Cisco Infrastructure :: 2921 / Webmail Publishing On Non-standard Port?
Apr 3, 2012
We are going to "publish"(I don't know if this is correct word to use;)) our mail server on Cisco 2921. As far as I know it can be easily achieved with static NAT. But the thing is, we don't want to publish it on standard 443 port i.e. we want router to listen for https connections on other port than 443, and then redirect this connection to internal server with private ip.
I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.
WAN ----- ISP Router ---------- FW ---------- LAN -------- Mail Server + Webmail | (25) | (3000) 194.x.x.69 192.168.1.254 192.168.1.6
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?
I am looking to add a new DMZ zone to our network with have a standard 1941 (1x LAN / 1 x WAN port) and so I need a 3rd routable L3 interface to create the DMZ.
Is the HWIC-1FE what I am looking for or is there another way to do this?
we would like to setup FTP server over CSS where our member sever use non-std-port to open both control/data channel (i.e. 6370 as ctrl and 6369 as data this case.) but seems we only get Passive mode FTP mode work only but not for Active mode FTP case for data channel establishement for server back to client..
# sh ver Version: sg0820501 (08.20.5.01) Flash (Locked): 08.10.1.06 Flash (Operational): 08.20.5.01 Type: PRIMARY Licensed Cmd Set(s): Standard Feature Set
We are testing a Zone Based FW config since 1month, everything run smooth but we're having problem ( big slow speed access ) when a user try to reach a website on a non-standard port ( 8080 in that case ). All the trafic stay in our LAN, using a IPSEC/EZVPN connection between the 2 sites.As soon as I have disabled the Zone Based FW, the speed was much better.
I'm sure I'm missing a parameter to fix that problem but I tried many different options and I didn't find anything yet. All the routers are Cisco 1811 running adv IP Services 15.1.2.T1 IOS.A port-map has been created to map the port 8080 to the HTTP protocol for the inspection.The PC will have an IP address in the 10.2.2.x/24 and will access a server on 10.2.3.x/24, both devices are part of the zone private in each site/LAN.All the access between sites are managed by an ASA; the IPSEC/EZVPN peer.Little summary, it's gonna be something like : SiteA with a PC on private zone then on public zone for the EZVPN to SiteB on public zone and then private zone to access the server in the LAN.
We are in the process of switching our infrastructure of our routing/firewalls/vpns over to cisco. We are switching our first location and one of the issues I'm struggling with is windows authentication pass-through for internally hosted web pages. Meaning, user inside our network has the 2921 as their default gateway, they try to access a web page that is hosted on the internal network but is secured with windows authentication. In the past, because they are logged into the domain internally, the website authenticates and loads. After switching to the Cisco, it asks for a password even though they are logged in.
Because its the web server that actually authenticates I'm not sure why the router isn't allowing that to happen, but I can't think of anything else that could be causing this behavior.
I can not find any information about management port of Cisco ISR 2911, 2921 and so on. There is management port in specification of 2911 and 2921 and I do not know if this port can be as a simple Ethernet port – forward traffic in/out on L3.
Any confirmation that the versions 8.6 and up don't allow publishing to more then one public range if IP addresses?
We have ASA5520 version 8.4 in deployment and there I can NAT to 3 different ranges of public IP-s.
With same configuration on ASA5525-X version 8.6 it will NAT only the range that the outside interface belongs to. Also tried the 9.0 version with the same result.
I've just registered with NO-IP (free account), created a host, installed the client (in CentOS) and I want to see a website I'm running locally in that computer from another computer (via internet :). How do I access it?My host is "customtrack.no-ip.org "And in that unix box I've got a published website that I can access from any browser in the following URL: [URL]When I log in to from the browser from another computer I get the following error message:
Quote:The connection was reset- The connection to the server was reset while the page was loading.The site could be temporarily unavailable or too busy. Try again in a few moments.If you are unable to load any pages, check your computer's network connection.If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
How do I tell CentOS that I want to redirect that site I'm hosting locally [URL] to [URL]? I believe that's not done automatically. How do I configure the redirection?
We have a network of over 20 devices, all kinds (windows, android, mac enz...). Everything was going well until one of the mac-users tried to publish his website that contained a movie (at first the movie was 622 MB). If this user presses publish the internet is going away. The website won't publish, waiting doesn't work. While the internet isn't working I went to another pc in the network and started some ping experiments. I can ping any device in the LAN, outside the LAN something strange happens: let's say for 6 seconds it is ok, but then it fails for lets say 20sec, again 6 sec the ping returns ok (45ms), and goes down for a longer period. Eventually it is not coming back.The mac user himself cannot access the internet either. When the publishing is stopped, the internet is back in less than a second.
This problem is recent, and it isn't the first time this user published a video on his own website, on the same host with the same application (iWeb). I asked him to publish his site to a local folder and hand it over to me, I tried to publish it to the same host using my own FTP application (FileZilla), this worked without any problem (I am on the same network). This is what we tried:
- Compressing the video (it is now 26 MB, still not working), we have 2GB space from the host, no limits on filesize. - Publishing the website without the video's, no problem - I turned on logging (debugging level) in the modem/router, no entries at the moment things went wrong... - I called the provider, they claim nothing is wrong at their systems.
So, can the modem be broken? I don't think so because I can use it with far more intensive tasks without going down.One thing is clear, it shouldn't be possible for one computer to block the internet for everybody, so changes in the configuration are needed (I think).
I have two WS-X6148-45AF linecards here that have been out of use for quite some time. Upon inserting them in one of our 6509-E's I noticed that both had "Minor Error"s on their module diagnostics.
I would have just assumed that the cards were dead and requested replacements, but both cards have the *exact* same diagnostic errors, which only seem to effect every-other port. That's too much of a coincidence for me, so I figured I'd ask on the forums and see if I'm just missing something obvious before I assume the worst. Are these cards both somehow damaged in the exact same way? Or is there some config/compatibility issue that I haven't heard of?
relevant diagnostic output from one of the cards (Both outputs the same, no use posting twice) is below:
Router#show diagnostic result module 4 Current bootup diagnostic level: minimal Module 4: 48-port 10/100 mb RJ45 SerialNo : SAL11391VUY
We are trying to install filter software at our main location and branches. The admin console has been installed at the main branch, but I need to allow access to ports 58000-58003 through our firewall in order to successfully install the software at our branches.
I have a LAN with Cisco 1941 as the only router with NAT that connects it to the internet, with a single public IP. There are many gamer users, and they complain that Call of Duty Modern Warfare 2 sees our network as "strict NAT", while for full gaming experience it needs "open NAT". After a small research I have found out that CoD needs certain port ranges to be forwarded to LAN IPs. Well, I know how to forward a range of ports to a single IP, but how is it possible to forward a port range for all the IPs in the LAN?
I need to increase the link capacity of 10GE to 20GE between two Cisco7609, so I feel the need to configure port channel between them, my little problem is that I have a SCE 8080 in the middle of both 7600 currently is configured inline. The SCE has 4 modules 1X10GE-L-V2 (currently in use 2), I was investigated and the truth is that I not found anything concrete about how to configure the SCE to "pass" etherchannel through it? What the SCE needs to support 20GE of traffic? (configuration and software)
We have a 6509 running 5.4(2). We have set up a hyperterm session and connect to multiple devices, then we get to the 6509 and it will not work. When we reload the 6509 and we are consoled into it, we get data until it is finished reloading. Then the console connections is no longer there.
Is it possible to reduce de recoveery time after an interface shutdown? Current interface configuration is as follows and it takes 1 second to recover from a shutdown. I need to decrease this time.(Cisco Catalyst C3560) [code]
Just want to ask if 4-port serial HWIC-4T is compatible for the Cisco 2801?We need additional HWIC for Fast Ethernet but the problem is we don't have already slot for it.We already have two HWIC-2T 2-port serial which is inserted at slot 1 and slot 3. We're planning to buy 4-port HWIC-4T so we can use the slot 3 for HWIC Fast Ethernet.if it's possible to have the 4-port serial HWIC-4T be inserted to Cisco 2801.
I used to be able to set an uplink port with the interface command "port network" so that it would not learn all the mac addresses that are being flooded down to the switch. It does not seem to be there on the 2950's or 35XX switches.
Where did it go and what is replacing it? Interface is a Trunk port as well.
I got a new router yesterday and I'm trying to re-portforward a server that I was hosting. I access my router page and add the ports to the port triggering page and it saves. After that, I go and check if my ports are open, but it is still saying that they are closed. The protocol is set at TCP. However, on my old 2WIRE router, I used to be able to set the application type as FTP. But theres no option to do it on this one.
Everything worked fine before on my old 2WIRE router. Also, if it makes a difference, I'm using the Windows 8 developer preview. I'm not sure if this would be the problem, but I also tried adding a port exception to the firewall but can't find the option to do so.
Currently it seems as our 3550's doesn't send traps when bpdu-guard sets a port in err-disable state. Or DFM doesnt recognize it.Is there a way to get a DFM alert when a 3550-port gets into err-disable state?
dell xps m1530 i have a Intel� PRO/Wireless 3945ABG Network Connection and i want to upgrade it to N standard which model of intel minipci network will fit to my dell?
Is there a way that I can specify which version of the 802.11 standards I can use.e.g. I have an 802.11 B/G/N wireless card and I want to test each on a directional antenna to see how they perform
whats the difference between custom and standard discovery? There´s a line on the help page: "The Use Policy Configuration Settings radio button will be enabled only after adding a Default Credential Set Policy."The radio button is not enabled although I´ve two default credential sets and two default credential sets policy configuration.
We have bought lms 3.2 and window server 2008 r2 standard. Now we know, it cant be used together Could we upgrade to lms 4.0.1 ? If so, how can we do ?
I wanna subscribe to Internet TV. To watch it on computer screen I need to log in to the site where I registered, i.e. enter my login ID and password. But I want to watch it on my TV WITHOUT my PC. I realize that I have to buy a TOP BOX , connect it to TV and to cable modem. The question is how the TOP BOX knows my login and password to pass it to the site through modem.How do I enter it to tob box?