2 subnets with one FIOS router
I am using the FIOS router for home and sometimes need to test certain situations for my work. I have set up a virtual lab that uses the 192.188.1.x subnet from the router. I have also set up a second virtual network that uses the 192.168.2.x subnet and have the two networks routed (virtually) between them. When it comes to accessing the internet, all of my .1 hosts, physical and virtual can connect with no problem, but none of my .2 hosts can do this. DNS resolution works, but actual outbound traffic is somehow being blocked. I set up a network object that contains all the IP addresses of my 192.168.2.x subnet and created a new input and output rule in Firewall > Advanced Filtering that allows all outbound and inbound traffic to/from the other subnet. It still doesn't work, but I think I'm close. I can't see anything else that would block this and the firewall logging doesn't really help either. Has anyone been able to successful do this? Just to clarify, I do not have and additional physical routers in the mix, all virtual using Windows routing and Hyper-V virtualization.
Any help is appreciated.
Thanks
Solved!
Go to Solution.
My home network is on 192.168.1.x (attached to the actiontec)
I have a secondary NAT router (Cisco Linksys) running in the standard internet configuration with it's WAN interface connected to the ActionTec (and getting a 192.168.1.x address) and the private LAN addressed as 192.168.2.x (it's running in NAT/Firewall mode so everything which passes thru it get's assigned the 192.168.1.x address of the WAN interface of the Linksys).
Behind the Linksys, I have a router and some switches running various configurations with VLAN's and additional networks -- such 192.168.3.x and 192.168.4.x) and these are all routed internally on that network and defined to the Cisco Linksys. Anything from these networks that get routed to the Linksys NAT to the 192.168.1.x address on their way to the internet (the linksys can handle multiple networks).
Similar Messages
-
How do I use my airport extreme with my FIOS router?
How do I use my AirPort Extreme base station with my FIOS Router to extend my network? I have hard disks connected to my AirPort Extreme and would lik to access them.
Probably can't answer all your questions - but.... I use a Linksys (wired and wireless) router as my primary entry point for FIOS. I use a Time Capsule and an Airport Express as a common wireless connection. So I have two visibile wireless networks and use them both depending on where I am in the house. Both the TC and AEx can be seen either wirelessly or wired from the entire network. Note - the Linksys provides all the DHCP - you set the apple routers as "bridge mode."
-
Time capsule remote access with verizon Fios router
I got a new 5gen time capsule. I'm trying to remotely access some files I transferred into the TC. The TC is on bridge mode with my Verizon Fios router. Is there a way to access my files remotely if so how do I set up.
The Fios router should offer ddns service from several of the providers.
Typical ones are dyndns and noip
but there are a fair number of them.. just the client has to be included in the firmware of the router.
Static public IP is the best option by far, but most ISP will only offer it with their business plans which are so much more expensive that it is not worth it. Some cable services will not offer it at all as their plans are all domestic.
Anyway the info is a phone call away and see how much extra it costs if it is offered.
Otherwise check the router for what ddns services are supported and join one.. they are free to a few dollars a month for low use service. -
NETGEAR WNDR3700 and FIOS Victory and a cautionary tale of security with a FIOS Router
I added FIOS as our IP in January. We recieved a good deal for superior speed 25/25 Mbs.
What I learned after testing the Westell 9100 router provided by Verizon was that port 4567 was continutally open. And that after serveral calls to Verizon techsupport, and yes hours waiting for a live person (Cummulative waiting time) I was met with silence on the question of the open port and given a canned answer that Verizon does not provide support for that issue. I tested this at norton, grc.com and auditmypc. All have the same result, Port 4567 is open.
I found some helpful hints via google search and via this forum. What I have learned to my dismay is that anyone, who knows our IP address eventhough it is dynamic every few days, could telnet the port and if they knew our password, or if a user didnot change the default, could enter our setup and network. This should send shivers down your spine.
Verizon as I understand it, leaves the port open for firmware updates. And that its impossible to stealth the port given their software. Also, Verizon has their own DNS that they list as primary and secondary. This means, that everything you do online passes through their DNS servers and is recorded. how do you know? ever get that sudden switch to Verizon search after a google search.
I purchased a router Actually 2, took one back and upgraded to the Netgear WNDR3700. What a nightmare in trying to figure out why the connection kept dropping. After hit and miss in configuring 2 settings that are must. Dynamically assigned DNS.
MTU must be set to 1492 in the router WAN setup
your routers mac address must be set to use computer mac address. in the Basic settings.
I also registered at OpenDNS and use their DNS servers with no issue. Im trusting one over the other.
FIOS has changed my IP twice since and my home network runs without a hitch. I have a HUB set up, PS3. Non fios tv, IP phone etc etc etcMy Verizon router is not a router. Bridge only. No WAN ports used on my Actiontec. Who needs support? The only reason I would call is if my service stopped working, or slowed down to a problem. I am not most people. My router is a Linux box with a single core CPU, 512meg of RAM, 80 gig drive, and two network cards. Logs everything for 90 days.
-
Airport Express with Fios router connection issues
I have an Airport Extreme I am using with a Fios router (with the Fios wireless deactivated).
Prior to Fios, I used it with Comcast and never had the following issues:
When accessing the web from any of my Macs after a period of sleep or other disuse, the browsers return a "not connected to the internet" message (this is after the machine has returned to service for a time-- not immediately after waking).
Waiting a few more seconds and then trying again usually connects normally. Again, never did that with Comcast-- on and connected was on and connected.
AppleTV is almost NEVER connected when I go to watch it after a period of disuse. Usually, all maner of resets/restarts are required to get everything talking. I have both an older white ATV as well as the newest black model.
I should add that the Verizon tech knew next to nothing about Apple products when he came out. I ended up going on-line and reading all kinds of posts and arriving at my current configuration. Networking has always been a black hole in my Mac knowledge, so, rather than put all the blame on Verizon, I will say it's highly likely my set-up is not optimal.
Does anyone know how best to set-up this combination? I don't really even know how to tell you how I set mine up to begin with!Unfortunately, if you have Fios, you really are forced into using their equipment and will have to configure the AirPort Extreme in Bridge Mode to work correctly with the Fios gateway.
Check to verify if the AirPort Extreme is set to operate in Bridge Mode, which would be the correct configuration for your setup.
Open Macintosh HD > Applications > Utilities > AirPort Utility
Click the AirPort Extreme and then click Manual Setup
Click the Internet icon at the top of the window
The setting for Connection Sharing should be "Off (Bridge Mode)"
Is that the case? -
FIOS Router With OpenDNS ... Is This Discouraged?
I've been using OpenDNS successfully with my FIOS router for several months. I never had a problem until having FIOS TV installed. Some "techies" might find this interesting.
My Question -- I learned that using non-standard DNS settings was probably interfering with my FIOS TV initial installation. However, once the installation successfully completes, I wonder whether it's considered safe to resume using OpenDNS, or might this somehow interfere in some way again?
The Background -- I enjoyed chatting with the FIOS TV installation technician and I distinctly remember coincidentally mentioning that I was using OpenDNS settings on my FIOS router; he seemed completely unconcerned.
After completing the installation, he observed the FIOS TV Guide would not install on my FIOS TV receiver. He mentioned that sometimes there are delays; I should allow up to an hour for the download to complete, but if it still didn't work, I should call him and he'd be able to issue a reset/restart command for the FIOS TV Guide download. Three hours later I called him, he restarted the download, but another three hours later, the FIOS TV Guide still had not downloaded.
The Symptoms -- I couldn't display any programming guide-type information. In addition, the DVR controls -- rewind, pause, fast-forward, etc -- also would not function.
As I called Tech Support, the procedures he recommended -- removing the power (unplugging) my set-top box (STB), and then plugging it in again -- had no effect. Repeated attempts failed. Once again, though, I coincidentally mentioned that I had been using OpenDNS. The technician didn't know what that was, but I briefly explained, and he concluded THIS might be interfering with getting the FIOS TV Guide downloaded.
Here's what happened next, which really surprised me: Tech Support was able to remotely command a router master reset. Who knew they had this kind of "back door"? Not I. After performing the router master reset, the FIOS TV Guide downloaded in mere moments. My FIOS TV installation was now functioning normally.
However, I've been hesitant to change the router's DNS settings again. If I don't get a definitive reply via this forum, I suppose I'll have to contact Tech Support via e-mail and ask them to carefully consider my question.
Tony
Solved!
Go to Solution.Thank you for your reply. So, I guess that settles it. I'll use OpenDNS again and see what happens.
I can only guess, but if your situation/configuration and mine were the same, perhaps you already had Verizon TV installed and THEN you began using OpenDNS afterward? As I said, that's just a guess.
In my situation, though, the sequence of events were probably different. With me, (1) I had been using Verizon FIOS Phone and Internet only with the router's default settings, (2) then I adjusted the FIOS router to use OpenDNS, and (3) then several months afterward I had FIOS TV added and immediately had the difficulties I described in the initial message for this thread.
Perhaps the difficulties with using OpenDNS, if any, are limited to these two situations: (1) The initial download of the Verizon FIOS TV guide, and (2) interacting with certain Tech Support diagnostic commands. I may not have mentioned it, but as Tech Support was diagnosing why the guide was not downloading, the technician had issued certain commands to the router, but the router was unresponsive, leading him to think the cause may have been my use of OpenDNS. That's when he dug deeper into his "bag of tricks" and issued a "master reset" command, which apparently was comparable to using the Reset switch in back of the router. Who knew they could "hack" their way in like that?
In any case, thanks again for your message.
Tony -
How do I Set up airport extreme with existing fios wireles network
Hello al, l I have an existing wireless network with an arcitonic wireless router provider with my fios tv. Everything is working well. Now I want to add airport extreme to increase my network range and later add apple tv /net flicks I,m not great with this stuff. Some wold be great.
You will need to establish a permanent Ethernet cable connection from one of the LAN <-> ports on the Fios router to the WAN port (circle of dots icon) on the AirPort Extreme and then configure the AriPort Extreme to "Create a wireless network".
You can configure the AirPort Extreme to provide another separate wireless network if you wish, or if you assign the same wireless network name, and use the same security setting and password that the Fios is using, the Extreme will provide more wireless coverage....and you won't have to change wireless networks to connect to the wireless on the Extreme.
Follow the guided setup using AirPort Utility to "create a wireless network". The setup will suggest that you configure the AirPort Extreme in Bridge Mode, which would be the correct setting when used with the Fios router. -
Using a time capsule to extend a fios router?
I know this topic has been covered many times, but I seem to have trouble finding my answer to my exact questions. I have verizon fios wireless router that they provided with the service. We have a large house with the fios router at one end. At the opposite end, the signal is very weak. I want to use my time capsule to extend the network to the other end of the house. Is this possible without connecting a long ethernet cord and placing the TC at the other end of the house. My ideal situation would be to plug the TC into the wall at opposite end of the house of the Fios router and have it connect to the Fios router and extend the wireless connection...is this possible? If not, can someone please solve my problem?
I just turned the wifi setting of my fios router off and plugged it directly into the time capsule. If I had a large house like yours, I would look at something like this:
http://www.engadget.com/2011/06/08/netgears-universal-wifi-range-extender-now-av ailable-for-baldin/ -
Apple Express and Fios router/modem MI424WR
I have a Verizon Fios modem/wireless router. Can I turn off the wireless radio of the MI424WR (making it now just a modem) and connect a airport express to it to assume the role of wireless router for my network. I have too many drops with the Fios router.
Thanks.Yes, I have done the same thing. You don't even have to turn off the wireless on the Verizon router, but I did. My motivation was to get 802.11n capability. Make sure your AX has the latest firmware.
All I had to do was hook the AX to one of the ethernet ports on the Verizon router and the two lashed up just fine. Occasionally they loose sync, especcialy if there is a power glitch/outage. In that case, shut everything down and disconnect the AX. Restart Verizon modem to make sure it is working and has an Internet connection. After a few minutes reconnect the AX and they should resync. -
Airport Express vs FIOS Router
Just had FIOS installed in my home. Really is awesome. They would not install my Airport Express stating the range is better on their router. Is this true? The range is good, but hate not using my Airport Express that I just resently purchased. Is it difficult to reconnect the Airport Express to the FIOS modem? Any help you can give is appreciated. Thank you!!!
Linette,
This can get confusing, since we are talking about two different things here.
It is possible to turn off the wireless function on the FIOS router, connect the AirPort Express to the FIOS router using a permanent Ethernet cable connection, and use the Express to provide your wireless network.
That's a lot of work, with no assurance that there would be any improvement if you did this. Unless you are confident in your abilities and adept at troubleshooting, it would probably be best to leave well enough alone and use the FIOS router for your wireless service.
It appears that Allen was suggesting that you use the current FIOS router to provide a wireless signal and the Express (located a few rooms sway) to "extend" the FIOS router signal wirelessly.
That won't work, since the Express is not compatible with the FIOS router for this purpose. -
I want to use an Airport Extreme as my router. I currently have a Verizon FiOS router. I have Verizon for phone, internet and TV. However, TV-wise, I just have a basic service for one TV with just a regular box. No HD, no DVR. Don't need access to a menu, widgets, on-demand. Can I eliminate the FiOS Router and just use the Airport Extreme and still have phone and internet?
I know that it will increase my wireless coverage in my house but will it increase the speeds?
Not sure what you are asking here. The AirPort Extreme is only going to be as fast as the Internet connection that it receives.....which is 75/75. It cannot take a 75/75 connection and make it go any faster.
If you locate the AirPort Extreme in an area where you need more wireless signal coverage, the AirPort Extreme would deliver 75/75 in that area. But, keep in mind that the AirPort Extreme must connect to the FIOS router using a permanent, wired Ethernet cable connection.
If you are asking if the AirPort Extreme can wirelessly connect to the FIOS modem router, and extend the FIOS wireless network, the AirPort Extreme would not be compatible with a FIOS product for that purpose. -
Two subnets with different mask on a single router?
router 1941
Hello. I'm needing assistance with the setup of two subnets within a single router.
Here's my information:
Router has only two GigabitEthernet interfaces.
GigabitEthernet0/0 has 172.20.0.1 ip and 255.255.252.0 mask.
GigabitEthernet0/1 has 172.21.0.1 ip and 255.255.128.0 mask
Now, on each side there is a Switch with two computers.
I need to have 1 computer on each side on the same subnet, and the other one on a different subnet, meaning a pc on the same side cannot communicate with the other computer on its side, but can with another computer on the other side.
I have no idea how to configure this on the router, can anyone please help me?
Thanks in advance!>>> So you want PC1 and PC3 to be able to talk to each other but you don't want them to be able to >>>talk to PC2 and PC4 and vice versa.
This is correct.
>>>If so you don't need a router, you can just a switch (or switches) and use two vlans with no L3 >>>interfaces.
Unfortunately they are not giving me the choice of making my own net design. I need to setup this with all the devices mentioned (1 router, 2 switches, 4 pcs).
>>>If so you don't need a router, you can just a switch (or switches) and use two vlans with no L3 >>>interfaces.
As long as they communicate with the appropiate PC, it doesnt matter if they communicate to other devices or not.
Thanks again! -
Yoga 13 - Wifi Issue with Verizon FIOS Advanced Router
In an effort to boost the Internet Speed for my wireless devices in my house I upgraded my Verizon FIOS router to their Advanced Router. I had noticed that all of my Wireless Devices were unable to get any more speed than 25/25, when I get 75/35 to my home. I discovered that my router was the issue. So I upgraded and was instantly able to reconnect all of my wireless devices and laptops without any issue, except my Lenovo Yoga 13. It kept getting an error that it could not login to the SSID I would give it. It would see it, but when I put in the password it would fail to connect andd give me a message indicating the same. So I thought I may need to download a newer driver. The Yoga would still attach to my hotspot, so I downloaded the latest WLAN driver. It still would not work, but I notced that it did not dump the old driver, so I deleted it and then I could not attach at all to anything. So I used another unit downloaded all off the WIreless and Bluetooth drivers I could find on the Lenovo site for Windows 8.1 and loaded them back up. I am now able to login to my new router but I get worse speeds than I did before. Now I get 10/20. But I also saw that there are now a bunch of bluetooth and wireless drivers in loaded in control panel, so before I delete any, do I need them all? Are they stepping on each other? What ones are definitely needed? Has anyone gotten anymore than 25/25 out of the Lenovo drivers? And did they ever succeed in hooking it up to a Verizon FIOS Advanced Router?
Let me know!
Thanks!I went into the router and set a static IP address for the ipad (in the low 200's dont use the 100's its for your fios cable dvr's). You will first have to shutdown the ipad (not just sleep). Then delete the ipad from the connection list in the fios router. The instructions from the fios router pdf are below. I am on 24 hrs and even with wep and no fixed channel I have had no problems.
To define a new connection with a fixed IP address:
1. Click New Static Connection in the DHCP Connections screen. The “DHCP Connection Settings” screen appears.
2. Enter a host name for this connection.
3. Enter the fixed IP address to assign to the computer.
4. Enter the MAC address of the computer’s network card.
5. Click the OK to save changes.
☞ Note: A device’s fixed IP address is actually assigned to the specific
network card’s MAC address installed on the network computer.
If this network card is replaced, the device’s entry in the DHCP Connections list must be updated with the new network card’s MAC address.
To remove a host from the table, click the appropriate “Delete” icon in the Action column. -
RA VPN into ASA5505 behind C871 Router with one public IP address
Hello,
I have a network like below for testing remote access VPN to ASA5505 behind C871 router with one public IP address.
PC1 (with VPN client)----Internet-----Modem----C871------ASA5505------PC2
The public IP address is assigned to the outside interface of the C871. The C871 forwards incoming traffic UDP 500, 4500, and esp to the outside interface of the ASA that has a private IP address. The PC1 can establish a secure tunnel to the ASA. However, it is not able to ping or access PC2. PC2 is also not able to ping PC1. The PC1 encrypts packets to PC2 but the ASA does not to PC1. Maybe a NAT problem? I understand removing C871 and just use ASA makes VPN much simpler and easier, but I like to understand why it is not working with the current setup and learn how to troubleshoot and fix it. Here's the running config for the C871 and ASA. Thanks in advance for your help!C871:
version 15.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname router
boot-start-marker
boot-end-marker
enable password 7 xxxx
aaa new-model
aaa session-id common
clock timezone UTC -8
clock summer-time PDT recurring
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.2
ip dhcp pool dhcp-vlan2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
ip cef
ip domain name xxxx.local
no ipv6 cef
multilink bundle-name authenticated
password encryption aes
username xxxx password 7 xxxx
ip ssh version 2
interface FastEthernet0
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN Interface
ip address 1.1.1.2 255.255.255.252
ip access-group wna-in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
interface Vlan1
no ip address
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan10
description router-asa
ip address 10.10.10.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list nat-pat interface FastEthernet4 overload
ip nat inside source static 10.10.10.1 interface FastEthernet4
ip nat inside source static udp 10.10.10.2 500 interface FastEthernet4 500
ip nat inside source static udp 10.10.10.2 4500 interface FastEthernet4 4500
ip nat inside source static esp 10.10.10.2 interface FastEthernet4
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 10.10.10.0 255.255.255.252 10.10.10.2
ip route 192.168.2.0 255.255.255.0 10.10.10.2
ip access-list standard ssh
permit 0.0.0.0 255.255.255.0 log
permit any log
ip access-list extended nat-pat
deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
ip access-list extended wan-in
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.255.0.0 0.0.255.255 any
deny ip 255.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip host 0.0.0.0 any
deny icmp any any fragments log
permit tcp any any established
permit icmp any any net-unreachable
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit esp any any
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any administratively-prohibited
permit icmp any any source-quench
permit icmp any any ttl-exceeded
permit icmp any any echo-reply
deny ip any any log
control-plane
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class ssh in
exec-timeout 5 0
logging synchronous
transport input ssh
scheduler max-task-time 5000
end
ASA:
ASA Version 9.1(2)
hostname asa
domain-name xxxx.local
enable password xxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd xxxx encrypted
names
ip local pool vpn-pool 192.168.100.10-192.168.100.35 mask 255.255.255.0
interface Ethernet0/0
switchport trunk allowed vlan 2,10
switchport mode trunk
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Vlan10
nameif outside
security-level 0
ip address 10.10.10.2 255.255.255.252
ftp mode passive
clock timezone UTC -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name xxxx.local
object network vlan2-mapped
subnet 192.168.2.0 255.255.255.0
object network vlan2-real
subnet 192.168.2.0 255.255.255.0
object network vpn-192.168.100.0
subnet 192.168.100.0 255.255.255.224
object network lan-192.168.2.0
subnet 192.168.2.0 255.255.255.0
access-list no-nat-in extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list vpn-split extended permit ip 192.168.2.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static lan-192.168.2.0 lan-192.168.2.0 destination static vpn-192.168.100.0 vpn-192.168.100.0 no-proxy-arp route-lookup
object network vlan2-real
nat (inside,outside) static vlan2-mapped
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 10.10.10.1 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.2.0 255.255.255.0 inside
ssh 10.10.10.1 255.255.255.255 outside
ssh timeout 20
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
group-policy vpn internal
group-policy vpn attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split
default-domain value xxxx.local
username xxxx password xxxx encrypted privilege 15
tunnel-group vpn type remote-access
tunnel-group vpn general-attributes
address-pool vpn-pool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
ikev1 pre-shared-key xxxx
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:40c05c90210242a42b7dbfe9bda79ce2
: endHi,
I think, that you want control all outbound traffic from the LAN to the outside by ASA.
I suggest some modifications as shown below.
C871:
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.2 255.255.255.0
no ip nat inside
no ip proxy-arp
ip virtual-reassembly
ip access-list extended nat-pat
no deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
no permit ip 192.168.2.0 0.0.0.255 any
deny ip 192.168.2.0 0.0.0.255 any
permit ip 10.10.10.0 0.0.0.255 any
ASA 5505:
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
Try them out and response.
Best regards,
MB -
Solution for loss of DHCP with Win7 Home Group issues with FIOS Router
Apparently the FIOS Router (Westell 9100 in my case) doesn't like the IPv6 that Homegroup uses. I lost DHCP service on all three computers that have Win7 installed. I could manually set the IPv4 addresses in the Network Connector options on my computer and every thing worked fine. If I tried to use DHCP for IPv4 I wound up with a private network address (169.xxx.xxx.xxx).
DHCP for IPv4 worked fine adfter I disable IPv6 and the associated topology services. I also removed the HomeGroup option from our network setup.
If you want to use home group be prepared to manually set the IPv4 addresses in your network devices.
Good luckInteresting, thanks for posting.
Are these Windows 7 PCs that you installed 7 onto yourself, or ones that came with it? I have an HP laptop that came with Windows 7 already installed, no issues at all about IPv6 that I know of. IPv6 is still activated, works just fine on my FiOS Actiontec router, but maybe the Westell is just enough different to be sensitive to that.
Strange.
Justin
Verizon FiOS TV, Internet, and phone
QIP6416-P1, IMG 1.7C, Build 09.83
Keller, TX 76248
Maybe you are looking for
-
Sharing external drive between PC & 2 mac laptops - ntfs VS fat32 WARs
and I am having issues with file format. my goal: to use one of my external drives as an easily sharable storage place through the airport extreme for media, and basic work dosc for me and my wife. we have a PC desktop and each have mac laptops - me
-
External DVD Drive not working with osx 10.8.5
Hi, I'm having issues with my MacBook Pro 15" 9,1 working with an external DVD drive. I am running OSX 10.8.5 and have been troubleshooting this issue for a few weeks. The optical drive itself is the original drive that came with the computer, but
-
I need help with 2 apple IDs and how to handle them.
i have 2 apple ids and I was told I can only use one and I will lose all of the items I have purchased under the one I want to delete. Is there any way to transfer the info over to my other Apple ID?
-
Hello all, I have two questions concerning Trees, 1. I have created the Tree by the JTree(Vector) method, initially the vector does have some elements but i have to add some more later, so when my vector gets updated how can I add the same element to
-
How to begin with iCloud? My Apple ID doesn´t seem to function for this.