I need to NAT some subnets to one IP and other subnets to another IP. The range command want work because some of the subnets are out of order.For example subnets 192.168.1.0 - 192.168.7.0 and 192.168.25.0, 192.168.28.0 nat'd to 126.96.36.199. subnet 192.168.26.0-192.168.27.0 nat'd to 188.8.131.52
I have a home network. There are a total of 3 PCs. Each runs Server 2008 32 bit. One PC - Lets say Server A has 2 NICs with Ip addresses, 10.0.0.10/30, 10.0.0.2/30. Other two computers Server B and Server C have single NIC with addresses 10.0.0.1/30 and 10.0.0.9/30 resp. So as you can see that there are two subnets 10.0.0.2 - 1 and 10.0.0.9 - 10. I can ping B and C from A. I want that B and C can also ping each other and if I run tracert on B or C, it should give me the route to the destination via A. All this without any other hardware. Like using route add... etc eg. if I write tracert 10.0.0.9 on B, it should return a route like 10.0.0.1-----10.0.0.10------10.0.0.9.
I have 2 DSL Lines going into a load balancing router. The load balancer is set up to distribute the traffic equally on the two lines, hence doubling the bandwidth. Though great at load balancing, it cannot handle DHCP for the 50+ users on our network, and therefore we are using another router for DHCP, which is running DD-WRT firmware.DSL 1 - 10.1.0.1DSL 2 - 10.2.0.1Load Balancer - external 10.1.0.2, 10.2.0.2 internal 192.168.10.1. DHCP Router - external 192.168.10.2, internal 192.168.1.1All other devices - 192.168.1.xThe load balancer has many options to direct traffic to one WAN port or the other based on IP address, which we would like to implement. But right now, since all my devices are on the 192.168.1.x subnet, it can't see anything but the DHCP router. So essentially it thinks it has only one client.
if some gave me an IP address and subnet mask, and they told me to identify the range of valid subnets I have no clue how to do it. I know how to work out the total number of subnets and hosts, you just look at how many subnet bits have been borrowed and use the 2^ formula. For example with the IP 172.28.123.0/25 I know the default mask for a classs B address is 255.255.0.0/16 so in this example we have borrowed 9 subnet bits to give mask of 255.255.255.128/25 and 7 host bits remain. In order to find the total number of subnets you do, 2 to the power of 9 because we borrowed 9 bits, which tells us that there's 512 subnets and to find out how many hosts we do, 2 to the power of 7 because we have 7 host bits, so that gives us 128 hosts in each subnet. Now this is where I get lost, how do I find out the number of the first and last subnet? I know there's 512 subnets and each subnet has 128 hosts. But I don't know the number of each subnet, the range to be more precise. How do I workout the first, second, third, fourth etc subnet address
- these subnets are connected to an IP backbone via wirelles acces points
I would like to physically connect these subnets together so the networks devices in S1 could directly communicate with the devices in S2 and vice versa without going through the backbone.
The obvious solution seems to interconnect these subnets with a router or a switch L3. But I would like to connect these subnets and stay at layer 2.
So, is it possible to connect S1 and S2 with a switch L2 ? If I do that, what is going to happen? Can I create just one subnet S3 from this two subnets when I connect them together and have my two separate subnets back as soon as I disconnect them?
our office has 2 branches recently the static ip of the branch was changed to a different subnet. earlier it used to be
184.108.40.206 subnet mask (255.255.255.128) main branch router (1) ip which forwards all request to server (dmz) - unchanged
220.127.116.11 subnet mask 255.255.255.128 sub branch (2) router ip changed to 18.104.22.168 subnet mask 255.255.255.224
after this change i am not able to access shared folders on the dmz server (1) (22.214.171.124). i am able to ping the ip and also able to open remote desktop connections from sub branch (2).i suspect that it is because of subnet change as i was earlier able to access shared folders?How can we access the shared folders across the subnet? what settings to change?
Is this correct? I'm not sure whether the default gateway should be 192.168.0.255 (as would with normal subnets) or as I wrote down 192.168.0.126, this is the first time i've ever gotten assignments including VLANs and I havn't really gotten a solid explanation.
I recently added a post lately referring to drawing a topology of a large network with a high number of hosts. Now with project itself, I'm designing a network for a large organisation with a different number of hosts at each location.These are, 500,18,52,236 and 12. The location with 500 hosts is the head office, to which every other branch has a wide area network connection through a serial link.How many subnets would I require? I wrote down subnet details, but only for 5 subnets, a subnet for each location. Is that all I need? Or do the WAN connections count as subnets
This might be ridiculously bad for security but I'll ask anyway. Is it ok to have two routers on the same subnet? One router/firewall will do NAT for hosts that don't need a real IP/or care to manage their own firewall and the outward facing router.
I am working on a Cisco 5510 with multiple interfaces and requirements. I have experience with Cisco IOS, but not too much with the ASAs. I seem to be getting a bit confused on the NATing and ACLs on a firewall that was started by another employee, who is no longer here. With my current config I can get the firewall in place (we are currently using an older PIX) and most basic functions work except for two key things: 1) communication from the finance interface to the inside interface. The finance subnet has some restrictions that you will see in the ACL- we are trying to limit connections to the those systems, but they need to be able access an e-mail server on the inside. 2) communication from the DMZ interface to the inside interface. Maybe related to the first problem?
I've currently got my ASA (5505) serving a /28 public subnet. I've ran out of IPs, so my DC has issued me an additional /24 subnet that they have routed to my ASA. What needs to be done on my ASA so be able to use these new addresses? I've been trying to search and not been able to find a good answer (some say I shouldn't have to do anything, everything else references NATing, which I currently don't do and would rather not do).The servers I assign these to, I'd like them to have the public ip assigned directly to them.
I purchased an ASA 5505 and placed it between my Cable Modem and Cisco 3745 router. The outside interface on the ASA is dhcp, the inside interface is 192.168.100.1. The outside interface of the 3745 is 192.168.100.2 and the inside is 192.168.1.1. The VPN pool is 192.168.200.10 - 192.168.200.10.
1. When I establish a VPN session to the ASA, I can ping and access any resources dierectly connected to the ASA's interfaces and on the ASA's internal 192.168.100.0 network. However, I cannot access any resources behind the 3745. I cannot even ping 192.168.1.1. Even directly connected hosts on the ASA cannot access Hosts in the 192.168.1.x subnet. There appears to be no traffic between 192.168.100.0 and 192.168.1.0.
2. Although I believe that I sent up split-tunnel, I cannot U-Turn back to the internet once connected to the VPN.
Here is my network topology as well as my ASA config and Router config.....
ASA ...... ASA Version 8.2(5) ! hostname poog-fw1 domain-name poog
I have two groups of students I wish to seperate by subnetting. Students are nine in each group, and there's one Cisco router (or W-server set as a router). After giving group A an IP of 192.168.200.1, and group B an IP of 192.168.200.129 and connecting each interface to it's own seperate switch, what else does each PC user need to do to establish communication with members not in his/her own subgroup?
I have a Windows 7 Pro Desktop with an on-board Ethernet and an Axis USB To Ethernet adapter. The on board Ethernet is configured as dhcp and obtain the address 10.162.146.123 with 255.255.255.0 subnet. The Axis USB to Ethernet adapter is static ip configuration with 10.38.25.37 and 255.0.0.0 as subnet. Under the adv settings I have also another ip 126.96.36.199 with 255.0.0.0 subnet. When the Axis is communicating 10.38.0.1 network I can not access the internet using the on board Ethernet 10.162.146.123. I have to disable either one of the cards to access one network at a time.
I have 1 Cisco switch 24 ports and 12 computers. The 12 computers are divided in three groups and every group is a different network segment.
question 1: I need that every group has communication with its own set of computers but no communication with the computers on the other segments.If I connect the computers to any port on the switch, can they communicate within its own groups? Can the switch pass the network traffic for all of them?
question 2; What I need to do on the switch to have them to reach the internet?
I have a cisco 2921. I have 2 networks that has its own router
192.168.1.0 network is connected to watchguard firewall 192.168.9.0 network is connected to the cisco 2921 router.
I want to connect the 2 subnet using one of the interface of the cisco router. How I can get this work? It is not connected via vpn tunnel but we want to have LAN speed when accessing resources on both network. Each network is connected to a dell switch.
I have a 5508 controller that has 14 APs connected to it. I installed them without an issue. The 2 new APs are on a different subnet. I can ping them from the 5508 controller ping command, but they do not self discover from the web interface. The 2 new APs are at a differnet physical location.
I am coming to this forum because TAC and several CCIEs are having trouble finding me a solution to my problem. I have Two 5520s each running 841 connected in two different data centers with two different internet providers. I have 100+ 5505s that have the capability to connect to either 5520 via EZVPN to either 5520. Up to now there has not been a need for a 5505 connected to one 5520 to talk to another 5505 on the other 5520. Each 5505 accesses network resources as in any enterprise network. Our company recently started telecommuting and I have been giving 5505s and a VOIP phone out to people. What was discovered is, if you are on one 5505 connected to a 5520 and the other 5505 is connected to the other 5520 the audio in voip does not work. If both the 5505s are connected to the same 5520 than everything works fine. Conversely a 5505 on one 5520 cannot ping a 5505 on the other 5520. 5505s on the same 5520 can ping each other no problem.
My problem: All 5505's are configured for a 172.18.xxx.xxx 255.255.255.224 subnet. This subnet is not used anywhere else. So I have a 100 Class "C" subnets carved up into 255.255.255.224 networks. If I look at a specific route for a subnet on one 5520 I see it pointed to the outside interface via RRI. I can look for the route in the 5520s connected CORE switch and I see the route pointed to the 5520. We have a fiber connection to the CORE in the other data center. The route is in this CORE switch as well. When I look for the route in the 5520 connected to this core it is not there. I have all other routes visible but not this particular route which should show on the inside interface. All I show on the 5520 are the 5505s connected to this ASA. So the 5520 is not processing the RRI subnets from the other 5520 and vise versa. Thats why a 5505 on one 5520 cannot ping a 5505 on the other 5520. I only see 172.18.0.0/27 on the outside interface of both 5520s. I do not see any 172.18.0.0/27 on the inside interface on either.
I have had numerous TAC cases open on this and no one seems to either understand my problem or have a solution for me. My local sales rep CCIE says the problem looks like a bug in 841 (which I am running) and that the ASA is not processing RRI from eigrp which I am running as well. The whole network is running the same instance of EIGRP including the 5520's.
My questions: 1) Is it possible the 5520 is not allowing 172.18.0.0/27 on both the outside and inside interface? Even though all subnets are masked proper the ASA maybe thinks it is being spoofed? I have not been able to confirm this using the real time log. 2) Could this really be a bug? I have looked at all the release notes and have not found anything resembling my problem. TAC has not recommended that I upgrade or downgrade my IOS.
I'm trying to set up 2 separate networks in my home, both of which have access to the internet through a single ISP.I have set up my networks using 2 routers as described in the "Version 2" scenario found here: url...The problem is, a computer connected to the LAN side of Router 2 is able to ping and map shared folders on computers connected to the LAN side of Router 1. According to the writeup (last paragraph), this should not be the case.I have been over the setup multiple times to ensure it is per the writeup but each time, I am able to ping and map.Is there some additional router/computer settings that I may be missing?FWIW, here's my take on what is happening (with the ping): When a computer on the LAN side of Router 2 (submet 192.168.1.x) does a ping to a computer on the LAN side of Router 1 (subnet 192.168.0.x), Router 2 sends the request to its Default Gateway (since it's a different subnet).Router 1 however, recognizes this as its LAN side subnet and forwards the request to that computer. The ping response is then routed back from Router 1 to Router 2.
I've done a very crude drawing of the network setup I'm working on. I just need to run an idea past some network guru's to see if I'm right about my idea.
The existing network consists of
Internet Proxy Server Several switches scattered around school PC's
What the school wants to do is setup a side-along wireless network that uses the same physical switches but on a different subnet. The current subnet is 10.172.1.x .
To facilitate this I'm running a 2008r2 running RIP V2 to route internet traffic to 192.168.1.x subnet. I've had the wireless units use a static address and their own dhcp servers on the 192.168.1.x subnet. Wireless devices found their way to the internet fine. But I'd like to control the addresses from a single point of contact, hence the 2nd domain server running 2008r2. There are reasons for using a 2nd server, I've covered this in previous topics. If it's important, lets call it an intellectual exercise and leave it at that.
The question(s) : If I run a DHCP server on the 2nd server serving 192.168.1.x addresses, then any device on the physical network will obtain either an 192. or a 10. address correct ? The wireless devices will only take a 192. address because the wan address is statically assigned to a 192. address ?
The 2nd question : By setting a static routes out of the 2nd nic on the 2nd server, I can control the dhcp server so it will ONLY route dhcp requests to the statically assigned wireless devices ?
I have a home network. There are a total of 3 PCs. Each runs Server 2008 32 bit. One PC - Lets say Server A has 2 NICs with Ip addresses, 10.0.0.10/30, 10.0.0.2/30.Other two computers Server B and Server C have single NIC with addresses 10.0.0.1/30 and 10.0.0.9/30 resp. So as you can see that there are two subnets 10.0.0.2 - 1 and 10.0.0.9 - 10. I can ping B and C from A. I want that B and C can also ping each other and if I run tracert on B or C, it should give me the route to the destination via A. All this without any other hardware. Like using route add... etc eg. if I write tracert 10.0.0.9 on B, it should return a route like 10.0.0.1-----10.0.0.10------10.0.0.9. Refer to the image that I have Attached
I just installed a new ASA 5505 for an office with three internal subnets.* The three networks can each get online fine and ping eachother, but cannot browse to shares on the two internal networks other than their own.* How do I configure the ASA to allow all traffic between these three inside networks?
I have two locations both about 800meters apart, one is my home and the other address is a campsite where i have a linked router network (WDS with routers running ddwrt) where campers can all use the internet and also i have several IP cameras. Obviously both address have different gateways and therefore their own DHCP server. Everything was running perfectly until.I linked both of my address up using a long range antenna and now i am having problems.
Sometimes the two DHCP servers are competing with each other (i need both addresses on the same subnet in order to view my IP cams from home) and sometimes the computers log on to the wrong gateway. Its very annoying because the only way i can resolve it is by turning of the "linking routers" for a minute and then the Computers log onto the correct gateway. This happens to clients both side of the bridge. I have many different clients on both side of the bridge so assigning each computer (via windows) its fixed default gateway and DNS is out of the question as some of the clients are Camper's PC's and mine and my wifes laptops swap between both locations.
Now my query is, how can i block both DCHP servers from going over the bridge? OR can i have them on both separate subnets and still view my IP camera and still access all the routers from each subnet (i need this because sometimes i need to reboot the routers from home)
With traditional classful subnetting, the same number of host bits is used to designate the subnet ID for all the resulting subnetworks. This type of subnetting always results in a fixed number of subnets and a fixed number of hosts per subnet. For this reason, this is known as fixed-length subnetting. The decision about how many host bits to use for the subnet ID is a big planning decision. There are two considerations when planning subnets: the number of hosts on each network, and the number of individual local networks needed. The table for the subnet possibilities for the 192.168.1.0 network shows how the selection of a number of bits for the subnet ID affects both the number of possible subnets and the number of hosts that can be in each subnet. One thing to keep in mind is that in all IPv4 networks, two host addresses are reserved: the all-0s and the all-1s. An address with all 0s in the host portion of the address is an invalid host address and usually refers to the entire network or subnetwork. An address with all 1s in the host portion is used as the local network broadcast address. When a network is subnetted, each subnet contains an all-0s and an all-1s host address that cannot be used for individual host addresses.