Cisco WAN :: Incoming NAT To VLAN On 1941?
Jan 26, 2012
On our Cisco 1941, we have 2 gigabit ethernet ports and a 4 port fast ethernet switch EHWIC card configured as follows:
GigabitEthernet0/0 131.x.x.81 255.255.255.248 - internal
GigabitEthernet0/1 131.y.y.234 255.255.255.252 - WAN
Vlan2 192.168.0.249 255.255.255.0 - LAN2, NAT inside
[Code]....
I have tested using some UDP packet sending/receiving software (which works through another router), and the packets just aren't getting through. Likewise trying to telnet into the external IP on port 80 doesn't get through to the destination server.
It feels like the route doesn't exist between the Vlan 100 and Vlan 2 when it's coming in, or maybe there's an ACL needed for the incoming traffic?
View 4 Replies
ADVERTISEMENT
Apr 11, 2012
We have a switch gc2960. It has ports configured on vlan 27 and vlan 29.It is connected to switch ch3550. It has presence of vlan 27 vlan 29 and also vlan 18 and several other vlans.Our internet firewall is connected to ch3550. It is a fortinet product, so this is not indicated on the diagram.
When the two switches were connected on vlan 29 access ports, pc's on vlan 29 on gc2960 worked as expected. vlan 27 clients of course did not work.When we switched the connecting ports to trunk ports, some weird stuff happened. Clients on gc2960 on vlan 29 could ping and resolve dns, but not browse the intenet. The same was true for clients on gc2960 vlan 27. We verified that packets from the web were coming in through the firewall. What we were thinking, is that they somehow were not being tagged to vlan 29 even though we were trunking.
When we set native vlan 29 on the trunk, then clients on gc2960 vlan 29 operated as expected. However, clients on gc2960 vlan 27 are still having this problem, we can ping and resolve dns but not browse.Consider the other switch ch2960-jstreet which has presence of vlan 18 and vlan 27. It is also connected on trunk to ch3550. We are not using native vlan on this trunk, and traffic works as expected.Is the lack of presence of vlan 18 a factor as to why gc2960 is not receiving the tagged packets correctly? Should the interface vlan18 on gc2960 have an ip address on the vlan 18 network?
View 5 Replies
View Related
Jan 29, 2012
I have 2 sites connected by a site-to-site IPSec VPN link using ASAs. (ASA5505 and ASA5510 at sites A and B respectively.) There is a UDP data stream that feeds into a Site A server from the internet (packets arrive on the Site A outside interface and NAT is applied to forward to Server A). I need the Site A ASA to redirect these UDP packets over the VPN link to a Site B server instead of to the Site A server.
The source devices can not be reprogrammed with the Site B outside IP. The VPN tunnel is working, Server A can communicate with Server B.
View 1 Replies
View Related
Mar 16, 2012
I start to use the CM. I received a request to block a number,I need to block the call only on the Call Manager or also on the Gateway that I have?
View 6 Replies
View Related
Apr 25, 2013
I have been struggling to come up with the proper config to do a NAT of an incoming VPN tunnel to a VLAN on my network. I have an ASA 5510 with an IPSEC site-to-site tunnel to a partner network of 166.110.0.0/17.I have several VLANs on the ASA interface behind a cat4500 router (192.168.100.024, 172.16.4.0/24, 166.110.128.0/22 etc). The only network that the partner network sees is the 166.110.128.0/22.My problem is that I need to give them access to a node on my 192.168.100.0/24 net, but can't get the admin on the other side to add a route and adjust his tunnel.
View 4 Replies
View Related
Feb 6, 2012
I have a Cisco ASA5510 with two Cisco Catalyst 3560G switches plugged into it. Then I have 2 Cisco1400 Aironet WAPs plugged into the switches.
My goal is to limit incoming bandwith for two specific vlans. So users who are plugged into the switch or connected to the wifi can't go bandwidth crazy.
The rule I currently have setup on the ASA5510 is limiting internal bandwidth, I know shame on me.
So how do I setup a rule on the ASA5510 that will limit users external traffic on vlans without limit internal lan traffic?
View 5 Replies
View Related
Aug 20, 2011
having trouble to configure the Cisco SRP527w where we have two incoming VLAN's.
1. vlan1 is for internet (20mbps)
2. vlan2 is for a specific application (Specific IP Address - 10mbps)
Somehow we are unable to configure the router to enable PC's connected to the router to access both vlan based to the application specific vlan. Its always routing it through the internet.
View 0 Replies
View Related
May 6, 2011
i have window 7 instaled..my problem is that i use wateen usb for browing in office.where as my pc is conected with other pcs..when i disable the lan the wateen usb works but than i cant acess othert pcs..previouslyi was using same window and usb but there was no problem..after i have installed the window this problem has occured.
View 3 Replies
View Related
Nov 5, 2011
i have with my Edimax router. I could not make any progress with Edimax personnel in Taipei.
If i connect my vista box directly w/o the router, i can see that port 21 (Filezilla) is open, using WhatsMyIP.org | Port Scanners/Sniffers
When I insert the Edimax br6215srg router, the port is in timeout as reported by aforementioned site (guess the port scanner gets no synack nor reset back to the syn it sends)
The router is set to "disable firewall" or to "enable firewall and DMZ enabled" with as client's ip the one that is configured in the router's dhcp table for the vista box. The NAT module is set to forward port 21 to the same ip. ipconfig confirms that i do get the ip programmed in the router's dhcp table.
I do not want to believe that this edimax box is unable to forward connections!
View 19 Replies
View Related
Nov 18, 2012
I recently moved house to a flat where I now have an adsl wireless router. Ever since I installed it its been major problems for me, my speeds are terrible takes ages to load a webpage and days to download anything. Also I have tried to stream to my apple tv through the use of airplay mirroring but this again doesn't work and an error code appears every time which I then looked up and it says its to do with my firewall blocking incoming connections. I have gone to my routers settings to try change this and it says to select the options by clicking the radio buttons however they do not exist on the page as you can see on the screenshot below.
View 1 Replies
View Related
Feb 1, 2012
How to find the no of the incoming call by at commands.
View 1 Replies
View Related
Feb 26, 2011
My MiFi signal is at -117dbm and can only get dial-up. Spring rain flood the river for up to three months, so a land line is not viable.
View 1 Replies
View Related
Aug 20, 2012
I would like to block incoming traffic from a specific ip on a specific port
This is what I have
source: interface: wan ip address range: 5.xxx.xxx.226 - second one is empty (valid ip instead of x's) protocol: tcp
dest: interface: lan ip address range: both fields empty port range: 139 - empty field
ON and DENY box is ticked name field has some text in it
I click save and get this pop-up: Incorrect source ip address. Invalid format of the start IP address. Current Firmware Version : 2.11 The ip is obviously valid, what should I do?
View 1 Replies
View Related
Nov 29, 2012
I need to block 4000 nodes (Ultrasurf, TOR exit nodes) and I've written a script that will ssh and copy in these objects (prob 100 at a time) into an object group and then put a blanket deny. I don't see a flood of traffic (occassional hits every other day, etc) but I was wondering what the impact would be? Can the ASA handle an object group of that size plus an ACL with it? Any way to block incoming connections from TOR/Ultrasurf?
View 1 Replies
View Related
Nov 8, 2012
I have an SA520 that is being used as a front end firewall. Behind it I have an IP PBX. The VOIP provides are registered and I can make outgoing calls. However It appears that the SA520 is either blocking or not routing the calls. I have opened the ports recommended by both the IP PBX and the VOIP provider. What do I need to do to make incoming calls through the SA520?
View 1 Replies
View Related
Mar 6, 2013
I'm new to ASA's and PIX units. I've setup a few VPN's now but know next to nothing about logging on these units. I read the config guide for the PIX, but cannot figure out how to get a log of incoming SMTP traffic going on the console.Do I need to use a SYSLOG server? I can probably set one up on my laptop.
View 1 Replies
View Related
Mar 15, 2012
I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall. I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one. Unfortunately, my script is not working with the 5505. What I am doing wrong with the following script? I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults. I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network. [code]
View 7 Replies
View Related
Mar 2, 2012
I have a Cisco 3745 that is my internet router, I have a domain that directs the web address to the WAN IP address...Can I set up my 3745 to forward incoming connections to my server?
View 3 Replies
View Related
Dec 12, 2012
I was configure 3 interface on ASA1st - managemetn (only for management)2nd - gig0/0 is connected to internet with real IP3rd - gig0/1 is connected to local networkI was configure routed NAT to internet.But I have problem with restriction incomming traffic to inside interface (ifname is inside)but I can connect to ip address of inside interface from other ip. It is wrong and i can't understand where is my mistake.
View 2 Replies
View Related
Dec 12, 2010
I have a CISCO 1841 ROUTER and sins short our internet speed has decreased dramatically , it does not happens all the time , so I am sure it is not the ROUTER.I have put a small router (CISCO WRT 610N) and it was the same.When I look to the UP and DOWNLOAD GRAPH from my ISP , I see really BIG peeks.
View 2 Replies
View Related
Feb 27, 2013
I am trying to set up my new tablet and I'm filling out user name, password, POP3 server, port - what is port?
View 2 Replies
View Related
Mar 6, 2013
I have a wifi signal set up in my home but my studio 200m away gets no signal. I bought a repeater on ebay but it's still too far to pick up the signal. I can't place the repeater between the two structures due to lack of an electrical outlet. If I get an antenna for the repeater (Linksys WRT54GS with W-DRT installed) do I simply attach it where the existing antennas are on the Linksys repeater or is it more complicated than that? It seems to me those antenna ports are for sending a signal not receiving a signal.
View 2 Replies
View Related
Mar 16, 2011
which product has the capability to receive multiple incoming connections
View 1 Replies
View Related
Jan 7, 2011
I have Comcast broadband with one modem connected to my PC. I just bought a Denon AVR-991 Receiver that has internet capability. I I plan to use it for internet radio, etc.The problem is that each piece of equipment is in different areas of the house. I could connect the cable modem to the receiver and connect the PC to the internet via a wireless router, but I don't want to lose the speed of a direct connection on the PC.. can I have two different modems connected to the same incoming cable line? FYI, the existing modem is a Linksys BEFCMU10, and the second modem is one Comcast is in the process of sending to me as I just added Voip phone service to my account.
View 2 Replies
View Related
Dec 19, 2011
We have a Cisco 2911 Router and have configured via BT Infinity Broadband for out going internet access etc. Are there any incoming restrictions ACL settings etc. that will stop us using for ISA VPN, Exchange connections, Intranet, Sharepoint etc. We have reserved 13 Static IP Addresses from the ISP.
View 1 Replies
View Related
Sep 4, 2011
Actually all service from site to site is permitted, without restriction.I want to insert an ASA to block some internet traffic on main site.I try to configure my ASA5510.No problem for outgoing connection or to permit a single service on main site.But impossible to give access to all service/connection from all remote site to main site. [code]
View 7 Replies
View Related
Jun 13, 2012
I just got a Cisco asa 5505 with the next OS and ASDM info ASA 5505 OS 8.4(3) ASDM 6.47 I configured and enter all rules to allow incoming traffic to LAN but it's not working also, I have one host inside that is configured in a second IP and create the rule to allow traffic to it but it doesn't work too.
Problem 1 I have VNC running in port 5900 tcp and I want to connect from Internet using port 6001 and this has to forware the connection to the real VNC port. In the configuration I have a few host with the same configuration but I use different outside port to get it.
Problem 2. I have a second IP with services: SMTP, HTTP, HTTPS and port 444 all TCP forwarding to a server in the LAN.
Facts: SMTP. Every time that I do telnet to the second IP looking for the SMTP port, the firewall doesn't let the incoming connection goes through and the LOGGING screen doesn't how that connection.PORT 6001 (outside)this port is configured to work with the IP in the outside internface and it was to send the incoming connection to a host inside to the real port 5900.Can any one check my configuration if I'm missing anything? for sure I'm but I didn't find it. Bellow is the configuration, I masked the Public IPs just left the last number in the IP, also I left the LAN network to see better the configuration.
CONFIGURATION.
: Saved
:
ASA Version 8.4(3)
!
hostname saturn1
domain-name mydominio.com
enable password SOMEPASS encrypted
[code]....
View 4 Replies
View Related
Jul 3, 2012
We run a Cisco ASA 5510 and i need to find out how i can find the receving end on the inside of a vlan for traffic comming from outside.
ie incomming traffic on port 3937 and are NAT to eth 0/1.10
Thers a bunch of traffic on one port 33771 udp going in on 90.191.72.227 how do i trace this to the inside computer ???
lets say incomming traffic is on 90.191.72.227 and this is on eth0/0 this ip is NAT to a Vlan on the side for 10.10.0.0 with a subnet of 255.255.255.0
View 1 Replies
View Related
Oct 12, 2011
Just purchased a Cisco RV110W for our small business. We were told this was easy for us to use and secure enough for our small office and for our travelling sales staff to access our website.
We purchased 2 dedicated IP-addresses, 216.82.5.230 for access to one server, and 216.82.5.231 for access to a second server (these IP-Addresses given are just an example; not real).
These come into the single RV110W WAN port. The two servers are plugged into 2 of the 4 LAN ports.
But the WAN setup page only accepts one WAN IP-Address. So when we put in 216.82.5.230, the outside world can HTTPS into one server, but we don't know how to get them to HTTPS to the second server when the other staff uses 216.82.5.231.
In summary, how to use the RV110W admin panel to forward the HTTPS/SSL traffic from 216.82.5.230 to one server (setup internally on 192.168.10.20), and the HTTPS/SSL traffic from 216.82.5.231 to the other server (setup internally on 192.168.20.20 using the VLAN setup on this router)?
View 1 Replies
View Related
Jul 10, 2011
We have the next Settings in our SW. We crate an ACL and aplied to a SVI for Incomming Traffic, I understand that is not necesasry to allow the returning traffic in ACL, but we can't access to rdp for example when we add the ACL, if we remove it, the acces is ok, buet when we add again the access is deny, even we have a log entry, and the ACL i just for Incomming traffic. There is no another ACL.
See attached file
[code]...
View 1 Replies
View Related
Sep 24, 2012
When i open Skype it try to allow incoming connection to port 57502.
Both times Little Snitch caught it. Attached are two images.
What would this connection be, I read this port is dynamic/private?
View 9 Replies
View Related
Mar 1, 2013
Im using a Linksys E4500 wireless router behind a Motorola SB6121 modem. My OS is Windows 7 and it is fully up to date. In general my entire network is working well. Now I have purchased a new IP surveillance camera and need to forward a port to be able to have remote viewing of the camera. Mi ISP blocks quite a few inbound ports including 80 so I have been trying a lot of ports all over the map to find something that will allow inbound access.
After several hours, nothing I have tried works, using a couple of different port probes including one called CanYouSeeMe I always get a "timed out" message. I have disabled the firewall in the router and on the local computer and still no luck. This says to me that either Cox is blocking nearly all ports (doubtful) or the modem is blocking access to the router somehow.
The Surfboard modem doesn't have a built in router. Unfortunately I don't have an old working modem to put in the circuit.
I don't guess it matters but the camera is accessible from all other local computers on the LAN using its IP address with a port number appended (right now it's using 8000).
View 7 Replies
View Related
Feb 6, 2012
I have a licensing server. Other computers need to turn on a program, they send a message to the licensing server, and it responds that they have permission to run.Until today the licensing server was plugged into its own ethernet wall socket and configured with a static IP address. Today I put a router into that wall socket and now the server's plugged into the router.The router (WRT-54G) was set to the static IP - and now the internet on its network works. I set all ports to be forwarded to the server's internal IP address - and now my programs can detect and ping it. But now the server won't send back permissions to use licensed software, or even reply with a list of the software which it can license.
View 1 Replies
View Related
