Cisco WAN :: Can't Create NAT Entry For A Range Of Ports With CCP On 877

Mar 17, 2011

Using CCP I am trying to create a NAT entry for a range of ports. CCP window for a new NAT has only one entry for the port #. Is it possible to set uf port ranges in 877 router?

View 2 Replies


Cisco :: Use DNS Entry In Extended ACL Instead Of IP Address Range?

Sep 1, 2011

Is it possible to use a DNS entry in an extended ACL instead of an IP address range?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Create ACE For Range Of IP Addresses

Nov 7, 2011

trying to configure our ASA 5505 (hence my request for the ASDM). However, I can go CLI if push comes to shove.
What I'm trying to do is allow a range of IP addresses on the inside interface (those which the DHCP server is doling out IPs which are XXX.X.XXX.14-140) to access email only (which is hosted offsite). They still need to access the file servers which are on the inside but nothing should be going out to the internet other than email.
I believe I have to create a Network Object which contains the IP range I wish to restrict. I can see where I add the Network Object but I don't know what the syntax should be to specify the address range.
I'm also not sure what the sequence of the ACLs should be and whether or not I can keep the default Access Rules in place. There are the two implicit rules: 1) Permit any traffic out to less secure networks  2) Deny any traffic to anywhere (which is superceded by rule 1, yes?)
To create an Access Rule like the one I desire, do I need to move the two existing rules down the list so that the new one will supercede both implicit rules?

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Create Network Object For Range Of Hosts?

Oct 25, 2011

I'm migrating our network objects from our current firewall to a new ASA 5520 configuration. I'm using ASDM 6.4 for configuration.
We have a range of IP addresses for hosts that we need to add to a firewall rule/ACL. In the previous FW software I could create an object that was a range of IP address. For example there is an object called emailservers that is defined as
Is there a way to do a similar thing on the ASA 5520?
I can see how to create subnets, but in this case I only have a range of IP addresses, no subnet mask.

View 1 Replies View Related

Unable To Open Ports Or Create VPN?

Aug 31, 2012

A year or so ago, when Verizon was my ISP, I ran a Minecraft server with a Hamachi VPN. I had looked into forwarding ports at the time, but decided to go the VPN route because I wasn't completely sure how to assign a static IP to a computer on the network. I had absolutely no issues setting up the VPN or hosting a server on the network.Recently I decided to give port forwarding a go again. I successfully assigned the static IP and put the port number into my router's port forwarding settings, but the port was still closed. I tried using online port checker tools and having friends try to log into the Minecraft server. No luck.After reading multiple port forwarding tutorials to make sure I had everything correct and double- and triple-checking all my settings, I began to suspect that something else was causing the problem. I have an older router set up as a repeater on the network so my family can connect to the Wifi network from anywhere in our house. Thinking maybe the repeater or even the main router itself was to blame, I decided to try another router. After disconnecting the current routers and setting up a spare router I had, I tried everything again. Still no luck.

I tried opening different ports unsuccessfully. No port I tried opening would work. I decided to give in and just set up Hamachi again, since that had worked flawlessly before. However, after setting up a Hamachi VPN, I realized people could join the "room," so to speak, but could not connect to the VPN itself. Even hosting a Minecraft server over Hamachi wasn't working this time.Assuming it was just an issue with Hamachi, I tried another VPN software. I got the same error - people could log in, but not connect to the VPN. Thinking back to the port checker telling me port 80 was closed, I pretty well gave up.I've walked one friend through setting up a VPN the exact same way I did, and it worked on the first try. I walked another friend through assigning a static IP and forwarding ports. I don't know what's different about my network that won't allow either of these things. I've searched my router's configuration for any setting that would override port forwarding or block a VPN, but I can't find anything.

View 15 Replies View Related

Cisco Firewall :: How To Create Mixed Service Ports On ASA 8.4(2)

May 14, 2013

How to create a mixed service ports on ASA 8.4(2)?I need to create a service group which has ICMP, TCP ports and also different UDP ports.Normally you would create different service group based on TCP/UDP/TCP-UDP/ICMP/Protocol and add then to new nested service group.But I want to create a new service group where you can define everything without the need to different service groups and nesting them into a new one.

View 1 Replies View Related

Cisco :: Range Of Ports In Packet Tracer

Oct 27, 2012

I'm preparing myself for CCNA exam and i started doing a lot of different examples. I've got problem with Packet Tracer when i'm trying to apply some security settings for the range of switch ports in default VLAN 1. I might just demonstrate my commands so it will be easier do understand.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - PAT Range Of Ports

May 31, 2011

I've an ASA 5505 as my gateway for my internet at home. I've one public IP, so I use Port Address translatetion for my internal clients.
Now i wanna setup a FTP server, on a internal client. I will use Filezilla FTP server. I'm running the FTP server in passive mode, since the FTP server would be behind my ASA firewall/nat device.
I need 50 ports for the passive mode to be running.
I will use port range 50000-50050. I can easy make a firewall rule (access-list) that permit that port range.
But how do I PAT(NAT) a port-range on the ASA device? I can only figure out how to NAT one port at the time.

View 2 Replies View Related

Cisco Firewall :: Port Forwarding A Range Of Ports (PIX 6.3)

Dec 5, 2012

I have a network with multiple servers behind a PIX with 6.3 on it. I have one public IP address, and I'm using NAT. I'm currently trying to port my Exchange server to a cloud host, and the vendor is requiring I open up a wide range of ports for MAPI, basically ports 1024 on. What would be the command to forward all of the trafic cominto/from that broad range? if I could simply route all trafic to and from their two IP addresses to my email server, that would accomplish the same end goal.

View 3 Replies View Related

Cisco Routers :: Forward Range Of Ports With RV180W?

Oct 14, 2012

I am new to the RV180W. I am running the most recent firmware--version
I am having trouble getting FTP to work with my QNAP NAS.
QNAP indicates that I should forward ports 55536-56559 to my NAS. I created a custom service to accomplish this, and then, under port forwarding, I selected the service and forwarded it to the private IP that corresponds with the NAS.
However, the port forwarding configuration only allows me to specify *ONE* internal port. With other routers I have always specified the same private port *RANGE* that corresponds with the public ports that I have opened up.

View 11 Replies View Related

Cisco Routers :: How To Open Range Of Ports In RV016

Jun 28, 2012

I am trying to add a couple VOIP phone units that do not have their own router.  They are designed to run of the existing router and have three ranges of UDP ports opened up.  They also do not advise using internal (private) statics on the phones. So what they are asking for is three different ranges of UDP ports to be opened up to all behind the router?

I cannot figure out how to do this (or if it is possible) with a RV016.

View 4 Replies View Related

Cisco Firewall :: 3230 - How To Open Range Of Ports On Pix

May 8, 2011

I need to open the following ports on a pix:
-tcp 3230 to 3235
-udp 3230 to 3253

How do I open the ports?

View 2 Replies View Related

Cisco Firewall :: 5505 - Forward Range Of Ports In 8.4?

Mar 11, 2011

I have an ASA 5505 running 8.4(1), and I'm configuring it with ASDM 6.4(1).  The outside interface is configured with a single static address.  I have a few services port forwarded sucessfully to three different servers on the inside network.
I need to make a media proxy on a SIP server available to the outside.  It requires a large range of forwarded UDP ports for the media channels.
I tried adding a network object NAT rule like the others I'm already using to forward HTTP and RDP.  I entered a range of ports for the real port and the mapped port using the syntax 60000-60999.  ASDM accepted it, but the NAT rule list displays "Any" in the service column.  When I apply the change, I get the following error:
nat (inside,outside) static interface service tcp 60000-60999 60000-60999
ERROR: % Invalid input detected at '^' marker.
How do I forward a large range of UDP ports from the outside interface to a single server on my inside network?  I'd like to use ASDM, but I can switch to the CLI if that works better.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Add A NAT Rule For Range Of Ports?

May 22, 2012

i have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999

View 1 Replies View Related

PC Sending Packets To Random IP's From A Range Of Ports?

Aug 27, 2012

So this is somewhat of a strange issue. I have a program called PeerGuardian 2 and it allows me to simplistically see the packets being sent to and from devices on my home network. It's showing that my computer is sending packets to random IP addresses, some of them reoccur, on a massive range of ports all going in order.

From - To
From - To
From - To
From - To
From - To
From - To

This happens in spurts and it usually sends 20-40 to varying IP addresses in a matter of a few seconds. I asked my ISP if they understood what this was and it stumped the technician I spoke with. I also have run multiple virus/malware scans and everything comes up clean.

View 2 Replies View Related

Cisco Infrastructure :: 2509 - Create The Virtual Com Ports On Windows And Linux Machines?

Sep 5, 2011

I recently acquired a 2509 router that I plan to use as a serial device router.  My question is, how do you create the virtual com ports on Windows and Linux machines to point to the TCP address:ports in the 2509 router?  Is there software or drivers that do this?  Or something third-party?

View 12 Replies View Related

DLink DSL 2640R Wireless Adsl Router / Modem - Create More Network Ports Upstairs

Jan 22, 2013

At home I have a D Link DSL-2640R wireless adsl router/modem in my downstairs office.I would like to use the cable which goes to upstairs of the house to link to some sort of extra router or switch in order to provide more network ports upstairs.

View 1 Replies View Related

Cisco Firewall :: ASA5510 No ARP Entry?

Jan 26, 2012

I have a requirement to NAT a spare address on the same subnet range as one of the firewall interface - however, because this is not allocated to a physical interface, there is no mac entry in the arp cache. the other end of the link from the firewall is connected to a router which has no idea how to reach this "virtual address" - again because there is no entry in the arp cache I have tried to put a static arp entry into the firewall but this doesn't appear to work either. Should I be using a mac address form a physical interface or can I create a dummy mac for this - If the router can't see the ip address, then users will not be able to target this address - so that the firewall can NAT to the real outside address.I have tried routes to null0 on the router and static arp entries on both devices but the user just times when trying to connect to (nat to

View 6 Replies View Related

Cisco WAN :: 2 BGP Routers With 1 NAT Entry 881 Configuration

Sep 26, 2012

I am trying to split traffic entering from the web for servers so everything goes over the ADSL link but time sensitive information such as Sharepoint (TCP80) go direct over the ESHDSL link, now the problem is traffic that enters through the ESHDSL hits the server, the server replies out of its default gateway which is the ADSL which doesnt know what to do since it does not have a NAT entry for its return path.
How can I make it so traffic can enter one router and exit the other?
The two routers have HSRP to provide fail over between the two, and BGP is setup so one BGP route goes ESHDSL-ADSL and the other ADSL-ESHDSL

The routers are a 877M-SEC-K9 and a 881-SEC-K9

View 1 Replies View Related

Hostname Entry Against Public IP?

Sep 5, 2012

We have one business application, accessed across GCC region by having a single entry with individual computer hosts file, ie123.123.155.116 and other than Bahrain, all countries are able to successfully resolve the hostname (application only works against hostname (Oracle EBS)) against this entry with the hosts file. Now, prior contacting the ISP in Bahrain (where internet is regulated due to the current political situations) we need to know whether anything could be done from our end to resolve this issue.

View 2 Replies View Related

Cisco :: No Entry In DHCP Snooping Database?

Apr 29, 2011

an attacker have configured his PC with an static IP address but there is no such entry configured statically in switch, neither in DHCP snooping when he want to generate traffic will switch block him? because there is no entry of his PC in the switch database.

View 2 Replies View Related

Cisco Wireless :: WAP200 And Entry For Primary Dns Cannot Be 0 And 255

Nov 16, 2011

I have a wap200 with a static ipaddress e.g. (it is for management and is in vlan 1). Firmware of the wap is No gw and no dns. (they are not necessary) I export the config . I have a second wap200 and import the config.bin to the new wap. ThenI like to change the static address and the name of the new wap, but - and this is the problem - it asks me to fill out the dns (the address for primary dns cannot be 0 and 255), but I absolutely don't want that because there is no dns or gw (management only). And if I fill it out I cannot go the the internet with the wap.

So I also have some other wap200 where I could import the config.bin and change the static ip without giving a dns (firmware can I go back to a previous firmware (Europe) and where can I find it. Looked for it, but seeing only the last one etsi.Or is there another method to skip the dns with a static ipaddress?

View 3 Replies View Related

Cisco :: Wlc 4402 4.2.61 Unable To Add Mac Entry To Database

Apr 30, 2012

When I try to add new MAC entrys to the WLC I get the following message unable to add mac entry to database, reached  max size the problem is when I look at the stats there is only 386 MAC entry and the databse size was set to 1024 entry..The work around was  to increase the size of the database  to 2048.Is there any why to clean up the database?

View 2 Replies View Related

Cisco VPN :: ASA5540 - Windows Client Cannot Add ARP Entry

Sep 13, 2011

In my environment, VPN users are connecting to corparate network via ASA 5540 and using  3.5.1, 4.8, 5.0 (32 bit) and 5.0(64 bit) VPN clients.After they have built VPN connection, they use program that generates traffic to a bradcast address (x.x.x.255) inside corparate network.

There is no problem with users who are using 3.5.1 and 5.0(64 bit), but 4.8 and 5.0 (32 bit) vpn clients can not add ARP entry to Windows machines ARP table. If i add ARP entry for x.x.x.255 on VPN interface, they can work.

View 1 Replies View Related

Cisco LAN :: 2651XM - Clear Entry From Configuration

Oct 2, 2012

cisco 2651XM router
IOS:  c2600-adventerprisek9-mz.124-15.T8.bin
if I do #sh arp in the terminal with this router I see a rogue entry thus:
Internet             0   Incomplete      ARPA

My whole LAN operates on 172.16.x.x/16, there are no 192.168.x.x devices connected. In the past I've had 192.x.x.x devices running but for a long time and the router has been restarted since then. I've tried several clear commands in the terminal but this entry is stuck there and I've also seen it in a wireshark scroll on a pc when monitoring the routers' adsl traffic - it shows up an an SNMP entry and I do use SNMP on my router, but that data goes to a 172.16.x.x. machine. How can I clean this entry out?

View 8 Replies View Related

Cisco Firewall :: Duplicate ARP Entry With ASA 5510

Jul 17, 2012

I am having peculiar issue in my setup. I recently replaced my ASA 5505 (8.2.1) with ASA 5510 (8.4.3). Everything works fine for a while suddenly I see some of the servers will not be reachable from the LAN all the servers gateway is my switch. If I check on my Dell switch the particular server's arp entry on the connected port  is same as ASA physicall MAC. If im reverting to 5505 ASA everything goes smooth without any issue.

View 6 Replies View Related

Static IP Address Entry Will Not Save?

Feb 24, 2011

Everytime I start one of my two Windows machines, I need to go to the control panel network adapter and enter the static IP address in the IPV4 properties. It is always blank after a shutdown.I have two machines that are networked for flight simming.One of the machines must have a static IP so I configured both static. Not sure if this has anything to do with my problem.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 / Use The Ethernet Ports As Pure Physical Layer 3 Ports

Jun 9, 2013

We have an ASA 5505. 5505 comes with two default vlans 1&2 with each of them marked as inside & outside respectively.My query is , if i do not want to use vlans on 5505 and only want to use the Ethernet ports as pure physical layer 3 ports, is it possible?i.e. i want to assign a layer 3 ip address on eth0/0 and eth0/1 and make them as the inside & outside interfaces rather than vlans. is it possible to do away with vlans in 5505 & will it work otherwise?

View 3 Replies View Related

Cisco :: ASA 5510 - AnyConnect Invalid Host Entry

May 3, 2012

I have a 5510 using AnyConnect VPN clients. I have a DNS name for my router to accept connections ie can ping the address by hostname from the clients machine ok but when the AnyConnect client opens it has my hostname ie ( but says "invalid host entry" I have to type in my IP address for it to connect.I have the hostname in my AnyConnectProfiles.xml.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 Ignoring Configured Acl Entry?

Dec 16, 2011

I'm configuring up aa ASA-5510, and I have several interfaces, some of which include:
interface Ethernet0/0.200
vlan 200
security-level 90
ip address

This definitely confuses me, because SITECORP has an inbound access-list of permit ip any any.

View 5 Replies View Related

Cisco Switches :: Manual Multicast ARP Entry For SG300

Jan 22, 2012

We're replacing our older catalyst switches with new SG300 family switches and have a Microsoft NLB cluster for some services that run in multicast balancer mode.
We currently do L3 routing to the network with the cluster and have the following IOS configuration line in the specific switch to let users on other subnets to access the services.
arp 03bf.0a14.01e2 ARPA
How do we replicate this using the SG300 series in L3 mode? Whenever I try to add a manual ARP entry I get an error message that says that the MAC address is not a valid unicast address?

View 4 Replies View Related

Cisco VPN :: ASA 9.1 WebVPN - URL Entry Default Protocol Selection?

Feb 19, 2013

through asa webvpn we need to provide our user remote destkop access; we would not use static rdp:// bookmarks for this accomplishmet as this would grow too much management effort with bookmarks updating.  Our strategy would be to give users the "url entry" bar where they can input the resource name (example: "pc-flavio.mydomain") so the management effort is outplaced to the guys who manage the dns server. This stated, we noticed that most end-users would get in troubles because of the default-ing "url-protocol" is http://, so they don't change it to the correct rdp:// from the drop-down list and don't have the java-rdp applet started.  There is a chance to admin the default protocol for URL Entry Functions?  Our setup is asa 5510 ver 9.1, act/stb failover. 

View 2 Replies View Related

Cisco Firewall :: Internal DNS Server Entry ASA-5505

Jan 12, 2011

I have a client in a workgroup environment. They are a small company with perhaps twenty systems. Their infrastructure consists of a Dell Switch, a Cisco ASA-5505 which hands out the DHCP and a router. And that's that.They have been using an external IP as their DNS Server to get out to the Web. However, they now want to add an internal Linux-based DNS server.In looking through the ASA-5505 today I noticed a field for DNS enteries. Is this where the IP for this new internal DNS Server (in the secondary DNS field) would go?If so, would it be necessary to reboot the ASA-5505 for this change to take effect?

View 12 Replies View Related

Copyrights 2005-15, All rights reserved