Cisco WAN :: Router Listening On Public Interface Rv042
Aug 28, 2011
I have two Windows Boxes connected to RV042 ; each has its own static IP assigned to it and each runs bunch of virtual machines , for which I had configured port forwarding .My hosting company claims that my server(s) are listening on IP 192.168.0.1 on a public interface (i.e., one that uplinks to their network). They see this same IP on two different MACs my uplink interface. I am not really sure how it is possible since 192.168.0.1 was assigned to router itself.
View 7 Replies
ADVERTISEMENT
Feb 2, 2007
We have a RV042. remote management is set to DISABLE - but even after restarting the router i can access the interface remotely over the internet.even when i enable it and change the port to say 5555 i can connect to the web interface using either port 5555 but ALSO on port 80.what's wrong here?the only way to stop that was to create a rule that blocks port 80 on the WAN interface. (btw. could this rule affect LAN users when browsing the web?)
View 7 Replies
View Related
Mar 14, 2012
I've got a 1U server that has Citrix XenServer 5.6 installed on it. It has 2 physical ethernet interfaces, both connected to the same network switch, one interface has a public IP address on it and the 2nd interface has a private rfc1918 address on it (this can be changed if necessary). I use the private1918 interface to do administrative tasks, transfer data amongst the servers and guest VMs, etc. I'm given a /29 IP address allocation by a friend to use for my servers (using his FTTP internet connection). I want to set up a few guest VMs, but really most of them do not need to be using public IP addresses.
Is there a way to NAT the public interface on XenServer so that guest VMs can use rfc1918 addresses & get online, instead of using the few IP addresses I am given? Also how would I enable portforwards so that I can get applications to work like asterisk, SMTP, etc.?
Listing of interfaces on the Xenserver:
Code...
View 6 Replies
View Related
Sep 23, 2011
We have a 2911 Router running 15.0(1)M4. G 0/0 is our LAN interface, and it has three subinterfacesG0/0.1 is our data LAN, and the gateway for our Windows machines. This is the interface this question concerns.G0/0.23 is a separate LAN for various equipmentG0/0.192 is another LAN for equipmentG 0/1 is connected to the internet, and has a public address.S 0/0/0 is a T1 PPP, connected to our core data centerS 0/1/0 is a backup T1 PPP, again, connected to our core data center.There are three static routes entered:ip route 0.0.0.0 0.0.0.0 10.12.1.1 100 This is the first PPPip route 0.0.0.0 0.0.0.0 10.13.1.1 200 This is the secondary PPPip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 255 It currently has a cost of 255 while i figure this one out. xxx.xxx.xxx.xxx represents the cable company gateway, which I can ping properly. I've also used "gigabitethernet 0/1" in place of the next hop ip with the same results. The public interface is properly connected, and can ping it's next hop (the cable company gateway). When I change the static route for gigabitethernet 0/1 to a cost of "0", the router can properly ping DNS names, such as google.com through the public interface.
However, devices on the data LAN cannot reach any public addresses except for the router's public interface, let alone DNS names (I am using 8.8.8.8 as my test IP). If I revert the cost back to 255, making the PPP the gateway of last resort, these devices can again connect. (they travel through the PPP to our Data center's internet)
This confuses me. If our server, on the same LAN as the router can ping the public interface (it's definitley not leaving the 2911, as latency is less than 1ms), and the router itself can ping outside addresses, what is preventing the router's public interface from passing traffic to the internet from any source other than itself? I have attached our running config in the hopes that there is something obvious I'm missing (the public ip addresses have been changed so they are not exposed). I simply want clients on our 10.23.0.0 LAN to get to the internet via the public interface of the local router, and still connect to corporate resources using the PPP links. MAS_2911#sho run
Building configuration...
Current configuration : 5666 bytes
!
! Last configuration change at 01:47:50 eastern Sat Sep 24 2011 by redacted
[Code].....
View 6 Replies
View Related
Jul 24, 2012
I have a 2621 that I am configuring on the internet. My ISP gives me a static DHCP assigned address and then two more static addresses that are not part of the same block. (e.g. 1.2.3.4 is static via dhcp and then they give me 5.6.7.8/30).
I have fa0/0 getting 1.2.3.4 ia dhcp. I have 5.6.7.8 on a loopback interface for PAT/NAT as I have the main one on fa0/0 doing vpn to a remote ASA. The problem is that I have yet another device that needs a public IP, mainly 5.6.7.9... I want to hook that device up to fa0/2 (this box has three fa interfaces). How do I setup fa0/2 if I want to give the device on it a real live public IP address? I have done this before, but it must have been 10 years back on an even older CISCO and I can not remember how I did it.
View 2 Replies
View Related
May 10, 2012
getting my additional IP addresses working on my ASA 5510. I have a /29 allocation and outbound access and inbound access to my internal www server is working fine through the default outside interface. However, I now need to setup a second IP address that maps internally to a different web server. When I setup a new network object with automatic NAT translation to the new IP address, it does not work. If I setup the same scenario using the outside interface, it works fine. What is the proper way to setup additional IP address on my ASA v8.4?
View 10 Replies
View Related
Jun 4, 2013
Our ASA 5510 was configured with a public interface, a DMZ interface, and a private interface. I have a remote access VPN using AnyConnect client and LDAP authentication for Active Directory. We are changing ISP (groan!), which means all new public IP addresses. The new circuit is installed, so I have a second public interface (same security level as the first public interface, wholly different IP address range) enabled on the ASA. I hope to transition whatever I can, which means get the VPN access through either public interface. Can I just enable client access on the second public interface at the Anyconnect Connection Profiles tab in ASDM? That seems too simple. Can they share the one address pool?
View 1 Replies
View Related
Aug 23, 2012
How would I go about giving a server on the inside interface of my ASA a public IP address. I have a /28 on the outside interface and I'd like to give a server a public IP and not NAT.
I'd not sure how to go about getting this done.
show run nat=
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.192_27 NETWORK_OBJ_192.168.0.192_27 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.0.192_27 NETWORK_OBJ_192.168.0.192_27 no-proxy-arp route-lookup(code)
View 8 Replies
View Related
Jul 9, 2012
I have a Cisco ASA 5520 (Ver 8.2(4)) with all four interfaces in use (Public, Private, DMZ, Local offices) and an IPS module, so there are no spare interfaces. I have used all of Public IP's on the current interface for various services (these need one to one mapping, so I can't port map mainly due to SSL certificate issues) and I need to add another Public IP range. The secondary option on ASA interfaces does not exist as on routers/switches and I need to use an additional non contiguous IP address range for additional services advertised on the Public interface that are NAT'd to be servers in my DMZ.
I have seen an example of adding a static arp on the Private interface to allow a secondary gateway to be used for outbound traffic, but I need to allow 14 new IP addresses to be NAT'd from the Public to DMZ and possibly also for outbound NAT'ing (from either Private or DMZ to the Public). I have a L2 switch between the ISP router and the firewall, so using VLAN's is not an option unless the ISP can be persuaded (highly unlikey) to add the seondary IP's as a sub interface with tagging. Anyway if this was actioned then we would have a massive outage on our current IP range during the transistion.
View 3 Replies
View Related
Mar 10, 2011
we have two Cisco ASA 5510 in failover configuration.We tried to change the public IP address on the Outside interface of the primary device but it didn't works. The new IP is not reachable from Internet nor pingable from device on the same LAN.The new IP address is in the same subnet of the old IP.
From the switch on which the ASA is connected and from another Cisco PIX we can see the ARP entry. In the analysis, on the old public IP address there was a VPN site-to-site and Webvpn defined.We tried also to shut/no shut the interface and reboot the device.
View 1 Replies
View Related
Jul 31, 2012
I have run out of public facing IP addresses and I need more. Assuming I have been issued 1.1.1.0/24 and my new/additional range/subnet issued is 2.2.2/0/24 - Can I carry on with the same configuration on my ASA5510 and just add static NAT for new services in the 2.2.2.0/24 range.
i.e.existing config
route 0.0.0.0 0.0.0.0 1.1.1.254 (upstream ISP)
Interface outside ip address 1.1.1.1 255.255.255.0
NAT 2.2.2.1 to 10.1.2.3
or, assume my ISP will deliver 2.2.2.1 to my outside interface (1.1.1.1.1/24) and if my NAT is in place it will get delivered to 10.1.2.3 inside.
or, put another way I dont need change my set-up as I just static route to my ISP!
my real public IP is a /27 can I use my broadcast address (its a legit public IP address)?
i.e 1.2.3.0/27 = 1.2.3.1 to 1.2.3.31
Outside interface = 1.2.3.1/27
Can I use 1.2.3.31 and NAT it to an internal server?
View 3 Replies
View Related
Oct 30, 2012
Got an ASA5525-X with 8.6 release. We have an inside interface (10.11.1.0/24) and a DMZ interface (10.254.1.0/24). On that DMZ interface theres an SMTP server; by using the Public server feature in ASDM we created a rule so we have mapped the 10.254.1.29 internal ip to an external ip 217.x.x.x Everything is fine; working ok, but for several reasons we need to access the public ip 217.x.x.x from an inside ip (10.11.1.10). I tried to do it by creating an exemption for the dynamic nat; if i don't do that i have a 'deny ip spoof from...' message rolling on my syslogs.Seems to do the trick.....but only for pings! i ping the public ip from the inside ip, and got the reply from the internal ip on the DMZ. But if i want to telnet port 25 from inside to public; its not working.
View 7 Replies
View Related
Oct 12, 2011
how to totaly disable Admin/ASDM access on our public interface of our 5510. I don't want to change IPSec or SSL access to the outside interface. Just totaly disable access to Admin/ASDM from the outside without halting all other access.
View 3 Replies
View Related
Sep 3, 2012
I'm having some problems blocking IP blocks. I have several blocks of IP's that I want blocked.I want to block 77.0.0.0/8 from communicating with a server on my lan.So I make a rule in the RV042 to deny all traffic from 77.0.0.0 to 77.255.255.255, source wan1, destination lan, my server's ip,As soon as I move that rule above the traffic forwarding rules I have created, no traffic moves in or out via the wan interface. It seems to just cut off all traffic.
View 2 Replies
View Related
Aug 12, 2011
We bought an RV042 at the end of June. It is used as a gateway and VPN router. DHCP server is disabled and all IPs are configured manually.Every once in a while (Tuesday night, then Friday night - yesterday, it has hapened once or twice before that) the router appears to restart (see log below) then comes back up with system time of Jan 01 2010. At this point the router will no longer load its configuration page (https://10.29.238.197:16443/) and VPN connection to our customer in Africa drops. However, devices behind the router can be reached and can access the internet. The only way to fix this is to power cycle the router at which point everything starts working flawlessly again.The PID VID is RV042 V03 running firmware v4.0.3.03-tm (May 12 2011 21:27:37). Our RV042 is a newer one with Cisco SMB Router branding not the older Linksys branding.
From the log when the router reboots:
Aug 12 22:38:42 2011VPN Log(g2gips0) #141: retransmitting in response to duplicate packet; already STATE_QUICK_I2Jan 1 01:00:05 2010System Logheart : System is upJan 1 01:00:13 2010System LogWAN connection is up : 10.29.238.197/255.255.255.192 gw 10.29.238.225 on eth1Jan 1 01:00:15 2010VPN Log(g2gips0) #1: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
I looked at the log more and all the usual messages assosciated with VPN being established are there - the last thing in the log before the router coming back up again is:
Jan 1 01:03:49 2010VPN Log(g2gips0) #4: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel ConnectedJan 1 01:03:49 2010VPN Log(g2gips0) #4: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel ConnectedJan 1 01:03:49 2010VPN Log(g2gips0) #4: sent QI2, IPsec SA established {ESP=>0x575a01c0 <0x6534ae4e
So it even claims the tunnel should be up but I can never reach anything on the far side.
View 3 Replies
View Related
Oct 8, 2012
Sometimes when I enable a switchport I see the port goes to Blocking mode first, not sure if it stays in that mode for the 20 secs, I think sometimes is far less than 20 sec. But I have seen too, that when I enable a port it goes directly to Listening mode. When does a switchport goes to the Blocking mode first, mode that all the books I have read say it should go when you enable a port, and when it goes to Listening mode directly?
View 5 Replies
View Related
Aug 16, 2011
I recently had a security scan done on a DIR 655 and the report came back saying PORT 111 (Unix RPC Service) should not be listening for external connections. I've looked through every setting but can't find where this service is enabled (or can be altered) -- aany guidance on this port/service?
View 14 Replies
View Related
Aug 7, 2011
When I do an NMAP scan against my ASA 5505 on it's internal interface's IP address, it appears to be listening on all TCP ports. If I do it from across a VPN tunnel, the ports show as open according to NMAP, if I do the scan from the local subnet they show up as unknown. I'm running 8.0.4 code on this ASA.
View 1 Replies
View Related
Aug 4, 2011
I am just setting up a LAN using DIR-655 and I noticed this line in the logs: notice Aug 4 03:25:55 HTTP listening on port 65535
Is the router listening to that port?
View 1 Replies
View Related
Apr 4, 2012
Ages ago I was shadowing someone making a change on the network. I cannot remember which spanning tree version was running and cannot remember the config of any port either. What I do remember is that every switch port on the 2960 switch went orange and an outage occured, where the ports went into listening / learning mode. I assume that the STP was just the default ieee 802.1D.
View 3 Replies
View Related
Mar 11, 2007
How come many switches show that they are listening on port 2228/udp and 1975/udp? You can see this by running 'show ip sockets'.
View 10 Replies
View Related
Aug 13, 2011
recently got a RV220W and liking all the configuration options.
Although I cannot find where to change the listening port for management? I want it to listen on port 81 instead of 80.
View 5 Replies
View Related
Aug 30, 2012
I've several production Catalyst switches that are listening on the same IPv4 and IPv6 ports. The problem is I don't want the switches listening on the IPv6 ports.[code] How to shut down these listening ports?I also have a few production switches listening on UDP/10000 and I cannot determine why this port is listening. [code] I've seen where UDP/10000 is Network Data Management Protocol and is related to Storage networks ###, but I've also seen where UDP/10000 is the default port for IPSEC data.I don't believe UDP/10000 is related to either NDMP or IPSEC data, though I could be very wrong.
View 4 Replies
View Related
Dec 20, 2012
In my LAN environment, I'm using two cisco SG300-10 switches. Both switches are connected by GE10 on both switches, where both ports are set to trunk.Now on all ports 1-9 on both switches, I'm having client computers attached. So I set ports 1-9 to "access" mode.All interfaces on any switch is left in default vlan.
Is it normal that I see all traffic from all connected devices on any port where I connect a listening device?What I'd like to achieve is, that only traffic that is meant for a specific workstation is actually forwarded to this workstation. By now it seems that I get all the traffic from everybody.
View 6 Replies
View Related
Apr 2, 2013
One of our vendors requires using a public ip address to setup a site-to-site IPSEC vpn. We only have one public ip address and that will be used for the vpn endpoint and for internet access for the local network. I've setup policy NAT from our local network to the outside interface. I'm also using the outside ip address for the crypto map. The tunnel setups successfully and the Tx count increases anytime I try to ping the remote network, but the ping fails and the Rx count does not increase. According to our vendor, we should be able to ping the remote network and connect using port 443. When trying to connect using port 443, I see a SYN timeout in the logs. I'm not sure if the problem is on their end and they're rejecting our traffic, or if something is misconfigured on our end. I'd like to make sure that I have everything configured correctly before I go and point fingers at them.
Local Network - 10.10.9.0/24
Remote Network - 20.20.41.0/24
Remote Peer - 20.20.60.193
.ASA Version 8.2(5)
!
hostname ciscoasa
[code]....
View 4 Replies
View Related
Jul 10, 2011
i have an ASA 5520 8.4(1) setup as follows
public wan
|
|
ASA-- public dmz
|
|
private lan
i need to allow https traffic to a server in the DMZ that will have a routable IP address will just an ACL suffice ?which interface do i apply it to ? wan or dmz ?i dont need a NAT since the DMZ is a routable space?
View 6 Replies
View Related
May 9, 2012
i have a 1841 cisco router and i recently purchased a 1 port HWIC wan interface card. My problem is that I cannot see the interface in my config file. Is there something i am missing?
View 8 Replies
View Related
Apr 9, 2011
Is it possible to set up a WAN interface on a FastEthernet interface of a Cisco 877 Adsl Router ?Due to my ISP, i've to use an external VDSL modem and must connect it to my cisco 877 router (and leave it's adsl interface unused).But i don't know how to set up a wan port, other than the adsl interface itself (dialer0), on my cisco.
View 7 Replies
View Related
Jan 5, 2012
Recently I added a second web-server to my network. I have 2 static public ip's from my isp. My setup will be:
isp(two static ip's)---->Verizon MI424WR Router--->server 1 and server 2.
I currently have server 1 with IP: 192.168.1.100 and server 2 with IP: 192.168.1.101
If I have the two static public ip's xxx.xxx.xxx.27 and xxx.xxx.xxx.28. How do I forward xxx.xxx.xxx.27 to 192.168.1.100 and xxx.xxx.xxx.28 to 192.168.1.101
I read somewhere where i have to set the iptables on the router to do it. Do I have to buy a special firewall/router to do this or can mine do the trick.
View 1 Replies
View Related
Jun 17, 2012
I have a task for a config I have not done before. I'm replacing an older 831 and PIX with a Cisco 881 router with Firewall feature set. The router receives its public IP address dynamically and there is a static public IP range also assigned with a couple of NAT statements on the PIX for a few public IP's.I'm ok with the core router config but the range is where I'm a little stuck. Current setup is as follows
Internet ---------- Router( Public intf Dynamic IP----internal intf Range IP)Router-------------PIX (outside intf Range IP---------Inside intf private net)Pix-------
As per the aboive the PIX had a public IP address from the range on the outside interface with a default route to the Router inside interface which uses a public range addres.
With my proposed config I've setup the outside interface as dynamic and just created my nat statements for the Range IP's. I believe I'm correct that I do not need to actually have a Range IP address configured on the router?
View 2 Replies
View Related
Nov 28, 2011
I don't know much about routers, but lately I've been playing around with router configuration and getting better but I am kind of stuck now.
The scenario is this.
I have 3 ip net from the ISP:
178.249.51.0/255.255.255.248 Gateway 178.249.51.1
178.249.51.8/255.255.255.248 Gateway 178.249.51.9
178.249.51.16/255.255.255.248 Gateway 178.249.51.17
[Code]....
I am also wondering - when we get more public IP net from the ISP, is this the correct way to do it?
View 5 Replies
View Related
Mar 8, 2012
I'm really bad on networking so I have a question about NAT. I got two public IP addresses from my ISP: 92.x.x.252 - 92.x.x.254. 92.x.x.254 is configured as secondary on external interface and clients will use it two connect (vpn) it from outside through cisco 1841 to zywall p1 with wan ip address 92.x.x.253. Is this configuration (look at picture) allowed? How can I route traffic from 92.x.x.254 to zywall p1, if posible?
View 10 Replies
View Related
Aug 16, 2011
how to configure public ip on router 1841 and ASA 5510. let me show you my issue that: i have router 1841 ( for F0/0 use pubic ip add 10.10.10.1 /30, and F0/1 use other rang public ip add 20.20.20.1 /24) and on ASA 5510 i use public ip add E0/0 20.20.20.2 /24 ) all this for public ip add and my lan ip is 192.168.0.1/24.
could you let me know how to configure on router 1841 and ASA 5510. for router 1841 if you use private ip we can use nat but for all public ip add how can we do it?
View 9 Replies
View Related
