I've a new Dlink DIR-632. All ports snif from outside are answering stealth by default. And the port forwarding feature works good.The problem is that I would like to allow a trusted net IP to reach my computer, whatever the request may be (whatever tcp/udp and on any ports). A kind of DMZ just for a precise IP. I tried the inbound filter feature. I've choosen allow, and I've put the remote IP start and end the same IP. It has been added correctly to the list. However, this IP still doesn't seem to be able to access to my computer on any port unless it tries on an already forwarded port.
I've been trying to configured Websense urlfiltering using ZFW feature on my Cisco 881G router. The router is running on IOS 15.0(1)M with Advanced IP Services. And I have confirmed it supports urlfilter feature.
This is what I tried to accomplish but IOS version 15.0x seems to have different command set. ----------------------- class-map type inspect httptraffic match protocol http parameter-map type urlfilter param server vendor websense 10.20.30.40 [Code]...
I have come across articles mentioning that URL Filtering can be implemented by using ASA 5505 with URL Filtering Servers. But Websense and other Web Filtering Servers are paid ones ? Are there any free solutions available ? What exactly is N2H2 ? The reason is I don 't want to increase the CPU utilization of ASA by implementing URL filtering within the device. If I have around 30 nodes which connects to the internet via a 2Mbps line through ASA 5505 and if I want to block around say 10 or 15 URLs , will it increase CU utilization beyond permissible limits ? Currently the CPU Utilization is around 10 - 15 . Here's the infrastructure setup .
I have been putting up with rubbish wireless signal down one end of my house now for quite some time. So I thought I have a spare wireless router and I could put it down there but I am sure ts not as easy as just plugging it and away you go.
Router 1 is a D-Link DIR-655 Router 2 is a D-Link DI-524
I need to know how to setup Router 2 so it basically become just a wireless access point
I am attempting to send net and IPTV multicast to an Entone STB. This STB has some OTT features such as Vudu that need internet access. The DHCP address that we receive from our ISP strictly sends multicast streams to the STB.The first challenge is allowing DHCP options to pass through to the STB.Then I need to figure out a way to pass both the net and multicast to the STB.
I'm running a cisco 891 with ios Version 15.2(4)M3 ,now I have a dialer 0 interface with fast0 and 1 as well, all is working fine.now I just read about the new sh int 'INT' history feature but when I do it I get nothing.. not a graph or anything I get just nothing as if I just hit enter.anything I need to do to enable the feature?,if I do a sho proc cpu history that works just fine but not the sh int XYZ history commands
I have cisco 3560G with C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(53)SE1 Image. I want to configure it for EEM feature so that when my Gig 0/7 port goes on it will automatically shutdown the port Gig 0/1.
What I am trying to do is port forward certain ports so the servers I'm trying to run will allow other people to connect.So far I got no where since I got a new ISP. They can't provide any assistance since I use a netgear router. One of their tech support said their modem has a built in router. The rest all said no. I noticed that the IP in CMD when I type ipconfig /all is 192.168.1.(15-47) it switches every now and then. But that is a local IP. Wouldn't that single that the modem is already routing the IP? When I put my router on it switches to 10.0.0.(2-55). These are all local IP's though. Does the modem have an integrated routing feature? Verizon really sucks so far. They can't answer their own questions without conflicting with each other.
The modem is getting the IP, and putting it into a local IP (What I believe is a routing feature) for the network. Now the local IP goes to the netgear wireless router, and gets routed again (Changed the local IP to 10.0.0.?). The netgear only got a Local IP the first time however, so the external IP is not being... worked with in the netgear router. It is trying to port forward for the local IP address, which already works for me obviously, however it is not a WAN IP address and therefore no one else is able to connect to any of my servers.And lastly, verizon states they have only "Modems" and "Wireless routers" so if they have no modems that doesn't come with this feature, then I need to learn how to port forward while the IP is being routed twice, similarly to when you have two routers hooked into each other.
I've been fighting the Rev A4 HW and 1.3x firmware stability issues. I would like to try the 1.21 firmware, but I use the guest network feature. The unofficial backrev'in instruction look to be a PITA... and I just would like make sure the guest network feature exists in the 1.2x firmware before I got through the trouble.
I'm a bit confused about new NAT functionality in Ver 8.4(2). I've gone through all the documentation as well as different blogs but still not clear about the various things.One of these is NAT-CONTROL. I understand that this has now been removed. Does this means that traffic traversing the ASA doesn't need any NAT'ing commands unless specifically required by the administrator? In other words by default traffic is allowed through the firewall without any NAT'ing.
My Second Query
I've ASA5520 running ver 8.4(2). For inside interface, I've created 13 x sub-interfaces under Gi0/1. All have same security level i.e. 100. What I want to achieve is that:Traffic from these sub-interfaces should be NATTed to outside interface when going to internetBut, intra sub-interface traffic should be allowed without NAT'ing. I'm using RFC1918 on both sides i.e. source / destination The first point is not a problem it's working, however. I'm struggling with the second point. On ver 8.2, it wasn't a problem, I used NAT 0 with access-list permitting RFC1918 addresses as source and destination.
My problem with ASR 1006 as i tried to use the feature IRB ( integrated routing and bridging ) but i find that this feature is not supported i assume it may be a problem with IOS version or may be i made he configuration not in the proper way
so i am asking to try this feature on ASR 1000 series and work with it as I test this feature on other routers and it work just fine.
I just upgraded to the Belkin N750 DB router from the version just below it and couldn't get the wireless card (Ralink RT2760) in my daughter's dual-boot WinXP/Ubuntu 10.04 to connect to the WPA security setting (WEP only) on the Ubuntu side. There is an updated driver, but it's way above my Linux skill set, so instead I just disabled security completely, and used the MAC Address filtering to add all of our household devices.This solved her connection problem, but I am wondering if there is any danger to this method that I might not have considered
Originally Posted by BelkinMAC Address FilteringThe MAC Address Filter is a powerful security feature that allows you to specify which computers are allowed on the network. Any computer attempting to access the network that is not specified in the filter list will be denied access. When you enable this feature, you must enter the MAC address of each client on your network to allow network access to each. To enable this feature, select "Enable MAC Address Filtering". Next, enter the MAC address of each computer on your network by clicking "Add" and entering the MAC address in the space provided. Click "Apply Changes" to save the settings. To delete a MAC address from the list, simply click "Delete" next to the MAC address you wish to delete. Click "Apply Changes" to save the settings.
Setting up Web Filtering on Cisco881 sec K9 router using CCP.
At the moment every user on the domain got blocked by the rule that i set up on the Web Filter (just using the wizard and choose default category). What i want is to separate users so that specific user can have full access while other user get filtered by the category.
I've looked in many places but cannot see how or if it is possible to configure a phone, in CUCM to have a feature ring instead of the normal ring.In CUCME you go into the ephone x configuration mode, and assign the DN to the phone with the button xfx command. What this gives you is a slightly different ring tone when a call comes through. If I am not mistaken it is the same ringtone they use on the show "24".Is there a way to do this "feature" with CUCM?
We are currently installing RV-042 V3 Dual WAN VPN Routers for a Customer with an HQ Office & 3 Branch Offices. The Customer recently requested to use the WEB Filter feature available in the RV-042 V3 Router to do the followng : - " Block all the HTTP Traffic Except for the company Website " We tried all the Combinations between " Access Rules " & " Content Filtering " available under the " Firewall " but we always reach the result that either to Allow ALL HTTP Tarffic to All Websites or to Block ALL HTTP Traffic.
how to Block all HTTP Traffic except for certain URL ( Using the URL Name NOT the IP Address ).
Should we active IPS feature in ASA 5500-x by useing license?in the 5500-x ordering guide:IPS is only sold as ASA-IPS combo SKUs i.e., one cannot add IPS service as an option on top of ASA SKU. For example, if IPS service is desired on ASA 5515-X appliance, the relevant SKU is ASA5515-IPS-K8 or ASA5515-IPS-K9.But my customer has actived it by using the ASA5525-IPS-SSP on ASA5525-K9.
I have a remote site that has an AP running in H-REAP mode which connects over our MPLS cloud to a WLC, which has one interface on the "inside" network and one on our DMZ. The remote AP in H-REAP mode currently only runs our Guest SSID, but now I need to established an isolated VLAN.
Two of the hosts on this isolated VLAN, which is need to support some conference room devices, need to run on wireless and communicate with two devices on the same VLAN that are hard-wired to the switch.
Getting the wireless devices to connect remotely is easy enough by setting up an SSID that uses an IP subnet which one of the WLC's interfaces actually connects to...but can I do that for a completely remote IP subnet (i.e. one that the WLC does NOT physically connect to?). I'm not sure and I'm wondering whether that's the purpose of the "Remote LAN" feature...which is a very new feature.
I have recently purchased 2 x 1941 routers with 2 L-SL-19-SEC-K9= and 2 L-FL-SSLVPN10-K9= licenses. I've installed the licenses through Cisco Configuration Pro ver 2.5 and installation did not generate any errors. After saving config and reloading the device, on the License dashboard, the deploy status for the SSL VPN is "Not deployed" and I have no way of deploying it. The state also says "Active, Not in use". I have tried reinstalling the license via command line but get error "license duplicate - already installed" suggesting the installation was OK. The sec license deployed without any issues. Is there any way to manually deploy this SSL_VPN license?
PC---2960---3750(One Routed Port and All Switched Port)------------------------ 3750(One Routed Port and All Switched Port)-----2960------Internet
I have many Vlans on left side of image , Right Side of Image is having internet connection via Modem, and local connectivity between VLAN works fine but Other Vlans Except Vlan1 is able to Access Internet.Note that 3750X did not have NAT Feature ,How should I able to get Internet on Other Vlans (10,20)
I got a simple office: one flat LAN, one single 1841 router and 2 ISPs.LAN is 10.10.20.0/24 and is connected to a port on an HWIC card I installed in the 1841. Then FA0/0 connects to ISP1 and FA0/1 connects to ISP2.
Everything is fine except that I am having some issues with the Failover feature. Currently, I am using Object Tracking with SLAs. I am pinging 2 hosts located on the internet and then I have an SLA OR statement which basically say if ANY of the 2 objects are unreachable, DO NOT trigger a failover to ISP2. If in the case that BOTH objects become unreachable, then DO trigger a failover. It works like a charm.
The problems:Any internet hiccup obviously makes the router activate the tracks and redirects all traffic to ISP2. However, 99% of the time ISP1 is back online within minutes or seconds, so after 180 seconds the traffic gets redirected back to ISP1. So in essence, the customer suffers 2 interruptions.
Besides internet hiccups, I have also noticed that every time any user tries to copy a big file accross the tunnel (the 1841 has site to site tunnels with 2 branches) the tracks go crazy and the objects become unreachable so a failover is triggered. We were breaking our heads and fighting with the ISP1 provider because every time this happened, we called them but every time they kept telling us that their line was UP and running without any problems. So after careful investigation, I do admit they were right.... it is not so much that the ISP1 experiences hiccups, it is actually the fact that users putting heavy load into the router are causing it to have its track to stop reaching the objects.
Has used the "Planned AP association" feature in WCS 7 planning mode? I haven't been able to find any documentation on it, but I was hoping that it allowed you to map your planning AP's and locations to freshly deployed AP's and place them on the floorplan when doing a synchronize, but I can't get it to complete successfully.
I have an issue understanding the difference between 3945 and 3945E from VPN support perspective.
If you check this link here:
You will see that the 3945E doesn't even have an ISM slot for a VPN ISM module and of course I could not find any ISM module for 3945E (I think this is obvious). Nevertheless, the above mentioned page and
say "Embedded hardware-accelerated VPN encryption for secure connectivity" for 3945E
That the Cisco 3945E supports the same VPN features (including packet encryption / decryption in hardware) like a Cisco 3945 with VPN ISM card?
I have Cisco 2651XM and currently running old IOS c2600-is-mz.123-26.bin (IP PLUS) which I used the NAT protocol. I was wondering can I use IP-BASE on this router and I am not sure if this feature set has NAT protocol.