Cisco WAN :: Can Separate Or Pass Through External IP Through 1841
Dec 28, 2011
Our bank is required to do disaster recovery testing. We are doing this offsite at one of our director's businesses. His setup is as follows: His ISP is Time Warner which provided him with a wall unit and a switch He has a Cisco 1841 router out from the Time Warner switch and then down to his internal network, so TW wall unit --> TW switch --> Cisco 1841 --> internal network.The IPs provided to them from TW are 74.219.xxx.1-254 We are trying to use the external address of 74.219.xxx.222, which his business is not currently using internally The Cisco 1841 router holds and NATs all of these addresses currently. We have a Cisco 800 series that is a dedicated router that needs an unused external static IP setup separate from their network. We were trying to plug into their Cisco 1841 and give the 800 series an internal address of 192.168.xxx.222. This will not work for our bank's core processing data center. It has to be out of the TW switch and have an address of the 74.219.xxx.222.
We tried plugging into the TW switch and making the 800 series router parallel to the 1841 router. Communication is not functioning when set up this way. This was tried on a laptop before using the 800 series router. Is there a way to pass through the 74.219.xxx.222 address internally through the Cisco 1841 so we can connect the 800 series directly to this address and the 1841 doesn't use or NAT it in any way?
We had contacted TW support and they made it sound like we would have to block out some addresses and resubnet our director's network. This probably will not be an option. Basically we need to pass the 74.219.xxx.222 addresses internally and have the Cisco 1841 pretend not to see it at all.So we would like to have 74.219.xxx.1-254 into the TW wall unit --> TW switch --> Cisco 1841 --> all 74. addresses resolved to 192.168.xxx.1-254 to internal EXCEPT 74.219.xxx.222 which would pass through to the Cisco 800 series router.
View 2 Replies
ADVERTISEMENT
Nov 6, 2012
due to upcoming changes to our network I'd like to be able to pass vlans across the FE ports of a Cisco 1841 router.1 port would go to a managed switch and then to local devices on different VLANs.the 2nd port would go upstream to a Cisco 3825 at a different location which would then connect to the internet.due to monitoring behind the Cisco3825 we would like all NAT to occur on the 3825.
what I would like to happen is this example device connected to port 7 on managed switch gets an IP (10.0.7.10) from the Cisco 1841 in VLAN 7 (10.0.7.0/24).traffic from that device goes to the switch, then in f0/1 on the 1841 and out f0/0 still with the same IP info, no NAT occuring.traffic is received on the 3825 port 0/1 and then NAT occurs and out port 0/0 to the internet.
View 4 Replies
View Related
Jan 20, 2011
I have got a 1TB external HDD...I want to use this to backup my data (dokuments , pics , video) that are on 2 desktops and one laptop---
AS I understand the terminology a I won't have enough room to do image backups (these back up all info incl OS ??) as on pc is usingb 677 gb and the other 400 gb ---- and anyway I can re-install windows if anything goes wrong...
SO---am I able to do this-
1. connect the ext- HDD to PC running win 7 64 bit....create a folder called "win 7 64 bit" and then drag and drop filesand folders into that folder(or use windows backup..which i am unfamilar with)
2. then connect to PC running Vista 64 bit ..create a f�lder called "Vista 64 bit" and do as above....
3. Do the same for the laptop running win 7 32 bit
Am I right in assumming that because it's just data I can put info from different OS on to it without and conflicts when connecting it to different Pc's?
View 7 Replies
View Related
Feb 14, 2013
I have a question about external antennas on an access point. I have to plan a wireles solution, that also includes coverage in the industrial freezers. The freezers are one part of the sotck rooms, so the general coverage will be done with 1602I access points.
Since there are quite a lot of freezers in one location, installing separate AP in every freezer will be very expensive. I wondered if there is a possibility to put one 1602 access point with external antennas outside the freezer and then extend the antennas with 2m cables inside different freezers (1602E has three external antennas, so one antenna to each freezer).
Would this installation even work?
The freezers are quite small rooms maybe 2-3m2 sow the coverage is not a problem. But does this installation support multiple clients per AP in different freezers doing stocktaking with handheld terminals?
View 4 Replies
View Related
Oct 18, 2012
Due to special circumstances we have 2 ISP links on an ASA5510. I am trying to terminate some L2L VPN tunnels on one link and others on the second ISP Link, eg below:
LOCAL FIREWALL
crypto map outside-map_isp1 20 match address VPN_ACL_Acrypto map outside-map_isp1 20 set peer 1.1.1.1crypto map outside-map_isp1 20 set transform-set TS-Generic
crypto map outside-map_isp2 30 match address VPN_ACL_Bcrypto map outside-map_isp2 30 set peer 3.3.3.3crypto map outside-map_isp2 30 set transform-set TS-Generic
crypto map outside-map-isp1 interface ISP_1crypto map outside-map-isp2 interface ISP_2
crypto isakmp enable ISP_1crypto isakmp enable ISP_2
route ISP_1 0.0.0.0 0.0.0.0 1.1.1.254route ISP_2 3.3.3.3 255.255.255.255 2.2.2.254
Establising the VPN tunnels in either direction when using ISP_1 works fine establishing in either direction from remote access users and multiple L2L tunnels (only showing one for example).
On ISP_2
1. Peer 3.3.3.3 device establishes a VPN tunnel, but the return traffic does NOT get back to devices on 3.3.3.3 tunnel.
2. The local firewall does NOT establish a VPN tunnel going to 3.3.3.3
It would seem to indicate that the problems lies with this multihomed firewall not directing the traffic correctly to either return down and establised VPN tunnel (point1) or to intiate a tunnel if none exists (point 2).
Reconfiguring the VPN tunnel peer for 3.3.3.3 to be on ISP_1 of the local firewall, all springs into life! There are sufficient license etc...
View 4 Replies
View Related
Feb 2, 2011
I am exploring the possibility of having Cisco 1841's (or higher) at multiple sites. Each router will support 2 x ADSL connections (HWIC-1ADSL cards). My plan is to set up a DMVPN Full Mesh Tunnel on the first ADSL interface on each router and have RIP route these subnets, this will be for my Voice traffic only.
Further more I would like to set up a second IPSEC VPN tunnel between the head site and all other sites (the sites do not require direct communication for data purposes). This will route via static/weighted routes.
Any similar set up or sample configurations?
whether or not you can also run parallel DMVPN full mesh tunnels on a Cisco 1841 as this would be the other option.
the only restrictions are that the ADSL links cannot be upgraded to SHDSL etc.
View 3 Replies
View Related
May 21, 2012
I am using a 6500 with FWSM. I need to separate an internal server/HQ network from 3 or 4 different external connections. The external networks do not necessarily need to be isolated from each other.I have the option of using a 3 layer model: L2 Access layer to SVIs on the Distribution layer and then L3 to the 6500.L2 Access, connecting directly to the 6500s, with the SVIs on the FWSM.Is it better to have the FWSM outside the MSFC or Inside? Am i correct in thinking that "inside" vs "outside" is determined by whether the SVI's are configured on the FWSM or the MSFC? is there any performance impact from having the FWSM doing the routing instead of the MSFC.If the vlans are all configured on the FWSM, what is the 6500 doing, other than providing switch ports?
View 1 Replies
View Related
Mar 12, 2012
my configuration of Cisco 1841.
I was able to configure the cisco to accept VPN connections from clients. But when i am connected i can not access the VPN LAN. My cisco VPN client shows all the time Packet Decrypted: 0 when connected. I tried the split tunneling configuration based on the example on cisco.com for split tunneling.
I include config for better understanding. The outside interface is fa0/1 with ip 10.0.0.2 w LAN 10.0.0.0 Inside interface fa0/0 with ip 192.168.10.9 w LAN is 192.168.10.0
IP for VPN clients 192.168.20.100 - 105
View 5 Replies
View Related
Jan 16, 2013
My fiance recently signed up for the Screen-wise Panel for Google research. Basically they monitor your TV usage and your internet usage. As part of the program they installed a Cisco WIFI router. I've got no issue with them logging the sites visited etc but I'm a little worried about them possible collecting private information (banking / work related stuff) that I don't want going out there. According to what I've read what's supposed to happen is they replace your router with the new Cisco router.The "technician" who came in and installed the router was actually a builder and not an IT technician and rather than replace our router he connected the Cisco router into port 4 of our router... I wasn't in at the time.
What I was looking to do is separate Port 4 of my router into a separate VLAN that can access the internet, but not access anything on ports 1-3, or the wireless. However, I want to be able to see everything on port 4 from the other side (in other words I want to see "into" the port 4 VLAN, but don't want them to see out). I also wanted DHCP to assign IP addresses correctly depending on where you were plugged in. In this example the first VLAN (your current router ip address) is going to be on 192.168.1.1, and the second VLAN (the new on we create on port 4) is going to be on 192.168.2.1.This is exactly what I'm looking to do, I could then connect the kids machines / tablets / ipods to the Cisco router and have the main machine and my work laptop on the main router... but I don't have a clue how to do it. </quote> Is this something that I am able to do with the Netgear router I own and is it hard to set up?
View 1 Replies
View Related
Feb 26, 2012
I need to order a CISCO881, only CISCO881-K9 is available.I checked everywhere, still not sure if it is enough for me. We used to buy Sec-K9.I've got an adsl modem in bridgemode in the front. As only 1 IP provided by ISP, I need 881 to be able to pass on the PPP authentication.I also need the router to have vpn server function.Could CISCO881-K9 do this or not?
View 1 Replies
View Related
Apr 29, 2011
A former coworker of mine setup VPN capabilities to our office network shortly before he left. It is no longer working. We can connect to VPN but I'm not able to ping any devices on the remote network or Remote Desktop to any of the server. After 30 minutes, the VPN connection drops. I have attached our ASA 5505 config to assist in troubleshooting.
View 3 Replies
View Related
Jun 13, 2013
Is it possible to pass 802.3 packets over a L2TP?If so, how would the tunnel differ from a normal L2TP?
View 1 Replies
View Related
Jul 9, 2011
I can telnet to the router and ping places on the inside and outside. However when I connect a laptop to the inside interface I can ping to the outside for a bit but can't open a web page and then connectivity is gone all together. At first I thought it was a NAT issue but I know I am good on that front. I have attempted to change the speeds and duplex settings on the outside interface but it does not seem to work. Again if I take the cable from the outside interface and plug it into a laptop it works fine. The thing that makes me wonder is why can I connect to the outside interface and configure it just fine?
View 4 Replies
View Related
Jul 24, 2011
how do I pass from domain server , my network in our compant have ISA server and they close some website like face book , how can I pass over ISA server and use my websites?
View 3 Replies
View Related
Dec 8, 2011
I just bought a DIR-601. It comes with an installation process on CD.The process fails at the point where I make the connection from my DSL modem to the DIR-601. The installation program reports that there is no internet connection. (Note that to get this far in the installation process the installation program has already tested for a valid internet connection before the DIR-601 is inserted into the chain)Although the LED on the front of the DIR-601 indicates it is getting an internet connection from the DSL modem, it does not pass it on to my PC (already connected to the DIR-601). My PC reports "no internet access".
View 8 Replies
View Related
Apr 17, 2011
For the moment we run a Nortel VPN server at work and I have on my laptop the Nortel VPN client. While I could connect through when I had my Linksys E2000 connected up now I can't after I replaced it with the 5505. (running 8.4(1).) what I should do on my 5505 so I can allow the nortel client to connect out?
View 6 Replies
View Related
Jan 25, 2013
I used the GUI configuration tool for this ASA 5505. When I install it no traffic passes. I am wondering to verify my config. I have masked the usernames for VPN with xxxxxx and yyyyyy. [code]
View 6 Replies
View Related
Mar 1, 2011
I have a trouble with Cisco ASA 5510. I configured an SSL VPN with bookmarks to some application. When the users make access to the Web Portal they have to login twice: one for enter in the SSL and one for enter in the application.
How to bypass double authentication?
View 1 Replies
View Related
Jan 7, 2011
A PC connected to a Cisco 877 router and 877 router is connected to another router (7301) via GRE tunnel,Cisco 7301 router is a NAS server and is being used as a PPPOE server.If user create a PPPOE connection on his computer and dial with a username/pass we want to send the PPPOE traffic to 7301 router, so 877 router should pass the PPPOE traffic to 7301 and user will be able to connect,User -> 877 -> 7301(PPPOE server).
View 4 Replies
View Related
Sep 18, 2011
My WRVS4400N is not letting my VPN client through the router. I have checked the passthrough boxes for all 3 protocols. I have port range forwarding for my VPN connections to my SBS2008 box on port 1723.
View 5 Replies
View Related
Nov 15, 2011
I am trying to setup my very first ASA5505 and I cannot get it to pass traffic from the inside to the outside. I am not using NAT/PAT. Here is what I have done so far.
ASA5505(config)# interface Vlan 1ASA5505(config-if)# nameif insideASA5505(config-if)# security-level 100ASA5505(config-if)# ip address 33.46.132.34 255.255.255.248ASA5505(config-if)# no shut
[Code]....
Then from the asdm I permited everything from inside to go out but I cannot get any traffic through. I can ping the outside if I source the outside interface but not if I source the inside. The logs would not show me anything.
I did a packet tracer and it indicates the implicit deny rule at the end of the access-list is stopping my traffic eventhough I have allow rules above it?
I also checked the box in the asdm to allow traffic to pass without NAT
View 5 Replies
View Related
Apr 1, 2013
I have not been having much success configuring my 5505 for Internet access, and I'm sure there are a few small things I'm missing. At times I believe I got it to the point where I could ping, but still not pass through the Internet traffic. At this point, I reset the 5505 and only changed a couple of settings. I have an external range with these characteristics: Network Address 67.139.113.16 (.17 is Gateway), SM: 255.255.255.248, available IP: 67.139.113.218 The external connection is through a T1 modem, and when I put those settings in my laptop, I can access just fine. When I went through the startup wizard in the ADSM, I maded the internal interface 10.209.0.3, subnet mask: 255.255.255.0 I selected PAT in the Wizard, but don't know if I should have, or if the NAT rules I tried to put in are fine. Eventually I want to add a Site to Site VPN to the rest of the 10.0.0.0 network, but I can't even pass the Internet through to the inside. Also, this will eventually be behind another hosted firewall, so I'm not worried about restricting access, even currently. However, I suspect the problem is that traffic is being blocked with the NAT rules or Access rules.I wish I could just disable those inherent deny rules Outside of pings to 10.209.0.3, all pings come back as request timed out.
Config:
: Saved
:
ASA Version 8.2(5)
!
[Code].....
View 16 Replies
View Related
Nov 15, 2011
We're trying to get a remote access setup for someone who needs to have access from offsite. To make things easy we set it up with a virtual machine running Windows 7 and RDP. Because the "other end" isn't our computer and we've had some difficulties with people using the Cisco VPN client successfully, we were just going to set up a machine as a RDP Gateway and forward the port through the firewall (WebVPN might be nice, but the plugins only do RDP through v5.x). I've tried this on 8.4-1 and after reinstalling the latest 8.2, and supposedly the NAT works and there is a firewall rule allowing access from the outside to the RD-GW server on HTTPS, but the ASA is still blocking those packets. I've looked at 4 howtos and followed them, trying from the console and from ADSM (and one trashed the whole setup, probably related to the reinstall of 8.2) - [code]
View 4 Replies
View Related
May 6, 2008
i read cisco document:[URL] pptp client is in inside,pptp server is in outside.when i donot use firewall, the pptp connection can establish successfully.but use pix 525 7.0(7) i config:
inspect pptp.
pptp connection cannot setup.
show connection in pix:
pptp tcp 1723 is ok.
gre connection only one "E" flag, E means 'outside back connection'.i try second method:delete 'inspect pptp',permit tcp 1723 and gre traffic from outside to inside, and i have config static nat,but the pptp connection cannot work too.so i think there is a pptp bug exist in pix 7.0(7).
View 5 Replies
View Related
Jul 19, 2011
I'm trying to configure Tacacs on Cisco ASR1001, and the Tacacs server is Cisco ACS v3.3, the ACS won't pass the authentication, complaining bad request from NAS, key mismatch - which I compared millions of times on both ASR and ACS sides. [code]
View 2 Replies
View Related
Jan 26, 2012
I have a pptp server on my network and am trying to configure my new RV110W so that I can tunnel through to it from outside.
I believe I must do port forwarding for TCP on port 1723 to get those packets going to my PPTP server. PPTP also uses GRE and I don't see that as an option anyware in port forwarding... Does that just work... as a matter of the VPN pass through checkbox being enabled ?
My netgear router would lock up every few days but it under the firewall configuration it had list of services that included PPTP and I just selected that, entered the IP addresses on the outside that I would accept, and the IP address on the inside that the PPTP clients would connect to, and it worked....
I'm thinking it is harder on this device because this device supports actually logging into it.. I am interested in learning more about that technique especially if it is more secure but the way I see it the firewall device can see all of my network and the pptp server I am using is on a file server and limited to those files shared on that server.
View 3 Replies
View Related
Feb 2, 2012
the by-pass mechanism used to isolate the fault if any link fail.
View 3 Replies
View Related
Jul 24, 2011
How to do the above thing.
View 3 Replies
View Related
Feb 14, 2011
i cant find my wap pass phrase for my network
View 2 Replies
View Related
May 22, 2012
I can not remember my wireless pass phrase to get into my wireless network on Windows 7. How do I do this?
View 3 Replies
View Related
Dec 21, 2010
I would like to passthrough ICMP 8 (ping) requests through the DIR-655 to my server. I found where to allow the router to respond to ICMP 8 requests, however, I do not want the router to responder, rather the server itself. Is there a way to pass these requests through to the server?
View 3 Replies
View Related
May 2, 2011
I setup the ikev1 client and can connect but I can't pass traffic either way. I have tried icmp, port 80, smb etc... here is my config: ........
View 9 Replies
View Related
Aug 11, 2011
I am trying to use a ASA 5510 with AnyConnect as an in-line SSL VPN device. I have a separate firewall that NAT's 443 to the inside IP of the ASA, which is the only configured interface on the ASA. I can connect to the ASA from the WAN just fine and the AnyConnect client connects just fine, I get an IP lease across the VPN on my LAN, all looks well. The problem is that I cannot pass any traffic. The only device on my LAN that I can ping is the ASA, nothing else including the default gateway is accessibe. I have setup a static route on the ASA pointing 0.0.0.0 0.0.0.0 to the LAN gateway, but no dice.
View 1 Replies
View Related
