 2 IP pools in a single dynamic nat rule.
Lately, I upgrade the firmware on my router. A linksys WRT54G. In order to access the router I had to do a manual reset to factory settings. Post upgrade, for some reason I couldn't access the internet. I tried everything for hours and finally through sheer luck of unplugging every cable and ever power lead and plugging it back in, it started working.
However, lately I've found that the only computer connected to the internet via eathernet cable is loosing connection intermittently. Also we seem to get constant huge spikes in latency and very inconsistent speed. Unplugging the router and plugging it back in again seems to solve this problem temporarily, but requires toggling of power multiple times a day. Also I had what I believe was an IP address conflict, or lack of an IP address once, but using the windows troubleshoot errors fixed that by resetting my wireless network card. (This was on a 2nd machine)
I have a Linksys X3000 router. While it is running, connection latency will gradually increase over about a day until eventually it just stops working at all and I have to power it off and back on again.
Ping times to a local website slowly increase from 30ms immediately after restarting the router, to about 100ms about an hour before it will need to be restarted, then rapidly increase to over 1 second before it drops out completely. When this happens, no connections through the router will work, I cannot even ping it or connect to its configuration web page.
I upgraded the firmware to see if that would work but it didn't. I have had the exact same problems with the 1.0.0 and 1.0.01 versions.
Can I get it replaced? And in the mean time, is there some way to make the router automatically restart at a scheduled time?
I've just gotten a DIR-615 and replaced a working linksys G router. I configured it to work with my ipad (wireless N), my laptop-win 7 (N), and my desktop-vista (USB connected N). Everything works ok,. I'm using WPA personal, WPA2only, AES encryption, 3600, 802.11n only, auto 20/40 mhz channel width, invisible.
Here's the problem. As I powered up and shut down the laptop each day, it wouldn't connect to the router. I could see the connection, but windows said it couldn't connect. I had to go and unplug the router, count to 10, and then plug it in, and tell the laptop to connect and then it would connect it would be fine.
I thought it might be a compatibility with the laptop driver, but after powering down the desktop today, I had to do the same power cycle on the router to get the desktop to connect. So then I went and turned off the IPAD and had the same thing happen. 3 for 3.
I'm pretty sure its router settings and not the 3 devices, this never happened with the Linksys router, but I don't know what to change.
One other odd thing, when I view the network in windows, the DIR-615 icon is there (for about 15 secs), and then it disappears (for about 5 secs), and then reappears (15 secs), disappears (5 secs), etc. - almost like its dropping out for 5 secs... I haven't noticed a performance hit, but haven't transfer big files yet.
I have Dell Studio XPS i5 laptop (64 bit) with DELL Wireless 1397 WLAN Mini Card (version 5.30.21.0 from 1.10. 2008). I recently subscribed for an internet connection that requires 802.11n speed. As my wireless card does not support it what are my options here. Is there a magical link to update my card and start gaining from the maximum speed (30 Mbps or higher if I want) or I have to change the card by buying/installing a new one.
