Cisco RV042G DMZ for WAN 2?

Similar Messages

• Port forwarding TSE for Cisco RV042G

  Hi,
  I just configured a Cisco RV042G small Business Routers on my network.
  My problem is that I would like to permit TSE through the WAN1 and I am not able to do it.
  I setup these informations from the menu :
  - Setup / Forwarding
  TSE[TCP/3389~3389]->192.168.1.15
  - Firewall / Access Rules :
  Allow TSE [3389] WAN1 192.168.1.15 ~ 192.168.1.11 192.168.1.15 ~ 192.168.1.15 Always
  How can I configure it please ?
  Thanks for you help.

  Hello,
  I'm sorry you are having issues with your device.
  According to your explanation, you are trying to forward port 3389, Remote desktop, to a single device on your network with IP address 192.168.1.15.
  If that is what you are trying to accomplish then:
  1- You can delete the access rule as it is not needed on this device.
  2- Make sure the rule that you created under Setup - Forwarding is enabled.
  3- Make sure the computer with IP address 192.168.1.15 is using the IP address of the RV042G as the Default Gateway.
  4- Go to your system summary page and check what the IP address of the WAN1 connection is, then, go to http://whatismyip.org and compare both addresses, if they are not the same then thats your problem. You will need to contact your ISP and ask them to put the modem on Bridge Mode so that all the traffic passes directly to the router.
  I hope this helps. Please let us know.

• Does the RV042 have IP Aliases for WAN interface?

  Hi All
  We have a Small Business RV042 router, and have many Internet servers in our Internal and DMZ networks behind the router.
  In our old GTA firewall, we were able to add IP aliases to our external (WAN) interface.   That is, our WAN interface can have many IP addresses besides the main IP address, e.g., 209.118.52.226, 209.118.52.227, 209.118.52.228, 209.118.52.229, etc. 
  209.118.52.226 is the main IP for the WAN interface.
  209.118.52.227 is for our web server 1, e.g., www.example.com
  209.118.52.228 is for our web server 2, e.g.  support.example.com
  209.118.52.229 is for our sftp server, e.g. sftp.example.com
  And then we create 'tunnels' to forward incoming traffic for 209.118.52.227 to our www.example.com residing in our DMZ or Internal network, etc.
  Now, is this possible with the RV042 router?    The only thing we found in RV042 is Forwarding (port range forward) but that does allow us to have IP aliases for the WAN interface.   It seems that we can only route service defined traffic or port defined traffic meant for only 1 WAN IP to our internal servers behind the router.
  Actually, we had bought the RVS4000 earlier and then upgraded to the RV042 hoping that it will have what we want.
  If the RV042 does not have IP alias for WAN interface, what is the lowest Cisco router model that has it?
  Thank you very much in anticipation.
  cmgui

  Thank you tekliu
  Yes, 1-to-NAT can do most of what we want.   But it is not able to direct only certain port traffic from the external WAN IP to the internal LAN IP?   
  For example, if we create a 1-to-1 NAT 192.168.41.50 =>
  209.118.52.227, it basically opens all the traffic allowed in the Firewall to go from
  209.118.52.227  to  192.168.168.41.50.  
  If we only want to allow say https, ie. tcp port 443, traffic to go from
  209.118.52.227  to  192.168.41.50, it is not possible.  Or is it? 

• Cuantos Clientes VPN soporta el cisco rv042g?

  Quisiera saber cuantos clientes VPN conectados simultáneamente soporta el cisco rv042g, ya que necesito conectar 10 clientes, pero al conectar 3 simultáneos se vuelve inestable la conexión y automáticamente desconecta a un cliente.

  Muy buenos dias, 
  Siento mucho que este tendiendo problemas con la conexión VPN en este router.
  La respuesta a su pregunta es la siguiente\
  VPN 
   QuickVPN 
   50 QuickVPN tunnels for remote client access 
   PPTP 
   5 PPTP tunnels for remote access
  De cualquier manera, no debería de tener problemas si solo esta usando 3.
  Diganos por favor que tipo de conexión VPN esta usando, cual es la velocidad de descarga y subida de su conexión de internet y si puede dar mas information acerca de su problema en especifico, eso nos puede ayudar a ver que opciones hay disponibles.

• Directory Caching issue with Cisco Jabber client for Windows

  Hi ,
  I am facing cache issue with Cisco Jabber client for Windows. If I do any change related to modification or deletion of contacts in Active Directory/ Callmanager, it does not reflect in the Jabber. Because jabber takes the contacts from the locally stored cache file in the Windows system.
  Every time I have to remove the cache file to overcome this issue, practically it's not possible to do the same with all the Widows users. As, if any employee leaves the company and still I can see his contact appears in the "Cisco Jabber client". I have not seen this issue with Android/Apple iOS.
  Is there any automated way to remove the cache file? 
  Here is the detail of CUCM,Presence and Jabber.
  CUCM version: 9.1.x
  Presence          : 9.1.X
  Jabber              : 10.5 and 10.6

  Hello
  On our environment we had to install a dedicated Microsoft Certificate Authority "just for Cisco Jabber usage" to house the
  Network Device Enrollment Service.
  Our certificate for the CUPS were generated on this Certification Authority too.
  I discussed this certificate matter with my colleagues this afternoon and nobody seems to remember how these certificates were deployed into the
  Enterprise Trust store for the users.
  But I think they asked all 400 users to accept the 3 certificates by answering "yes" to the popup instead of using a script deployed by GPO...
  I wish you success with that deployment and really hope you have a technical partner that *Knows* this subject.
  Our partner left us alone with that unfortunately.
  Florent
  EDIT: If the "Certutil script method" works, please let me know. This could be useful in our own deployment.

• Questions On New Domain in DMZ for IBCM

  We would like to create a new, untrusted AD domain in our DMZ for the purpose of IBCM and perhaps to also join workgroup-based servers that would be in the DMZ(for instance Lync Edge server and so on) so they can be more easily managed by using centralized
  group policies.  They will need to at least have managed Windows Updates and centrally managed A/V as well as ways to manage RDP access to them so they can be remotely managed without having to do one-off local configuration on each DMZ server.
  Can the DC required to create this DMZ domain also be the same machine used for the DP/MP/SUP?
  Can the DC and all the other servers located in the DMZ also be be managed via SCCM along with the IBCM clients?

  Can the DC required to create this DMZ domain also be the same machine used for the DP/MP/SUP?
  It *can* be, but it's not a good idea for it to be at all. Putting things on a DC always introduces idiosyncrasies with security and functionality in general. 
  Can the DC and all the other servers located in the DMZ also be be managed via SCCM along with the IBCM clients?
  Yes.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• What are the features supported in Cisco Prime Infrastructure for WLAN for autonomous AP's?

  What are the features supported in Cisco Prime Infrastructure for WLAN for autonomous AP’s?

  • PI provides visibility for autonomous  clients within the same list view as lightweight and wired clients (client list  page).
  • Rogue AP detection for autonomous AP's is not supported (it's  supported in CUWN). 
  • Alarms/events for client authentication issues (e.g.  authentication failure) are displayed in PI.
  • Config management for  autonomous AP's is via CLI template.  Config comparison and archiving  functionality in PI leverages these same features that were brought in from LMS,  so need to defer to others in terms of whether this is a cross-platform feature  in PI or is only supported on a subset of platforms.  Config comparison/archive  is supported in CUWN.PI supports both infrastructure (e.g. AP Tx Power and  Channel, busiest AP, AP utilization, etc.) and client (e.g. client count, client  sessions, etc.) reports, and there are extensive reports for CUWN

• Which is better for Branch Office Cisco ASA or Cisco 1900 router for Branch Office?

  Which is a better solution ?
  Using ASA55XX or 1900 series router for WAN and Internet access for 25 - 100 users?

  Without knowing more about the environment and what the real requirements are, it is difficult to give a really good answer. If your main concern is effective stateful inspection of traffic entering and leaving the site then the ASA is optimized for that. If you want redundancy (active/active or active/standby) then the ASA is better for this. There are other potential requirements which may make the router the better choice:
  - what is the connection to the Internet? If it is Ethernet then either ASA or router will do fine. But if it is something other than Ethernet then you may need the router.
  - is there a need for services such as Policy Based Routing? These are available on the router and not on the ASA.
  - is there a need for load balancing on outbound traffic? This is available on the router and not on the ASA.
  - will there be a need to do routing on the inside network? The range of available options is wider on the router than on the ASA.
  - is there a need to run a routing protocol with the Internet provider? The usual choice for this is BGP and that is available on router and not on ASA.
  So consider these criteria as you make your choice. Or provide more detail about your environment and what your real requirements are and we may be able to give better advice.
  HTH
  Rick

• Installing MP,DP and SUP in DMZ for IBCM

  Hi all,
  I would like start installing MP, DP and SUP role in my DMZ to support IBCM. My DMZ is in the same forest but in different and untrusted domain. The primary site and Enterprise Root Certificate (CA) are in the same domain (intranet). An admin account
  has been created in DMZ domain so the above roles can be installed from primary site server. I am still not too sure how I will install Cert that I created on root CA that is on intranet. Do I need to export it from Intranet and import back on the new site
  server in DMZ or use a different method?
  If the question is too confusing then please give your experience as how you have installed certificate on your site server (DMZ) for IBCM?
  Are you using primary server computer account for installing site roles in DMZ or a user account?
  Do I need to publish site information in DMZ domain as well?
  Thanks

  "My DMZ is in the same forest but in different and untrusted domain"
  This is not possible. By definition, all domains in a forest trust each other -- maybe not directly, but they do trust each other.
  Also, the new system in the DMZ will not be a "site server", it will be a site system (sometime called a site system server but not usually). This may seem like semantics, but its very important because "site server" means something very
  specific which the site system in the DMZ is not.
  Deploying certs in the DMZ can be done in one of many ways. You really should get a PKI smart person involved though because it's not ConfigMgr task. There are ways to deploy certs cross-domain and cross-forest using group policy auto-enrollment but these
  take setup and configuration on the PKI side. Alternatively you could use web enrollment on your CA is it is setup and has the proper templates available -- once again, that will take setup and configuration on your PKI. Finally, you could just use the command-line
  assuming the cert templates are accessible for the system in the other domain.
  For your scenario, you should be able to grant the site server's computer account local admin permissions on the DMZ site system. Don't forget about the FSP which can be very valuable for IBCM but will require and additional site system because it must be
  left to listen for HTTP traffic.
  Finally, publishing site information to the domain allows clients to locate the MP on the intranet however your clients won't be on the intranet to use location information, so that wouldn't help much. Additionally, clients use global catalog queries to
  perform their site location so within a forest, there is no need to publish the same informatin to mutliple domains (unless you have multiple sites which you do not).
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Software Cisco Network Assistant for Switch SMB?

  Is there any management software as the Cisco Network Assistant for smb switch as SLM224G or SRW224G4-K9-NA, or only works with models 2960 and higher?

  The SX300 series switch will work with CCA. But it does not work with CNA.
  -Tom
  Please rate helpful posts

• Cisco connect software for MAC OSX 10.8.2

  Cicso,
  Please hurry up with releasing Cisco Connest software for MAC OSX 10.8.2
  Mine doesn't work anymore with the wireless Linksys router E3000

  I think we just need to wait until they update the software that will be compatible with this router. Who knows Cisco will be able to read this thread.

• Must the client always be up before the master for WAN replication to work?

  From our testing, we have noticed that the client must always be up before the master in order for WAN replication to work. Is this the case? If so, is there some kind of flag in Tangosol to allow the master to reconnect to client?

  Try the following changes to the JS file
  Lines 103 and 104 change the values
  this.showDelay = 100; // was 250
  this.hideDelay = 200; // was 600
  Comment out line 286
  Spry.Widget.MenuBar.prototype.bubbledTextEvent = function()
  //    return Spry.is.safari && (event.target == event.relatedTarget.parentNode || (event.eventPhase == 3 && event.target.parentNode == event.relatedTarget));
  Comment out line 366 and add new lines 366 and 367
  var self = this;
  this.addEventListener(listitem, 'click', function(e){self.Click(listitem, e);}, false);
  this.addEventListener(listitem, 'click', function(e){self.mouseOver(listitem, e);}, false);
  //   this.addEventListener(listitem, 'mouseover', function(e){self.mouseOver(listitem, e);}, false);
  this.addEventListener(listitem, 'mouseout', function(e){if (self.enableKeyboardNavigation) self.clearSelection(); self.mouseOut(listitem, e);}, false);
  I have not tested the above changes ontouch screens; they do seem to work Ok on desktops.
  NOTE: Line numbers could be different because of the difference in our versions.

• Cisco ace mibs for concurrent connection on real and virtual servers

  i have loaded cisco provided mibs for cisco ace into nms but i am not able to fetch the details from ace appliance 4710.where can i find IODs for this.
  would really appreciate if anyone can help me regarding this

  Hi Manohar,
  you need two MIBs:
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Normale Tabelle";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SLB-MIB.my
  ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENHANCED-SLB-MIB.my
  The current connection you will find in the section:
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Normale Tabelle";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  slbVServerInfoTableEntry .1.3.6.1.4.1.9.9.161.1.4.2.1
  Example:
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Normale Tabelle";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  slbVServerNumberOfConnections  .1.3.6.1.4.1.9.9.161.1.4.2.1.6.1.44
  Use a MIB-Browser to find out the OID for each server.
  Best Regards,
  Achim

• EA6500 manually select speed and duplex for WAN port

  Is there any way (hidden settings?) to manually select speed or duplex for WAN port on EA6500? I'm using EA6500 with Genexis HRG1044 (FTTH) and the latter has known issues with upload speed when local device is connected on gigabit. It seems that both EA6500 and Genexis HRG1044 only support autonegotiation and that always results in gigabit which results in poor upload speeds over the internet. Placing 100 Mbps switch between EA6500 and Genexis HRG1044 does the trick but I was wondering if it can be done without it. BTW, my internet speed is only 100/100 Mbps anyways.
  Solved!
  Go to Solution.

  @discoHR If you don't mind me asking, for what purpose do you want to adjust the speed on the WAN port of the EA6500? Is it to increase the upload speed? I'm just spitballing, but I don't think there's any "hidden setting" to adjust it on the EA6500. 

• Study Material for Cisco Lifecycle Services for Advanced (#650-251)

  Does anyone know of a ciscopress or other text to study for Cisco Lifecycle Services for Advanced Unified Communications (#650-251)

  The 650-251 LCSAUC Cisco Lifecycle Services for Advanced Unified Communications exam is the exam associated with the Advanced Unified Communications Specialization. The Cisco Lifecycle Services for Advanced Unified Communications (LCSAUC) exam assesses the candidate's knowledge and skills needed to support implementing an advanced Unified Communications solution on a network throughout each phase of the lifecycle. The exam assesses Cisco's methodology to guide customers in performing all of the necessary steps to ensure a successful implementation of Unified Communications solutions.