Router/gateway mode and NAT
In a posting in this site, it was suggested that NAT replaces router/gateway mode as used on the WRT54GS. I am wondering if that is correct.
Why? I have a WRT54GS (firmware v4.71.4, Oct. 31, 2007).
This works:
I have a class C IP block (full 256 addresses). I have the WAN side set up with
xxx.yyy.zzz.129 wan address
255.255.255.128
xxx.yyy.zzz.254 (default gateway)
(this forces the WAN side to just use the high 128 addresses - I am only using 129)
then, for the router IP, I have
xxx.yyy.zzz.15
255.255.255.0
and DHCP is
xxx.yyy.zzz.90 and 20 users
The LAN side uses the low 128 addresses.
This all works. I have the WRT set up as a Gateway (not Router)
HOWEVER,
I tried this on an Asus 56U box which has the NAT setting but no router/gateway mode and it won't allow the xxx.yyy.zzz block to be used on both the WAN and LAN sides. Is the Asus broken or is your answer wrong?
Why was I looking at the Asus? Someone recommended it to me. I would be happy to use a Linksys box instead if you can tell me which one would support the router/gateway mode.
My WRT54GS is working fine but I now have a Verizon Net Connect boax that uses VPN and VoIP and am getting a lot of delay.
I was thinkning that a newer box might be faster.
Thanks!!
I've seen some of the new routers with cisco/linksys that it does have the capability for NAT to be disabled if that is what you are looking for. But I agree with the person above me.
Similar Messages
-
Solaris 10 as router using ipfilter and nat
Hi,
I installed Solaris 10 on a second disk on an Ultra 5, but have no
success on using
ipfilter with NAT.
I have it working on the first disk with Solaris 9 and ipfilter 3.4.35.
I have pfil on both interfaces (hme0 internal and qfe0
external-internet) and ipfilter enabled. I used the working rule sets
from Solaris9 and have ip-forwading enabled. IPFilter is working on the
external interface, but none of the hosts on the internal network can
connect through the router to the internet, but they can ping both
interfaces.
I had the same problem with Solaris 9 using ipfilter 4.x and had to go
back to 3.4.35.
ipfstat shows all rules are loaded and ipnat -l shows the rules, but no
connections. ndd -get /dev/ip ip_forwarding returns 1.
Following are my rules:
ipf.conf
lock in log quick all with opt lsrr
block in log quick all with opt ssrr
block in log quick all with ipopts
block in log quick proto tcp all with short
block in log quick proto icmp all with frag
block in log quick on qfe0 from 10.0.0.0/8 to any
block in log quick on qfe0 from 127.0.0.0/8 to any
block in log quick on qfe0 from 169.254.0.0/16 to any
block in log quick on qfe0 from 172.16.0.0/12 to any
block in log quick on qfe0 from 192.0.2.0/24 to any
block in log quick on qfe0 from 192.168.0.0/16 to any
block in log quick on qfe0 from 204.152.64.0/23 to any
block in log quick on qfe0 from 224.0.0.0/3 to any
block in log quick on qfe0 from aaa.aaa.aaa.0/24 to any
block in log quick on qfe0 from any to aaa.aaa.aaa.0/32
block in log quick on qfe0 from any to aaa.aaa.aaa.255/32
block in log on qfe0 all
block out quick on qfe0 proto tcp/udp from any port 136 >< 140 to any
block out quick on qfe0 proto tcp/udp from any to any port 136 >< 140
pass out quick on qfe0 proto tcp all flags S/SA keep state keep frags
pass out quick on qfe0 proto udp all keep state keep frags
pass out quick on qfe0 proto icmp all keep state keep frags
pass out quick on qfe0 all
pass in quick on lo0 all
pass out quick on lo0 all
pass in quick on hme0 all
pass out quick on hme0 all
ipnat.conf:
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port ftp ftp/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 7070
raudio/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 1720
h323/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 portmap tcp/udp auto
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32
aaa.aaa.aaa.aaa = internal network
bbb.bbb.bbb.bbb = external
My routeadm statement shows:
Configuration Current Current
Option Configuration System State
IPv4 forwarding enabled enabled
IPv4 routing enabled enabled
IPv6 forwarding disabled disabled
IPv6 routing disabled disabled
IPv4 routing daemon "/usr/sbin/in.routed"
IPv4 routing daemon args ""
IPv4 routing daemon stop "kill -TERM `cat /var/tmp/in.routed.pid`"
IPv6 routing daemon "/usr/lib/inet/in.ripngd"
IPv6 routing daemon args "-s"
IPv6 routing daemon stop "kill -TERM `cat /var/tmp/in.ripngd.pid`"
Any suggestion what more checks I should do or what additional information is needed.
Regards,
HorstHi,
I installed Solaris 10 on a second disk on an Ultra 5, but have no
success on using
ipfilter with NAT.
I have it working on the first disk with Solaris 9 and ipfilter 3.4.35.
I have pfil on both interfaces (hme0 internal and qfe0
external-internet) and ipfilter enabled. I used the working rule sets
from Solaris9 and have ip-forwading enabled. IPFilter is working on the
external interface, but none of the hosts on the internal network can
connect through the router to the internet, but they can ping both
interfaces.
I had the same problem with Solaris 9 using ipfilter 4.x and had to go
back to 3.4.35.
ipfstat shows all rules are loaded and ipnat -l shows the rules, but no
connections. ndd -get /dev/ip ip_forwarding returns 1.
Following are my rules:
ipf.conf
lock in log quick all with opt lsrr
block in log quick all with opt ssrr
block in log quick all with ipopts
block in log quick proto tcp all with short
block in log quick proto icmp all with frag
block in log quick on qfe0 from 10.0.0.0/8 to any
block in log quick on qfe0 from 127.0.0.0/8 to any
block in log quick on qfe0 from 169.254.0.0/16 to any
block in log quick on qfe0 from 172.16.0.0/12 to any
block in log quick on qfe0 from 192.0.2.0/24 to any
block in log quick on qfe0 from 192.168.0.0/16 to any
block in log quick on qfe0 from 204.152.64.0/23 to any
block in log quick on qfe0 from 224.0.0.0/3 to any
block in log quick on qfe0 from aaa.aaa.aaa.0/24 to any
block in log quick on qfe0 from any to aaa.aaa.aaa.0/32
block in log quick on qfe0 from any to aaa.aaa.aaa.255/32
block in log on qfe0 all
block out quick on qfe0 proto tcp/udp from any port 136 >< 140 to any
block out quick on qfe0 proto tcp/udp from any to any port 136 >< 140
pass out quick on qfe0 proto tcp all flags S/SA keep state keep frags
pass out quick on qfe0 proto udp all keep state keep frags
pass out quick on qfe0 proto icmp all keep state keep frags
pass out quick on qfe0 all
pass in quick on lo0 all
pass out quick on lo0 all
pass in quick on hme0 all
pass out quick on hme0 all
ipnat.conf:
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port ftp ftp/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 7070
raudio/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 1720
h323/tcp
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 portmap tcp/udp auto
map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32
aaa.aaa.aaa.aaa = internal network
bbb.bbb.bbb.bbb = external
My routeadm statement shows:
Configuration Current Current
Option Configuration System State
IPv4 forwarding enabled enabled
IPv4 routing enabled enabled
IPv6 forwarding disabled disabled
IPv6 routing disabled disabled
IPv4 routing daemon "/usr/sbin/in.routed"
IPv4 routing daemon args ""
IPv4 routing daemon stop "kill -TERM `cat /var/tmp/in.routed.pid`"
IPv6 routing daemon "/usr/lib/inet/in.ripngd"
IPv6 routing daemon args "-s"
IPv6 routing daemon stop "kill -TERM `cat /var/tmp/in.ripngd.pid`"
Any suggestion what more checks I should do or what additional information is needed.
Regards,
Horst -
How to configure a RV220W in normal routing mode (No NAT)
Hi,
I have been very busy the last few days in trying to configure this router in normal routing mode. I do not want to have double NAT in my network. This is my setup:
C class IP network connected to the internet via a Fritzbox router. I need this router becasue of the VOIP services it provides. I want to use the RV220W to isolate certain users from the rest of the network. When I configure the router in WAN (NAT) it partially works, e.g. I can browse, send email but cant make a connection to a apple fileserver which is on the base network. When I try to operate in normal routing mode I cant get it to work. I am sure I am doing something wrong with the static routes.
Setup:
Internet <-> Fritzbox (192.168.12.0/24) network <-> RV220W <-> LAN 1 (192.168.1.0/24) users to be isolated.
On the 192.168.12..0/24 network the printer, fileserver and PBX are connected.
Please help me in configuring this.
The firmware is the latest 1.0.5.8.
Thanks in advance!
PeterHello Peter,
Sorry for the late reply, but I figured I would post anyone in case anyone else has this question.
You can put the router in what is called router mode by logging into the admin page and going to Networking >> Routing >> Routing Mode and selecting Router.
I am only looking at an emulator, but I believe this will cause a reboot. Once in router mode NAT and the firewall are disabled, however access rules do still work.
You will still need a static route from your Fritzbox to the 192.168.1.0/24 network on the RV220W, and the RV220W should have the Fritzbox as it's default gateway on it's WAN interface. You may also need to create an ACL to allow traffic from the Fritzbox network through the RV's WAN port.
Some Apple devices depend on the Bonjour protocol to work properly, which doesn't always traverse subnets well, so if after all of that it still doesn't work you may have an issue with Apple.
Thank you for choosing Cisco,
Christopher Ebert
Network Support Engineer - Cisco Small Business Support Center -
Loosing internet when in DHCP and NAT mode
Hello and thank you for your help. I am a novice.
I am using a 2009 macbook pro 10.7.5 with Mountain Lion
Originally my airport extreme setup was for " DHCP and NAT ".
Since yesterday, I am only able to get internet via Bridge mode, but I have to sign in to my server network first, like a hotspot
This means that my internet timing is limited and the finder shows other personal computers that does not belong to my personal network. My iphone cannot connect to my personal network without signing in the internet service provider website first as well
What happens when I try to update and restart AE to DHCP and NAT, is that I loose internet and get the following message in the airport extreme icon :
"DOUBLE NAT:
This airport base station has a private IP address on its Ethernet WAN port.
It is connected to a device or network that is using NAT to provide IP addresses.
Change your Airport base station from using DHCO and NAT to bridge mode."
Now, I do not want bridge mode
My attempt to solve the problem was resetting AE to factory. This created a new network. The new network appears in the network icon and it is WPA2 personal protected, like the previous one.
I appreciate your time and look foreward to solve my problem with some help in here - thank you againOriginally my airport extreme setup was for " DHCP and NAT ".
If it was, and you had a modem/router or gateway type of device "upstream" on the network, then you created a Double NAT error on the network.
Sometimes, you can get away with this on a simple network, and AirPort Utility does provide the option to "ignore" the error on the network, so the AirPort Extreme will display a green status light.....instead of blinking amber, which signals that something is amiss.
"DOUBLE NAT:
This airport base station has a private IP address on its Ethernet WAN port.
It is connected to a device or network that is using NAT to provide IP addresses.
Change your Airport base station from using DHCO and NAT to bridge mode."
If you want to run in DHCP and NAT mode, you will have a Double NAT error on the network. Click the option to "ignore" the error.
Then, power cycle the entire network. That means powering everything off, waiting a minute, then starting the modem first and let it run a minute or two, then start the next device the same way. Keep starting devices one at a time about a minute apart until the entire network is back up. -
DCHP and NAT, or off (Bridge-Mode)?
If I want to connect my MacBook and iPod touch to the internet using the AirPort Express, do I need to set router mode to DCHP and NAT, or off (Bridge-Mode)? I can't seem to get them both happily connected at once. My iPod especially doesn't like being connected now that I played with the settings to get rid of the long-standing flashing amber status.
After I turn it on each time, I need to have my laptop on and open up Safari, before the iPod touch will connect.
Normally, you want to power-up the modem first. Let it initialize for about 10 minutes. Then plug-in your AirPort Express. Give it a couple of minutes to initialize as well. Then power-up any of the other wireless clients.
I need to have my laptop on and open up Safari, before the iPod touch will connect. Otherwise it comes up with a pop-window saying "Authentication required" asking for a username and password, or sometimes it'll say "your password will be sent in the clear" (something like that).
Is your ISP providing you with DSL or ADSL service? These typically require that you first enter your user credentials (username & password) prior to gaining Internet access. If this is the case you will want to configure the AirPort Express to do this for you so you don't have to enter them via the PC. -
Difference between bridge mode and routed mode on CSS
Hi,
Could some one tell me the difference between routed mode and bridge mode.
Regards
NehaHi,
routed mode:
The CSS acts as a router, it routes packets from the client to the server. The server has the ACE configured as default-gateway.
There is a client-side VLAN and a server-side VLAN. These VLANs have different subnets.
Bridged mode:
The CSS acts as a bridge, it switches frames from the client to the server. The server has the upstream router configured as default-gateway.
There is a client-side VLAN and a server-side VLAN. These VLANs have the same subnet, but different VLAN IDs. The ACE bridges the client traffic from the client-side VLAN to the server-side VLAN.
Bridged mode would be most used in case one cannot change the servers IP addresses, or if address space is an issue.
Hope this helps.
Kind regards,
Dario -
Internal DNS server and NAT routing issue.
Hi -- I am not terribly experienced with DNS and I am running into an issue that I can't seem to resolve. My company.com DNS information is hosted by an outside ISP for email, web, etc... but I have configured an A record there to point to the public IP to my mac os x server (server.company.com).
We have a cisco router configured with one to one NAT from the public IP to the internal IP for our server in a 192.168.15.x subnet. The same router is running DHCP and and NAT on that subnet under a different public IP provided by our ISP.
Our server is running DNS with recursion and has a "company.private" zone set up for internal services and machine names. Thus, the server is accessible via "server.company.com" from the outside and "server.company.private" from the private LAN.
The problem is that I would like to be able to access some services simply via "server.company.com" both inside and outside the private network. Now, accessing the "server.company.com" services from the private lan does not work because the name resolves to the external IP and the external IP cannot be used internally due to NAT.
Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
I know that I could manually duplicate all entries for our domain from my ISP and host the same entries for internal clients, but it would be much easier to only have our server handle requests for itself. The server is running OS X Server 10.4.11.
ThanksIs there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
Ordinarily, no. Once your server thinks it is responsible for a zone (e.g. company.com) then it will answer all queries for that domain and never pass them upstream. Therefore you'd have to replicate all the zone data, including all the public records, and maintain them both.
The one possible exception to this (I haven't tried) is to create a zone for server.company.com that has your internal address. In theory (like I said, I haven't tried this), the server should respond to 'server.company.com' lookups with its own zone data and defer all other lookups (including other company.com names since they're not in a zone it controls). Might be worth trying. -
Dynamic Routing Gateway and ASA
Greetings,
We have a requirement to configure a multisite gateway and have run into an issue. According to http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx, dynamic routing gateways are not supported on the ASA platform. Does this simply mean that MS does
not support this configuration or that this configuration is not possible? I cannot negotiate an ikev2 proposal with a dynamic gateway so I fear that it isn't possible.
Has anyone here made this work?
Thanks in advance.Hello
In the link you provided, the combination of ASA with dynamic routing says it is not compatible (it does not say not supported).
From that I understand that it will not work.
We have tried a few Juniper combinations in the past with static and dynamic routing that were not on the list you mention - only to find out that they indeed did not work.
My recommendation is to stick to the supported setup. -
Problem with passive mode FTP server and NAT
Hi,
I have a problem with Passive mode FTP and NAT.
I am trying to run both an FTP server and sharing the Internet connection via NAT. I have by the way specified the passive ports to use in ftpaccess (65000-65534). Everything works fine until someone tries to connect via Passive mode. I have tracked the problem down to the firewall and the rule that handles NAT.
Firewall rule config without NAT:
00001 allow udp from any 626 to any dst-port 626
01000 allow ip from any to any via lo0
12300 allow ip from any to any
65535 allow ip from any to any
Firewall rule config with NAT
00001 allow udp from any 626 to any dst-port 626
00010 divert 8668 ip from any to any via en1
01000 allow ip from any to any via lo0
12300 allow ip from any to any
65535 allow ip from any to any
So, passive ports do not work when NAT is on. If I turn it off, Passive ftp works like a charm.
But how do I solve my problem? I have in my quest for the answer stumbled upon "-punch_fw" but do not know how to use it or if it even helps me at all?
Best regards,
Peter
B&W G3 Mac OS X (10.4.5)Media/Lacrosse-1-tiny.3gp
I can't find the file on your server.
They may also need to edit the .htaccess file to allow the .3gp file extension be used. Call them. -
CSM route mode and bridge mode can exist at the same time?
I'm using CSM on ver 4.x,and I used to the bridge mode for firewall load balance,for a new requset,I have to create a new server/client vlan,but the original firewall load balance was effected when I issued the server vlan command,and I'd like to use route mode for the new server farm,I'm wondering that route mode and brige mode can't exist at the same time,because it seems it doesn't make sense.Any reply will be very appreciated.
you can use bridge mode and route mode at the same time.
Traffic with desintation mac address being the CSM will be routed, otherwise it will be bridged.
Gilles. -
hello,
I want to understand the basic operation, difference and advantages of both Bridge Mode and Router mode?
i also want to know in which case i should go for Bridge mode and Router mode?
regards
DevangIt realy depends on your requirements.
Mainly bridge mode is used for multicast support, Multiple DMZs + FWSM, server initiated connections or for seemless migration from previously installed "bridged load balancing environment".
Some of the differences are
In bridge mode you do not need additional config for "Direct server access" / "Server Initiated connections"
Broadcasts are dropped in routed mode whereas they are bridged in bridge mode.
LB functionality is same in both modes.
Syed Iftekhar Ahmed -
Using an airport extreme in both bridged mode and guest network with DHCP
I currently use a third-generation airport extreme in bridge mode to connect my various Mac servers To the Internet. I'm using bridge mode on the AirPort Extreme because I have up to five static IP address (only using three now) I am currently not using the wireless network, and none of the servers are serving DHCP. I am looking at the Newer airport extreme with guest network Wi-Fi. My question is, does the new airport extreme base station support bridge- mode for any devices and host DHCP for the guest network connecting wirelessly to the base station?
The AirPort Extreme cannot be in Bridge Mode and support a Guest Network.
The AirPort must be configured to provide DHCP and NAT services if you want to enable the Guest Network function.
If you really do have a 3rd Gen AirPort Extreme, it will support the Guest Network feature if you connect the AirPort directly to a simple modem.....not a modem/router or gateway type of devices.......and configure the AirPort to provide DHCP and NAT services for the network. -
Hii frnds,
here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
Below is the out put from the router
r1#sh run
Building configuration...
Current configuration : 3488 bytes
! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname r1
boot-start-marker
boot-end-marker
enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
aaa new-model
aaa authentication login local-console local
aaa authentication login userauth local
aaa authorization network groupauth local
aaa session-id common
dot11 syslog
ip source-route
ip cef
ip domain name r1.com
multilink bundle-name authenticated
license udi pid CISCO1841 sn FHK145171DM
username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group ra-vpn
key xxxxxx
domain r1.com
pool vpn-pool
acl 150
save-password
include-local-lan
max-users 10
crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
crypto dynamic-map RA 1
set transform-set my-vpn
reverse-route
crypto map ra-vpn client authentication list userauth
crypto map ra-vpn isakmp authorization list groupauth
crypto map ra-vpn client configuration address respond
crypto map ra-vpn 1 ipsec-isakmp dynamic RA
interface Loopback0
ip address 10.2.2.2 255.255.255.255
interface FastEthernet0/0
bandwidth 8000000
ip address 117.239.xx.xx 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map ra-vpn
interface FastEthernet0/1
description $ES_LAN$
ip address 192.168.10.252 255.255.255.0 secondary
ip address 10.10.10.1 255.255.252.0 secondary
ip address 172.16.0.1 255.255.252.0 secondary
ip address 10.10.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpn-pool 172.18.1.1 172.18.1.100
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip dns server
ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
ip nat inside source list 100 pool INTERNETPOOL overload
ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
access-list 100 permit ip 10.10.7.0 0.0.0.255 any
access-list 100 permit ip 10.10.10.0 0.0.1.255 any
access-list 100 permit ip 172.16.0.0 0.0.3.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
control-plane
line con 0
login authentication local-console
line aux 0
line vty 0 4
login authentication local-console
transport input telnet ssh
scheduler allocate 20000 1000
end
r1>sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 117.239.xx.xx
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.2.2.2/32 is directly connected, Loopback0
C 10.10.7.0/24 is directly connected, FastEthernet0/1
L 10.10.7.1/32 is directly connected, FastEthernet0/1
C 10.10.8.0/22 is directly connected, FastEthernet0/1
L 10.10.10.1/32 is directly connected, FastEthernet0/1
117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 117.239.xx.xx/28 is directly connected, FastEthernet0/0
L 117.239.xx.xx/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/22 is directly connected, FastEthernet0/1
L 172.16.0.1/32 is directly connected, FastEthernet0/1
172.18.0.0/32 is subnetted, 1 subnets
S 172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/1
L 192.168.10.252/32 is directly connected, FastEthernet0/1
r1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
117.239.xx.xx 49.206.59.86 QM_IDLE 1043 ACTIVE
IPv6 Crypto ISAKMP SA
r1 #sh crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: giet-vpn, local addr 117.239.xx.xx
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
current_peer 49.206.59.86 port 50083
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x550E70F9(1427009785)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x5668C75(90606709)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550169/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x550E70F9(1427009785)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550170/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:hi Maximilian Schojohann..
First i would like to Thank you for showing interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF " Router cpu processer goes to 99% and hangs...
In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
so plz give me an alternate solution ....thanks in advance.... -
How to set up DHCP and NAT for QNAP NAS MyCloud service?
I have an Apple AirPort Extreme Base Station (AEBS) attached to my DSL model (no router in the modem). My QNAP NAS is attached via ethernet to the QNAP NAS. My iMac (running AirPort Utility 6.x) is connected to the AEBS via wifi.
I've found several folks who've tried this (and apparently succeeded) but I'm a networking novice and am having trouble making this work. What I did was to go into the AirPort utility and in the networking section configure "DHCP and NAT" and then called out the static IP and MAC address of the QNAP NAS (as well as the ports I'd like to remain open). However, when I did this and applied the changes, my iMac (connected to the AEBS via wifi) could no longer see the AEBS, which then required me to reset the AEBS, re-configure it back to the previous known good conifiguration and start over. After about 5 cycles of this I gave up.
So, what am I doing wrong here? Do I need to go in and configure every device that is going to access the AEBS as static and call out each device's IP and MAC address? (hopefully not, that'd be a major PITA).
Help. Anyone?When I run diagnostics with the QNAP, here is the reply I get (IPs redacted):
------ NAT PMP Diagnostics ------
initnatpmp() returned 0 (SUCCESS)
using gateway : xx.x.x.x
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Public IP address : 192.168.xxx.xxx
epoch = 2621
closenatpmp() returned 0 (SUCCESS)
------ UPnP Diagnostics ------
upnpc : miniupnpc library test client. (c) 2006-2011 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
desc: http://xx.x.x.x:60606/8CC1212D0C6D/Server0/ddd
st: upnp:rootdevice
desc: http://xx.x.x.x:9000/TMSDeviceDescription.xml
st: upnp:rootdevice
desc: http://xx.x.x.xx:55000/nrc/ddd.xml
st: upnp:rootdevice
desc: http://xx.x.x.xx:55000/dmr/ddd.xml
st: upnp:rootdevice
desc: http://xx.x.x.xx:49152/4/description.xml
st: upnp:rootdevice
desc: http://xx.x.x.xx:49152/2/description.xml
st: upnp:rootdevice
desc: http://xx.x.x.xx:49152/0/description.xml
st: upnp:rootdevice
desc: http://xx.x.x.xxx:8200/rootDesc.xml
st: upnp:rootdevice
desc: http://xx.x.x.xxx:49152/gatedesc.xml
st: upnp:rootdevice
desc: http://xx.x.x.xxx:49153/gatedesc.xml
st: upnp:rootdevice
desc: http://xx.x.x.xxx:49155/gatedesc.xml
st: upnp:rootdevice
desc: http://xx.x.x.xxx:9000/TMSDeviceDescription.xml
st: upnp:rootdevice
UPnP device found. Is it an IGD ? : http://xx.x.x.x:60606/
Trying to continue anyway
Local LAN ip address : xx.x.x.xxx
GetConnectionTypeInfo failed.
Status : , uptime=3217870016s, LastConnectionError :
Time started : Wed Mar 13 17:04:03 1912
MaxBitRateDown : 7 bps MaxBitRateUp 0 bps
GetExternalIPAddress() returned -3
GetExternalIPAddress failed.
GetGenericPortMappingEntry() returned -3 ((null)) -
Should I get a new router to get open NAT type?
Whenever I play COD Black ops 2 on my xbox 360 my NAT type is strict. I have a centurylink 660 series modem and that is working to its full potential of the bundle we bought from them. I also have an airport extreme (2009). I Know theres all these port forwarding stuff, but whenever I try to do that, my whole network crashes and I have to factory default all of my stuff. So would getting a new router help me? also, I have my airport extreme in bridge mode because It said I have a double NAT and DCHP. So what would be the best solution for getting an open NAT type for Call of Duty on Xbox 360? I also have a MacBook pro (2009).
Yes, that is what I am doing. I don't know the setup details for what you want to do, but I am running a MacBook Pro (late 2008), iPad, and a couple of iPhones on wifi through my Airport Extreme base station. I also run backups to a Time Capsule.
The base station is set up to "Create a wireless network" and runs in "DHCP and NAT" mode. The Time Capsule and two Airport Expresses are set up to "Join a wireless network". My cable modem (Ubee DVW3201b) runs in bridge mode, connected by cable to the WAN port on the base station. I have the wifi capability of the modem disabled. It took me some trial and error to get the cable modem set up properly, but there is a lot of information out on the net.
Maybe you are looking for
-
I have windows 7 on my macbook pro but i want OS X how do I install it?
I have windows 7 on my macbook pro but i want OS X how do I install it?
-
How to align text in Panel Box to the center
Hi, I would like to align the text in the Panel Box to the center. Here is my code snipplet: +<af:panelBox text="22" id="pb8"+ titleHalign="center" ramp="highlight" background="dark" icon="/images/warningind_active.gif" showDisclosure="false" content
-
Does anyone know if Oracle will be releasing a version of Reports that will have the ability to load in a standalone OC4J container and not require the full App Server. I ask this because I have not found any reporting tool with the power and ease of
-
Apache 2.2 21 forward Proxy 2 way SSL for weblogic server as a client
Hi All, Currently, i am trying to implement a forward SSL proxy. The client will hit my apache server which in return will hit a IIS Server. scenarios 1 client(weblogic)--*2 way SSL*Apache(forward proxy)*2 way SSL*-- IIS If i were to implement 1 way
-
Third and next folios don't appear in iPad app
I've built a multi-folio app for iPad and it is now published at AppStore. First 2 folios published for my app appear in the app but third and next folios don't although all of them are displayed as 'Published' in Folio Producer. Meanwhile all new fo