I'm new to this site, fully Microsoft certified but only just getting in cisco and looking to pass my CCNA later this year. Actual commands and general use on Cisco's im quite good at but general networking knowledge on networking (subnetting and network layers) I kinda suck at so will be studying a lot on this side of things[CODE]
View 5 RepliesWe recently had the Aironet 3502i APs installed in our infrastructure and are having a bad time with hosts connecting to them. The controller sees them, they have an IP, they are showing a solid green light, but you cannot get devices to connect. If you reboot the device you get about 5 seconds of connection and then it disconnects. The only cure seems to be rebooting the APs, but I am baffled why this keeps happening. The installer is blaming our devices, but it is happening to laptops, thin clients, and even cell phones. From what I've seen, everything works fine until, i believe, the device tries to refresh it's lease and is unable to do so.
View 6 Replies View RelatedI'm migrating our network objects from our current firewall to a new ASA 5520 configuration. I'm using ASDM 6.4 for configuration.
We have a range of IP addresses for hosts that we need to add to a firewall rule/ACL. In the previous FW software I could create an object that was a range of IP address. For example there is an object called emailservers that is defined as 192.168.2.25-192.168.2.50.
Is there a way to do a similar thing on the ASA 5520?
I can see how to create subnets, but in this case I only have a range of IP addresses, no subnet mask.
How to get into the ip hosts on vista?
View 1 Replies View RelatedI need to allow traceroute traffic through ASA running version 8.0.2.This traffic is natted. what configuration is required on ASA to allow this natted traceroute traffic.Traffic is coming from inside and going outside.Also can we capture this traceroute traffic on asa using capture feature.
View 12 Replies View RelatedI've recently had to move an AS400 system behind an internal ASA firewall and now users are unable to browse to it.The ASA is running Version 8.2(5)? I get these messages: Sep 11 2012 17:09:59: %ASA-7-710005: UDP request discarded from 172.19.241.35/137 to outside:172.19.241.255/137?Is there a way to enable these ports without enabling NAT?No VPN's involved, just an inside and outside eth interfaces?
View 12 Replies View RelatedSo we have a cisco asa 5505. Once a day now (random times) it will suddenly be unreachable along with the hosts connected. If I console in and ping a host from the asa, suddenly it becomes reachable from the outside world again. My job prohibits me from posting the configuration online.
View 10 Replies View RelatedSeems like something simple, but can't find on Cisco.com. What are the max SNMP hosts allowed on an ASA 8.2 code? That would be Polls and Traps?
View 1 Replies View RelatedWe all know that MS traceroute and *nix traceroute work a bit differently. *nix works by sending UDP packets with low ttls to random high UDP ports.
Of course this creates a problem when trying to create an ip6tables rule where I want to allow traceroute. Anyone got something clean that will make this work? This is an example of current drops in my firewall log:
I have a DI-604 Version E3 D Link router and I'm trying to allow VPN through the router but I'm not exactly sure how. I have the VPN set up through my PC's but I need to configure the router aswell. Trying to set up the VPN so multiple locations can access it,
View 1 Replies View RelatedI know that 255.255.255.255 is the broadcast address to send message to all hosts that are in LAN. what i want here is, i want to send a mail to all hosts using this address.
View 9 Replies View RelatedI need a tool to find all the hosts connected on my network. I need something that will tell me the MAC and host type/name. I ran an IP Address tracker and got all the IPs in use, but that doesn't tell much beyond the IP address. Don't really need to do a full in-depth nmap port scan. My concern about using nmap is it can bog down a router...Although I can't say for sure if there are ways to scale the scan back in nmap so it won't cause any issues?
View 17 Replies View RelatedI have several Cisco switches connecting our network. Switch N connects to the gateway, Switches Y & Z connect to some hosts. Switch N connects to Y and Y connects to Z. Assume our gateway IP is a Class B address with a netmask of 255.255.254.0 and all the hosts attached on switches Y & Z have static IP addresses assigned to them. This gateway connects to the internet.In addition to this IP address, some of the hosts also have a second IP address assigned to the same NIC. This IP is Class A (10.0.###.###) and have a netmask of 255.255.0.0 A second gateway address is not defined.
The hosts that have 2 IP's bound to their nic, use the 10. address to communicate with each other. (Programs running on the hosts are specifically configured to use 10. address).I have several questions regarding this setup:
1) Assume Host has only 1 IP (Class B) - if the destination is on the same network, does the host system send the packet to the gateway first to find the destination on the network or does the host send a "where are u" packet to the broadcast address to find the destination?
2) Assume Host as 2 IPs (Class A & B) - if the destination is a 10. address, how does the host go about finding it?
Since there is no Gateway defined for the Class A address, does the host simply send out a packet to the broadcast address for the Class A network? or does it go to the gateway defined in the Class B network as it was defined first (i'm assuming primary connection)
3) Assume Switch N's connection to Switch Y is disabled - how will this affect communication between hosts on Switches Y & Z that have a 10. IP trying to share data with each other, using the 10. Address. If the answer is this should not affect it, what additional circumstances are required that may cause the systems with a 10. address to be unable to communicate when the connection from Switch Y to N is terminated?]
I am working on a Perl script to be ran on our different subnets to see what hosts are down (and make the assumption that if the host is down the IP address is free to be used). This is not being ran on a Linux system, so I can't use grep to filter out everything except down hosts. I know there are modules for Nmap that would make this task easier, but my plan is to install Nmap to our network monitoring server, compile the script for Windows, and have it create the report for what addresses are down. I don't want each person running the script to have to have all the modules installed, etc. Or can you compile the script with the modules in it?
View 6 Replies View RelatedWe have a modified hosts file on each of the computers here at work. This way we can have multi servers, in multi locations that can all be used by everyone for email & our finance program.However, there is one user who the hosts file keeps disappearing. Over the last 2 days it has disappeared 3 times (at least).The user has ran the symantec corp antivirus (at least a couple of times). All risks found have been quarentined and deleted, ran again and nothing found. Also ran Malwarebytes, which was clean. And ran ComboFix.At this point the hosts file has been fixed after running ComboFix.
View 14 Replies View RelatedI've got an 1841 router acting as the firewall for a LAN. It also does NAT and acts as the dialer for a PPPoE DSL line to the internet.
All is working fine, except now I need to allow a Tivo device to connect to certain ports on the Tivo servers on the internet. I want only the Tivo to be able to do this. The problem is that NAT is happening before my outbound ACL is checked, so even though I've got rules to allow the Tivo's LAN address out on all ports, it never works. I've verified this using a syslog server, and can see my external DSL IP trying to connect to the Tivo servers and being denied.
I've done things like this at work by NATting the appropriate internal host to its own external static IP address, which allows me to write rules allowing only that external address to do stuff. But I don't have multiple external addresses to work with here.
I tried applying my outbound ACL to the LAN interface of the router in the "in" direction (and removing the same ACL from the Dialer interface in the "out" direction), but that broke other things like the router's own ability to ping out to the LAN or to see a TFTP server on the LAN. I could maybe fix all of that with rule changes and inspect statements on traffic going out toward the LAN (not sure of this, think so), but I'm wondering:
Is there a better way to let just the Tivo makes outgoing connections to certain ports?
Config pasted below:
!
! Last configuration change at 17:15:10 CDT Sun Jul 15 2012
! NVRAM config last updated at 16:27:14 CDT Sun Jul 15 2012 by someguy
!
[Code].....
This is actually on my home television network.... Uverse which uses one of those dumb 2wire modem, router, wifi, 4 port 10/100 switch combo devices. it is NOT my internet source. It is just for IPTV services from ATT. Short of replacing the 2wire gateway with a new one from ATT I have a good learning experience question to ask.
I have two switches available at my home to work with on this issue. A EHWIC-8 port Gig Switch in my router and a 24 port 3750E gig switch.
When ever I plug, any port, any cable, both crossover and straight, on the 2wire uverse device into either Cisco switch there are masses of CRC errors generated by the cheapy 2wire thing.
CRC being a layer1 issue in nature I have tried everything short of replacing the 2wire and that is next. There is one caveat.
When the CRC errors are generated and logged on the 3750 it just seems to continue to forward those frames to whereever they need to go regardless albeit a ton of errors.
On the EHWIC 8 port in my 1921 router it seesm to stop forwarding after about 10 secs of encountering CRC errors. What gives? Is there something special command wise that tells a switch to forward frames regardless of CRC errors? Is the 3750 able to deal with them and just forward away and the EHWIC card not able too?
I've got an annoying problem with my ASA 5520.I have traffic going from the inside interface (security level 100) to the outside interface (security level 0) with a global PAT applied to the outside interface address for all inside traffic - and I can't seem to traceroute through the firewall.The ruleset is simple - basically, allow any IP from inside to outside. The NAT is simple - PAT all traffic unless exempted to the IP address of the outside interface.If I do the trace from my internet edge router it works fine - so I know it's not soemthing my uplinks are filtering - but if I do it through the firewall, I get perfect responses until the hop where it hits the firewall interface - then nothing.Is there something I am missing that I need to do to allow traceroute to just work with all the rest of the traffic?
View 2 Replies View RelatedWe have a cisco 2800 router and are now required to allow users to be able to connect to another company's extranet. Having tried this it wont allow this connection so I have added this to the access-list 101
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 192.168.0.246
access-list 101 permit ip any host 192.168.0.247
[Code].....
I dont think the gre is being allowed back in. I have attached a cut down copy of the config. I have just general experience of cisco routers and not cisco qualified.
I have got my ccna voice lab configured and is up and running, my switch is configured with 2 differents Vlans (Data & Voice) and the fa 0/1 is configured as trunk port connecting to the CME router. I can telnet or ssh to all the devices on the network but only the switch in not accepting the request the only message I am getting is "request timeout".
View 12 Replies View RelatedWe have a customer that is looking to allow only static IP addresses onto the wireless network via the new 5508 we are putting into place. I can see where to require DHCP but not the opposite.
View 4 Replies View RelatedThere is a problem with my WLC, it is not allowing an specific client to connect. It gives an 802.1x failure log but I am not using it, anyways the WLC puts this client in the excluded clients list and I didn't add it manually, in fact is a new laptop.
I attached a couple of screens from my WLC.
IOS is 7.0.98.0
I have a 7100 router that has some servers behind it. I need to translate each server to a public IP. The only thing is that between the outside world and the router is an ASA. We have a small data center where the ASA is connected to a core switch on the inside and the ISP on the outside. How would I do the NAT/PAT translations on the 7100 and then have them pass through the ASA? for example:
View 6 Replies View RelatedI am trying to configure Zone Based Firewall (IOS 15.2T) on Cisco 881 router for IPv6. Current setup is simple:
Zone:
LAN --> WAN zone security LAN
zone security WAN
!
class-map type inspect match-any Internet-cmap
match protocol dns
match protocol http
match protocol https
[ code ] ........
Current configuration behaves as expected for IPv4, but blocks all IPv6 traffic. If zone-security is removed from WAN interface IPv6 works normally (connected to Internet). As soon as zone-security is enabled on WAN interface all IPV6 traffic is discarded when connecting to Internet from local LAN.
Error messages on console: Half-open Sessions source destination tcp SIS_OPENING/TCP_SYNSENT
Are there any special settings for ZBF which should be turned on for IPv6 protocol?
I am trying to allow RDP through my 891w.I have tried a few different yjing to no avail. [code]
View 23 Replies View RelatedI am trying to block access to facebook and twitter on my router, to a certain range of ips, 192.168.1.8 - 254. I have been digging around and trying stuff but all I do seems to restrict everyone access to the internet.
View 5 Replies View RelatedWhy it makes problems to use a default route on a BGP-router (cisco 6500 with sup720 3bxl).Only a very few amount of hosts have that kind of problem and the 50% paket loss is only between this hosts. So another host has no loss to any of the affected hosts. looks for me like there is a problem in the CEF-table.The router has a BGP-fulltable. The gateway of last resort is only set for cases like a flapping BGP-route, so that the traffic is sent to a default next hop, because sometimes he knows a better route which isnt flapping.
View 1 Replies View Relatedyou can subnet to meet the number of networks required, or you can subnet to meet the number of hosts required. In which circumstances would you use either one? or are they both the same? am kinda confused.Is subnetting according to the number of hosts VLSM? and subnetting according to the number of networks required is not VLSM subnetting? Also I'm on CCNA 1 chapter 6, if the other CCNA 2, 3 and 4 has chapters explaining subnetting better cos It's totally confusing me atm.Also, is my understanding correct, when a company wants a LAN made, a network designer see's how many hosts they require in each of their LANS and then chooses an appropriate address class and subnets it? and to connect the LAN to the internet he implements NAT on the router that connects to the internet, and that router translates the internal addressing scheme that was created into a public registered IP address from an ISP? Also does he just make the address up? for example if he decides to use class C, he just picks any random number in the class C range and subnets it?
View 6 Replies View RelatedI am struggling to get successfull pings beween asa and inside hosts but couldn't succeed. Done packet tracer result is acl-drop
Here is the running config
Prem-ASA(config)# sh run
: Saved
:
[Code].....
configuring ASA 5505 to be able to ping remote host.Setup - We have a site-to-site (192.168.1.0/24 - 192.168.2.0/24) VPN setup with client VPN access (IP Pool, 172.16.50.0/24) on 192.168.1.0 ASA 5505.Issue - Not able to ping host on 192.168.2.0 from VPN client 172.16.50.0 but able to ping 192.168.1.0 host.
View 8 Replies View RelatedI have a site to site vpn connection between ASA 5510 and PIX 515 which is working fine. There is no problem for hosts on any side of the tunnel to access a cross. However the local ip (192.168.20.1) on the client interface of my PIX is not allowed to access hosts on the other side of the tunnel. [code]
View 2 Replies View RelatedI'm testing upgrading an ASA from 8.2.5 to 8.4.4. During the the upgrade, it change all of my ACL host entries to objects. But I noticed that the keyword "host" is still a valid option when creating an ACL.
I'm trying to understand why this change is made during the migration.
Looks like I still have an issue with LMS to recognize the IP Phones in UT as IP Phones. SNMP RO on Call Manager is enabled and is green in CM (e.g. topology) - so SNMP get is basically fine. The Phones are recognised as End Devices in UT.
As far as I understand, now if I start a Phone Aquisition, the CUCM is polled by LMS to gather additional information about the phones. So it seems there is a problem with the SNMP polling of the Call manager?