Cisco WAN :: NAT Rewrite Source Address 800 Series Router
Aug 23, 2011
I'm stuck with some NAT issues. I've got an 800-series router wich connects to the internet via a PPP connection (dialer0). On the inside the router has 192.168.0.253/24 as IP address, the outside is negotiated with the ISP
My mailserver has the ip address of 192.168.0.1 but with default gateway of 192.168.0.254 (primary internet connection). If I use plain NAT (ip nat inside source static tcp 192.168.0.1 25 interface Dialer0 80) the packets arriving on the mailserver do have a public IP address as source address.
Would it be possible to rewrite those packets (source address) so they have 192.168.0.253 as source address. This way the mailserver won't send the replies to it's default gateway but back to the cisco router.
View 8 Replies
ADVERTISEMENT
Oct 3, 2011
Any problem/issue with using 28VDC to power the 2811 router. The spec calls for a 24VDC power.
View 1 Replies
View Related
Jun 6, 2011
I am looking for a config, as per the attached diagram, if the traffic comes from FE01 it should go via FE03 for the internet and when the traffic comes from FE02 it should go via FE04 for the internet.
View 1 Replies
View Related
Oct 29, 2012
Does ASA 8.4.3 check the source IP address of a DNS reply and drop it if the reply address is different to that in the query?
Customers DNS server does this due to a recent change, their server now has a virtual address, but replies are sent from its physcial address. This is temporary. Their PIX is happy with this.
Replace the PIX with the ASA, DNS fails, the only reason I can see is due to the way their internal DNS operates.
View 1 Replies
View Related
Dec 5, 2012
I have a server in a DMZ of my 8.4 ASA with nat:
object network FTP-SERVER
host 192.168.1.102
nat (dmz,outside) static interface tcp ftp ftp
And that's working well. However, I now need to translate the source address of connections from the outside to the FTP server as well. The aim is that the source address of packets when they reach the FTP server is an address on the DMZ subnet (as the default route for the FTP server now needs to be something else, not the ASA) as well as this outside-dmz NAT. I thought overloading the DMZ interface of the ASA? Or another IP in that range?
View 2 Replies
View Related
Mar 21, 2013
I've configured the ACE4710 to bring the logging to a syslog server! Here's the configuration
[...]
logging enable
logging fastpath
[Code]....
I saw to log with connection on the syslog server but It would be interesting to know the "source ip address" and my question is : It may be possible to configure for the logging a kind of "transparent pass through"?
View 2 Replies
View Related
Aug 1, 2012
i would like to use the ACS 5.3 as TACACS Proxy. Basically it works. But when checking the logs on the destination TACACS Server (ACS 4.2) i see that all requests (Source-NAs) came from the IP of the TACACS-Proxy. Not from the original source IP.
This is useless for my scenario, because on the destination TACACS Server the policies are built on the NetworkDevices Groups and AAA Clients = source IPs.
View 2 Replies
View Related
Mar 21, 2011
I'm using a 2911 as our Public Internet Edge Router. I have 2 public sub net blocks from Sprint, we are in the process of migrating. What i need to do is NAT any source address from the Internet from an address on one of our public blocks to the other.
Example:
Source Address 11.10.10.10 ==> Destination 64.165.123.10 (nat this to 64.165.54.10) inbound.
So if from the internet tries to hit 64.165.123.10 we want to nat that to 64.165.54.10 both of which sit on our public space.
View 1 Replies
View Related
Jul 4, 2012
I have a problem with random host's geting the wrong source address on a ASA 5512-X 8.6(1). Right now there is a host, 192.168.25.108, showing up with 6.6.6.6 (fake) on whatsmyip.org, should be 5.5.5.5 like the rest of 192.168.25.0/24. In the xlate tabel I cant find anything wrong. Same yesterday with two host, that are using the right NAT address today.
nat (any,outside) dynamic interface. (5.5.5.5)
object network H-192.168.25.10
nat (inside,outside) static H-6.6.6.6X(code)
View 1 Replies
View Related
Jan 10, 2011
i have Router 2800 series we are using leased line Connection 8 Pubilc IP.One IP Config in Router FE0/0 IP 101.102.148.91 and FE0/1 192.168.0.0 Local IP.I have 6 Web Server. How to Config other 7 IP address on Web server in the router 2800 series.
View 6 Replies
View Related
May 10, 2012
customer has a server which located in inside interace. and an outside interface connected to ISPA. cu config a static nat map inside server address to ISPA address, one day customer install a new outside interface to ISPB, cu config new static nat ,map same server inside server address to ISPB address. the server will allways be vistited from outside interface and reply, custome want traffic coming from ISPA will return to ISPA, traffic coming from ISPB will return to ISPB. but i found it is difficult implement this on ASA5580. i want use route-map on static nat, but it will not satisfy customer's request.
View 3 Replies
View Related
Jul 13, 2011
i have a problem customer has a server which located in inside interace. and an outside interface connected to ISPA. cu config a static nat map inside server address to ISPA address one day customer install a new outside interface to ISPB, cu config new static nat ,map same server inside server address to ISPB address. the server will allways be vistited from outside interface and reply, custome want traffic coming from ISPA will return to ISPA, traffic coming from ISPB will return to ISPB. but i found it is difficult implement this on ASA5580. i want use route-map on static nat, but it will not satisfy customer's request.
View 6 Replies
View Related
Feb 8, 2006
One of our Cat5513 has been displaying a lot of the error message below:
%SYS-4-P2_WARN: 8/Invalid traffic from multicast source address 01:00:5a:52:4c:4d on port 8/58
The frequency of this is quite disturbing. What this error is about? Module no.8 is our Gigabit Ethernet WS-X5410. Can that multicast address be mapped to an IP address or unicast mac-addresS? How can i go about resolving this?
View 5 Replies
View Related
Sep 3, 2012
Most of the 4500 Switches in our network are giving the similar error for so many ports
%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on p t Gi2/6 in vlan 100
Its impossible to do a wireshark packet tracing for all the ports.
View 2 Replies
View Related
Feb 14, 2012
Issue I am having with a Cisco 4507? Below is the error i am receiving.
Feb 14 10:06:09 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 508 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 14 18:44:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 119 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 15 00:51:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 366 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
[Code]...
View 9 Replies
View Related
Feb 27, 2013
There is a unicast flood on 3750 killing slow modem links. How to determine source MAC address of flooder? Is there a rate limit feature for it?
I know how to block it completely on port-level, but it breaks normal network operation. (when port goes down for some reason, it's learned MACs got flushed and since other hosts know MACs, they keep flooding untill their arp caches expire).
View 11 Replies
View Related
Sep 6, 2011
How many IP address can handle the DHCP server of the RV0xx Series VPN router? can be configured for more than 250 ip addresses? it is posible to configure the router in order to have more than 250 ip address?
View 2 Replies
View Related
Sep 6, 2012
Im having a (from google-fu) seemingly unique issue with load balancing. So for background, I am running the ACE 4710 device in "on a stick" mode, so I am using NAT and all that good stuff. I am also utilizing class maps and host header matching so I can save on IP space. [code]
Basically, as soon as I add that ACL_CLASS_beta.mainsite.com class map, all I get back from the ACE is RST packets and it comes back with an L7 LB Policy Miss.
It SEEMS like it should work, but it doesnt seem to like matching on those source addresses at all.
View 1 Replies
View Related
Aug 26, 2012
I have an issue with a customer that wants to update a server behind the ACE. The problem is that when the application wants to update the server it does it with the name.Doing some research I found that you can rewrite the record DNS based on the static NAT you set up on the ACE. The feature is called DNS inspection. Is the same feature as the ASA (DNS doctoring).I apply it to the outside interface and it did not work.
View 1 Replies
View Related
Jan 31, 2011
I am configuring a WAE-7341 for standalone content engine ACNS used for webcaching only.When I enable the l2-redirect and l2-return on the WAE I get high CPU on my Cisco 6504-E with WS-SUP32-GE-3B - WS-F6K-PFC3B. The 6500 shows the wccp status as L2 for redirection and return and webcache works but this CPU spikes to 70%. [code] I don't see which process is causing this but if I remove WCCP from the interface, it drops to 1% so I know for a fact that WCCP is causing this.
If I remove the l2-redirect and l2-return on the WAE, WCCP on the 6500 registers GRE for redirection and return on the 6500 and CPU drops to 5%.If I enable the "wccp webcache accelerated" option on the 6500, I cannot get WCCP up with or without the l2-return and l2-redirect options on the WAE, it displays: [code] does this 6500 not have the hardware redirect/rewrite capability? My WAE is directly connected to the 6500 WS-X6548-GE-TX blade on the same vlan that I am doing a wccp redirect on.
View 7 Replies
View Related
Jan 22, 2013
I am planning on upgrading my 6509s to use VSS within the next few weeks. I have checked all of the hardware and software prerequisites, and we are good to go from that perspective.I do have more of a procedural question- my switches are already configured and in production, VLANs, HSRP (3 IP addresses per VLAN- 1 per switch plus virtual IP), etc. Does the VSS upgrade take all of this into account and rewrite the configuration correctly, or should I plan on redoing the entire config for the switches after the upgrade?
View 6 Replies
View Related
May 29, 2011
Recently, I deployed ASA 5520 as our company firewall, everything was working fine except two main problem I still can not resolve them after I did a lot of research.
1. DNS rewriting - The internal user can not access the DMZ or internal server by put in the domain or external ip address. such as [URL] will resolve our wan ip address 210.0.0.83 ( internal ip address is 192.168.1.21 ).I used static (inside,Outside) tcp 210.0.0.83 https 192.168.1.21 https netmask 255.255.255.255 dns, but it will not work. We have our internal DNS server, but don't want to just add the domain as a record. Is there anyway to get the internal user to access Internal server and DMZ server through the public domain?
2. We also have an internal multiple subnet, another router was conneting to ASA firewall inside interface and using ip address 192.168.1.223, another subnet 10.1.15.16/28 is behind the this router, for the users in subnet 192.168.1.0/24, they connect firewall inside interface directly.I added an static route and intra-interface permit route inside 10.1.15.16 255.255.255.240 192.168.1.223 1same-security-traffic permit intra-interface I also added access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.15.16 255.255.255.240access-list inside_nat0_outbound extended permit ip 10.1.15.16 255.255.255.240 192.168.1.0 255.255.255.0nat (inside) 0 access-list inside_nat0_outbound The internal users on 192.168.1.0/24 can ping 10.1.15.18 but can not telnet to 10.1.15.18 22. If I set 192.168.1.223 as one of the workstation on 192.168.1.0/24 default gateway, it can telnet to 10.1.15.18 22 without any problem.
View 2 Replies
View Related
Sep 26, 2011
Some Routers support DHCP spoofing (zyxel / speedtouch).With DHCP spoofing (or half bridge) you can directly spoof you'r public IP address to the firewall. Firewall gets public IP address directly from modem. Benefit of this (no waste of an extra IP address). Modem has no IP address. It has to be possible with an 8xx series router I heard, but I cannot find how.I guess it can be done with a bridgegroup with the dialer and VLAN 1 in it (no ip addresses given).I tried but without any result.
View 2 Replies
View Related
Jun 2, 2012
why I can't use cisco ehwic-3g-hspa-u card in cisco 2800 series and 1841 series router?documentation said that it should work with that devices but when I installed it, it doesn't work even as device i can't see I am using cisco latest ios advance ent. 15.1(4)M4?
View 3 Replies
View Related
Sep 18, 2011
We want to mask part of the path prefix to hide development content: For example: the site(s) are: [URL]However we don't want anything with acme showing...so we would want the loadbalanced url to be: [URL] ...for requests and responses. I think this would be an http re-write request/response scenario?Is this possible to configure this on the ACE Device? We've got the load balance configuration down...not sure how to do this re-write type scenario?
View 2 Replies
View Related
Jan 17, 2011
I have not done much with business routers, but we have a 1700 series with a WAN WIC-1ENET card with a RJ45 connection. We had a T1 line and will be moving to ehternet. We are going to be moving to a 20MB line, and i just wanted to make sure I have the right connections before installing. We also have a T1 line in another loaton and would be moving to this same 2811 router there as well.We would also like to copy over the configuration from 1700 series router to the 2811 router. Would it be easier to do it by hyper-terminal? Also if we keep the 1700 routers are they capable of using layer-3?
View 2 Replies
View Related
May 2, 2011
Not able to enter 10.12 series address in LAN PC
View 12 Replies
View Related
Nov 15, 2012
Normaly all incoming IP addresses can use NAT to gain access. I would like to make a rule that only one IP address can connect to my router and use that port or range of ports defined.
Is there a way to configure a SRP 527W on such a way?
If not possible now, can I expect a software update ?
View 3 Replies
View Related
Jan 25, 2011
I am trying to hook my hp photosmart C4700 series printer up wireless to my laptop and i need my ip address and cant find it?
View 2 Replies
View Related
May 24, 2011
How come the 2600 series IOS has the show mac-address command but it does not display anything? you need to use show arp? is this for when you use one of those network modules that is a switch?
View 2 Replies
View Related
May 11, 2011
I have two CSS 11500 series.In just a few months i will have ready a DRS (Disaster Recovery Site), where i will have 2 more servers to add to the environment.
View 3 Replies
View Related
Apr 19, 2009
How to change ip address in cisco 2960 series switch?
View 4 Replies
View Related
Dec 30, 2012
we have 6 access points in production and we want to chnage the IP addresses of them. So what would be the procedure for that.
View 17 Replies
View Related
