I have been looking over the manual for my rv016 but cannot find the information I need.
I have 4 external ip addresses that I need to be able to forward to specific internal ips.
A couple of the external addresses will be forwarding with the same ports so just simple port trggering or forwarding will not work.
Can this be accomplished with the rv016 or do I need to look at another device?
I want to know whether NAT loop back is possible with the RV220W router/firewall, or when can we expect a firmware update that addresses this?For terminology sake, what I mean is that I've got a rule that maps HTTP/S to 192.168.1.2. However, when accessing my external ip from an internal ip, I don't get routed to 192.168.1.2.
View 13 Replies View RelatedI am trying to setup an RV016 router to do "1 to 1 NAT". I am starting with setting the external IP address of my RV016 to 10.8.58.219 on the WAN1 port, and LAN IP 10.10.20.254. Simple enough. When I connect my laptop to port1 on the router's LAN side I can ping the router's external AND internal IP addresses fine; But I can not ping from outside when connected through WAN1 port.I am performing a simple local test with an external hub, I put a patch cable from WAN1 port to the hub, another patch cable from port 1 on LAN side to the same hub, and from my laptop to the hub. When I use my laptop's IP address with the internal schema (10.10.20.100 for example) I can ping both WAN1 and LAN IP's; but when I use on my laptop the external IP schema (10.8.58.100 for example) I can not ping it. Therefore is not working when I connect my router to the real network.I went into the web setup pages of the router and dissabled: firewall and basicaly all security "blocks" it has, and leave it open for my testing.
View 1 Replies View RelatedWe have a 6509 that was connected to 2 other locations(location A and B) and our local lan (location MAIN). We wanted to move the location A and B to a 3750 switch and only allow the traffic that needed to access our location MAIN to come through the firewall. The only problem I ran into is that before location A and B were on different interfaces so in the 6509 firewall the routes for traffic to our MAIN location was done by static routes.
I.E.
static (MAIN_intf,A_intf) 192.1.1.72 10.94.10.72 netmask 255.255.255.255 0 0
static (MAIN_intf,B_intf) 192.2.2.72 10.94.10.72 netmask 255.255.255.255 0 0
[Code]....
because it has a static overlap, which makes sense to me, but my question is how do I configure the network to get this to work? Do I have to reconfigure my network and access-list? Do I need to add more ports between the 6509 and 3750? I'm not sure if this is the best way to do what we want. If something is not clear I'll try my best to explain the setup, but I just took over for our I.T. guy when he left.
I put 10.10.10.72 instead I should have put 10.94.10.72. the routed port is on a different subnet than the computer I'm trying to access.
I have an ASA 5505 with the security plus software and I'm trying to find out how to assign 2 public IPs to the outside interface and have each IP routed to a separate internal VLAN. For example, IP 1 = X.X.X.1 routed to 192.168.1.0 and IP 2 X.X.X.2 routed to 192.168.2.0. I was told this was possible and I've been trying to find configuration examples, but I can't seem to get anywhere and now I'm getting desperate because I'm scheduled to install it this weekend.
View 1 Replies View RelatedI have to configure multiple vlans served with a unique DCHP server . As first step, I just will The DHCP server to serve 2 vlans. The following is the hardware and configuration that I implemented :
[code]...
But If I connect the DHCP server on a trunked switch port and adapt the DHCP server gateway 172.16.0.1 to 172.16.0.254, hosts receive ip address properly.I have to connect the DHCP server directly to the router. How can I do that, what is wrong in the configuration?
I just received a new Cisco SG300-10 and am configuring it in Layer 3 mode. I am trying to setup multiple routed VLANs going back to a FiOS Actiontec router. My configuration is as follows.
Fios Router: 192.168.1.1
Assigning DHCP 192.168.1.2 through 100.
SG300-10 has VLan 1 ip 192.168.1.5 used for Mgmt.
VLAN2 is 10.0.2.1
VLAN3 is 10.0.3.1.
I have a static route set on the fios router for both subnets setup as follows.
Destination 10.0.3.0 Gateway 192.168.1.5 Netmask 255.255.255.0 Metric 1
Destination 10.0.2.0 Gateway 192.168.1.5 Netmask 255.255.255.0 Metric 1
I have a laptop connected to Gi8 on the Cisco (Vlan 3) and statically assigned 10.0.3.3, with a gateway of 10.0.3.1. DNS set to the fios router (192.168.1.1).
Everything pretty much works EXCEPT, I cannot get out to the internet from either vlan. Traffic routes between vlans/and the default subnet on the fios without issue.
When I ping out, DNS resolves, but will not go past the fios router. Am I missing a setting somewhere?
We have a working config with 1 external IP, we need to a second webserver (https) and it should be routed via a second public IP address. I already tried some suggestions from the community but haven't been able to find the solutions.
xxx.xxx.xxx.194 is going to the internal IP of 192.168.60.1 for OWA (https)
xxx.xxx.xxx.195 should go to a new webserver on 192.168.60.3
both server should be connected using SSL This is the current configuration :
ASA Version 8.3(1) !hostname fwdomain-name domain.localnames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.60.250 255.255.255.0 !interface Vlan2nameif outsidesecurity-level 0ip address xxx.xxx.xxx.xxx 255.255.255.0 !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone CEST 1clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00dns server-group DefaultDNSdomain-name domain.localobject network obj_any subnet 0.0.0.0 0.0.0.0object network NETWORK_OBJ_192.168.70.0_26 subnet 192.168.70.0 255.255.255.192
[code].....
Can operate simultaneously multiple external DB in ACS 4.2?Mutiful External DB server is AD and Token server
View 1 Replies View Relatedhow to properly route multiple external IPs to internal ips assigned to several servers. Where I'm getting a bit lost is that I have two levels of routing - one from the outside into a comcast business class cable modem, which also creates its own internal network. Within that internal network, I have my RV180 router, which creates another separate internal network in which the servers live (don't want the servers to have access to other computers within the Comcast Modem's internal network). I want to map the external ips to servers within the RV180 second level network.
To diagram:
Comcast Cable Modem
/
RV180 Computer(s)
/
S1 S2
An internal IP is assigned to the RV180 router. Suppose it is 192.168.1.100.
The cable modem itself supports NAT as well. Do I use NAT twice (on both cable modem and RV180) to route the external IP to S1 and S2?
Or do I modify the routing table on the cable modem? Then use One to One NAT on the RV180 to map the external IPs directly to the internals?
We currently use ACS 4.2 for authentication of corporate users who are accessing the network in 2 different ways:
1) VPN client (via ASA5510)
2) Wireless (EAP-PEAP)
For all users who currently access the network via either of the above 2 methods, the Password Authentication under User Account settings in ACS is set to query an RSA SecurID Token Server.
We would like to try achieve the following in ACS:
IF an access request comes from the ASA (VPN clients), THEN we would like the user's password authentication to be handled by the RSA SecurID Token Server as it currently is. IF an access request comes from the Wireless LAN controllers THEN we would like to use EAP-TLS authentication. (We are aware that we would obviously need to configure the WLC, clients, PKI infrastructure etc accordingly for eap-tls).
I have an existing pair of PIX 515E that has two interfaces. One connected to the public internet via my ISP and one internal.
I recently ran out of IP's and had the ISP route an additional block to public IP of my firewall. This isn't working for some reason and I'm trying to figure out why.
The "ip address outside XXX" command defines the outside address and I don't see any way to add a secondary sub net.
I tried just adding a rule to the firewall for one of the IP's in the new subnet, but I can't seem to get traffic to pass though the device.
if possible with the RV042.Primary External IP address uses port forwards for some ports, all okay.I would like to have other external ip addresses assigned to machines on my lan.Basic host multiple web servers, on different IP addresses, using port 80. [code]
From what i am reading, it looks like the RV042 can do this, but I am not real clear what my rules should look like.
I would think my high priority rule for each external IP address would be to deny all traffic first for each machine on the lan.Then create one entry with source 202.x.x.2 port 80 -> 192.168.168.2 ?
How should I set my rules to do this, and what settings should I have on the Nic of the second machine?
Due to special circumstances we have 2 ISP links on an ASA5510. I am trying to terminate some L2L VPN tunnels on one link and others on the second ISP Link, eg below:
LOCAL FIREWALL
crypto map outside-map_isp1 20 match address VPN_ACL_Acrypto map outside-map_isp1 20 set peer 1.1.1.1crypto map outside-map_isp1 20 set transform-set TS-Generic
crypto map outside-map_isp2 30 match address VPN_ACL_Bcrypto map outside-map_isp2 30 set peer 3.3.3.3crypto map outside-map_isp2 30 set transform-set TS-Generic
crypto map outside-map-isp1 interface ISP_1crypto map outside-map-isp2 interface ISP_2
crypto isakmp enable ISP_1crypto isakmp enable ISP_2
route ISP_1 0.0.0.0 0.0.0.0 1.1.1.254route ISP_2 3.3.3.3 255.255.255.255 2.2.2.254
Establising the VPN tunnels in either direction when using ISP_1 works fine establishing in either direction from remote access users and multiple L2L tunnels (only showing one for example).
On ISP_2
1. Peer 3.3.3.3 device establishes a VPN tunnel, but the return traffic does NOT get back to devices on 3.3.3.3 tunnel.
2. The local firewall does NOT establish a VPN tunnel going to 3.3.3.3
It would seem to indicate that the problems lies with this multihomed firewall not directing the traffic correctly to either return down and establised VPN tunnel (point1) or to intiate a tunnel if none exists (point 2).
Reconfiguring the VPN tunnel peer for 3.3.3.3 to be on ISP_1 of the local firewall, all springs into life! There are sufficient license etc...
I am working on replacing our Checkpoint Firewalls with ASA's, and am running into the following NAT problem. On some of our Checkpoints, there are external NAT's that are mapped to multiple internal hosts based on ports.Is there any way to translate that to the ASA? I'm not sure the ASA will let you have multiple internal hosts mapped to one external IP using static NATs. The main issue, is these are alarm panels that receive data from external hosts (the traffic is initiated externally on the Internet) so I can't use dynamic PAT with this.
View 1 Replies View RelatedI am working for a small business that decided to a public address block ip addressing scheme for their private LAN (192.0.10.0). It was setup this way before I started working here. I have noticed something I think is odd on the network. This just recently started happening. I have some devices that have different subnet masks in order to keep them from being viewed from other computers on the LAN. For example, I have an wireless router with the ip address 192.0.11.50 subnet 255.255.252.0 . All the other computers on the LAN have ip's in the 192.0.10.0 255.255.255.0 range. When I want a computer to see the 192.0.11.0 , I change its subnet to 255.255.252.0 I noticed today that when I do a traceroute on 192.0.11.50 , I get this:
Code:
C:Useruser>tracert 192.0.11.50
Tracing route to 50.11.0.192.in-addr.arpa [192.0.11.50]
over a maximum of 30 hops:
[code]...
is it possible that a public IP can be automatically routed to another public ip.For example I have two routers A and B. router B has a LanB in 10.0.0.0 network and the public ips are in the x.x.x.0 for internet access. router A is located at a remote location and has a public ip of y.y.y.0 network.
View 8 Replies View RelatedI am using a company called Zen for adsl, I have 8 IP from XXX.XXX.XXX.248 to - XXX.XXX.XXX.255, Gateway is 254, Address 249-250-251-252-253 I would like to appear at the 4 sockets at back of router, and 252,253 will be used for a server...I understand I should be using Routed IP , but I cannot get it to work, I can ping out to google from the server, but the server is not live to the world. [code]
View 8 Replies View RelatedI have an old Nortel network with a bunch of servers attached. Connected to it is the new Cisco core, by way of a routed port. My task is to migrate servers over to the Cisco side of the network, with minimal downtime, and have full network connectivity, retain IP addresses/remain on the same subnet, and retire the Nortels. The Nortels are running VRRP, so I can fail the gateway over by becoming part of that group and later dropping the Nortels, but I can't seem to get a host on the Cisco side to participate in the original subnet. The routed port kills VLAN traffic, so I tried bridging the VLAN with the routed port, to no avail.
View 7 Replies View RelatedAny way to test throughput on a routed SG-300. I tried using iperf with netbook on VLAN1 to netbook on routed interface running @ 100mb. I was getting results as low as 40mb upto 200mb (sometimes even 2gb, I assumed these to be flukes). Since implementing it, the throughtput seems worse, I'm getting between 10 - 40mb of throughput. I have about 30 clients behind it routing across a 100mb leased link. I don't see why the SG300 shouldn't be able to do wire speed routing (upto 100 hosts). How to verify the expected throughput consistently?
View 3 Replies View RelatedI got the SG 300-20 small business L2/L3 switch. I've read through the 325 page pdf manual and I still can't figure out how to do what I need to do. Here is my setup using example ips.[code]
I want to be able to have any workstation I put on the workstations vlan to use 69.30.44.2.34 as a gw and from there route to 170.4.5.5 and from there to the outside. Basiclly, I want to be able to route ips from two different subnets on two different vlans. I've read through the docs and so far I have vlan1 setup and vlan 2 setup fine but I have no clue how to get the routing to cross vlans. The docs say the only way to have vlans talk to each other is by routing through the vlans ip interfaces but I have no clue how. There isn't a simple step 1,2,3 chapter that gets you to route between two vlans. What am I doing wrong? I put in some IP route entries but nothing seems to work.
we are using the catalyst 3550 L3 for BGP routing. For e.g. Gi 0/4 is our internal interface tha we want "switch".
We need on Gi 0/5 the same network that is on gi 0/4.
How is it possible? Make it like a 2 port mini switch. Or make a bridge of these 2 interfaces without any complicated reconfiguration needed?
have a Cisco ASA that I am trying to configure in a unique way, I want it to perform a variety of tasks;
VPN SSL
VPN Tunnels
Firewall Inside to Outside via versa
But the difficult task, is creating a DMZ with devices that are assigned fully routed IP addresses from our ISP directly, these are H323 and SIP devices that cannot use NAT, and must have a fully routed IP address assigned to them.
Obviously the problem I have with the Firewall in its default routed mode, is that it wont allow me to overlap IP addresses on the outside interface with the DMZ interface.
Could the Firewall be configured for Transparent mode between Outside and DMZ, but Routed mode between Outside and Inside?
Eth0/0: 10.0.0./24 (inside)
Eth0/1: 190.0.0.0/24 (dmz)
Eth0/2: 190.0.0.0/24 (outside)
[Code]....
But could the new Cisco ASA with the latest firmware and model be ale to do this with 1 physical firewall?
I have my main branch router (3825) and two remote routers (2821's). They are connected through leased lines that do not touch the internet. For various security reasons I have to ensure that the traffic from the remote's are encrypted in a VPN tunnel even though it is still part of a private network.I have went ahead and created the tunnels and I can verify that they are up. I have applied the cryptomap to the correct interfaces, etc.So the question is - How do I ensure that traffic is not just being router out of the interface from the remote sites back to the branch router with or without using the VPN tunnel? I've taken down the tunnels and of course, the traffic is still being passed back and fourth.
View 1 Replies View RelatedWe currently have ACE20's, which only support multicast in bridge mode.Was wondering if it's the same on ACE30's, or if Cisco finally implemented support for mcast in routed mode.
View 3 Replies View RelatedI am trying to set up a LAN-to-LAN VPN tunnel between two sites. One site has a 5505, and the other site has a 5510. It looks like the tunnel is being established fine (both ISAKMP and IPSEC SAs look OK), but traffic doesn't appear to be routing across the internet between the devices. [code]
View 15 Replies View RelatedI have 2 3550's connected across a wireless link. [code] However, from Switch A, I cannot reach 10.1.3.9Can this 3550 not route traffic between 2 routed ports?
View 8 Replies View RelatedI have a subnet (vlan 104) working great across a WAN. At site 1, Router A (3745) has the L2TPv3 tunnel configured while Router B (7204) has a routed interface on vlan 104.
The only thing router A is doing is the tunnel, so I'd like put the tunnel on Router B and eliminate Router A.
The trouble is, when I move the configs to Router B, the tunnel comes up, but the far side does not receive traffic over the tunnel.
Router B shows sending and receiving packets (per the 'sh l2tun session all' command). The far end router shows sending packets but receiving 0.
Is it a problem to have both the vlan 104's L2TPv3 xconnect interface and the vlan 104's routed inteface on the SAME router?
what routed ethernet card (WAN) can be inserted in Cisco 2811? I wan to replace 2Mbps Framerelay to 10 Mbps
View 5 Replies View Relatedwe are trying to configure one to one NAT translations on a Cisco 527W-U, but are having some problems. We are running firmware version 1.2.4 (003) on the 527.
The DSL line is assigned with a /29 address range x.x.x.64 /29?
The DSL WAN interface picks up x.x.x.65 /32 from the Radius server. We are using the default private IP address range 192.168.15.0 /24 on the LAN (VLAN1), and can get to the internet ok with a PC connected to the LAN.
However when we try to set up a public IP address in the same range (eg x.x.x.66 /29) on VLAN1 (with x.x.x.67 on the PC) it will not connect. (won't allow us to configure an address from the same range as the WAN on a new VLAN interface).
we would want to be able to do one to one NAT translations eg x.x.x.66 on the outside to 192.168.15.2 inside, x.x.x.67 outside to 192.168.15.3 inside etc, but this will not either. We have tried this on a normal IOS router (887) and it worked ok. We have also tried the same on a small DSL router / modem product similar to the 527 from another manufacturer and it worked ok on that, but we wanted it to be able to work on the 527.
We have tried the NAT bypass feature without any success, reading several other discussion forums on this website leads me to believe that one to one NAT is not supported on this equipment at the moment, or at least not at the current firmware release.
One work around would be to just assign a /32 to the WAN interface on the DSL and route statically to a different routed subnet configured on the LAN, however we were wanting to avoid having to do that if possible.
how i can configure a second ssid for guest access in our environment. this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time. My AP config is attached below.
Do i need to redesign the whole network to have a native vlan other nthan the data vlan? Does the access point need to be aware of the voice vlan? Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
My question is if I can configure 3 ssid, for 3 different VLAN and add the DHCP address from a WAP4410N AP, when you upgrade to the latest version of IOS I can have this functionality?
View 2 Replies View RelatedIs it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.
View 5 Replies View Related
