CCM 4.1(3) multiply T1s, PRI, routing with CMM card
I have the following hooked up and working currently:
CCM 4.1(3)
(2) CMM blades in 6509
(4) PRIs (2 in each CMM blade)
(1) Tie line gateway for remote office connections
My client wants to add (2) T1 lines into the CMM and route only long distance calls on this for outbound. Other offices have the same provider at their end so it stays on the providers circuits and cheaper LD rates.
To force Site A with CCM and CMM to have all LD calls route outbound, do I need to setup a route pattern for LD and local?
Local would be 715 and 920, all others would be LD.
Local 91715xxxxxxx use the PRI
91920xxxxxxx use the PRI
LD 91??????????? use the dedicated circuit xyz
Do I need to list out all the patterns for this to seperate my route pattens for each gateway or is their an easier way?
Thanks much
what you should do is define a CSS and partitions for each site.
then you define routePatterns for each site, using the site specific partitions.
this way, you'll be able to direct siteA LD calls out a specific PRI while allowing other sites to use other gateways for their LD calls.
if you need an example, let me know and i'll type one up! :)
NOTE: with this type of heirarchy, you will have multiple routePatterns of the same digits.
ie:
91xxxxxxxxxx - PT_SiteA
91xxxxxxxxxx - PT_SiteB
Similar Messages
-
IBook cannot connect to woreless router with airport card
The Situation
my iBook G3 dual usb cannot connect to my wireless router. The router is using wpa and wpa2 encryption and broadcasting on 802.11b and g, on channel 12. The SSID is broadcast, but the iBook airport card cannot see it. The card CAN see other networks in my area. My iMac Mini (spec OS X 10.5.5, airport built in) is connecting to the same router and can see the SSID, so its not the aerial.
I select 'Other...' on the airport menu to connect, and type in my network name and the WPA2 Personal password. I then get the message: 'The Wireless Network <network> does not support the requested encryption method'
So what's the problem? And how can I fix it?I'm having the same problem, but having been through the threads I'm getting nowhere!
Running a 2001 dual USB G3 Ibook. Connects fine on home network via Airport Express, but will not connect to PC/Belkin wireless network at my Dad's place. Newer macs seem to connect fine - but not my old dear.
It detects the network OK and prompts for a WPA password, but it is not recognised.
The router is set up for WPA/WPA2-PSK (AES encryption)
Tried turning the security protocols off on the router - still can't connect.
Same circular "network settings have been changed by another application" if I try and use the IBook's network / airport wizards.
My software is fully up to date - the ethernet connection works fine with the router.
This is driving me insane! -
When setting up connections to my branches using my pri router do I need to make each remote routers pri interface part of the same subnet ?
Hi
AFAIK you better keep them on the same subnet for better control and manageability.
If this doesnt solve your purpose do revert back with more details..
regds -
I am trying to connect a Windows 7 / 64 bit to an Epson printer on my Mac. The printer is hooked into the Mac via USB; the Mac is networked to a Linksys wireless router with an ethernet cable, as is the Windows box. I installed the current Bonjour printer services software on the Windows machine, and separately installed the driver software for the Epson printer on the WIndows machine. Running the bonjour wizard, I get an alert saying 'I don't have sufficient access to my computer to connect to the selected printer'.
The printer has 'sharing' turned on from the Mac end; this works with a Powerbook via the wireless connection. Sharing is also turned on in the Windows printer control panel for this printer (under properties). The Mac is a G5 running 10.5.8. When I try to print a page from the Windows machine it gets hung in the print queue.
Any advice how to proceed would be appreciated!
thx,I am trying to connect a Windows 7 / 64 bit to an Epson printer on my Mac. The printer is hooked into the Mac via USB; the Mac is networked to a Linksys wireless router with an ethernet cable, as is the Windows box. I installed the current Bonjour printer services software on the Windows machine, and separately installed the driver software for the Epson printer on the WIndows machine. Running the bonjour wizard, I get an alert saying 'I don't have sufficient access to my computer to connect to the selected printer'.
The printer has 'sharing' turned on from the Mac end; this works with a Powerbook via the wireless connection. Sharing is also turned on in the Windows printer control panel for this printer (under properties). The Mac is a G5 running 10.5.8. When I try to print a page from the Windows machine it gets hung in the print queue.
Any advice how to proceed would be appreciated!
thx, -
My wife and i have an iPhone 5 6.1.2 firmware.. We both are having horrible wifi signals. We have done everything we can.. What update will fix this? I get full bars on my iPad 2 through my whole house.. Be standing right beside the router with iPhones and it cuts in and out.. Drops from 3 wifi bars to 1
I am having the same problem with brand new Ipad Mini at my house.
It connects to the WiFi fine - but will not pull an IP address in DHCP mode, or if I set all the IP info statically - it still will not get any network access.
This doesn't look like a WiFi issue, as it does connect and is seen by the WiFi Access Point. All the normal WiFi fix stuff doesn't help.
- Using a Dlink DAP-2553 which is less than 2 months old.
Other devices connect fine, including Ipad 2.
This same Mini worked fine at another house and also connected to a mobile hotspot fine....so seems to be some weird IP issue with maybe this Access Point or maybe the older Router that I have (older Netgear)?
I am actually a network engineer and still have not been able to find a solution. Both the Ipad Mini and the Dlink WAP have the latest firmware loaded.
Wondering if anyone has found a solution to this problem. -
Having trouble setting up a linksys WRT54GS router with v...
Having trouble setting up a linksys WRT54GS router with verizon DSL using a westell 6100F modem. the modem works fine by its self but the router will not connect to the internet when installed like the cd tells you to.
online help and phone help has been less than helpful, anyone have any Ideas?Ok I found " Installing the liksys wireless router with a westell 6100 modem" in the verizon troubleshooting guides. printed the instructions so I would'nt forget. step 1 open your web browser and enter http://192.168.1.1 in the address field. PROBLEM it comes up with a login screen that I don't know how to sign into. tried the obvious stuff. cannot get past the login screen. I knew this sounded to easy to be true. anyone have any ideas?
-
How to extend a wifi network of third party router with TC 4th generation?
After searching the communities for a while, I did not find a definitive answer on the following question:
- I recently bought a 4th generation Time Capsule 2TB (MD0322/A), that I also want to use as an extension for our existing wifi network.
- This wifi network is maintained by a Sitecom Wireless 300N XR Gigabit Router. Router is set to work over 2.4 GHz (B+G+N) because of several non-N-wifi devices in the network. The channel in use is currently 11.
- This router provides so called WDS functionality, i.e. the ability for other wifi access points to act as a seamless extension of the basic wifi network (using the same SSID).
- The security settings in the router are WPA2 Mixed, with a password in plain ASCII.
- There seems to be no way to set different security levels for WDS-connections versus normal AP (access point) connections. If WDS is enabled, the security settings of the AP-mode are extended to the WDS connection.
I have set the Sitecom router to enable WDS, and added the MAC-address of the TC in the configuration of this router.
When configuring the Time Capsule, with Airport Utility 5.5.3, I can select the option to use TC to extend an existing network, and I can select the network of choice using the WPA personal or WPA/WPA personal security. However, the TC does not succeed in extending the network, and reports this back. If I manually configure the TC and select the network of choice, Airport Utility reports back that the selected network cannot be extended.
I have read several times in other posts that Time Capsule can only connect to third party routers via WDS using WEP-authentication, but these posts were quite old. I was wondering if this is still the case, or that Apple has updated this functionality in newer versions of TC, and thus there could exist a trick to connect to a WDS using WPA.
I really would appreciate suggestions
Bram Bosgilles13 wrote:
I have a mac and pc (win7) both are connected thru a network with wifi and allready two access pt.
Airport can not be used to extend a WiFi created by a non-Apple box.
You need to turn off the radio in the router (shut down the existing WiFi). Purchase TWO Airport Express units. Connect one to the router with an Ethernet cable. Configure that one as your primary WiFi network and then use the second Express as the extender.
You need to locate the second Express where it receives a decent WiFi signal. Too far away and it has nothing to extend. Too close and it doesn't buy you anything. Before you plug in the second Express, check to see where the primary WiFi disappears completely. My personal WAG is that you want to locate the second Express 2/3 the distance to that point.
If you use Airport Utility to configure the units, it's a snap. In fact, if you configure the primary first and the extender second, AU will default to exactly the settings that you want.
By the way, I refereed to the Express because it's less expensive than the Extreme and you didn't indicate any need for the Extreme features. -
How can I set up a guest access point with a Time Capsule and an Airport Extreme? I am using a Telus router with the Time Capsule used as a wireless access point (bridge mode). I don't want the guest access point to have access to my network.
The Guest Network function of the Time Capsule and AirPort Extreme cannot be enabled when the device is in Bridge Mode. Unfortunately, with another router...the Telus...upstream on your network, Bridge Mode is indicated as the correct setting for all other routers on the network.
If you can replace the Telus gateway with a simple modem (that performs no routing functions), you should be able to configure either the Time Capsule or the AirPort Extreme....whichever is connected to the modem....to provide a Guest Network. -
I recently replaced my dead airport router with a Netgear91-5g router and synced it successfully to my Lexmark Pro 915 printer and my computer; yet when I try to print wirelessly I get the message: "printer not connected; printer offline". Lexmark support verified that my printer was connected to the new router and the problem was with the computer's printer configuration and they could reconfigure it online if I paid for their "Premium Support" services ($119 for one year, 3 fixes). I declined, feeling sure that this is something I could do if I knew how. Could it be an incompatability issue with OS 10.8.3?
You saved me $$$ that I can ill afford on my fixed income. I was very unhappy with the "support" from Lexmark... what a rip off! Thank you dwb!
-
Can you use an external antenna with the 4G LTE Router with Voice?
I live in a black hole of cell service - very rural, in a valley surrounded by trees, no DSL, no cable, no other options except satellite internet which I did for 15 years and will never do again. My current data setup is a Pantech UML290 USB modem connected to a Cellphone-Mate full band outdoor Omni 3G/4G antenna on the roof. I just ordered an amplifier to boost the 4G LTE connection. The modem is plugged into a Cradlepoint MBR900 router, which then provides my home internet (way more than 10 devices, and mostly wired).
Is there a way to add the antenna and amplifier setup to the broadband router with voice so I can be assured of the signal? If so, could I then use this router to feed the Cradlepoint and continue using multiple wired devices?
I was set to order this router last night, but the CSR through chat told me that you cannot attach antenna to the router with voice - only to the one with data. This really doesn't make any sense to me, but she was firm about it. If I can attach, can I use the cables I have or will I need a different adapter?
There is so little information about this particular router. My current setup is doing fairly well, but I would love the option to drop my landline and increase signal strength for both voice and data. With no antenna, the modem gets around -125 db, and can't connect at all. With the antenna mounted on the roof, and routed through the Cradlepoint, I consistently get -85 db. 4G LTE speeds are around 15-19 Mb/s down and very inconsistent 2.5-4.0 Mb/s up. However, the 4G drops and resets multiple times a day, so I usually sacrifice the speed to get a more stable 4.5-5 Mb/s down and 0.5 Mb/s up through forced 3G.
Voice calls are spotty if received at all, and frequently drop immediately if there is any connection. And of course, the data limit has been a nightmare. I could potentially save some money by porting my landline to Verizon, but not if there is no way to boost the signals. The Omni antenna will boost all, but not sure if there's any way to route the existing antenna setup to feed both the voice and data sides, or if it would be enough to allow me to do this. This router also says it's 4G LTE only, but the specs on the antenna they sell say it boosts 3G for failover, so not sure if it will grab anything else. Any help or advice GREATLY appreciated! Thanks for reading through the whole thing.No, not directly. You would need to transfer your data from your iPad to your Mac and then back it up to an external drive.
Pete -
I have a RevI Actiontec router with dual antennas(not sure of firmware as I am not at home). My wife can be on her laptop all day, then when I come home with my IPad, it make her lose connection to the router. The router still connects to my iPhone 4 and iPad (both with iOS 6.0.1), but she is unable to connect to router at all. Everything continues to function normally on my Apple devices, so we are still connected to the internet. I have a laptop as well, and when this is happening, both of the laptops stop connecting, but the apple devices and our Toshiba TV and BluRay players continue to function normally. As a temp fix, I disconnect internet from my iPad and restart the router. It works until we try to run both at the same time.
I am mildly computer literate, though I know little about network setups beyond security, MAC filtering, and other slightly advanced setup stuff.
This is really frustrating and seems to be getting worse. We used it like this in our new house for several months before this started happening.Also check to make sure neither of the devices are set to use a static IP address.
If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
"All knowledge is worth having." -
ITunes Library set up on NetGear R6100 router with ReadyShare from USB port?
Can the iTunes Library be set up on a NetGear R6100 router with it's NetGear ReadyShare feature. from a USB thumb drive or USB hard drive attached to the one available R6100 router's USB 2.0 port?
I have read the Apple forum post about a similar question for the more advanced NetGear R7000 router, which says it can work there. Unlike some of the other sibling Netgear routers that do not have ReadyShare, my R6100 does, which leads me to believe that it should work, since its the same technology (they both have a router USB port with ReadyShare). It just appears that the documentation is very limited. The other post said to format the USB drive to the Apple format (HFS+), rather than Fat32, get the Mac or Apple to see the iTunes directory located on the router's USB port.
I'd like to know if anyone has had any luck using the ReadyShare.feature on their R6100 for sharing their iTunes library to the same iTunes account on different devices (laptop, PC, AppleTV, iPod, etc). My Apple TV has recently acquired a problem of not being able to detect the iTunes library on my PC, aftert a recent iTunes update, but that's another problem that the forums show a lot of people having. So I figured that since my R6100 router has the ability to share media over the network, I would try to move my iTunes library there, hopefully to make it easier to access by my Apple TV, and make it unnecessary to have my PC running when I watch my purchased iTunes movies, that are stored in that library. Interestingly, my movie and TV show files are stored in my iTunes Music folder under the "Movies" and "TV Shows" subdirectories (folders). The way it is set up now, if I'm watching a HD movie purchased from iTunes with my Apple TV, the movie stops playing as soon as my PC is shut down, which confirms to me that the large movie files are being pulled from there to my Apple TV.Oh groan, not another conspiracy theory. No, it's a lot more likely Apple and Netgear and the dozens of other manufacturers haven't gotten together with the thousands users who have come up with hundreds of thousands of ways of rigging things up and tested each and every one of them. I am confident if Apple were out to mess things up for you they could have come up with something a lot more devious.
Did you do a web search for this? With a Google search specifying Netgear with this error I found:
ReadySHARE USB Hard drive access issue from a Mac Computer (Time Machine or iTunes not working properly)
- Able to see USB hard drive content but unable to write to USB hard drive connected to router's Readyshare port from Mac computer.
- Error that says "The iTunes application could not be opened. Unknown error 13008"
http://kb.netgear.com/app/answers/detail/a_id/22763/~/readyshare-usb-hard-drive- access-issue-from-a-mac-computer-%28time-machine-or
In fact it is almost certain that it is an issue of that particular model router and the drive formats it can use. -
Wireless Router with USB + External Hard Drive = Time Capsule?
So I bought a TP-Link WR710N wireless router http://www.tp-link.com/en/products/details/?model=TL-WR710N which seems to support external storage in its USB port. I tried with various storage media and it kinda works. The bad thing is that it only sees NTFS drives. I tried an external hard drive formated for Windows and a USB stick, also formated for Windows and it discovered them. But when I tried my external hard drive which is formatted as Mac OS Extended (Journaled), which I was using for Time Machine, it couldn't see it. Neither the TP-Link software, nor the Time Machine software.
Is there any way I could use this router with this hard drive for wireless backing up with Time Machine NOT buying extra equipment (NAS, AirPort Extreme or Time Capsule) ?
Thanks.m3adi3c wrote:
Is there any way I could use this router with this hard drive for wireless backing up with Time Machine NOT buying extra equipment (NAS, AirPort Extreme or Time Capsule) ?
Thanks.
No
Take it back and get a Time Capsule or keep it and buy a regular external drive and connect it to the Mac directly. -
How To Use Your Own Router with Out Loosing Verizon's FIOS Services
How to use your own router with Verizon’s FIOS Service
First, you need a basic understanding of how FIOS works but unfortunately there are two types of FIOS systems out there. All of the systems utilize a fiber optic cable to bring TV, phone and internet to your location over one optic cable. In addition these systems provide interactivity including widgets, remote DVR, movies on demand and so forth via an IP (Internet Protocol) signal. Your STB (Set Tip Box) requires both a video and IP signal. The IP signal is necessary for all of the aforementioned interactivity. The fiber cable terminates at the Optical Network Terminal or ONT for short. The ONT converts the optics into a digital signal that can be utilized by ones equipment. From the ONT your video, phone and internet are provided to the location. This is where things can differ as the internet signal can be provided via a coaxial (MoCA or Multimedia over Coax Alliance) or RJ45 Cat5 (Ethernet) cable. It is important to identify and understand the differences of these two setups. In my case I have my internet entering via Ethernet cable, which in my humble opinion makes things a heck of a lot easier.
How does one tell the difference? In most cases it’s rather simple; just look at the Verizon’s router WAN (Wide Area Network) Port. Does it have a RJ45 (Ethernet) or Coax (TV cable Cord) going to it? If the router’s WAN port doesn’t have a coaxial connector then one will need to convert the MoCA signal into a usable Ethernet signal that routers understand. The easiest way is to use Verizon’s router as a bridge. In this method the Verizon’s router simply converts the signal and passes it along to your own router. The challenge is to try to maintain the interactivity that FIOS TV provides. Because of this one needs to supply the IP routed signal back to the FIOS router. There are multiple methods for doing this and I would recommend investigates which one make the most sense.
In my particular case the IP signal was provided by Ethernet. Again there are various ways of installing one’s own router. The hardest is to utilize Verizon’s router as a bridge. This setup requires configuring Verizon’s router as a bridge and also creating a VLAN (Virtual Local Area Networks). In addition one needs to set up their own router so it will work with the various routing tables and networks. For me this is too complex for the average person and it can be difficult to trouble shoot if something goes wrong. Please consider that Verizon will not support utilizing third party routers.
The easier method is to request an Ethernet signal (if you don’t already have one) from their ONT. I would highly recommend getting your hands on a NIM or Network Interface Module. This device is used to convert Ethernet to Coaxial so it can be fed back to your STBs. These can be purchased online and Verizon technicians can be a valuable resource with these sorts of acquisition. At the very least they can point you to the right direction. Once you have a NIM the rest is rather simple.
Log into the current Verizon Router.
Located the router’s MAC address and copy it down.
Go to the port forwarding section and copy down the Applied Rules.
Example:
Network Computer/Device: 192.168.1.100:63145
Application & Ports Forward: Application UDP Any -> 6347
Note: There may be up to three entries for each one of your Set Top Boxes.
Look at your current device list, typically found on the home screen. Copy down your STB MAC and IP address.
Example:
IP-STB1
Connection Type: Ethernet
* IP Address: 192.168.1.100
IP Address Allocation: DHCP
*MAC Address: 07:73:fFe:ad:8b:3f
* Things you will need to write down
Go to the network section and look for the main Ethernet connection. Select this and then select more setting, typically found at the bottom. Release the current lease.
Remove the Verizon router
Install your router
Connect the NIM by plugging in an Ethernet from one of the routers LAN (Local Area Network) ports to your NIM. Then connect the coax cable, the same cable that was used by Verizon router.
Set you DHCP routing IP pool to accommodate Verizon’s STB IP’s (note their IP’s start at 192.168.1.100)
Go to DHCP section and reserve the STB IP’s by inserting the IP’s and MAC addresses. This shall ensure that nothing else utilizes the same IPs as the STBs thereby preventing IP address conflict.
Add the port forwards from Step 5 above.
Clone Verizon’s Mac Address utilizing the info from step 2
Finish setting up the router in typical fashion.
Unplug and re-plugin your STB’s and test functionality. It’s best to try using a widget or Movie on demand function.
Note: if the new router can net get an internet signal contact Verizon’s support and have them release the IP and reset the ONT.
EVERYTHING should be working at this point.3 Go to the port forwarding section and copy down the Applied Rules.
Example:
Network Computer/Device: 192.168.1.100:63145
Application & Ports Forward: Application UDP Any -> 6347
Note: There may be up to three entries for each one of your Set Top Boxes.G
Your display obviously is not like mine as mine does not dosplay the port associated with the ip address
whatever, the STB's start at 192.168.1.100 and icement by 1 for each
the port addr's will be 63145 alo incrementing by 1
there is 1 entry for each in my pf list
however each ip addr also has a port entry starting at 35000 also incrementing by 1 for each ip addr
For some unknow reason these are duplicated e.g I appear to have 11 entries exaactly the same for each stb and as the fios services rules have no action switc there is nowhere to delete the extraneous garbage.
Why do you clone the mac addr?? -
RA VPN into ASA5505 behind C871 Router with one public IP address
Hello,
I have a network like below for testing remote access VPN to ASA5505 behind C871 router with one public IP address.
PC1 (with VPN client)----Internet-----Modem----C871------ASA5505------PC2
The public IP address is assigned to the outside interface of the C871. The C871 forwards incoming traffic UDP 500, 4500, and esp to the outside interface of the ASA that has a private IP address. The PC1 can establish a secure tunnel to the ASA. However, it is not able to ping or access PC2. PC2 is also not able to ping PC1. The PC1 encrypts packets to PC2 but the ASA does not to PC1. Maybe a NAT problem? I understand removing C871 and just use ASA makes VPN much simpler and easier, but I like to understand why it is not working with the current setup and learn how to troubleshoot and fix it. Here's the running config for the C871 and ASA. Thanks in advance for your help!C871:
version 15.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname router
boot-start-marker
boot-end-marker
enable password 7 xxxx
aaa new-model
aaa session-id common
clock timezone UTC -8
clock summer-time PDT recurring
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.2
ip dhcp pool dhcp-vlan2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
ip cef
ip domain name xxxx.local
no ipv6 cef
multilink bundle-name authenticated
password encryption aes
username xxxx password 7 xxxx
ip ssh version 2
interface FastEthernet0
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN Interface
ip address 1.1.1.2 255.255.255.252
ip access-group wna-in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
interface Vlan1
no ip address
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan10
description router-asa
ip address 10.10.10.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list nat-pat interface FastEthernet4 overload
ip nat inside source static 10.10.10.1 interface FastEthernet4
ip nat inside source static udp 10.10.10.2 500 interface FastEthernet4 500
ip nat inside source static udp 10.10.10.2 4500 interface FastEthernet4 4500
ip nat inside source static esp 10.10.10.2 interface FastEthernet4
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 10.10.10.0 255.255.255.252 10.10.10.2
ip route 192.168.2.0 255.255.255.0 10.10.10.2
ip access-list standard ssh
permit 0.0.0.0 255.255.255.0 log
permit any log
ip access-list extended nat-pat
deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
ip access-list extended wan-in
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.255.0.0 0.0.255.255 any
deny ip 255.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip host 0.0.0.0 any
deny icmp any any fragments log
permit tcp any any established
permit icmp any any net-unreachable
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit esp any any
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any administratively-prohibited
permit icmp any any source-quench
permit icmp any any ttl-exceeded
permit icmp any any echo-reply
deny ip any any log
control-plane
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class ssh in
exec-timeout 5 0
logging synchronous
transport input ssh
scheduler max-task-time 5000
end
ASA:
ASA Version 9.1(2)
hostname asa
domain-name xxxx.local
enable password xxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd xxxx encrypted
names
ip local pool vpn-pool 192.168.100.10-192.168.100.35 mask 255.255.255.0
interface Ethernet0/0
switchport trunk allowed vlan 2,10
switchport mode trunk
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Vlan10
nameif outside
security-level 0
ip address 10.10.10.2 255.255.255.252
ftp mode passive
clock timezone UTC -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name xxxx.local
object network vlan2-mapped
subnet 192.168.2.0 255.255.255.0
object network vlan2-real
subnet 192.168.2.0 255.255.255.0
object network vpn-192.168.100.0
subnet 192.168.100.0 255.255.255.224
object network lan-192.168.2.0
subnet 192.168.2.0 255.255.255.0
access-list no-nat-in extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list vpn-split extended permit ip 192.168.2.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static lan-192.168.2.0 lan-192.168.2.0 destination static vpn-192.168.100.0 vpn-192.168.100.0 no-proxy-arp route-lookup
object network vlan2-real
nat (inside,outside) static vlan2-mapped
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 10.10.10.1 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.2.0 255.255.255.0 inside
ssh 10.10.10.1 255.255.255.255 outside
ssh timeout 20
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
group-policy vpn internal
group-policy vpn attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split
default-domain value xxxx.local
username xxxx password xxxx encrypted privilege 15
tunnel-group vpn type remote-access
tunnel-group vpn general-attributes
address-pool vpn-pool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
ikev1 pre-shared-key xxxx
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:40c05c90210242a42b7dbfe9bda79ce2
: endHi,
I think, that you want control all outbound traffic from the LAN to the outside by ASA.
I suggest some modifications as shown below.
C871:
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.2 255.255.255.0
no ip nat inside
no ip proxy-arp
ip virtual-reassembly
ip access-list extended nat-pat
no deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
no permit ip 192.168.2.0 0.0.0.255 any
deny ip 192.168.2.0 0.0.0.255 any
permit ip 10.10.10.0 0.0.0.255 any
ASA 5505:
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
Try them out and response.
Best regards,
MB
Maybe you are looking for
-
After I login, it takes me back to login screen
I can login to my account. It will start to show desktop items and then immediately goes back to the account login page. I am able to choose another account and login fine. But, I need to be able to login to the main account (which is the one it won'
-
CNTL_ERROR when calling a SAP function
Hi, I've been using for some time .NET SAP Connector to create client and server proxies. A collegue of mine has created an RFC that is called Z_YODA_CREATE_PM_NOTIFICATION. After using the wizard to create the C# proxy I call the function and
-
hi, oracle forms provides signed jar-files (frmall.jar, jacob.jar,...). is there a way to determine the certificate with which the particular jar-file was signed? regards, matthias
-
TS4083 I delete a message on my mac book, but it doesn't delete on my iPad
I delete a message on my mac book, but it doesn't delete on my iPad
-
Hello, I purchased Adobe CS6 Design & Web Premium but am unable to install from the discs (no disc drive), Can I simply downlad the files from Adobe and use the serial number that came with the discs?