Router/gateway mode and NAT

In a posting in this site, it was suggested that NAT replaces router/gateway mode as used on the WRT54GS.  I am wondering if that is correct.
Why?  I have a WRT54GS (firmware v4.71.4, Oct. 31, 2007).
This works:
I have a class C IP block (full 256 addresses).  I have the WAN side set up with
xxx.yyy.zzz.129 wan address
255.255.255.128
xxx.yyy.zzz.254 (default gateway)
(this forces the WAN side to just use the high 128 addresses - I am only using 129)
then, for the router IP, I have
xxx.yyy.zzz.15
255.255.255.0
and DHCP is
xxx.yyy.zzz.90 and 20 users
The LAN side uses the low 128 addresses.
This all works.  I have the WRT set up as a Gateway (not Router)
HOWEVER,
I tried this on an Asus 56U box which has the NAT setting but no router/gateway mode and it won't allow the xxx.yyy.zzz block to be used on both the WAN and LAN sides.   Is the Asus broken or is your answer wrong?
Why was I looking at the Asus?  Someone recommended it to me.  I would be happy to use a Linksys box instead if you can tell me which one would support the router/gateway mode. 
My WRT54GS is working fine but I now have a Verizon Net Connect boax that uses VPN and VoIP and am getting a lot of delay. 
I was thinkning that a newer box might be faster.
Thanks!!

I've seen some of the new routers with cisco/linksys that it does have the capability for NAT to be disabled if that is what you are looking for. But I agree with the person above me.

Similar Messages

  • Solaris 10 as router using ipfilter and nat

    Hi,
    I installed Solaris 10 on a second disk on an Ultra 5, but have no
    success on using
    ipfilter with NAT.
    I have it working on the first disk with Solaris 9 and ipfilter 3.4.35.
    I have pfil on both interfaces (hme0 internal and qfe0
    external-internet) and ipfilter enabled. I used the working rule sets
    from Solaris9 and have ip-forwading enabled. IPFilter is working on the
    external interface, but none of the hosts on the internal network can
    connect through the router to the internet, but they can ping both
    interfaces.
    I had the same problem with Solaris 9 using ipfilter 4.x and had to go
    back to 3.4.35.
    ipfstat shows all rules are loaded and ipnat -l shows the rules, but no
    connections. ndd -get /dev/ip ip_forwarding returns 1.
    Following are my rules:
    ipf.conf
    lock in log quick all with opt lsrr
    block in log quick all with opt ssrr
    block in log quick all with ipopts
    block in log quick proto tcp all with short
    block in log quick proto icmp all with frag
    block in log quick on qfe0 from 10.0.0.0/8 to any
    block in log quick on qfe0 from 127.0.0.0/8 to any
    block in log quick on qfe0 from 169.254.0.0/16 to any
    block in log quick on qfe0 from 172.16.0.0/12 to any
    block in log quick on qfe0 from 192.0.2.0/24 to any
    block in log quick on qfe0 from 192.168.0.0/16 to any
    block in log quick on qfe0 from 204.152.64.0/23 to any
    block in log quick on qfe0 from 224.0.0.0/3 to any
    block in log quick on qfe0 from aaa.aaa.aaa.0/24 to any
    block in log quick on qfe0 from any to aaa.aaa.aaa.0/32
    block in log quick on qfe0 from any to aaa.aaa.aaa.255/32
    block in log on qfe0 all
    block out quick on qfe0 proto tcp/udp from any port 136 >< 140 to any
    block out quick on qfe0 proto tcp/udp from any to any port 136 >< 140
    pass out quick on qfe0 proto tcp all flags S/SA keep state keep frags
    pass out quick on qfe0 proto udp all keep state keep frags
    pass out quick on qfe0 proto icmp all keep state keep frags
    pass out quick on qfe0 all
    pass in quick on lo0 all
    pass out quick on lo0 all
    pass in quick on hme0 all
    pass out quick on hme0 all
    ipnat.conf:
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port ftp ftp/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 7070
    raudio/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 1720
    h323/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 portmap tcp/udp auto
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32
    aaa.aaa.aaa.aaa = internal network
    bbb.bbb.bbb.bbb = external
    My routeadm statement shows:
    Configuration Current Current
    Option Configuration System State
    IPv4 forwarding enabled enabled
    IPv4 routing enabled enabled
    IPv6 forwarding disabled disabled
    IPv6 routing disabled disabled
    IPv4 routing daemon "/usr/sbin/in.routed"
    IPv4 routing daemon args ""
    IPv4 routing daemon stop "kill -TERM `cat /var/tmp/in.routed.pid`"
    IPv6 routing daemon "/usr/lib/inet/in.ripngd"
    IPv6 routing daemon args "-s"
    IPv6 routing daemon stop "kill -TERM `cat /var/tmp/in.ripngd.pid`"
    Any suggestion what more checks I should do or what additional information is needed.
    Regards,
    Horst

    Hi,
    I installed Solaris 10 on a second disk on an Ultra 5, but have no
    success on using
    ipfilter with NAT.
    I have it working on the first disk with Solaris 9 and ipfilter 3.4.35.
    I have pfil on both interfaces (hme0 internal and qfe0
    external-internet) and ipfilter enabled. I used the working rule sets
    from Solaris9 and have ip-forwading enabled. IPFilter is working on the
    external interface, but none of the hosts on the internal network can
    connect through the router to the internet, but they can ping both
    interfaces.
    I had the same problem with Solaris 9 using ipfilter 4.x and had to go
    back to 3.4.35.
    ipfstat shows all rules are loaded and ipnat -l shows the rules, but no
    connections. ndd -get /dev/ip ip_forwarding returns 1.
    Following are my rules:
    ipf.conf
    lock in log quick all with opt lsrr
    block in log quick all with opt ssrr
    block in log quick all with ipopts
    block in log quick proto tcp all with short
    block in log quick proto icmp all with frag
    block in log quick on qfe0 from 10.0.0.0/8 to any
    block in log quick on qfe0 from 127.0.0.0/8 to any
    block in log quick on qfe0 from 169.254.0.0/16 to any
    block in log quick on qfe0 from 172.16.0.0/12 to any
    block in log quick on qfe0 from 192.0.2.0/24 to any
    block in log quick on qfe0 from 192.168.0.0/16 to any
    block in log quick on qfe0 from 204.152.64.0/23 to any
    block in log quick on qfe0 from 224.0.0.0/3 to any
    block in log quick on qfe0 from aaa.aaa.aaa.0/24 to any
    block in log quick on qfe0 from any to aaa.aaa.aaa.0/32
    block in log quick on qfe0 from any to aaa.aaa.aaa.255/32
    block in log on qfe0 all
    block out quick on qfe0 proto tcp/udp from any port 136 >< 140 to any
    block out quick on qfe0 proto tcp/udp from any to any port 136 >< 140
    pass out quick on qfe0 proto tcp all flags S/SA keep state keep frags
    pass out quick on qfe0 proto udp all keep state keep frags
    pass out quick on qfe0 proto icmp all keep state keep frags
    pass out quick on qfe0 all
    pass in quick on lo0 all
    pass out quick on lo0 all
    pass in quick on hme0 all
    pass out quick on hme0 all
    ipnat.conf:
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port ftp ftp/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 7070
    raudio/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 1720
    h323/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 portmap tcp/udp auto
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32
    aaa.aaa.aaa.aaa = internal network
    bbb.bbb.bbb.bbb = external
    My routeadm statement shows:
    Configuration Current Current
    Option Configuration System State
    IPv4 forwarding enabled enabled
    IPv4 routing enabled enabled
    IPv6 forwarding disabled disabled
    IPv6 routing disabled disabled
    IPv4 routing daemon "/usr/sbin/in.routed"
    IPv4 routing daemon args ""
    IPv4 routing daemon stop "kill -TERM `cat /var/tmp/in.routed.pid`"
    IPv6 routing daemon "/usr/lib/inet/in.ripngd"
    IPv6 routing daemon args "-s"
    IPv6 routing daemon stop "kill -TERM `cat /var/tmp/in.ripngd.pid`"
    Any suggestion what more checks I should do or what additional information is needed.
    Regards,
    Horst

  • How to configure a RV220W in normal routing mode (No NAT)

    Hi,
    I have been very busy the last few days in trying to configure this router in normal routing mode. I do not want to have double NAT in my network. This is my setup:
    C class IP network connected to the internet via a Fritzbox router. I need this router becasue of the VOIP services it provides. I want to use the RV220W to isolate certain users from the rest of the network. When I configure the router in WAN (NAT) it partially works, e.g. I can browse, send email but cant make a connection to a apple fileserver which is on the base network. When I try to operate in normal routing mode I cant get it to work. I am sure I am doing something wrong with the static routes. 
    Setup: 
    Internet <-> Fritzbox (192.168.12.0/24) network <-> RV220W <-> LAN 1 (192.168.1.0/24) users to be isolated.
    On the 192.168.12..0/24 network the printer, fileserver and PBX are connected. 
    Please help me in configuring this.
    The firmware is the latest 1.0.5.8.
    Thanks in advance!
    Peter

    Hello Peter,
    Sorry for the late reply, but I figured I would post anyone in case anyone else has this question.
    You can put the router in what is called router mode by logging into the admin page and going to Networking >> Routing >> Routing Mode and selecting Router.  
    I am only looking at an emulator, but I believe this will cause a reboot.  Once in router mode NAT and the firewall are disabled, however access rules do still work.  
    You will still need a static route from your Fritzbox to the 192.168.1.0/24 network on the RV220W, and the RV220W should have the Fritzbox as it's default gateway on it's WAN interface.  You may also need to create an ACL to allow traffic from the Fritzbox network through the RV's WAN port.
    Some Apple devices depend on the Bonjour protocol to work properly, which doesn't always traverse subnets well, so if after all of that it still doesn't work you may have an issue with Apple.
    Thank you for choosing Cisco,
    Christopher Ebert
    Network Support Engineer - Cisco Small Business Support Center

  • Loosing internet when in DHCP and NAT mode

    Hello and thank you for your help.  I am a novice.
    I am using a 2009 macbook pro 10.7.5 with Mountain Lion
    Originally my airport extreme setup was for " DHCP and NAT ".
    Since yesterday, I am only able to get internet via Bridge mode, but I have to sign in to my server network first, like a hotspot
    This means that my internet timing is limited and the finder shows other personal computers that does not belong to my personal network.  My iphone cannot connect to my personal network without signing in the internet service provider website first as well
    What happens when I try to update and restart AE to DHCP and NAT, is that I loose internet and get the following message in the airport extreme icon :
    "DOUBLE NAT:
    This airport base station has a private IP address on its Ethernet WAN port.
    It is connected to a device or network that is using NAT to provide IP addresses.
    Change your Airport base station from using DHCO and NAT to bridge mode."
    Now, I do not want bridge mode
    My attempt to solve the problem was resetting AE to factory.  This created a new network. The new network appears in the network icon and it is WPA2 personal protected, like the previous one.
    I appreciate your time and look foreward to solve my problem with some help in here - thank you again

    Originally my airport extreme setup was for " DHCP and NAT ".
    If it was, and you had a modem/router or gateway type of device "upstream" on the network, then you created a Double NAT error on the network.
    Sometimes, you can get away with this on a simple network, and AirPort Utility does provide the option to "ignore" the error on the network, so the AirPort Extreme will display a green status light.....instead of blinking amber, which signals that something is amiss.
    "DOUBLE NAT:
    This airport base station has a private IP address on its Ethernet WAN port.
    It is connected to a device or network that is using NAT to provide IP addresses.
    Change your Airport base station from using DHCO and NAT to bridge mode."
    If you want to run in DHCP and NAT mode, you will have a Double NAT error on the network. Click the option to "ignore" the error.
    Then, power cycle the entire network. That means powering everything off, waiting a minute, then starting the modem first and let it run a minute or two, then start the next device the same way. Keep starting devices one at a time about a minute apart until the entire network is back up.

  • DCHP and NAT, or off (Bridge-Mode)?

    If I want to connect my MacBook and iPod touch to the internet using the AirPort Express, do I need to set router mode to DCHP and NAT, or off (Bridge-Mode)? I can't seem to get them both happily connected at once.  My iPod especially doesn't like being connected now that I played with the settings to get rid of the long-standing flashing amber status.

    After I turn it on each time, I need to have my laptop on and open up Safari, before the iPod touch will connect.
    Normally, you want to power-up the modem first. Let it initialize for about 10 minutes. Then plug-in your AirPort Express. Give it a couple of minutes to initialize as well. Then power-up any of the other wireless clients.
    I need to have my laptop on and open up Safari, before the iPod touch will connect.  Otherwise it comes up with a pop-window saying "Authentication required" asking for a username and password, or sometimes it'll say "your password will be sent in the clear" (something like that).
    Is your ISP providing you with DSL or ADSL service? These typically require that you first enter your user credentials (username & password) prior to gaining Internet access. If this is the case you will want to configure the AirPort Express to do this for you so you don't have to enter them via the PC.

  • Difference between bridge mode and routed mode on CSS

    Hi,
    Could some one tell me the difference between routed mode and bridge mode.
    Regards
    Neha

    Hi,
    routed mode:
    The CSS acts as a router, it routes packets from the client to the server. The server has the ACE configured as default-gateway.
    There is a client-side VLAN and a server-side VLAN. These VLANs have different subnets.
    Bridged mode:
    The CSS acts as a bridge, it switches frames from the client to the server. The server has the upstream router configured as default-gateway.
    There is a client-side VLAN and a server-side VLAN. These VLANs have the same subnet, but different VLAN IDs. The ACE bridges the client traffic from the client-side VLAN to the server-side VLAN.
    Bridged mode would be most used in case one cannot change the servers IP addresses, or if address space is an issue.
    Hope this helps.
    Kind regards,
    Dario

  • Internal DNS server and NAT routing issue.

    Hi -- I am not terribly experienced with DNS and I am running into an issue that I can't seem to resolve. My company.com DNS information is hosted by an outside ISP for email, web, etc... but I have configured an A record there to point to the public IP to my mac os x server (server.company.com).
    We have a cisco router configured with one to one NAT from the public IP to the internal IP for our server in a 192.168.15.x subnet. The same router is running DHCP and and NAT on that subnet under a different public IP provided by our ISP.
    Our server is running DNS with recursion and has a "company.private" zone set up for internal services and machine names. Thus, the server is accessible via "server.company.com" from the outside and "server.company.private" from the private LAN.
    The problem is that I would like to be able to access some services simply via "server.company.com" both inside and outside the private network. Now, accessing the "server.company.com" services from the private lan does not work because the name resolves to the external IP and the external IP cannot be used internally due to NAT.
    Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
    I know that I could manually duplicate all entries for our domain from my ISP and host the same entries for internal clients, but it would be much easier to only have our server handle requests for itself. The server is running OS X Server 10.4.11.
    Thanks

    Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
    Ordinarily, no. Once your server thinks it is responsible for a zone (e.g. company.com) then it will answer all queries for that domain and never pass them upstream. Therefore you'd have to replicate all the zone data, including all the public records, and maintain them both.
    The one possible exception to this (I haven't tried) is to create a zone for server.company.com that has your internal address. In theory (like I said, I haven't tried this), the server should respond to 'server.company.com' lookups with its own zone data and defer all other lookups (including other company.com names since they're not in a zone it controls). Might be worth trying.

  • Dynamic Routing Gateway and ASA

    Greetings,
    We have a requirement to configure a multisite gateway and have run into an issue. According to http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx, dynamic routing gateways are not supported on the ASA platform. Does this simply mean that MS does
    not support this configuration or that this configuration is not possible? I cannot negotiate an ikev2 proposal with a dynamic gateway so I fear that it isn't possible.
    Has anyone here made this work?
    Thanks in advance.

    Hello
    In the link you provided, the combination of ASA with dynamic routing says it is not compatible (it does not say not supported).
    From that I understand that it will not work.
    We have tried a few Juniper combinations in the past with static and dynamic routing that were not on the list you mention - only to find out that they indeed did not work.
    My recommendation is to stick to the supported setup.

  • Problem with passive mode FTP server and NAT

    Hi,
    I have a problem with Passive mode FTP and NAT.
    I am trying to run both an FTP server and sharing the Internet connection via NAT. I have by the way specified the passive ports to use in ftpaccess (65000-65534). Everything works fine until someone tries to connect via Passive mode. I have tracked the problem down to the firewall and the rule that handles NAT.
    Firewall rule config without NAT:
    00001 allow udp from any 626 to any dst-port 626
    01000 allow ip from any to any via lo0
    12300 allow ip from any to any
    65535 allow ip from any to any
    Firewall rule config with NAT
    00001 allow udp from any 626 to any dst-port 626
    00010 divert 8668 ip from any to any via en1
    01000 allow ip from any to any via lo0
    12300 allow ip from any to any
    65535 allow ip from any to any
    So, passive ports do not work when NAT is on. If I turn it off, Passive ftp works like a charm.
    But how do I solve my problem? I have in my quest for the answer stumbled upon "-punch_fw" but do not know how to use it or if it even helps me at all?
    Best regards,
    Peter
    B&W G3 Mac OS X (10.4.5)

    Media/Lacrosse-1-tiny.3gp
    I can't find the file on your server.
    They may also need to edit the .htaccess file to allow the .3gp file extension be used. Call them.

  • CSM route mode and bridge mode can exist at the same time?

    I'm using CSM on ver 4.x,and I used to the bridge mode for firewall load balance,for a new requset,I have to create a new server/client vlan,but the original firewall load balance was effected when I issued the server vlan command,and I'd like to use route mode for the new server farm,I'm wondering that route mode and brige mode can't exist at the same time,because it seems it doesn't make sense.Any reply will be very appreciated.

    you can use bridge mode and route mode at the same time.
    Traffic with desintation mac address being the CSM will be routed, otherwise it will be bridged.
    Gilles.

  • Bridge mode and router mode

    hello,
    I want to understand the basic operation, difference and advantages of both Bridge Mode and Router mode?
    i also want to know in which case i should go for Bridge mode and Router mode?
    regards
    Devang

    It realy depends on your requirements.
    Mainly bridge mode is used for multicast support, Multiple DMZs + FWSM, server initiated connections or for seemless migration from previously installed "bridged load balancing environment".
    Some of the differences are
    In bridge mode you do not need additional config for "Direct server access" / "Server Initiated connections"
    Broadcasts are dropped in routed mode whereas they are bridged in bridge mode.
    LB functionality is same in both modes.
    Syed Iftekhar Ahmed

  • Using an airport extreme in both bridged mode and guest network with DHCP

    I currently use a third-generation airport extreme in bridge mode to connect my various Mac servers To the Internet. I'm using bridge mode on the AirPort Extreme because I have up to five static IP address (only using three now) I am currently not using the wireless network, and none of the servers are serving DHCP. I am looking at the Newer airport extreme with guest network Wi-Fi. My question is, does the new airport extreme base station support bridge- mode for any devices and host DHCP for the guest network connecting wirelessly to the base station?

    The AirPort Extreme cannot be in Bridge Mode and support a Guest Network.
    The AirPort must be configured to provide DHCP and NAT services if you want to enable the Guest Network function.
    If you really do have a 3rd Gen AirPort Extreme, it will support the Guest Network feature if you connect the AirPort directly to a simple modem.....not a modem/router or gateway type of devices.......and configure the AirPort to provide DHCP and NAT services for the network.

  • Inside lan is not reachable even after cisco Remote access vpn client connected to router C1841 But can ping to the router inside interface and loop back interface but not able to ping even to the directly connected inside device..??

    Hii frnds,
    here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
    Below is the out put from the router
    r1#sh run
    Building configuration...
    Current configuration : 3488 bytes
    ! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
    ! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
    version 15.1
    service config
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname r1
    boot-start-marker
    boot-end-marker
    enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
    aaa new-model
    aaa authentication login local-console local
    aaa authentication login userauth local
    aaa authorization network groupauth local
    aaa session-id common
    dot11 syslog
    ip source-route
    ip cef
    ip domain name r1.com
    multilink bundle-name authenticated
    license udi pid CISCO1841 sn FHK145171DM
    username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
    username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
    redundancy
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp client configuration group ra-vpn
    key xxxxxx
    domain r1.com
    pool vpn-pool
    acl 150
    save-password
      include-local-lan
    max-users 10
    crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
    crypto dynamic-map RA 1
    set transform-set my-vpn
    reverse-route
    crypto map ra-vpn client authentication list userauth
    crypto map ra-vpn isakmp authorization list groupauth
    crypto map ra-vpn client configuration address respond
    crypto map ra-vpn 1 ipsec-isakmp dynamic RA
    interface Loopback0
    ip address 10.2.2.2 255.255.255.255
    interface FastEthernet0/0
    bandwidth 8000000
    ip address 117.239.xx.xx 255.255.255.240
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    crypto map ra-vpn
    interface FastEthernet0/1
    description $ES_LAN$
    ip address 192.168.10.252 255.255.255.0 secondary
    ip address 10.10.10.1 255.255.252.0 secondary
    ip address 172.16.0.1 255.255.252.0 secondary
    ip address 10.10.7.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    duplex auto
    speed auto
    ip local pool vpn-pool 172.18.1.1   172.18.1.100
    ip forward-protocol nd
    ip http server
    ip http authentication local
    no ip http secure-server
    ip dns server
    ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
    ip nat inside source list 100 pool INTERNETPOOL overload
    ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
    access-list 100 permit ip 10.10.7.0 0.0.0.255 any
    access-list 100 permit ip 10.10.10.0 0.0.1.255 any
    access-list 100 permit ip 172.16.0.0 0.0.3.255 any
    access-list 100 permit ip 192.168.10.0 0.0.0.255 any
    access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
    access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
    access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
    control-plane
    line con 0
    login authentication local-console
    line aux 0
    line vty 0 4
    login authentication local-console
    transport input telnet ssh
    scheduler allocate 20000 1000
    end
    r1>sh ip route
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route, + - replicated route
    Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
    S*    0.0.0.0/0 [1/0] via 117.239.xx.xx
          10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
    C        10.2.2.2/32 is directly connected, Loopback0
    C        10.10.7.0/24 is directly connected, FastEthernet0/1
    L        10.10.7.1/32 is directly connected, FastEthernet0/1
    C        10.10.8.0/22 is directly connected, FastEthernet0/1
    L        10.10.10.1/32 is directly connected, FastEthernet0/1
          117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
    C        117.239.xx.xx/28 is directly connected, FastEthernet0/0
    L        117.239.xx.xx/32 is directly connected, FastEthernet0/0
          172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
    C        172.16.0.0/22 is directly connected, FastEthernet0/1
    L        172.16.0.1/32 is directly connected, FastEthernet0/1
          172.18.0.0/32 is subnetted, 1 subnets
    S        172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
          192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
    C        192.168.10.0/24 is directly connected, FastEthernet0/1
    L        192.168.10.252/32 is directly connected, FastEthernet0/1
    r1#sh crypto isakmp sa
    IPv4 Crypto ISAKMP SA
    dst             src             state          conn-id status
    117.239.xx.xx   49.206.59.86    QM_IDLE           1043 ACTIVE
    IPv6 Crypto ISAKMP SA
    r1 #sh crypto ipsec sa
    interface: FastEthernet0/0
        Crypto map tag: giet-vpn, local addr 117.239.xx.xx
       protected vrf: (none)
       local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
       remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
       current_peer 49.206.59.86 port 50083
         PERMIT, flags={}
        #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
        #pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts compr. failed: 0
        #pkts not decompressed: 0, #pkts decompress failed: 0
        #send errors 0, #recv errors 0
         local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
         path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
         current outbound spi: 0x550E70F9(1427009785)
         PFS (Y/N): N, DH group: none
         inbound esp sas:
          spi: 0x5668C75(90606709)
            transform: esp-3des esp-md5-hmac ,
            in use settings ={Tunnel UDP-Encaps, }
            conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
            sa timing: remaining key lifetime (k/sec): (4550169/3437)
            IV size: 8 bytes
            replay detection support: Y
            Status: ACTIVE
         inbound ah sas:
         inbound pcp sas:
         outbound esp sas:
          spi: 0x550E70F9(1427009785)
            transform: esp-3des esp-md5-hmac ,
            in use settings ={Tunnel UDP-Encaps, }
            conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
            sa timing: remaining key lifetime (k/sec): (4550170/3437)
            IV size: 8 bytes
            replay detection support: Y
            Status: ACTIVE
         outbound ah sas:
         outbound pcp sas:

    hi  Maximilian Schojohann..
    First i would like to Thank you for showing  interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF "  Router cpu processer goes to 99% and hangs...
    In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
    so plz give me an alternate solution ....thanks in advance....

  • How to set up DHCP and NAT for QNAP NAS MyCloud service?

    I have an Apple AirPort Extreme Base Station (AEBS) attached to my DSL model (no router in the modem).  My QNAP NAS is attached via ethernet to the QNAP NAS.  My iMac (running AirPort Utility 6.x) is connected to the AEBS via wifi.
    I've found several folks who've tried this (and apparently succeeded) but I'm a networking novice and am having trouble making this work.  What I did was to go into the AirPort utility and in the networking section configure "DHCP and NAT" and then called out the static IP and MAC address of the QNAP NAS (as well as the ports I'd like to remain open).  However, when I did this and applied the changes, my iMac (connected to the AEBS via wifi) could no longer see the AEBS, which then required me to reset the AEBS, re-configure it back to the previous known good conifiguration and start over.  After about 5 cycles of this I gave up.
    So, what am I doing wrong here?  Do I need to go in and configure every device that is going to access the AEBS as static and call out each device's IP and MAC address? (hopefully not, that'd be a major PITA).
    Help.  Anyone?

    When I run diagnostics with the QNAP, here is the reply I get (IPs redacted):
    ------ NAT PMP Diagnostics ------
    initnatpmp() returned 0 (SUCCESS)
    using gateway : xx.x.x.x
    sendpublicaddressrequest returned 2 (SUCCESS)
    readnatpmpresponseorretry returned 0 (OK)
    Public IP address : 192.168.xxx.xxx
    epoch = 2621
    closenatpmp() returned 0 (SUCCESS)
    ------ UPnP Diagnostics ------
    upnpc : miniupnpc library test client. (c) 2006-2011 Thomas Bernard
    Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
    for more information.
    List of UPNP devices found on the network :
    desc: http://xx.x.x.x:60606/8CC1212D0C6D/Server0/ddd
    st: upnp:rootdevice
    desc: http://xx.x.x.x:9000/TMSDeviceDescription.xml
    st: upnp:rootdevice
    desc: http://xx.x.x.xx:55000/nrc/ddd.xml
    st: upnp:rootdevice
    desc: http://xx.x.x.xx:55000/dmr/ddd.xml
    st: upnp:rootdevice
    desc: http://xx.x.x.xx:49152/4/description.xml
    st: upnp:rootdevice
    desc: http://xx.x.x.xx:49152/2/description.xml
    st: upnp:rootdevice
    desc: http://xx.x.x.xx:49152/0/description.xml
    st: upnp:rootdevice
    desc: http://xx.x.x.xxx:8200/rootDesc.xml
    st: upnp:rootdevice
    desc: http://xx.x.x.xxx:49152/gatedesc.xml
    st: upnp:rootdevice
    desc: http://xx.x.x.xxx:49153/gatedesc.xml
    st: upnp:rootdevice
    desc: http://xx.x.x.xxx:49155/gatedesc.xml
    st: upnp:rootdevice
    desc: http://xx.x.x.xxx:9000/TMSDeviceDescription.xml
    st: upnp:rootdevice
    UPnP device found. Is it an IGD ? : http://xx.x.x.x:60606/
    Trying to continue anyway
    Local LAN ip address : xx.x.x.xxx
    GetConnectionTypeInfo failed.
    Status : , uptime=3217870016s, LastConnectionError :
      Time started : Wed Mar 13 17:04:03 1912
    MaxBitRateDown : 7 bps   MaxBitRateUp 0 bps
    GetExternalIPAddress() returned -3
    GetExternalIPAddress failed.
    GetGenericPortMappingEntry() returned -3 ((null))

  • Should I get a new router to get open NAT type?

    Whenever I play COD Black ops 2 on my xbox 360 my NAT type is strict. I have a centurylink 660 series modem and that is working to its full potential of the bundle we bought from them. I also have an airport extreme (2009). I Know theres all these port forwarding stuff, but whenever I try to do that, my whole network crashes and I have to factory default all of my stuff. So would getting a new router help me? also, I have my airport extreme in bridge mode because It said I have a double NAT and DCHP. So what would be the best solution for getting an open NAT type for Call of Duty on Xbox 360? I also have a MacBook pro (2009).

    Yes, that is what I am doing.  I don't know the setup details for what you want to do, but I am running a MacBook Pro (late 2008), iPad, and a couple of iPhones on wifi through my Airport Extreme base station.  I also run backups to a Time Capsule. 
    The base station is set up to "Create a wireless network" and runs in "DHCP and NAT" mode.  The Time Capsule and two Airport Expresses are set up to "Join a wireless network".  My cable modem (Ubee DVW3201b) runs in bridge mode, connected by cable to the WAN port on the base station.  I have the wifi capability of the modem disabled.  It took me some trial and error to get the cable modem set up properly, but there is a lot of information out on the net. 

Maybe you are looking for

  • I have windows 7 on my macbook pro but i want OS X how do I install it?

    I have windows 7 on my macbook pro but i want OS X how do I install it?

  • How to align text in Panel Box to the center

    Hi, I would like to align the text in the Panel Box to the center. Here is my code snipplet: +<af:panelBox text="22" id="pb8"+ titleHalign="center" ramp="highlight" background="dark" icon="/images/warningind_active.gif" showDisclosure="false" content

  • OC4J Report Server

    Does anyone know if Oracle will be releasing a version of Reports that will have the ability to load in a standalone OC4J container and not require the full App Server. I ask this because I have not found any reporting tool with the power and ease of

  • Apache 2.2 21 forward Proxy 2 way SSL for weblogic server as a client

    Hi All, Currently, i am trying to implement a forward SSL proxy. The client will hit my apache server which in return will hit a IIS Server. scenarios 1 client(weblogic)--*2 way SSL*Apache(forward proxy)*2 way SSL*-- IIS If i were to implement 1 way

  • Third and next folios don't appear in iPad app

    I've built a multi-folio app for iPad and it is now published at AppStore. First 2 folios published for my app appear in the app but third and next folios don't although all of them are displayed as 'Published' in Folio Producer. Meanwhile all new fo