Protocols / Routing :: Access Secondary Subnet From Remote Location?
Apr 12, 2011
Main Site allows communication from Remote Site via VPN to Windows ServerMain Site also has a secondary subnet that communicates ONLY through internet but NOT to the Windows Server.Sonicwall 192.168.168.x is main siteRemote Site is 192.168.0.x connecting to Main Site to access shared folders on serverSecondary subnet at Main Site is 192.168.0.x using Windows XP PC's. They are accessing a linux server at 192.168.0.215 which Main Site has no access to.VPN remote ip's are 192.168.0.x - they can successfully access the Windows Server at 192.168.168.100 BUT NOT 192.168.0.215.GOAL: Want to connect Remote Site to Secondary subnetWilling to make router changes or whatever is necessary to get Remote Site to access Secondary Subnet with the only exception that the Secondary Subnet REMAINS.VPN DHCP is turned off but willing to turn it on.Willing to make the Linux Server 'discoverable' on the Windows Server. Don't know linux at all but another co-worker set it up and can make changes.
I have an ASA 5510 running v8.4(3)9 and have setup a remote user VPN using the Cisco VPN client v5.0.07.0410 which is working appart from the fact that I cannot access resources on a secondary subnet.The setup is as follows:
-ASA inside interface on 192.168.10.240 -VPN clients on 192.168.254.x
I can access reources on the 192.168.10 subnet but not any other subnets internally, I need to specifically allow access to the 192.168.20 subnet,[code]
I recently installed a couple of Cisco Aironet 3600 Series Wireless Access Points at a remote site. While I was at the site everything seemed OK, The clients were able to get connected to the access points, the guest network worked fine, I could SSH into the access points, and I could ping them. The problem is when I went back to my home site I tried to SSH into the access points through an ASA IPSec VPN Tunnel and it couldn’t find it. When I try to ping the access points they “time out”. I can ping and connect all other addresses (via RDP, HTTP, etc..) on the same subnet which should rule out an access list problem. A couple of notes to be aware of:
The WAP’s have the Autonomous IOS installed (Version 15.2(2)JB) The WAP’s are connected to Dell PowerConnect 5724 (Not by choice.. We are a Cisco shop, these were already there and have plans this year to replace)
I can ping and SSH with Putty to the WAP’s from the local subnet I cannot ping or SSH from a remote subnet to the WAP’s. I can access all other IP’s and Computers from a remote subnet.
I have forgot this technology name, but, I remember it can achive on between Nexus 7000s in two location, and also between two catalyst 6500.Can I ask if it can be done between one nexus and one catalyst 6500?
Password has been resent but the connections is always limited and then disconnects shortly after making a connection.My iPhone can connect to the wifi but my computer can not.
I'm essentially looking to extend an existing network in a primary warehouse for our company across a parking lot to a secondary warehouse with no network drops. I need to keep the ability to assign addresses in the existing scheme over to two computers in the secondary warehouse.
I have to get a list of external subnet's and external IP's for several properties so that the web based time card software can restrict access.I can get external IP easy, but I don't see an easy way to get the subnet. Is the only way to do this by contacting comcast/att at for each location and check with them?
I have successfully setup the AnyConnect VPN (connecting to our ASA5510) and have split tunneling configured. My remote users can access inside LAN servers as well as the Internet from their remote location. What I would like to know is is it possible to change the split tunnel and not allow access to the Internet from the remote location but force the remote client to go through the VPN and out our internal edge firewall to the Internet? Basically I need my remote clients to access the Internet but I would like for their Internet traffic to go through the VPN and out our edge firewall. This will allow the same security as if they were sitting in the office.
Based on my diagram, my computer A (192.168.100.11) can ping and access my computer B (192.168.10.14). But, when i'm home and i use remote access vpn (192.168.200.x) in cisco asa 5520 to connect to my computer A is okay. But, when i try to ping my computer B is not okay. I already do the exemption for 192.168.100.x and 192.168.10.x in nat rules for inside interface (192.168.100.2) ...
Should i put routing from outside 1.1.1.2 to 192.168.10.x by using 192.168.100.1 as a gateway?
partition the departmental IP network address block to create a staff and a student subnet. Each of these will be identified by its own network address and netmask. It is university policy that you must be economical with the IP addresses. That is, the subnets must be as small as possible, but they must be large enough to accommodate the maximum number of hosts you were given. Also, it is university policy that the respective gateway router to the outside world should always be given the highest possible host IP address in the subnet. The student subnet should have a higher IP network address than the staff subnet. The network must be able to support up to 60 machines on the staff subnet (not counting the router) and up to 120 machines on the student subnet (also not counting the router).
IP address/netmask University network address127.158.128.0 University network mask255.255.192.0 University internet gateway IP address127.158.191.254 Department network mask255.255.254.0 Department router address127.158.129.254
Suppose that the network address of the departmental network is 127.158.128.0 (calculated by AND between Dep network mask and Dep router address)I know that 60 machines would use 6 bits for the staff subnet.the netmask of staff would be 255.255.255.192.how can I figure out the the IP network address of the staff subnet.I have worked out the range for the staff subnetwork.
I have a network with 3 sites that are on different subnets. Each site has an ASA Right now, I am only able to connect to the ASA that is connected to the subnet I am connected to.I want to be able to connect to the ASA that are on the remote subnets on the address of the inside interface.The sites are connected all together by site-to-site VPN.Is there any way I can achieve that without opening the outside interface directly on the Internet?
I have a weird problem which I have already submitted a TAC ticket about. When users authenticate through AnyConnect into our HQ ASA 5510 they grab an address from 172.16.254.x. What we have been noticing intermittently is that when logged into our network through the client they are unable to access their resources at one of our remote offices which is connected over l2l to the HQ ASA. This problem just started randomly a week ago and we have been working with Cisco trying to create a solution.
My quick fix is logging into a device at the remote office which is trying to be accessed and pinging the gateway of the virtual subnet for AnyConnect users. When I ping 172.16.254.1 it goes through after a few dropped icmp packets and then the issue is resolved for about 8 hours or so.
I've got an 1811 router running 15.4 IOS and a cable modem with 5 static IP's attached to Fa0. I would like to dedicate one of those IP's to a dedicated internal subnet (10.0.30.0/24) but I am not sure how to accomplish this?
What would be the best method to accomplish this? Unsure of where to begin..
Clients in both networks can reach internet, but they can't communicate with eachother. Hosts on the additional network can ping the ASA inside network IP, but nothing else. I get incomming hitcount for inside interface when 10.200.12.x tries to ping 10.200.31.x. In the error log, I see: [code]
I have a cisco ASA 5510 at the branch here. It terminates about 8 vpn tunnels and also it supports remote access clients. I just have a quick question. Can my remote sub-net group access the other remote access site-site VPN subnet group. If yes then how should i configure it.
My boss is asking me to write a batch file or use a utility to monitor the uptime of 16 different ISP accounts that we use across several stores. Most stores have several ISP accounts setup as failover, so they're not always active on our network but the ISP should still be up. He would like this to run from one of our servers. He is suggesting the 'gateway' for the ISP however I am not sure how to find this IP. The tracert utility returns IP addresses which are different than the gateway address in our router settings so I am wary to use those IPs.Which IPs would I ping to monitor the uptime and where would be the best place to find them?
We have a 5508 WLC with WCS and are using 1131AG WAPs. How to determine if there is interference or noise at a remote location without going there with a spectrum analyzer?
I have a customer which has a main location office and a remote one. Recently we interconnect their facilities using a local ISP service called Virtual Connectivity, which basically is a private network which can be accessed over aDSL or any other data circuit. They are using Cisco 888 routers to interconnect both sites.At the main site the customer also has an Internet circuit (with a Cisco 857 router)and he wants to remove the Internet circtuit from the remote site and provide them access over their main location Internet circuit.At the primary offices, we installed Cisco 2811 router as a gateway to route the Internet and remote network traffic over the required data circuit. Everything is working fine, but we can not access Internet from the remote location over the circuit installed a the main site. I understand this is a routing issue, since the traffic hits the main office network it does not knows how to reach the Internet. I am assuming this routing must be set into the main office Cisco 888 router (installed by the ISP to interconnect to their private cloud) in order to properly route it over the Internet circuit.Since I already have access over the Internet router and the gateway router at the main site, but not into the ISP router, is there any other way I can make this configurtion over the routers I already have access?
I have a existing wireless setup of 4400 WLC with some AP's connected remotely,now i am migrating the whole setup to the new WLC 5500. All the AP has been registered to the new WLC 5500 except the remote location AP's.As there was no option of giving IP address in GUI of the controller in 4400 WLC, i have changed the controller name and restarted the AP, but even though it is going back to the old controller.
While trying to connect to WiFi at remote sites APs, the connection is getting time out.User are getting error as 'Unable to connect to <WiFi-SSID>' The APs at corporate office are functioning properly and user are able to connect to the APs.
Got a shiny new SG 200 26P which seems to work fine operationally.owever, when I am trying to access the web interface from a different IP subnet, the web brower just times out.If I put my PC on the same IP subnet, it works just fine. From the other subnet, I can ping the switch fine. The default gateway is set on the switch, and from the web interface I can ping and dns resolve other hosts and on the internet. I've tried to create a management profile to 'allow all from everywhere' basically, but still no luck.I'm completely stumped. I've tried to reset to firmware defaults, and I'm now runinng the latest firmware. I woudl suppose that the switch would allow itself to be managed via the web interface from all subnets by default. Any thoughts? The fact that the switch can ping internet hosts makes be believe it's own default gateway and IP are all ok and working.. (and I can ping it from anywhere in my network).
I can access the website in other places(such as my library, another house, my university, my towns book store, etc.) but not at my own house. I can access the website anywhere but my own home! I contacted my ISP provider and he said that the website was not blocked by the ISP provider because the ISP consultant was able to access the website .I know the problem isn't rooted in my computer and believe that the problem is IP related because I was not able to access the website on either of the three computers at my house.
My computer won't connect to any of Google's servers. ANY of them. Gmail, docs, reader, nothin. I can visit youtube, but I cannot get to the log-in page. EVERY other site works pretty well. Heck, even using a site that uses a Recaptcha it doesn't load the recaptcha!Nothing wrong with my hosts file.
Tracert results in 6 successful hops and then times out (I think at my ISP?) the last 2 successful hops are chnddsrj01-ae2.0.rd.ph.cox.net And then langbprj02-ae2.rd.la.cox.net Then all time outs
My other PC is connected to the SAME wifi network right now, and I'm posting from it, and it works fine. Both are on XP. Reboots haven't worked. Happens on all browsers. Every other website I can find is just fine.
I have a little problem with installing my new router. There were quite a lot of problems with the old smc, so I've bought a TP-Link router. I installed it just alright, it said congratulations, you have internet. I don't have though, not even on the directly plugged computer. It's kind of frustrating, since the old router is still working like before. So I plugged an ethernet cable from the old router's lan to the tp-link wan and with that, the new network is working just fine. The problem with the internet access occurs only, if the router is directly plugged to the modem. (The computers do find the network but the connection is kind of offline.) I don't really know what could be the problem, since I'm a little new to routers. I've read almost everything in the new router's manual and I'm pretty sure it's installed correctly. (ADSL username and password copied from the old settings, mac address copied, all ip addresses pinged, done power cycle etc..) I thought about resetting the modem, but I'm a bit afraid of losing the old router's internet connection as well.
We have three home systems connecting to the internet. Our cable/phone/internet provider upgraded their phone service to digital and installed a new modem/router combo (three months ago). Since then we've not been able to access MSN.com on our XP laptop and droid tablet but can access it on our windows 7 laptop. When the router settings are changed to "Bridged" and the router firewall is turned off, we can connect. We've changed the modem and the problem still continues. Our cable provider is stumped and so am I.
I have reset the modem but after resetting it I can't go for internet anymore with computer or wifi . And after that I notice that my wifi is not under any security which is free for all.can I know how to fix this problem ?the main problem is mostly that can't go internet after reset it
So I am working on a website with MySQL/PHP that I have been developing on my Linux box. I wanted to show a friend my progress so I temporarily opened up port 80. So he was able to just type in my public IP and it brought him to my localhost index.
My question is, when I type in my IP address in the URL bar, does the web browser automatically just assume port 80? What happens if I want to have 2 different servers from the same local network and one is running through port 80 and the other is running through port 90? In this case, would I have to type ":90" to access the machine running on port 90?
I did not know the username and password for my DI-524 so I wanted to do a reset...used a paper clip and held the reset button for ten seconds, unplugged it, powered it up, and as per online instructions tried to type in 192.168.0.1 to access the username and password field so that I could enter "admin" and blank password. Here's where my lack of knowledge comes in. I am working off a MacBook with no Ethernet connection, just wifi. Is what I am trying to do even possible? Or does the computer I configure the router with have to be hardwired to the Internet while I do it?
I have a computer named server and it ip is 192.168.0.5 and a live ip xxxxxxxx which is a private ip. on this system my oracle middle wear is running.I just want that people may access my application which is running on 'server' through public ip. Is it possible. If it is. then how.=]
I've been trying to configure my router which is linksys E1000 to forward port to my sharepoint server. Here is what I have done so far, setup single portforward to i.e 192.168.xx.xx using port 4848.Now my question is, do I need to configure sharepoint to receive this incoming connection. I do need to have my sharepoint be accessed anywhere on the web.