I've replaced my dead ASA5505 with a 861-K9.Our ISP provides a subnet of public address /29 (wan side) by example: 200.200.200.xxx /29,we have 3 servers (lan side) in the example 10.1.1.xxx /24 is the same case than Johnatan, the only difference are the public addresses. [URL], everything is ok when NAT via the FE4 public address, but when do the same with other public IPs doesn't work.
View 7 Repliesi`m facing a problem configuring the mentioned access point to act as stand alone access point with multiple SSID assigned to differnet VLANs the problem is that
1) i`m not able to broadcast the both SSIDs in the same time from the Access point
2) i need to make the radius server to manage the SSID access for the wireless clients (trying to find a way in which the aceess point sends a log for the radius server containing the VLAN id /IP address of the the SSID) you may find the below info about the IOS ver. & the configuration?
i`m running IOS /c1100-k9w7-mx.123-8.JEE/c1100-k9w7-mx.123-8.JEE?
We will acquire a DSL connection with 5 static public address. How can I use the 5 static public address using a linksys router. Is it depends with linksys router model?
View 2 Replies View RelatedSetup:
LAN (192.168.1.X, with .3 as gateway)
DMZ (192.168.2.X with .1 as gateway)
WAN (X.X.X.146 as primary public IP, .145 as gateway and .147-150 as additional public IPs)
I want to set it up so that X.146 is where all my outbound traffic appears to originate.I want tcp HTTPS and SMTP to be allowed from the WAN (via the X.147 IP) to a specific server (192.168.1.11) on the LAN.Also, HTTP traffic to X.148, X.149 and X.150 should go to DMZ and 192.168.2.8, 192.168.2.15 and 192.168.2.18 respectively, but I haven't added that to my config yet. Looking to get the HTTPS and SMTP ones working first, then I'll fix the others (one step at a time)I've got contact with the outside world when I've configured it using the ASDMs "Public Server" interface, but it refuses to properly establish the connection, I get a "SYN timeout".
My config:
: Saved
:
ASA Version 8.2(5)
!
hostname kcisco
enable password X encrypted
passwd X encrypted
names
[code]....
I've currently got my ASA (5505) serving a /28 public subnet. I've ran out of IPs, so my DC has issued me an additional /24 subnet that they have routed to my ASA. What needs to be done on my ASA so be able to use these new addresses? I've been trying to search and not been able to find a good answer (some say I shouldn't have to do anything, everything else references NATing, which I currently don't do and would rather not do).The servers I assign these to, I'd like them to have the public ip assigned directly to them.
View 5 Replies View RelatedFor a branch office we have an ASA5505 connected to the ISP with an DHCP provided public IP "locked" to the local MAC This works ok!Now - the ISP may provide up to 5 public IP's (all DHCP assigned).Is it possible to configure 2-5 public interfaces in the ASA?? As IP's are DHCP assigned there must be something (a interface) to request the address.Would this be possible, and if so - what license would be required??NAT routing on the inside should be possible as well.
View 4 Replies View RelatedI would like to configure an 877w I just bought. It's connecting to a UK ADSL2+ link.I'm a penetration tester and I want to put the Cisco router in front of my existing firewall which has an IPS on it, so that it doesn't get in the way of port scans and vulnerability scans. My ISP has issued me with 14 usable addresses a/240 subnet and basically I want to be able to use the route with just the public IP addresses. I have configured Cisco routers before, but never with this type of configuration. It's always been single public IP address NAT'd through to one or two internal LAN's.
It will be nice if I could assign the wireless and fast ethernet ports to the same VLAN using the public addresses. I don't want to use DHCP I'm quite happy statically assigning IP addresses to the computers wireless and LAN interfaces. I am reasonably certain this is possible because not sure how to do it and a little busy at the moment carrying out penetration tests.
I have ASA 5520 with Ver 8.2.Outside interface is directly connected to ISP's router(TelePacific) and is assigned one of public IP:198.24.210.226.There are two servers inside the network with the private IP's:192.168.1.20 for DB Server, and 192.168.1.91 for Web Server.I did Static NAT 198.24.210.226 to 192.168.1.20 and 198.24.210.227 to 192.168.1.91.When I access DB Server(198.24.210.226) it's working OK but when I access Web Server(198.24.210.227) there is no response at all.I checked the inside traffic, it even did not get into the firewall.Is this the problem with ISP's router? How can we route all of our public IP's to the outside interface(198.24.210.226)?
interface GigabitEthernet0/1nameif insideip address 192.168.1.1 255.255.255.0security-level 100no shutdown
interface GigabitEthernet0/0nameif outsideip address 198.24.210.226
[Code].....
I have three public IP:s from /24 network like 83.x.x.10, 83.x.x.25 and 83.x.x.41 all using netmask 255.255.255.0.
I'm using 83.x.x.10 on ASA outside interface and trying to do static nat for inside servers with those other IP:s, but not yet solved it.
Using Cisco ASA 5505 software v9.02
Config:
object network obj_guest
nat (guest,outside) dynamic interface
object network obj_any
nat (inside,outside) dynamic interface
object network w2008
host 192.168.1.10
[code]....
This works other networks that are like whole network with /29 mask and have router in front of ASA using bridge. But in my case i just have DSL modem bridged in front of ASA. This static nat works like should if i use like Zywall USG series fw and this same configuration works in my customers, but they have those scenarios i said having mask /29 and router in front...
It seems that the problem is in ASA, like i won't show those public IP:s to public router from my operator. Because if i roll those other public IP:s on my ASA:s outside interface: i will use 83.x.x.25 and 83.x.x.41 on outside interface and after that put back my original 83.x.x.10 then my static nat is working just fine, atleast few hours, but not in next morning because ISP router flushes ARP cache.
I have ASA 5520 with Version 8.2(5), the ISP give me a block of IP pubic (201.148.156.193/28), one IP valid (201.148.156.194) have the Global NAT (all users LAN) and server FTP, but i need that IP 201.148.156.195 is used for VCSe, and the IP 201.148.156.196 is used for other server FTP.
View 5 Replies View RelatedI am configuring this new router for a client. I am running into an issue that I cannot get working. They use 5 public IP addresses. Currently the wan port on the router is .66 and I have all the ports forwarded to the correct internal IPs. This works fine. However I need to forward parts from other public IPs (ex: .67) to internal IPs. So far I have been able to accomplish this via the One to One NAT feature. It allows me to forward ONE port from a public IP to a private IP. However I need to forward 3 or 4 ports per public IP to a single internal address. Does this router not support that functionality?
View 2 Replies View RelatedAttached is my updated ASA 5505 (8.4[2]) config. With this config, basically the "laptop" group works fine, but the leo and orion groups don't ever receive packets inbound. No DNS, nothing.
The laptop is windows, the other two are servers with two NICs. The interface cards are Intel Pro/1000s. I've been through everything including Vlan protocol conflicts and actually enabled the servers for 802.1(Q).
we need to implement a scalable solution where we can provide for each customer it's own public IP so that they can access some content restricted by IP range.the solution consists of a proxy software that will "listen" to multiple IP's, then reroute the HTTP requests and rewrite the URL's to a different format.Anyways, we came to the conclusion that what we need is the following:
- broadband line with a pool of 8 IP's
- a router that can support multiple IP's
- a server
what kind of router or device is required for this kind of configuration. basically the network diagram will be like this:
Internet ----> broadband -------> cable modem ------ > multiple static IP router -------> server NIC
we should be able to add the same above combination once we run out of IP's, another broadband line, another device and server ...
If there are any small business routers that offer one-to-one NAT? I have several public IP addresses assigned to me by CenturyLink. I have two servers that provide email and web hosting for two different domains. I want to put the client machines on one VLAN (VLAN Z) and assign it a public IP address (to keep server traffic separate). I want to put each server on its own VLAN (VLANs X & Y) and assign each server its own public IP address. I need the router to be able to provide a firewall and port forwarding for each VLAN. I also need to be able to route traffic between VLANs so the clients on VLAN Z can access their email and the websites on VLANs X and Y. I also need to be able to route DNS traffic between VLANs so each server can provide name resolution for their respective domains.
So, is this possible with a small business router or do I need to look at something different? I'm fairly certain this configuration is not possible with my current Cisco RVS4000. What it boils down to is I need a router that is capable of having multiple public IP addresses on the same interface and to forward those public addresses to private VLAN subnets. This would be one-to-one NAT if I understand it correctly..
The client has a Cisco RVS4000. There are 3 Internet devices need to be accessed from the outside and will use one public IP for one device. I don't see any options to setup on Cisco RVS4000 to do 3 NATs. If Cisco RVS4000 doesn't work in this situation, which router will do?
View 1 Replies View RelatedIs it possible to two or more public IP Addresses bound to a Cisco ASA 5505 running 8.4(2).
View 9 Replies View RelatedAt my company, we lease 3 static public IP addresses from 1 ISP. We want to have 3 separate networks that each use one of the IP addresses. Network 1 is the computer network, network 2 is the VOIP network, and network 3 is the security camera network. I am trying to determine the best way to do this. I have come up with 2 solutions in my head, but I'm not sure if they will work or not. I would like to get some input. Solution 1:Solution 1 looks something like this. Fiber box -> Router-> 3 switches. There would be one WAN input on the router, that would have a static route to 3 different LAN ports. For example, address 24.244.208.101 would be assigned to LAN port 1, 24.244.208.102 would be assigned to LAN port 2, and 24.244.208.103 would be assigned to LAN port 3 (by assigned, I mean have a static route to it). Is there some type of router that is capable of doing this? Solution 2:Solution 2 looks something like this. Fiber box -> Switch -> 3 Routers. The ethernet cable would run from the Fiber Box to a switch, and then 3 routers would be plugged into the switch. Each router would have the Static information configured in them. Would both of these methods work? If so, which would be the best way to go?
View 2 Replies View RelatedMy ISP assigns IP's through a standard motorola cable modem via DHCP server. I can pay extra for a persistent IP which uses the MAC of my switch and assigns an IP. Is there a way to get multiple public IP address's from the modem using a switch?For example. Can I plug the modem into the switch and then plug a computer server into the switch and get an IP assigned to that servers MAC address and then also have another server attached to another port on the switch and get a different public IP for that servers MAC address?
View 7 Replies View RelatedI have a i-ball 150M wireless-N ADSL2+ Router device in that , in the NAT tab, i have activated DMZ at my static ip with a private address 192.168.1.224 , so that that ip enabled device can be access to anywhere in public network.I want that using this single static ip , How to configure two private address devices in DMZ, so that both of ip enabled devices can be access in public network.
View 3 Replies View RelatedIs it possible to have multiple public IP addresses that are from different subnets going through one router? I have been told that this is not possible with most routers and that I would have to spend a lot of money on a router to be able to do it. I am still not totally clear on what defines a subnet even after reading up on them. What I am trying to achieve:
-My office has 10 computers.
-All would be connected to one router.
-My internet service provider has provided me with 10 public IP addresses, that are all very varied (which I asked for)
I have a customer that has an RSV4000 Router. The customer has also purchased a block of 5 usable public IP addresses. I need to be able to assign these public IP addresses to printers either by configuring a static IP on each printer directly or thru IP mapping or some other method. Does the RSV4000 support using multiple public IP addresses and if so what configuration is needed in the router for the printers to be seen by the outside world.
View 2 Replies View RelatedI'm currently replacing my ASA 5505 with a 5510. I have a range of public IP addresses, one has been assigned to the outside interface by the setup wizard (e.g. 123.123.123.124 ) and another I would like to NAT to an internal server (e.g 192.168.0.3 > 123.123.123.125). On my asa 5505 this seemed fairly straigh forward, i.e. create an incoming access rule that allowed SMTP to 123.123.123.125 and then create a static nat to translate 192.168.0.3 to 123.123.123.125. Since I've tried to do the same on the 5510 traffic is not passing through so I'm assuming that the use of additional public IP addresses is not handled in the same way as the 5505? I also see that by default on the 5505, 2 VLANs are created, one for the inside and one for the outside, where as this is not the case on the 5510. Is the problem that VLANs or sub-interfaces need to be created first? I'm doing the config via ASDM.
Everything else seems to OK i.e. access to ASDM via 123.123.123.124, outbound PAT and the site-to-site VPN.
I am trying to configure a Cisco 871 router.There are 3 servers on my network that need static public IPs but also still need to communicate on the local network.I have given my WAN interface the first IP in the block and set up PAT for the rest of the computers on the network with that IP which is working fine. Next I set up static NAT rules for the servers translating 3 of the remaining public IPs to the internal addresses of the servers.I can access those servers internally using the public IPs but not from outside the network. A traceroute from outside the network gets dropped when it gets to my ISP.I've never configured more than one static ip for a network before and i know i've just missed a step here. Do I also need to use static routes? Will that update the next hop's routing table? Do I need to make an ACL to permit any host to the servers? If so, do I use the internal or external address? [code]
View 2 Replies View RelatedI'm stuck at asa 5505 nat, port forwarding configuration Here is what i need:
host1: 192.168.1.1 service tcp/100 >>>>> public ip 1.1.1.1 service tcp/100
host2: 192.168.1.2 service tcp/200 >>>>> public ip 1.1.1.1 service tcp/200
host3: 192.168.1.3 service tcp/300 >>>>> public ip 1.1.1.1 service tcp/300
So people from remote just need to use 1.1.1.1 public ip to access all the ports on three different inside server.I can do this on my old ASA 5505 with 8.0(4). Looks like there're lots of change from 8.0 to 8.4.
I have a Netgear ProSafe VPN Firewall FVX538. But I also have 10 Public IP Addresses that I will like to setup for three web services. So how do I set this up. With multiple routers. Or can my Netgear FVX538 take multiple Public IP Addresses to the same ports. If not how can setup multiple routers. one being the main one.
View 1 Replies View RelatedI am in the process of configuring two vpn tunnels on one interface of cisco router series 1721. Any link or document with more information?
View 5 Replies View RelatedCurrently on ACS 5.2 and our MS Active Directory is migrating to a completely new domain. There will be a two way trust between them for the 24 month migration period. How best to configure ACS connect to both domains?
View 2 Replies View RelatedI want to set up a WiFi internet connection for a campus. I plan to use 4 routers. the first one is directly connected to the internet. I want to share internet access wirelessly with the other routers. Each of the routers should be a hotspot for each of the four blocks in the campus.
View 1 Replies View RelatedI'm trying to troubleshoot a wireless network at an Inn which is shared among three buildings. The internet at the main building works fine.
However there is a WDS set up for the other two houses that are part of the property. The network is a bit of a mess IMO. The main problem is that routers on the end of the WDS chain work for awhile after booting, but frequently stop issuing IPs. When a device tries to connect it says unable to configure IP or something like that. Rebooting the router always fixes the problem.
My networking knowledge is very limited but I think some settings must be incorrect. I will try to described the setup here..
All of the following routers are WRT54G's with DDWRT
Main router: 192.168.1.1 [different SSID that WDS], all routers forward DHCP to this router
WDS router 192.168.1.3 at main building is connected to an cantenna that shoots the signal over to 1st house. Gateway & Local DNS set to 192.168.1.1
WDS router 192.168.1.4 at that house is the main AP for that house and gets its signal from 1.3's cantenna. Gateway & Local DNS set to 192.168.1.3
WDS router 192.168.1.5 under the deck at the 1st house picks up that signal from 1.4 and uses a cantenna to send it to the 2nd house. Gateway & Local DNS set to 192.168.1.4
WDS router 192.167.1.6 under the deck of the 2nd house gets the signal from 1.5's cantenna. Gateway & Local DNS set to 192.168.1.5
The IP configuration problems happen at the 2nd house with 192.168.1.6. I believe 1.5 also has IP configuration problems but that router is not used other than to transmit to 1.6. Again rebooting the router fixes the issues temporarily. It works for a couple days up to a couple weeks before the IP problems start.
Mac addresses for the WDS are set of course. I have been trying to experiment with settings for awhile, but do not really know what I am doing. I am not the one who set this up.
Also under the Advanced Routing tab,here are the Static Routing settings:
192.168.1.3: Destination LAN NET: 192.168.1.0, Gateway: 192.168.1.1
192.168.1.4: Destination LAN NET: 192.168.1.3, Gateway: 192.168.1.1
192.168.1.5: Destination LAN NET: 192.168.1.4, Gateway: 192.168.1.3
192.168.1.6: Destination LAN NET: 192.168.1.5, Gateway: 192.168.1.4
Update: looks like STP should be enabled for WDS? Going to try enabling that I guess.
I would like to configure a 3750 switch port to be able to use two vlans. I know you can do this with a voice and data vlan, but what about two data vlans ? Say I have two devices, one on a 10 subnet and the other on a 172 subnet, but i only have one wall jack for both devices to plug into. So I use a mini switch to connect both devices and connect the switch to the wall jack; and of course this all leads back to one switch port. When I go to enter the switchport access vlan 172 cmd, how would I also make it so the device on the 10 subnet could route out ?
View 9 Replies View Relatedhome router is a wrt160n v3 With my iPad I set up the built in IPSec VPN to my office's cisco gateway. I successfully get the VPN logo. With an RDP app, i can access my work network from multiple public locations from my iPad. At home, on my laptop, I start the cisco client then use the windows rdp, presto i'm in my work network. At home on my iPad I can activate the VPN, but I can not connect with rdp. I spoke with linksys support tonight they had me add port 3389 to port range triggering and disable the firewall on the home router. This didn't solve the problem. To recap: 1) I can connect to my work network with rdp from multiple public locations, but not at home with the iPad 2) I can connect to my work network at home with my laptop with the cisco client ant the windows rdp
View 6 Replies View RelatedI have an ACS 5.3 cluster, that is configured to use AD. There are a few wireless devices, and monitoring tools that do not have AD accounts. I would like to configure ACS to first check AD for the user authentication, and if that fails to roll over to the local (Internal Users) identity source where I can define these user accounts.
It seems that when the authentication hits the initial Identity Policy rule, it never moves onto the next one if the first fails.
Attached are screen shots that show how i'm configured for the test, i have a local user defined and I'm trying to log into the firewalls.
- Identity Definition : Screen shot of the main ACS definition for the rule i'm testing that's not working
- Identity Rule 1 : The configuration of rule 1 that if it fails i need it to move onto rule 2.
- Log Output : Screen shot for one of the failed attempts from the ACS View Log server.
Reason I need to configure it this way is:
- Wireless users authenticate to wireless using AD user accounts. Some hand held scanners do not support that and will need to authenticate using the MAC address.
- Authentication to Network devices for managment uses AD accounts. We have some monitoring tools that do not have AD accounts, and will need to be able to log into Network devices to issue some commands (Examples: Cisco Prime LMS and NCS, Infoblox NetMRI).
One of our vendors requires using a public ip address to setup a site-to-site IPSEC vpn. We only have one public ip address and that will be used for the vpn endpoint and for internet access for the local network. I've setup policy NAT from our local network to the outside interface. I'm also using the outside ip address for the crypto map. The tunnel setups successfully and the Tx count increases anytime I try to ping the remote network, but the ping fails and the Rx count does not increase. According to our vendor, we should be able to ping the remote network and connect using port 443. When trying to connect using port 443, I see a SYN timeout in the logs. I'm not sure if the problem is on their end and they're rejecting our traffic, or if something is misconfigured on our end. I'd like to make sure that I have everything configured correctly before I go and point fingers at them.
Local Network - 10.10.9.0/24
Remote Network - 20.20.41.0/24
Remote Peer - 20.20.60.193
.ASA Version 8.2(5)
!
hostname ciscoasa
[code]....