2 subnets with one FIOS router

Similar Messages

• How do I use my airport extreme with my FIOS router?

  How do I use my AirPort Extreme base station with my FIOS Router to extend my network?  I have hard disks connected to my AirPort Extreme and would lik to access them.

  Probably can't answer all your questions - but.... I use a Linksys (wired and wireless) router as my primary entry point for FIOS. I use a Time Capsule and an Airport Express as a common wireless connection. So I have two visibile wireless networks and use them both depending on where I am in the house. Both the TC and AEx can be seen either wirelessly or wired from the entire network. Note - the Linksys provides all the DHCP - you set the apple routers as "bridge mode."

• Time capsule remote access with verizon Fios router

  I got a new 5gen time capsule. I'm trying to remotely access some files I transferred into the TC. The TC is on bridge mode with my Verizon Fios router. Is there a way to access my files remotely if so how do I set up.

  The Fios router should offer ddns service from several of the providers.
  Typical ones are dyndns and noip
  but there are a fair number of them.. just the client has to be included in the firmware of the router.
  Static public IP is the best option by far, but most ISP will only offer it with their business plans which are so much more expensive that it is not worth it. Some cable services will not offer it at all as their plans are all domestic.
  Anyway the info is a phone call away and see how much extra it costs if it is offered.
  Otherwise check the router for what ddns services are supported and join one.. they are free to a few dollars a month for low use service.

• NETGEAR WNDR3700 and FIOS Victory and a cautionary tale of security with a FIOS Router

  I added FIOS as our IP in January.  We recieved a good deal for superior speed 25/25 Mbs. 
  What I learned after testing the Westell 9100 router provided by Verizon was that port 4567 was continutally open.  And that after serveral calls to Verizon techsupport, and yes hours waiting for a live person (Cummulative waiting time) I was met with silence on the question of the open port and given a canned answer that Verizon does not provide support for that issue.      I tested this at norton, grc.com and auditmypc.  All have the same result,  Port 4567 is open.
  I found some helpful hints via google search and via this forum.   What I have learned to my dismay is that anyone, who knows our IP address eventhough it is dynamic every few days,  could telnet the port and if they knew our password, or if a user didnot change the default, could enter our setup and network.  This should send shivers down your spine.
  Verizon as I understand it, leaves the port open for firmware updates.  And that its impossible to stealth the port given their software.  Also, Verizon has their own DNS that they list as primary and secondary.  This means, that everything you do online passes through their DNS servers and is recorded.  how do you know? ever get that sudden switch to Verizon search after a google search.
  I purchased a router  Actually 2, took one back and upgraded to the Netgear WNDR3700.  What a nightmare in trying to figure out why the connection kept dropping.  After hit and miss in configuring 2 settings that are  must. Dynamically assigned DNS. 
  MTU must be set to 1492 in the router WAN setup
  your routers mac address must be set to use computer mac address.  in the Basic settings.
  I also registered at OpenDNS and use their DNS servers with no issue.  Im trusting one over the other. 
  FIOS has changed my IP twice since and my home network runs without a hitch.  I have a HUB set up, PS3. Non fios tv, IP phone  etc etc etc

  My Verizon router is not a router. Bridge only. No WAN ports used on my Actiontec. Who needs support? The only reason I would call is if my service stopped working, or slowed down to a problem. I am not most people. My router is a Linux box with a single core CPU, 512meg of RAM, 80 gig drive, and two network cards. Logs everything for 90 days.

• Airport Express with Fios router connection issues

  I have an Airport Extreme I am using with a Fios router (with the Fios wireless deactivated).
  Prior to Fios, I used it with Comcast and never had the following issues:
  When accessing the web from any of my Macs after a period of sleep or other disuse, the browsers return a "not connected to the internet" message (this is after the machine has returned to service for a time-- not immediately after waking).
  Waiting a few more seconds and then trying again usually connects normally. Again, never did that with Comcast-- on and connected was on and connected.
  AppleTV is almost NEVER connected when I go to watch it after a period of disuse. Usually, all maner of resets/restarts are required to get everything talking. I have both an older white ATV as well as the newest black model.
  I should add that the Verizon tech knew next to nothing about Apple products when he came out. I ended up going on-line and reading all kinds of posts and arriving at my current configuration. Networking has always been a black hole in my Mac knowledge, so, rather than put all the blame on Verizon, I will say it's highly likely my set-up is not optimal.
  Does anyone know how best to set-up this combination? I don't really even know how to tell you how I set mine up to begin with!

  Unfortunately, if you have Fios, you really are forced into using their equipment and will have to configure the AirPort Extreme in Bridge Mode to work correctly with the Fios gateway.
  Check to verify if the AirPort Extreme is set to operate in Bridge Mode, which would be the correct configuration for your setup.
  Open Macintosh HD > Applications > Utilities > AirPort Utility
  Click the AirPort Extreme and then click Manual Setup
  Click the Internet icon at the top of the window
  The setting for Connection Sharing should be "Off (Bridge Mode)"
  Is that the case?

• FIOS Router With OpenDNS ... Is This Discouraged?

  I've been using OpenDNS successfully with my FIOS router for several months.  I never had a problem until having FIOS TV installed.  Some "techies" might find this interesting.
  My Question -- I learned that using non-standard DNS settings was probably interfering with my FIOS TV initial installation.  However, once the installation successfully completes, I wonder whether it's considered safe to resume using OpenDNS, or might this somehow interfere in some way again?
  The Background -- I enjoyed chatting with the FIOS TV installation technician and I distinctly remember coincidentally mentioning that I was using OpenDNS settings on my FIOS router; he seemed completely unconcerned.
  After completing the installation, he observed the FIOS TV Guide would not install on my FIOS TV receiver.  He mentioned that sometimes there are delays; I should allow up to an hour for the download to complete, but if it still didn't work, I should call him and he'd be able to issue a reset/restart command for the FIOS TV Guide download.  Three hours later I called him, he restarted the download, but another three hours later, the FIOS TV Guide still had not downloaded.
  The Symptoms -- I couldn't display any programming guide-type information.  In addition, the DVR controls -- rewind, pause, fast-forward, etc -- also would not function.
  As I called Tech Support, the procedures he recommended -- removing the power (unplugging) my set-top box (STB), and then plugging it in again -- had no effect.  Repeated attempts failed.  Once again, though, I coincidentally mentioned that I had been using OpenDNS.  The technician didn't know what that was, but I briefly explained, and he concluded THIS might be interfering with getting the FIOS TV Guide downloaded.
  Here's what happened next, which really surprised me: Tech Support was able to remotely command a router master reset.  Who knew they had this kind of "back door"?  Not I.  After performing the router master reset, the FIOS TV Guide downloaded in mere moments.  My FIOS TV installation was now functioning normally.
  However, I've been hesitant to change the router's DNS settings again.  If I don't get a definitive reply via this forum, I suppose I'll have to contact Tech Support via e-mail and ask them to carefully consider my question.
  Tony
  Solved!
  Go to Solution.

  Thank you for your reply.  So, I guess that settles it.  I'll use OpenDNS again and see what happens.
  I can only guess, but if your situation/configuration and mine were the same, perhaps you already had Verizon TV installed and THEN you began using OpenDNS afterward?  As I said, that's just a guess.
  In my situation, though, the sequence of events were probably different.  With me, (1) I had been using Verizon FIOS Phone and Internet only with the router's default settings, (2) then I adjusted the FIOS router to use OpenDNS, and (3) then several months afterward I had FIOS TV added and immediately had the difficulties I described in the initial message for this thread.
  Perhaps the difficulties with using OpenDNS, if any, are limited to these two situations: (1) The initial download of the Verizon FIOS TV guide, and (2) interacting with certain Tech Support diagnostic commands.  I may not have mentioned it, but as Tech Support was diagnosing why the guide was not downloading, the technician had issued certain commands to the router, but the router was unresponsive, leading him to think the cause may have been my use of OpenDNS.  That's when he dug deeper into his "bag of tricks" and issued a "master reset" command, which apparently was comparable to using the Reset switch in back of the router.  Who knew they could "hack" their way in like that?
  In any case, thanks again for your message.
  Tony

• How do I Set up airport extreme with existing fios wireles network

  Hello al, l I have an existing wireless network with an arcitonic  wireless router provider with my fios tv. Everything is working well. Now I want to add airport extreme to increase my network range and later add apple tv /net flicks  I,m not great with this stuff. Some wold be great.

  You will need to establish a permanent Ethernet cable connection from one of the LAN <-> ports on the Fios router to the WAN port (circle of dots icon) on the AirPort Extreme and then configure the AriPort Extreme to "Create a wireless network".
  You can configure the AirPort Extreme to provide another separate wireless network if you wish, or if you assign the same wireless network name, and use the same security setting and password that the Fios is using, the Extreme will provide more wireless coverage....and you won't have to change wireless networks to connect to the wireless on the Extreme.
  Follow the guided setup using AirPort Utility to "create a wireless network". The setup will suggest that you configure the AirPort Extreme in Bridge Mode, which would be the correct setting when used with the Fios router.

• Using a time capsule to extend a fios router?

  I know this topic has been covered many times, but I seem to have trouble finding my answer to my exact questions. I have verizon fios wireless router that they provided with the service. We have a large house with the fios router at one end. At the opposite end, the signal is very weak. I want to use my time capsule to extend the network to the other end of the house. Is this possible without connecting a long ethernet cord and placing the TC at the other end of the house. My ideal situation would be to plug the TC into the wall at opposite end of the house of the Fios router and have it connect to the Fios router and extend the wireless connection...is this possible? If not, can someone please solve my problem?

  I just turned the wifi setting of my fios router off and plugged it directly into the time capsule. If I had a large house like yours, I would look at something like this:
  http://www.engadget.com/2011/06/08/netgears-universal-wifi-range-extender-now-av ailable-for-baldin/

• Apple Express and Fios router/modem MI424WR

  I have a Verizon Fios modem/wireless router. Can I turn off the wireless radio of the MI424WR (making it now just a modem) and connect a airport express to it to assume the role of wireless router for my network. I have too many drops with the Fios router.
  Thanks.

  Yes, I have done the same thing. You don't even have to turn off the wireless on the Verizon router, but I did. My motivation was to get 802.11n capability. Make sure your AX has the latest firmware.
    All I had to do was hook the AX to one of the ethernet ports on the Verizon router and the two lashed up just fine. Occasionally they loose sync, especcialy if there is a power glitch/outage. In that case, shut everything down and disconnect the AX. Restart Verizon modem to make sure it is working and has an Internet connection. After a few minutes reconnect the AX and they should resync.

• Airport Express vs FIOS Router

  Just had FIOS installed in my home. Really is awesome. They would not install my Airport Express stating the range is better on their router. Is this true? The range is good, but hate not using  my Airport Express that I just resently purchased. Is it difficult to reconnect the Airport Express to the FIOS modem? Any help you can give is appreciated. Thank you!!!

  Linette,
  This can get confusing, since we are talking about two different things here.
  It is possible to turn off the wireless function on the FIOS router, connect the AirPort Express to the FIOS router using a permanent Ethernet cable connection,  and use the Express to provide your wireless network.
  That's a lot of work, with no assurance that there would be any improvement if you did this. Unless you are confident in your abilities and adept at troubleshooting, it would probably be best to leave well enough alone and use the FIOS router for your wireless service.
  It appears that Allen was suggesting that you use the current FIOS router to provide a wireless signal and the Express (located a few rooms sway) to "extend" the FIOS router signal wirelessly.
  That won't work, since the Express is not compatible with the FIOS router for this purpose.

• I have Verizon FiOS service for phone, internet and TV but I only have one TV hooked up for it for just basic cable service with no DVR and no need for widgets.  Can I use an Airport Extreme as my router and not use the FiOs router?

  I want to use an Airport Extreme as my router.  I currently have a Verizon FiOS router.  I have Verizon for phone, internet and TV.  However, TV-wise, I just have a basic service for one TV with just a regular box.  No HD, no DVR.  Don't need access to a menu, widgets, on-demand.  Can I eliminate the FiOS Router and just use the Airport Extreme and still have phone and internet?

  I know that it will increase my wireless coverage in my house but will it increase the speeds?
  Not sure what you are asking here.  The AirPort Extreme is only going to be as fast as the Internet connection that it receives.....which is 75/75. It cannot take a 75/75 connection and make it go any faster.
  If you locate the AirPort Extreme in an area where you need more wireless signal coverage, the AirPort Extreme would deliver 75/75 in that area.  But, keep in mind that the AirPort Extreme must connect to the FIOS router using a permanent, wired Ethernet cable connection.
  If you are asking if the AirPort Extreme can wirelessly connect to the FIOS modem router, and extend the FIOS wireless network, the AirPort Extreme would not be compatible with a FIOS product for that purpose.

• Two subnets with different mask on a single router?

  router 1941
  Hello. I'm needing assistance with the setup of two subnets within a single router.
  Here's my information:
  Router has only two GigabitEthernet interfaces.
  GigabitEthernet0/0 has 172.20.0.1 ip and 255.255.252.0 mask.
  GigabitEthernet0/1 has 172.21.0.1 ip and 255.255.128.0 mask
  Now, on each side there is a Switch with two computers.
  I need to have 1 computer on each side on the same subnet, and the other one on a different subnet, meaning a pc on the same side cannot communicate with the other computer on its side, but can with another computer on the other side.
  I have no idea how to configure this on the router, can anyone please help me?
  Thanks in advance!

  >>> So you want PC1 and PC3 to be able to talk to each other but you don't want them to be able to >>>talk to PC2 and PC4 and vice versa.
  This is correct.
  >>>If so you don't need a router, you can just a switch (or switches)  and  use two vlans with no L3 >>>interfaces.
  Unfortunately they are not giving me the choice of making my own net design. I need to setup this with all the devices mentioned (1 router, 2 switches, 4 pcs).
  >>>If so you don't need a router, you can just a switch (or switches)  and  use two vlans with no L3 >>>interfaces.
  As long as they communicate with the appropiate PC, it doesnt matter if they communicate to other devices or not.
  Thanks again!

• Yoga 13 - Wifi Issue with Verizon FIOS Advanced Router

  In an effort to boost the Internet Speed for my wireless devices in my house I upgraded my Verizon FIOS router to their Advanced Router. I had noticed that all of my Wireless Devices were unable to get any more speed than 25/25, when I get 75/35 to my home. I discovered that my router was the issue. So I upgraded and was instantly able to reconnect all of my wireless devices and laptops without any issue, except my Lenovo Yoga 13. It kept getting an error that it could not login to the SSID I would give it. It would see it, but when I put in the password it would fail to connect andd give me a message indicating the same. So I thought I may need to download a newer driver. The Yoga would still attach to my hotspot, so I downloaded the latest WLAN driver. It still would not work, but I notced that it did not dump the old driver, so I deleted it and then I could not attach at all to anything. So I used another unit downloaded all off the WIreless and Bluetooth drivers I could find on the Lenovo site for Windows 8.1 and loaded them back up. I am now able to login to my new router but I get worse speeds than I did before. Now I get 10/20. But I also saw that there are now a bunch of bluetooth and wireless drivers in loaded in control panel, so before I delete any, do I need them all? Are they stepping on each other? What ones are definitely needed? Has anyone gotten anymore than 25/25 out of the Lenovo drivers? And did they ever succeed in hooking it up to a Verizon FIOS Advanced Router?
  Let me know!
  Thanks!

  I went into the router and set a static IP address for the ipad (in the low 200's dont use the 100's its for your fios cable dvr's). You will first have to shutdown the ipad (not just sleep). Then delete the ipad from the connection list in the fios router. The instructions from the fios router pdf are below. I am on 24 hrs and even with wep and no fixed channel I have had no problems.
  To define a new connection with a fixed IP address:
  1. Click New Static Connection in the DHCP Connections screen. The “DHCP Connection Settings” screen appears.
  2. Enter a host name for this connection.
  3. Enter the fixed IP address to assign to the computer.
  4. Enter the MAC address of the computer’s network card.
  5. Click the OK to save changes.
  ☞ Note: A device’s fixed IP address is actually assigned to the specific
  network card’s MAC address installed on the network computer.
  If this network card is replaced, the device’s entry in the DHCP Connections list must be updated with the new network card’s MAC address.
  To remove a host from the table, click the appropriate “Delete” icon in the Action column.

• RA VPN into ASA5505 behind C871 Router with one public IP address

  Hello,
  I have a network like below for testing remote access VPN to ASA5505 behind C871 router with one public IP address.
  PC1 (with VPN client)----Internet-----Modem----C871------ASA5505------PC2
  The  public IP address is assigned to the outside interface of the C871. The  C871 forwards incoming traffic UDP 500, 4500, and esp to the outside  interface of the ASA that has a private IP address. The PC1 can  establish a secure tunnel to the ASA. However, it is not able to ping or  access PC2. PC2 is also not able to ping PC1. The PC1 encrypts packets  to PC2 but the ASA does not to PC1. Maybe a NAT problem? I understand  removing C871 and just use ASA makes VPN much simpler and easier, but I  like to understand why it is not working with the current setup and  learn how to troubleshoot and fix it. Here's the running config for the C871 and ASA. Thanks in advance for your help!C871:
  version 15.0
  no service pad
  service timestamps debug datetime msec localtime
  service timestamps log datetime msec localtime
  service password-encryption
  hostname router
  boot-start-marker
  boot-end-marker
  enable password 7 xxxx
  aaa new-model
  aaa session-id common
  clock timezone UTC -8
  clock summer-time PDT recurring
  dot11 syslog
  ip source-route
  ip dhcp excluded-address 192.168.2.1
  ip dhcp excluded-address 192.168.2.2
  ip dhcp pool dhcp-vlan2
     network 192.168.2.0 255.255.255.0
     default-router 192.168.2.1
  ip cef
  ip domain name xxxx.local
  no ipv6 cef
  multilink bundle-name authenticated
  password encryption aes
  username xxxx password 7 xxxx
  ip ssh version 2
  interface FastEthernet0
  switchport mode trunk
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description WAN Interface
  ip address 1.1.1.2 255.255.255.252
  ip access-group wna-in in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  no cdp enable
  interface Vlan1
  no ip address
  interface Vlan2
  description LAN-192.168.2
  ip address 192.168.2.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface Vlan10
  description router-asa
  ip address 10.10.10.1 255.255.255.252
  ip nat inside
  ip virtual-reassembly
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source list nat-pat interface FastEthernet4 overload
  ip nat inside source static 10.10.10.1 interface FastEthernet4
  ip nat inside source static udp 10.10.10.2 500 interface FastEthernet4 500
  ip nat inside source static udp 10.10.10.2 4500 interface FastEthernet4 4500
  ip nat inside source static esp 10.10.10.2 interface FastEthernet4
  ip route 0.0.0.0 0.0.0.0 1.1.1.1
  ip route 10.10.10.0 255.255.255.252 10.10.10.2
  ip route 192.168.2.0 255.255.255.0 10.10.10.2
  ip access-list standard ssh
  permit 0.0.0.0 255.255.255.0 log
  permit any log
  ip access-list extended nat-pat
  deny   ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
  permit ip 192.168.2.0 0.0.0.255 any
  ip access-list extended wan-in
  deny   ip 192.168.0.0 0.0.255.255 any
  deny   ip 172.16.0.0 0.15.255.255 any
  deny   ip 10.0.0.0 0.255.255.255 any
  deny   ip 127.0.0.0 0.255.255.255 any
  deny   ip 169.255.0.0 0.0.255.255 any
  deny   ip 255.0.0.0 0.255.255.255 any
  deny   ip 224.0.0.0 31.255.255.255 any
  deny   ip host 0.0.0.0 any
  deny   icmp any any fragments log
  permit tcp any any established
  permit icmp any any net-unreachable
  permit udp any any eq isakmp
  permit udp any any eq non500-isakmp
  permit esp any any
  permit icmp any any host-unreachable
  permit icmp any any port-unreachable
  permit icmp any any packet-too-big
  permit icmp any any administratively-prohibited
  permit icmp any any source-quench
  permit icmp any any ttl-exceeded
  permit icmp any any echo-reply
  deny   ip any any log
  control-plane
  line con 0
  exec-timeout 0 0
  logging synchronous
  no modem enable
  line aux 0
  line vty 0 4
  access-class ssh in
  exec-timeout 5 0
  logging synchronous
  transport input ssh
  scheduler max-task-time 5000
  end
  ASA:
  ASA Version 9.1(2)
  hostname asa
  domain-name xxxx.local
  enable password xxxx encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd xxxx encrypted
  names
  ip local pool vpn-pool 192.168.100.10-192.168.100.35 mask 255.255.255.0
  interface Ethernet0/0
  switchport trunk allowed vlan 2,10
  switchport mode trunk
  interface Ethernet0/1
  switchport access vlan 2
  interface Ethernet0/2
  shutdown
  interface Ethernet0/3
  shutdown
  interface Ethernet0/4
  shutdown
  interface Ethernet0/5
  shutdown
  interface Ethernet0/6
  shutdown
  interface Ethernet0/7
  shutdown
  interface Vlan1
  no nameif
  no security-level
  no ip address
  interface Vlan2
  nameif inside
  security-level 100
  ip address 192.168.2.2 255.255.255.0
  interface Vlan10
  nameif outside
  security-level 0
  ip address 10.10.10.2 255.255.255.252
  ftp mode passive
  clock timezone UTC -8
  clock summer-time PDT recurring
  dns server-group DefaultDNS
  domain-name xxxx.local
  object network vlan2-mapped
  subnet 192.168.2.0 255.255.255.0
  object network vlan2-real
  subnet 192.168.2.0 255.255.255.0
  object network vpn-192.168.100.0
  subnet 192.168.100.0 255.255.255.224
  object network lan-192.168.2.0
  subnet 192.168.2.0 255.255.255.0
  access-list no-nat-in extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
  access-list vpn-split extended permit ip 192.168.2.0 255.255.255.0 any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,outside) source static lan-192.168.2.0 lan-192.168.2.0 destination static vpn-192.168.100.0 vpn-192.168.100.0 no-proxy-arp route-lookup
  object network vlan2-real
  nat (inside,outside) static vlan2-mapped
  route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication http console LOCAL
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  http 10.10.10.1 255.255.255.255 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec security-association pmtu-aging infinite
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ca trustpool policy
  crypto ikev1 enable outside
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 192.168.2.0 255.255.255.0 inside
  ssh 10.10.10.1 255.255.255.255 outside
  ssh timeout 20
  ssh version 2
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  anyconnect-essentials
  group-policy vpn internal
  group-policy vpn attributes
  dns-server value 8.8.8.8 8.8.4.4
  vpn-tunnel-protocol ikev1
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value vpn-split
  default-domain value xxxx.local
  username xxxx password xxxx encrypted privilege 15
  tunnel-group vpn type remote-access
  tunnel-group vpn general-attributes
  address-pool vpn-pool
  default-group-policy vpn
  tunnel-group vpn ipsec-attributes
  ikev1 pre-shared-key xxxx
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:40c05c90210242a42b7dbfe9bda79ce2
  : end

  Hi,
  I think, that you want control all outbound traffic from the LAN to the outside by ASA.
  I suggest some modifications as shown below.
  C871:
  interface Vlan2
  description LAN-192.168.2
  ip address 192.168.2.2 255.255.255.0
  no ip nat inside
  no ip proxy-arp
  ip virtual-reassembly
  ip access-list extended nat-pat
  no deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
  no permit ip 192.168.2.0 0.0.0.255 any
  deny ip 192.168.2.0 0.0.0.255 any
  permit ip 10.10.10.0 0.0.0.255 any
  ASA 5505:
  interface Vlan2
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  Try them out and response.
  Best regards,
  MB

• Solution for loss of DHCP with Win7 Home Group issues with FIOS Router

  Apparently the FIOS Router (Westell 9100 in my case) doesn't like the IPv6 that Homegroup uses.  I lost DHCP service on all three computers that have Win7 installed.  I could manually set the IPv4 addresses in the Network Connector options on my computer and every thing worked fine. If I tried to use DHCP for IPv4 I wound up with a private network address (169.xxx.xxx.xxx).
  DHCP for IPv4 worked fine adfter I disable IPv6 and the associated topology services.  I also removed the HomeGroup option from our network setup.
  If you want to use home group be prepared to manually set the IPv4 addresses in your network devices.
  Good luck

  Interesting, thanks for posting.
  Are these Windows 7 PCs that you installed 7 onto yourself, or ones that came with it? I have an HP laptop that came with Windows 7 already installed, no issues at all about IPv6 that I know of. IPv6 is still activated, works just fine on my FiOS Actiontec router, but maybe the Westell is just enough different to be sensitive to that.
  Strange.
  Justin
  Verizon FiOS TV, Internet, and phone
  QIP6416-P1, IMG 1.7C, Build 09.83
  Keller, TX 76248