Cisco SPA509G to Cisco SPA509G

Is there a way to configure the phones (Cisco SPA509G) so that they talk to each other, like an intercom system?
Or configure them to talk to each other, IP to IP?
Basically internally we would have 16 Cisco phones, they would connect to a Cisco switch, a Linksys Router (WRT-54GL with DD-WRT) and then to a Satellite Modem.
This would be in Alaska, so the four to five second delay when it has to make the strip to the VoIP server back east can't really be done.
Would we need to have a Gateway device, like an Session Border Controller in play?
Thank you in advance.
John.

John,
You are looking for IP to IP dialing between phones.
Have a look here: 
http://www.cisco.com/en/US/products/ps10024/products_qanda_item09186a0080a35a2c.shtml
It's a little dated but the concepts and steps are the same (the screen displays are updated on SPA50X phones).
The example is a Linksys PAP2
Randy

Similar Messages

  • Communication problem between Cisco 3560 and Cisco SG300.

    Dear Support,
    I have a Cisco SG300 and Cisco 3560 switches.
    3560 is my Core Switch and SG300 is access switch.
    From 3560 VLAN information is not passed to SG300.
    3560 Configuration:
    interface GigabitEthernet0/23
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2,10,11
    switchport mode trunk
    SG300 Configuration:
    interface gigabitethernet49
    spanning-tree link-type point-to-point
    switchport mode general
    switchport general allowed vlan add 2,10-11 tagged
    macro description switch
    Please suggest how this issue is resolve.
    Regards,
    JItesh Mahajan.

    Dear Aleksandra,
    Below Configuration is right or wrong for 3560 and SG300.
    3560 Configuration:
    interface GigabitEthernet0/23
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan remove VLAN 1
    switchport native vlan 1
    switchport trunk allowed vlan 1,2,10,11
    switchport mode trunk
    SG300 Configuration:
    interface gigabitethernet49
    spanning-tree link-type point-to-point
    switchport mode general
    switchport general allowed vlan add 2,10-11 tagged
    macro description switch
    Regards,
    JItesh Mahajan.

  • Connection of LC/APC fiber patch cords to Cisco Catalyst 6500 $ Cisco Access 3750 Switches

    I have an LC/APC fiber patch cord infrastructure and I want to connect it to Cisco Catalyst 6500 & Cisco Access 3750 Switches. what type of transceiver should be used?
    I read a note on Cisco website stating the following for Cisco SFP+ transceivers:
    Note: "Only connections with patch cords with PC or UPC connectors are supported. Patch cords with APC connectors are not supported. All cables and cable assemblies used must be compliant with the standards specified in the standards section"

    Thank you,  but my question is that I have a single mode fiber patch cord with LC/APC connector while cisco stating a note that only use LC/PC or LC/UPC type of connectors with SFP+ transceiver.  
    So what type of transceiver should I use to connect LC/APC patch cord to cisco switches?  Is there another type or SFP+ still can be used? 

  • Is there a Cisco AireOS to Cisco IOS XE conversion tool?

    Hi,
    We're currently migrating some AireOS WLCs networks into 5760 IOS XE.
    Is there a tool or procedure available to converte an Cisco AireOS configuration into Cisco IOS XE?
    I'm currently looking into the the "Cisco AireOS to Cisco IOS XE Command Mapping Reference, Cisco IOS XE Release 3SE" document and I was wondering is there is an easy way to do this
    Kind regards,
    Vasco

    There is not real tool that does this conversion.  It's best to treat this as a Greenfield implementation.
    Thanks,
    Scott
    *****Help out other by using the rating system and marking answered questions as "Answered"*****

  • Re-Paired Cisco DMM and Cisco Show & Share

    Hi ...
    guys ... do anyone have experience to re-paired Cisco DMM and Cisco Show & Share ? I do re-paired it, but it doesn't success. First i pair Cisco Show and Share with Cisco DMS it success, but when i pair Cisco DMM with Cisco Show and Share it doesn't success (the proccess took so long about 30 minute i do ctrl C and it says failed to install certificate from Cisco Show and Share).
    Anyone have idea ?
    BR

    Avoid Pairing Failures
    •Pairing fails when you complete these steps in the wrong order. You must use AAI on your Cisco Cisco Show and Share appliance before you use AAI on your Cisco DMM appliance. Do not reverse this order or try to use AAI simultaneously on both appliances.
    •Do not use the POP option on the pairing menu. Doing so may cause Cisco Show and Share to  fail. If you accidently choose the POP option, you will need to re-pair  the Cisco Show and Share and DMM appliances.
    Pair Your Appliances
    Procedure
    Step 1 From the appliance that runs Cisco Show and Share 5.2:
    a. Log in as admin to the Appliance Administration Interface (AAI).
    b. Choose APPLIANCE_CONTROL > PAIR APPLIANCE.
    c. Choose DMM.
    Warning Do not choose any other option than DMM. 
    d. Enter the fully-qualified domain name (FQDN) for your Cisco DMM appliance.
    This is the DNS name. Do not enter an IP address.
    e. Press Enter.
    Your Cisco Show and Share appliance receives and successfully imports a digital certificate from your Cisco DMM appliance.
    Step 2 From the appliance that runs Cisco Digital Media Manager 5.2:
    a. Log in as admin to the Appliance Administration Interface (AAI).
    b. Choose APPLIANCE_CONTROL > PAIR APPLIANCE.
    c. Choose SHOW_AND_SHARE.
    Warning Do not choose any other option than SHOW_AND_SHARE. 
    d. Enter the fully-qualified domain name (FQDN) for your Cisco Show and Share appliance.
    This is the DNS name. Do not enter an IP address.
    e. Press Enter.
    Your Cisco DMM appliance receives and successfully imports a digital certificate from your Cisco Show and Share appliance.
    See Cisco Link :
    http://www.cisco.com/en/US/docs/video/digital_media_systems/5_x/5_2/dms/aai/administration/guide/pair.html

  • CISCO SPA-504G & CISCO SPA-525G plug nad play???

    Hi,
    we have CCM 7.1.5 and I need to add about 100 new phone/users. we received good price for this two phones CISCO SPA-504G & CISCO SPA-525G.
    This one look and I think is the same linksys spa 942 phone, and for that one I need to do provisioning to get them to work.
    Are this two phones CISCO SPA-504G & CISCO SPA-525G, "plug and play" does CCM recognized them like other Cisco phones (like 7941....)
    THX,
    IVan

    Sounds like you need to adjust the dial plan string under the relevant Ext tab on the admin web interface of the phone. 

  • Cisco view for Cisco 7201 router

    Hi ,
    We have LMS 3.0.1 and we are not able to get cisco view for Cisco 7201 router.
    Any help would be appricated.
    thanks,
    Samir

    Make sure you have version 22.0 of the Rtr7000 CiscoView package loaded.  You can update your CiscoView packages under Common Services > Software Center > Device Update.

  • Difference between Cisco DCNM and CISCO Fabric Manager

    Hello Everyone,
    I am new to Cisco SAN and just would like to know the differences between cisco DCNM and Cisco Fabric manager and which one is latest as of now.
    regards
    VINAY

    Hi Viany,
    Fabric Manager was renamed DCNM starting at 5.2.
    Fabric Manager only monitors SAN Fabrics, while DCNM 5.2 and above can monitor both SAN Fabrics and Ethernet LANs.
    Regards,
    David

  • 2 Cisco Iron Port (Cisco C370) Email appliances Solution Required

    Hi All,
    I NEED THE
    technical proposal based on below requirements:
    2 Cisco Iron Port (Cisco C370) Email appliances with below options for 3000 users licenses:
    1) Anti-spam
    2) Anti-virus
    3) Content Filtering
    4) DLP
    5) Encryption (Optional)

    Any technical proposals will need to be provided from your Sales Ops/Account team - or reseller.  I would suggest opening a dialouge with them, in order to get the answer you are looking for.  It will not come from the support forums.
    http://www.cisco.com/web/services/order-services/index.html
    https://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=4161&KeyCode=195185_1
    http://www.cisco.com/en/US/products/ps10154/index.html
    Hope this helps!
    -Robert
    (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

  • 2 Cisco Iron Port (Cisco C370) Email appliances solution

    i need
    technical proposal based on below requirements:
    2 Cisco Iron Port (Cisco C370) Email appliances with below options for 3000 users licenses:
    1) Anti-spam
    2) Anti-virus
    3) Content Filtering
    4) DLP
    5) Encryption (Optional)

    Any technical proposals will need to be provided from your Sales Ops/Account team - or reseller.  I would suggest opening a dialouge with them, in order to get the answer you are looking for.  It will not come from the support forums.
    http://www.cisco.com/web/services/order-services/index.html
    https://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=4161&KeyCode=195185_1
    http://www.cisco.com/en/US/products/ps10154/index.html
    Hope this helps!
    -Robert
    (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

  • Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis

    We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
    We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.

    Hi,
    So you have N7k acting as L3 with servers connected to 4510?.
    Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
    This will help narrow down if issue is between server to 4510 or 4510 to N7k.
    Thanks,
    Nagendra

  • Cisco ASA 5510 - Cisco Client Can Connect To VPN But Can't Ping!

    Hi,
    I have an ASA 5510 with the configuration below. I have configure the ASA as remote access vpn server with cisco vpn client, my problem now is I can connect but I can't ping.
    Config
    ciscoasa# sh run
    : Saved
    ASA Version 8.0(3)
    hostname ciscoasa
    enable password 5QB4svsHoIHxXpF/ encrypted
    names
    name xxx.xxx.xxx.xxx SAP_router_IP_on_SAP
    name xxx.xxx.xxx.xxx ISA_Server_second_external_IP
    name xxx.xxx.xxx.xxx Mail_Server
    name xxx.xxx.xxx.xxx IncomingIP
    name xxx.xxx.xxx.xxx SAP
    name xxx.xxx.xxx.xxx WebServer
    name xxx.xxx.xxx.xxx cms_eservices_projects_sharepointold
    name 192.168.2.2 isa_server_outside
    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address IncomingIP 255.255.255.248
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 192.168.2.1 255.255.255.0
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    interface Ethernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.1.253 255.255.255.0
    management-only
    passwd 123
    ftp mode passive
    clock timezone EEST 2
    clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    object-group service TCP_8081 tcp
    port-object eq 8081
    object-group service DM_INLINE_TCP_1 tcp
    port-object eq 3389
    port-object eq ftp
    port-object eq www
    port-object eq https
    port-object eq smtp
    port-object eq pop3
    port-object eq 3200
    port-object eq 3300
    port-object eq 3600
    port-object eq 3299
    port-object eq 3390
    port-object eq 50000
    port-object eq 3396
    port-object eq 3397
    port-object eq 3398
    port-object eq imap4
    port-object eq 587
    port-object eq 993
    port-object eq 8000
    port-object eq 8443
    port-object eq telnet
    port-object eq 3901
    group-object TCP_8081
    port-object eq 1433
    port-object eq 3391
    port-object eq 3399
    port-object eq 8080
    port-object eq 3128
    port-object eq 3900
    port-object eq 3902
    port-object eq 7777
    port-object eq 3392
    port-object eq 3393
    port-object eq 3394
    port-object eq 3395
    port-object eq 92
    port-object eq 91
    port-object eq 3206
    port-object eq 8001
    port-object eq 8181
    port-object eq 7778
    port-object eq 8180
    port-object eq 22222
    port-object eq 11001
    port-object eq 11002
    port-object eq 1555
    port-object eq 2223
    port-object eq 2224
    object-group service RDP tcp
    port-object eq 3389
    object-group service 3901 tcp
    description 3901
    port-object eq 3901
    object-group service 50000 tcp
    description 50000
    port-object eq 50000
    object-group service Enable_Transparent_Tunneling_UDP udp
    port-object eq 4500
    access-list inside_access_in remark connection to SAP
    access-list inside_access_in extended permit ip 192.168.2.0 255.255.255.0 host SAP_router_IP_on_SAP
    access-list inside_access_in remark VPN Outgoing - PPTP
    access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any eq pptp
    access-list inside_access_in remark VPN Outgoing - GRE
    access-list inside_access_in extended permit gre 192.168.2.0 255.255.255.0 any
    access-list inside_access_in remark VPN - GRE
    access-list inside_access_in extended permit gre any any
    access-list inside_access_in remark VPN Outgoing - IKE Client
    access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq isakmp
    access-list inside_access_in remark VPN Outgoing - IPSecNAT - T
    access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq 4500
    access-list inside_access_in remark DNS Outgoing
    access-list inside_access_in extended permit udp any any eq domain
    access-list inside_access_in remark DNS Outgoing
    access-list inside_access_in extended permit tcp any any eq domain
    access-list inside_access_in remark Outoing Ports
    access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any object-group DM_INLINE_TCP_1
    access-list inside_access_in extended permit ip 172.16.1.0 255.255.255.0 any
    access-list outside_access_in extended permit ip any any
    access-list outside_access_in extended permit tcp any any eq pptp
    access-list outside_access_in extended permit gre any any
    access-list outside_access_in extended permit gre any host Mail_Server
    access-list outside_access_in extended permit tcp any host Mail_Server eq pptp
    access-list outside_access_in extended permit esp any any
    access-list outside_access_in extended permit ah any any
    access-list outside_access_in extended permit udp any any eq isakmp
    access-list outside_access_in extended permit udp any any object-group Enable_Transparent_Tunneling_UDP
    access-list VPN standard permit 192.168.2.0 255.255.255.0
    access-list corp_vpn extended permit ip 192.168.2.0 255.255.255.0 172.16.1.0 255.255.255.0
    pager lines 24
    logging enable
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu management 1500
    ip local pool POOL 172.16.1.10-172.16.1.20 mask 255.255.255.0
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-603.bin
    no asdm history enable
    arp timeout 14400
    nat-control
    global (outside) 2 Mail_Server netmask 255.0.0.0
    global (outside) 1 interface
    global (inside) 2 interface
    nat (inside) 0 access-list corp_vpn
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp Mail_Server 8001 ISA_Server_second_external_IP 8001 netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server 8000 ISA_Server_second_external_IP 8000 netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server pptp isa_server_outside pptp netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server smtp isa_server_outside smtp netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server 587 isa_server_outside 587 netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server 9444 isa_server_outside 9444 netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server 9443 isa_server_outside 9443 netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server 3389 isa_server_outside 3389 netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server 3390 isa_server_outside 3390 netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server 3901 isa_server_outside 3901 netmask 255.255.255.255
    static (inside,outside) tcp SAP 50000 isa_server_outside 50000 netmask 255.255.255.255
    static (inside,outside) tcp SAP 3200 isa_server_outside 3200 netmask 255.255.255.255
    static (inside,outside) tcp SAP 3299 isa_server_outside 3299 netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server www isa_server_outside www netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server https isa_server_outside https netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server pop3 isa_server_outside pop3 netmask 255.255.255.255
    static (inside,outside) tcp Mail_Server imap4 isa_server_outside imap4 netmask 255.255.255.255
    static (inside,outside) tcp cms_eservices_projects_sharepointold 9999 isa_server_outside 9999 netmask 255.255.255.255
    static (inside,outside) 192.168.2.0  access-list corp_vpn
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    http 192.168.1.0 255.255.255.0 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set transet esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map dynmap 10 set pfs
    crypto dynamic-map dynmap 10 set transform-set transet ESP-3DES-SHA
    crypto map cryptomap 10 ipsec-isakmp dynamic dynmap
    crypto map cryptomap interface outside
    crypto isakmp identity address
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    crypto isakmp policy 30
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    no crypto isakmp nat-traversal
    telnet 192.168.2.0 255.255.255.0 inside
    telnet 192.168.1.0 255.255.255.0 management
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx interface inside
    dhcpd domain domain.local interface inside
    threat-detection basic-threat
    threat-detection statistics host
    threat-detection statistics access-list
    tftp-server management 192.168.1.123 /
    group-policy mypolicy internal
    group-policy mypolicy attributes
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value VPN
    username vpdn password 123
    username vpdn attributes
    vpn-group-policy mypolicy
    service-type remote-access
    tunnel-group mypolicy type remote-access
    tunnel-group mypolicy general-attributes
    address-pool POOL
    default-group-policy mypolicy
    tunnel-group mypolicy ipsec-attributes
    pre-shared-key *
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect pptp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:b8bb19b6cb05cfa9ee125ad7bc5444ac
    : end
    Thank you very much.

    Here is the output:
    ciscoasa# packet-tracer input outside icmp 172.16.1.10 8 0 192.168.2.1
    Phase: 1
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found no matching flow, creating a new flow
    Phase: 2
    Type: UN-NAT
    Subtype: static
    Result: ALLOW
    Config:
    static (inside,outside) 192.168.2.0  access-list corp_vpn
    nat-control
      match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
        static translation to 192.168.2.0
        translate_hits = 0, untranslate_hits = 139
    Additional Information:
    NAT divert to egress interface inside
    Untranslate 192.168.2.0/0 to 192.168.2.0/0 using netmask 255.255.255.0
    Phase: 3
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group outside_access_in in interface outside
    access-list outside_access_in extended permit ip any any
    Additional Information:
    Phase: 4
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 5
    Type: CP-PUNT
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 6
    Type: INSPECT
    Subtype: np-inspect
    Result: ALLOW
    Config:
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
      inspect icmp
    service-policy global_policy global
    Additional Information:
    Phase: 7
    Type: INSPECT
    Subtype: np-inspect
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 8
    Type: VPN
    Subtype: ipsec-tunnel-flow
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 9
    Type: NAT-EXEMPT
    Subtype: rpf-check
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 10
    Type: NAT
    Subtype: rpf-check
    Result: ALLOW
    Config:
    static (inside,outside) 192.168.2.0  access-list corp_vpn
    nat-control
      match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
        static translation to 192.168.2.0
        translate_hits = 0, untranslate_hits = 140
    Additional Information:
    Phase: 11
    Type: ACCESS-LIST
    Subtype:
    Result: DROP
    Config:
    Implicit Rule
    Additional Information:
    Result:
    input-interface: outside
    input-status: up
    input-line-status: up
    output-interface: inside
    output-status: up
    output-line-status: up
    Action: drop
    Drop-reason: (acl-drop) Flow is denied by configured rule

  • Cisco ASA 5505, Cisco VPN Client and Novell Netware

    Hi,
    Our ISP have installed Cisco ASA 5505 firewall. We are trying to connect to our Novell 5.1 server using VPN client.
    I installed VPN client on a laptop that is using wireless connection. I connect using wireless signal from near by hotel and I am able to connect to my firewall usinging vpn client and also able to login in using Novell client for XP.
    When I use same vpn client and Novell client at home that is not using wireless connection, but DSL connection amd not able to login or find the tree.
    The only difference in two machine is laptop using wireless connection and my home machine is using wired connection using DSL.

    If your remote end of the services in question support IPsec IKEv1 as the VPN type then, yes - the 5505 can be a client for that service. At that point it looks like a regular LAN-LAN VPN which is documented in many Cisco and 3rd party how-to documents.

  • Cisco ASA 5505/Cisco 3750

    I have a Cisco 5505(base license) and a Cisco 3750(48 port). I want to be able to connect to the 3750 on different vlans(for home lab),but I'm no able to ping the "outside" IP of the ASA. I can ping the different vlans from the ASA once I created the routes from the ASA.
    3750 config:
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    hostname SwitchA
    no aaa new-model
    switch 1 provision ws-c3750-48p
    ip subnet-zero
    ip routing
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    interface FastEthernet1/0/1
    description Uplink to Cisco ASA 5505
    switchport access vlan 100
    switchport mode access
    spanning-tree portfast
    interface FastEthernet1/0/2
    no switchport
    no ip address
    interface FastEthernet1/0/3
    interface FastEthernet1/0/4
    interface FastEthernet1/0/5
    switchport access vlan 10
    interface FastEthernet1/0/6
    interface Vlan1
    no ip address
    interface Vlan2
    ip address 10.10.0.1 255.255.255.0
    interface Vlan3
    ip address 10.10.1.254 255.255.255.0
    interface Vlan10
    no ip address
    interface Vlan100
    description SW-to-ASA
    ip address 172.16.100.2 255.255.255.0
    interface Vlan172
    no ip address
    interface Vlan182
    no ip address
    interface Vlan192
    no ip address
    ip classless
    ip route 0.0.0.0 0.0.0.0 172.16.100.1
    ip http server
    ip http secure-server
    ASA Config:
    interface Vlan1
    shutdown
    no nameif
    no security-level
    no ip address
    interface Vlan10
    nameif users
    security-level 100
    ip address 172.16.10.254 255.255.255.0
    interface Vlan172
    no nameif
    security-level 100
    ip address 172.16.100.1 255.255.255.0
    interface Vlan192
    nameif OUTSIDE
    security-level 0
    ip address 192.168.1.1 255.255.255.0
    interface Ethernet0/0
    switchport access vlan 192
    interface Ethernet0/1
    description Trunk to Switch
    switchport access vlan 172
    Is this even doable?

    Hi,
    I believe you have the problem with your no-nat configurations..... you to exempt NAT for the traffic from 172.16.10.0 (Anyconnect VPN pool) to 192.168.1.0/24 (Inside LAN) to make this work
    object network acvpnpool
    subnet <anyconnect VPN Subnet>
    object network insidelan
    subnet <inside lan subnet>
    nat (inside,outside) source static acvpnpool acvpnpool destination static insidelan insidelan
    Make sure that you are able to reach the GW/Inside ip adress of the firewall from LAN machine.... all routing in place properly..... Thanks!!!
    Regards
    Karthik

  • Cisco 871 to Cisco ASA 5545 Site-to-Site VPN Split Tunnel not working.

    Tunnel comes up and can see and access protected traffic but cannot access web (Split Tunnel). Don't know if access problem or route issue.
    Listed below is configuration for Cisco 871, any help very much appreciated.
    crypto isakmp policy 1
     encr 3des
     authentication pre-share
     group 2  
    crypto isakmp key test address x.x.x.x
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
    crypto map SDM_CMAP_1 1 ipsec-isakmp 
     description Tunnel to x.x.x.x
     set peer x.x.x.x
     set transform-set ESP-3DES-SHA 
     match address 100
    interface FastEthernet0
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    interface FastEthernet4
     ip address 4.34.195.193 255.255.255.192
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip route-cache flow
     duplex auto
     speed auto
     crypto map SDM_CMAP_1
    interface Vlan1
     description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
     ip address 172.200.1.1 255.255.255.0
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip route-cache flow
     ip tcp adjust-mss 1452
    ip route 0.0.0.0 0.0.0.0 4.34.195.193 permanent
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    logging trap debugging
    access-list 100 remark SDM_ACL Category=4
    access-list 100 remark IPSec Rule
    access-list 100 permit ip 172.200.1.0 0.0.0.255 172.16.2.0 0.0.0.255

    I don't see any NAT configuration above. Check you can PING out to the internet (8.8.8.8 for example) from the router itself as it won't need NAT to PING from the outside interface.
    Have a look at this document on setting up NAT for your inside devices:
    http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

Maybe you are looking for

  • LV 8 problem with New Report.vi in compiled program

    I'm a novice LV programmer trying to finish my first project.  The project is the automation of an air flow stand using field point for acquisition/control.  Have the code written and everything seems to work fine until I compile.  Specifically, I ge

  • How do make the colours less warm?

    I shoot under yellow lights. Then the colours in the video is very warm. Too gold and orange. How do you make it less warm?

  • Does VGA Transfer Sound as well?

    I have a white macbook and purchased a mini dvi to vga connection so i can connect it to my college class projector. anyways, obviously the images will transfer to the screen but will sound go to the speakers as well?

  • How to define RADIO BUTTONS in MODULE POOL PROG.?

    Hi Experts, I need to keep the RADIO BUTTONS in 1000_screen of my_module_pool prog., like, I hv 2 fields in this screen, as expected, the first shuld hv DEFAULT selection. So, I just simply, dragged & dropped 2 radio buttons from left menu of the scr

  • Why can I not download a file in Safari

    I've got an eMail from WeTransfer.com which contains a link to download a video file. However, when I click on the link, Safari takes me to the WeTransfer site but it won't actually download the file - I have an icon in the middle of the screen showi