Setting up RDP on Cisco 861 HELP !

Similar Messages

• I just set up an Optus Cisco DPQ3925 wireless router to access higher speed internet I signed up for. I have a 4th gen airport extreme I want to put in another room and use as a wifi extender the wifi but I get an error message each time I try. Help?

  Hello all.
  I have just set up a new cisco DPQ3925 wireless router that Optus sent me to be able to access the higher speed internet I have signed up for.
  I have a 4th gen apple extreme that I want to use to extend the wifi but when I try to update the settings via the airport utility I get a message that says it cannot do so, and to check it is in range and the wifi is set up correctly. I'm not experienced with these things but I can't think what I have done wrong.
  Is anybody able to help me please.

  You cannot use the AE to extend wireless from a non apple router such as your cisco modem router.. they are not compatible..
  You need to tie to the two devices together either with ethernet or something like EOP adapters.. They are about $120 and you can price match in officeworks.

• How to Add Cisco 861's behind ASA 5505

  I will be setting up a VPN with a client soon.  They are shipping 2 Cisco 861's that are planning to go behind our ASA 5505.  They are set up to be NATed.
  I am trying to understand what the best way to do this would be as I seem to keep running into limitations of the ASA 5505.
  Our ASA has a public IP of 2.1.2.14/30 assigned to it's outside interface.
  The public IPs to be NATed to the 861's are 2.1.2.218 and 2.1.2.219/29.
  1. How can I assign this seperate public IP block to the ASA? Is it even possible?
  2. If not possible, what would other options be?
  3. Would an upgraded license that allows for additional interfaces make this easier? (I would not do the NATing then, just assign the new public IP block to another interface)
  Appreciate any help or suggestions.

  Hi,
  I personally run into these situations too and more than one occasion the users start to run into different kind of problems when they got additional hardware on their LAN that we dont manage.
  If you HAVE to do this as you described I would need some additional information
  What software version is your ASA?
  Do you have a Base License version of the ASA5505?Can confirm this with "show version" command
  In the original post, do you mean that you have a small link network (/30) with the ISP and that the ISP has also provided you with a small subnet for NAT purposes (/29)
  The first thing mentioned above would be needed to confirm what NAT format to use.
  Otherwise if the following 2 are true then there should be no problem using the additional IP address range on your ASA5505 firewall.
  There are 2 ways to go.
  Option 1.
  Make sure that the ISP has routed the additional /29 network towards your ASA5505 "outside" IP address
  Now just configure the needed NAT configurations (can naturally help with the configurations when I know the software level of the ASA)Notice that the additional public subnet doesnt need to be configured on any interface of the ASA. You can just configure NATs using those IP addresses as usual. The critical thing here is that the ISP has routed the network towards your ASA and HAS NOT configured this additional /29 subnet on their gateway as a secondary network.
  Option 2.
  Even if you have the ASA5505 at Base License you can still configure 3 interfaces on the ASA5505. The one thing to notice here is that you need to configure the "no forward interface Vlanx" to the third Vlan interface which will prevent this third Vlan from connecting to networks behind the interface Vlanx. This however doesnt stop Vlanx from connecting to networks behind third Vlan interface.This might provide a possibility to use the WAN side of the VPN routers on the third interface of the ASA since they you can limit their connectivity to the "inside" Vlan and this would mean they could still connect to "outside"
  Hopefully I made any sense. Please ask more if I was unclear about something above (which might be possible )
  - Jouni

• VPN stops forwarding traffic on subsequent connections (Cisco 861)

  Hello everyone,
  I have a very strange problem on 2 (independent) Cisco 861 routers in different places.
  They are both configured as easyVPN servers. One uses UDP, the other TCP. VPN clients connect by using Cisco VPN client software. This cannot be changed because the customer expects it this way. Both routers have the same problem:
  * the first VPN connection after a reset works fine. Traffic passes through and it is perfectly usable. I can ping the internal network interface on the router side from the client without problems.
  * the second connection (and all subsequent ones from different client machines etc.) connects fine, no errors on the client whatsoever (not sure I evaluated all possible debug output on the "server" side). However,  no traffic passes through. Pings do not come back from the 861 anymore through the VPN tunnel.
  I already enabled ICMP debugging and saw that pings are actually answered by the 861, but do not reach the client.The same seems to happen to any and all other packets as well.
  * If I restart the 861 the very same thing happens: first VPN connection works fine. You disconnect, try another connection from the very same client computer, and it does not work anymore until the next router reset.
  I append the configuration for sake of completeness. confidential parts are represented by XXX. Some ACLs are not in use right now; I used them for testing.
  Quite frankly, I am out of ideas (and desperate).
  Any ideas?
  Best Regards
  Mike
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname XXX
  boot-start-marker
  boot-end-marker
  logging buffered 51200
  logging console critical
  enable secret 5 XXX
  enable password 7 XXX
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa session-id common
  memory-size iomem 10
  clock timezone Berlin 1
  crypto pki trustpoint TP-self-signed-2638506017
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2638506017
  revocation-check none
  rsakeypair TP-self-signed-2638506017
  no ip source-route
  ip cef
  no ip bootp server
  ip domain name local
  license udi pid CISCO861-K9 sn XXX
  archive
  log config
    hidekeys
  no spanning-tree vlan 1
  username root privilege 15 secret 5 XXX
  username remote secret 5 XXX
  crypto ctcp port 10000
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp nat keepalive 20
  crypto isakmp client configuration group vpn
  key XXX
  pool SDM_POOL_1
  acl 104
  netmask 255.255.255.0
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group vpn
     client authentication list ciscocp_vpn_xauth_ml_1
     isakmp authorization list ciscocp_vpn_group_ml_1
     client configuration address respond
     client configuration group vpn
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA
  set isakmp-profile ciscocp-ike-profile-1
  interface Loopback0
  ip address 192.168.234.1 255.255.255.0
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  ip address dhcp
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  duplex auto
  speed auto
  interface Virtual-Template1 type tunnel
  ip unnumbered Loopback0
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 192.168.233.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip virtual-reassembly
  ip tcp adjust-mss 1452
  ip local pool SDM_POOL_1 192.168.234.2 192.168.234.127
  ip forward-protocol nd
  no ip http server
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip route 10.179.232.0 255.255.255.0 192.168.233.2
  ip route 172.16.0.0 255.255.0.0 192.168.233.2
  ip access-list log-update threshold 10
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.233.0 0.0.0.255
  access-list 100 remark XXX
  access-list 100 permit ip 192.168.233.0 0.0.0.255 any
  access-list 100 permit ip 192.168.234.0 0.0.0.255 any
  access-list 101 remark CCP_ACL Category=4
  access-list 101 permit ip 192.168.233.0 0.0.0.255 any
  access-list 101 permit ip 192.168.234.0 0.0.0.255 any
  access-list 102 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255
  access-list 103 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255 log
  access-list 103 permit ip 192.168.234.0 0.0.0.255 192.168.233.0 0.0.0.255 log
  access-list 104 permit ip 192.168.233.0 0.0.0.255 any log-input
  access-list 104 permit ip 192.168.234.0 0.0.0.255 any log-input
  no cdp run
  control-plane
  banner exec ^CCC
  XXX
  ^C
  banner login ^CCC
  XXX
  ^C
  line con 0
  no modem enable
  transport output telnet
  line aux 0
  transport output telnet
  line vty 0 4
  privilege level 15
  transport input ssh
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500
  end

  Hi,
  I addded a dynamic crypto map to the configuration according to the document you sent. However, it does not work yet.
  There must be some stupid mistake or mixup with the old config.
  The router logs:
  000038: *Mar  1 01:19:24.047 Berlin: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at XXX
  000039: *Mar  1 01:19:29.403 Berlin: CTCP: cTCP connection entry not found. Dropping the packet
  Correspondingly, the client retransmits a few times during a connection attempt and then fails.
  The current configuration is:
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname XXX
  boot-start-marker
  boot-end-marker
  logging buffered 51200
  logging console critical
  enable secret XXX
  enable password XXX
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa session-id common
  memory-size iomem 10
  clock timezone Berlin 1
  crypto pki trustpoint TP-self-signed-2638506017
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2638506017
  revocation-check none
  rsakeypair TP-self-signed-2638506017
  no ip source-route
  no ip cef
  no ip bootp server
  ip domain name local
  license udi pid CISCO861-K9 sn XXX
  archive
  log config
    hidekeys
  no spanning-tree vlan 1
  username root privilege 15 secret 5 XXX
  username remote secret 5 XXX
  crypto ctcp keepalive 10
  crypto ctcp port 10000
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp nat keepalive 20
  crypto isakmp client configuration group vpn
  key XXX
  pool SDM_POOL_1
  acl 105
  netmask 255.255.255.0
  crypto isakmp client configuration group testgroup
  key XXX
  pool SDM_POOL_1
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group vpn
     client authentication list ciscocp_vpn_xauth_ml_1
     isakmp authorization list ciscocp_vpn_group_ml_1
     client configuration address respond
     client configuration group vpn
  crypto isakmp profile VPNclient
     description VPN clients profile
     match identity group testgroup
     client authentication list clientauth
     isakmp authorization list groupauthor
     client configuration address respond
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA
  set isakmp-profile ciscocp-ike-profile-1
  crypto dynamic-map dynmap 5
  set transform-set ESP-3DES-SHA
  set isakmp-profile VPNclient
  crypto map mymap 10 ipsec-isakmp dynamic dynmap
  interface Loopback0
  ip address 192.168.234.1 255.255.255.0
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  mtu 1300
  ip address dhcp
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  duplex auto
  speed auto
  interface Virtual-Template1 type tunnel
  ip unnumbered Loopback0
  tunnel mode ipsec ipv4
  crypto map mymap
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 192.168.233.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip virtual-reassembly
  ip tcp adjust-mss 1452
  ip local pool SDM_POOL_1 192.168.234.2 192.168.234.127
  ip forward-protocol nd
  no ip http server
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip route 10.179.232.0 255.255.255.0 192.168.233.2
  ip route 172.16.0.0 255.255.0.0 192.168.233.2
  ip access-list log-update threshold 10
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.233.0 0.0.0.255
  access-list 100 remark XXX
  access-list 100 permit ip 192.168.233.0 0.0.0.255 any
  access-list 100 permit ip 192.168.234.0 0.0.0.255 any
  access-list 101 remark CCP_ACL Category=4
  access-list 101 permit ip 192.168.233.0 0.0.0.255 any
  access-list 101 permit ip 192.168.234.0 0.0.0.255 any
  access-list 102 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255
  access-list 103 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255 log
  access-list 103 permit ip 192.168.234.0 0.0.0.255 192.168.233.0 0.0.0.255 log
  access-list 104 permit ip 192.168.233.0 0.0.0.255 any log-input
  access-list 104 permit ip 192.168.234.0 0.0.0.255 any log-input
  access-list 105 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255
  no cdp run
  control-plane
  banner exec ^CCC
  XXX
  ^C
  banner login ^CCC
  XXX
  ^C
  line con 0
  no modem enable
  transport output telnet
  line aux 0
  transport output telnet
  line vty 0 4
  privilege level 15
  transport input ssh
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500
  end

• Inter Vlan Routing on a Cisco 861 Router

  Hi all
  I have a Network with 2 Subnets (2 DHCP servers) , Cisco Switch and a Cisco 861 Router.
  On the Router 
  Fa 4 (WAN port) is connected to the ADSL line
  All other 4 ports which are layer 2 ports 
  I need to achieve inter vlan routing 
  I have created 2 SVI's and assigned the default ip address on these SVI vlans
  I have selected fa 3 as the uplink trunk port that connects to the Switch.
  The config on the Fa 3 Trunk port is as shown below
  switchport mode trunk
  switchport trunk encapsulation dot.1q
  switchport trunk allowed vlan all
  This config does not show up on the Show Run config even though i did configure it. Is that normal ?
  so will inter vlan routing work in this way ?
  there should be only one connection between switch and router
  Many Thanks.

  Hi David,
  I have enabled what you have specified above which has blocked traffic both ways but it seems to be ignoring all rules to allow RDP, SMTP, IMAP, FTP ect.  Settings shown below:
  Rules 34 - 38 seem to be ignored for some reason not sure why?
  Kind Regards
  Richard

• HT2105 Continually get a message saying "We are experiencing technical difficulties, please try later" when trying to set up allowances. Not very helpful. Any ideas. I am running the latest itunes with Windows 7 Professional.

  Continually get a message saying "We are experiencing technical difficulties, please try later" when trying to set up allowances. Not very helpful. Any ideas. I am running the latest itunes with Windows 7 Professional.

  Not a solution yet, but received the following from one of the tech people I've been e-mailing back & forth with.
  "I'm sorry that you have been unable to submit your podcast. The podcast submission form is currently offline. When trying to submit the podcast you will receive this message "We are Currently Experienced Technical Difficulties". Once the issue has been resolved, I would be glad to inform you.
  Apple is currently working toward a resolution for the issue you have reported. You will receive an email after the matter has been investigated and further information is available."
  Who knows, maybe the problem isn't with my feed after all.

• Hello, I have a Macbook pro retina-2013.  About Mavericks I could set my 4K monitor via HDMI on 2560x1440.  This I can not set at Yosemite. Can someone help me there?

  Hello, I have a Macbook pro retina-2013.  About Mavericks I could set my 4K monitor via HDMI on 2560x1440.  This I can not set at Yosemite. Can someone help me there?

  They really pushed that it would all work great! Has anyone had the same struggle? Are there any step-by-step instructions to get linked up?
  Call Verizon's wireless tech support & explain your problem to them.  They will provide "step-by-step" instructions over the phone. 
  Take notes too!
  TIP:  If you do call & don't want to go through all those darn promps, when you initially call, just don't say anything.  The automatic voice will then say,  "will connect you to a service rep."

• HT1600 I have an apple tv  about two years old. Bought for a present and they never took it. I tried to hook it up cut it get stuck on setting time and date. Any help?

  I have an apple tv  about two years old. Bought for a present and they never took it. I tried to hook it up cut it get stuck on setting time and date. Any help?

  If you can view the main home screen, try selecting "settings" on the far right, then choose recent at the bottom. If not, try just unplugging power for a few minutes, then plug in and try again. Keep in mind you'll need a wireless connection and there may be several updates. Hope this helps-

• Tried to use iphone connecting to wifi but failed dispite password correct, cable connection ok, and even reset network setting in iphone. Anyone can help? KC

  Tried to use iphone connecting to wifi but failed dispite password correct, cable connection ok, and even reset network setting in iphone. Anyone can help?
  Kin Chi

  I get in now with the following procedures taken:
  1. Reset network as suggested in Apple app.
  2. In the wifi connection, instead click in the user name as shown in the screen, I click Others and re-type the user name as appeared before. In the security, instead of none, I click WEP. It will then prompt you to put in password. I then put in password as I know for that user name again.
  Then, it joined the wifi..
  Hope this can help someone who get this problem.
  Kin Chi

• I cannot sign-in to FaceTime. My apple password is not accepted for setting up FaceTime. Can someone help how to setup FaceTime

  I cannot sign-in to FaceTime. My apple password is not accepted for setting up FaceTime. Can someone help how to setup FaceTime

  Using FaceTime http://support.apple.com/kb/ht4319
  Troubleshooting FaceTime http://support.apple.com/kb/TS3367
  The Complete Guide to FaceTime: Set-up, Use, and Troubleshooting Problems
  http://tinyurl.com/32drz3d
   Cheers, Tom

• Itunes could not connect to internet.. i have read all your solution but non help, include firewall, restart dns, check IE setting ETC... PLS HELP, my phone can't sync with itune...........

  itunes could not connect to internet.. i have read all your solution but non help, include firewall, restart dns, check IE setting ETC... PLS HELP, my phone can't sync with itune...........

  i could not do anything with itune, check updates, help. etc..
  i am using windows 7.. and the latest itune, (previous itune also can't sync)

• Question about setting up rdp using a cisco 800 series router

  HI there,
  I am currently in school for networking. One co-op placement I went too handed me a cisco 800 series router to practice my routing skills on. I am trying to setup RDP so I can access my server from outside my internal network. I ran this following acl command to do it.
  ip nat inside source static tcp server IP address port# cable modem IP port # extendable.
  My question here is, my cable modem will occasionally hand out a different IP since it has DCHP. I cannot turn DHCP off in my cable modem. So is there a way I can set this up to use a dynamic IP from my modem so I alwasy have access to it or every time my modem changes the IP address do I have to go in and modify this acl?

  Configure DDNS ( Dynamic DNS ) on the router. For this you need to register with a DDNS provider. Go to
  http://www.no-ip.com/ . they provide free reliable service.
  With DDNS, Once your router gets a DHCP address from your ISP , it will dynamically update the DNS name record. For example if you register you routers name as, "myrouter.no-ip.org",  from there onwards whatever the IP your router gets, you can refer to that by this name.
  So do as what Paolo said regarding using interface instead of ip, and register with the DDNS and you are good to go..
  Hope this helps
  Please rate this post if helpful..
  Thanks
  Shamal

• New to Cisco, ASA5505 Help

  Afternoon guys,
  I have decided I want to learn Cisco so made the decision to pick up a used ASA 5505 from ebay and use it as my main firewall/router. I have it installed and working but have a few questions about configuration, as some of what i have done seems like a very inefficient way of setting things up.
  My Basic config is this
  O2 ADSL Modem in bridge only mode  192.168.1.254 > ASA 5505 Public Static IP >ASA Inside 192.168.1.1 > Rest of internal LAN.
  I have spotted this blog post that details how to get to the modems WebUI through a Cisco router, But i am not sure how I would implement it in my network setup so would like advice on this.
  http://en.tiagomarques.info/2011/05/access-your-modem-webui-behind-a-cisco-router-bridged-configuration/
  O2 Modem IP: 192.168.1.254 ASA inside IP: 192.168.1.1Apple Airport: 192.168.1.2 (Wireless Bridge)LAN : 192.168.1.0/24 (VLAN 1)
  The other thing I would like to ask is about PAT, I have configured it to allow Ports 3074TCP/UDP and 88TCP inbound to my Xbox to allow Xbox live to work. But I would like to know if there is a better way to do this using object groups.
  This is currenlty how I set it up,
  object network xbox_udp_3074host 192.168.1.5nat (inside,outside) static interface service udp 3074 3074exitaccess-list acl_outside extended permit udp any object xbox_udp_3074 eq 3074object network xbox_tcp_3074host 192.168.1.5nat (inside,outside) static interface service tcp 3074 3074exitaccess-list acl_outside extended permit udp any object xbox_tcp_3074 eq 3074object network xbox_udp_88host 192.168.1.5nat (inside,outside) static interface service udp 88 88exitaccess-list acl_outside extended permit udp any object xbox_udp_88 eq 88
  What I would like to know is there a better more efficient way of setting this up as I have 3 network objects with 3 NAT statements and 1 ACL.
  Finally I have attempted to configure a Client VPN on the ASA and it works and connects but the problem is it only appears to let web traffic through. If i connect using the VPN built into my iPhone and try a ping using using Ping Lite app i dont get any responce's. but if you open safari and put in 192.168.1.4 I get the WebUI of my NAS device if i try to RDP to my home server the connection times out. If i drop the VPN and connect to Wifi i can ping and RDP from my phone ok so it must be a config problem.
  Below is my full config I have masked the password and cryptochecksum
  : Saved: Written by enable_15 at 02:08:45.939 GMT Sat Apr 21 2012!ASA Version 8.4(3) !hostname warrillow-asa1domain-name warrillow.localenable password (Masked) encryptedpasswd (Masked) encryptednames!interface Ethernet0/0 description physical connection to O2 Box IV switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 description to inside VLAN nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !interface Vlan2 description to outside interface (O2 Modem) nameif outside security-level 0 ip address (Public Static IP) 255.255.254.0 !ftp mode passiveclock timezone gmt 0clock summer-time GMT recurringdns server-group DefaultDNS domain-name warrillow.localobject network obj_any subnet 192.168.1.0 255.255.255.0object service playOn service tcp destination eq 57331 object service service_xbox_udp_88 service tcp destination eq 88 object network HomeServer_tcp_57331 host 192.168.1.250object network xbox_udp_3074 host 192.168.1.5object network xbox_tcp_3074 host 192.168.1.5object network xbox_udp_88 host 192.168.1.5object-group icmp-type DefaultICMP description Default ICMP Types permitted icmp-object echo-reply icmp-object unreachable icmp-object time-exceededobject-group service xbox_live tcp-udp port-object eq 3074 port-object eq 88object-group protocol TCPUDP protocol-object udp protocol-object tcpaccess-list acl_outside extended permit icmp any any object-group DefaultICMP access-list acl_outside extended permit tcp any object HomeServer_tcp_57331 eq 57331 access-list acl_outside extended permit udp any object xbox_udp_3074 eq 3074 access-list acl_outside extended permit tcp any object xbox_tcp_3074 eq 3074 access-list acl_outside extended permit udp any object xbox_udp_88 eq 88 pager lines 24mtu inside 1500mtu outside 1500ip local pool vpnpool 10.0.0.2-10.0.0.200 mask 255.255.255.0icmp unreachable rate-limit 1 burst-size 1icmp permit any echo-reply outsideno asdm history enablearp timeout 14400!object network obj_any nat (inside,outside) dynamic interfaceobject network HomeServer_tcp_57331 nat (inside,outside) static interface service tcp 57331 57331 object network xbox_udp_3074 nat (inside,outside) static interface service udp 3074 3074 object network xbox_tcp_3074 nat (inside,outside) static interface service tcp 3074 3074 object network xbox_udp_88 nat (inside,outside) static interface service udp 88 88 access-group acl_outside in interface outsideroute outside 0.0.0.0 0.0.0.0 (Public Static IP) 1timeout xlate 3:00:00timeout pat-xlate 0:00:30timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyuser-identity default-domain LOCALaaa authentication ssh console LOCAL http server enablehttp 192.168.1.0 255.255.255.0 insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstart warmstartcrypto ipsec ikev1 transform-set strong-des esp-3des esp-md5-hmac crypto dynamic-map dynmap 30 set ikev1 transform-set strong-descrypto map warrillow 65535 ipsec-isakmp dynamic dynmapcrypto map warrillow interface outsidecrypto isakmp identity address crypto ikev1 enable outsidecrypto ikev1 policy 11 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400telnet 192.168.1.0 255.255.255.0 insidetelnet timeout 30ssh 192.168.1.0 255.255.255.0 insidessh timeout 30console timeout 30threat-detection rate syn-attack rate-interval 600 average-rate 30 burst-rate 45threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160threat-detection basic-threatthreat-detection scanning-threat shun duration 3600threat-detection statisticsthreat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200webvpngroup-policy Warrillow internalgroup-policy Warrillow attributes wins-server none dns-server value 192.168.1.250 vpn-idle-timeout 120 vpn-tunnel-protocol ikev1 default-domain value warrillow.localusername mattw password (Masked) encrypted privilege 15tunnel-group Warrillow-VPN type remote-accesstunnel-group Warrillow-VPN general-attributes address-pool vpnpool default-group-policy Warrillowtunnel-group Warrillow-VPN ipsec-attributes ikev1 pre-shared-key *****!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters  message-length maximum client auto  message-length maximum 512policy-map global_policy class inspection_default  inspect dns preset_dns_map   inspect ftp   inspect h323 h225   inspect h323 ras   inspect rsh   inspect rtsp   inspect esmtp   inspect sqlnet   inspect skinny    inspect sunrpc   inspect xdmcp   inspect sip    inspect netbios   inspect tftp   inspect ip-options class class-default  user-statistics accounting!service-policy global_policy globalprompt hostname context no call-home reporting anonymoushpm topN enable
  EDIT: to remove public IP from config posted

  Hi,
  Adding the following configurations should allow ICMP through the ASA (for the echo-reply to come through also without using ACL)
  policy-map global_policy class inspection_default
      inspect icmp
  Unless you had already added this.
  You might also find the following documents/video helpfull. It shows off some of the common NAT configurations. This was mostly to help the people that were moving from the old to the new format. But it should be helpfull to you also. I know I sometimes double check there.
  Document: https://supportforums.cisco.com/docs/DOC-9129
  Video: https://supportforums.cisco.com/docs/DOC-12324 (also has a link to the above document)
  Regarding the NAT configurations for modem management, I cant guarantee this will work but the first configuration that came to mind is the following (kind resembles the NONAT configuration)
  Though I'm not really sure if this would work as the LAN network and the outside management IP is from the same network. But you can always try.
  object network LAN
    subnet 192.168.1.0 255.255.255.0
  object network MODEM-MANAGEMENT
  host 192.168.1.254
  nat (inside,outside) source static LAN LAN destination static MODEM-MANAGEMENT MODEM-MANAGEMET
  - Jouni

• Setting up Greeting in Cisco Unity

  I need to setup as follow:
  When a caller call to DN(Extension) if it is busy or no answer the call should forward to greeting like "Sorry line is busy" for Busy and "Sorry I'm not here" for no answer. After that a call should forward/transfer to Hunt Pilot that DN(Extension) is belong to.
  Is it possible to setting like this ?
  Thanks

  macgotti wrote:
  Hey I just bought the wrt160n v3 to set up in my dorm. The set up went very smoothly and thought everythig was working. My SSSID was being broadcasted w perfect signal but when I tried to connect to it it would not let me. My Ethernet is connected from the cable jack in the wall into the back of the router. My college uses the company/program Reznet and something made my cisco called nac for internet connections. Just wondering what I need to do. Other kids on my floor have routers but could not fox my problem. I use a laptop as my primary computer. Any help would **bleep** nice! Thanks
  (Mod note: Edited for guideline compliance.)
  1) something made my cisco called nac.
  Sure thats not NAT?
  2) When you connect directley to the LAN port provided by the doom, check your IP address.
  ipconfig /all
  3) If this address happens to be somthing like 192.168.1.x then the DEFAULT subnet on Linksys routers is the same subnet.  So, your WAN out on the Linksys is trying to nat your private addresses 192.168.1.x to public 192.168.1.x.
  4) Presumeing your connection out, the jack in the wall, is on DHCP, your router should be picking up everything from the campus (Doom) DHCP server, however, check the default gatway/DNS servers when dirctley connected to the doorm network, then check the same on the router when it is connectd to the dorm network.
   Need more information.  Report back with the IPCONFIG with a computer directley connected to the dorm network.

• I can't get internet connection even after wi-fi set is done with cisco

  I can't get internet connection even after wi-fi set up is done with cisco

  Not sure what Cisco is but if you are having problems with your wifi this link might help
  On the iPad...  tap Settings / General / Reset / Reset NetworkSettings.
  Or here is a link that might help http://support.apple.com/kb/TS1398