Cisco SPA509G to Cisco SPA509G
Is there a way to configure the phones (Cisco SPA509G) so that they talk to each other, like an intercom system?
Or configure them to talk to each other, IP to IP?
Basically internally we would have 16 Cisco phones, they would connect to a Cisco switch, a Linksys Router (WRT-54GL with DD-WRT) and then to a Satellite Modem.
This would be in Alaska, so the four to five second delay when it has to make the strip to the VoIP server back east can't really be done.
Would we need to have a Gateway device, like an Session Border Controller in play?
Thank you in advance.
John.
John,
You are looking for IP to IP dialing between phones.
Have a look here:
http://www.cisco.com/en/US/products/ps10024/products_qanda_item09186a0080a35a2c.shtml
It's a little dated but the concepts and steps are the same (the screen displays are updated on SPA50X phones).
The example is a Linksys PAP2
Randy
Similar Messages
-
Communication problem between Cisco 3560 and Cisco SG300.
Dear Support,
I have a Cisco SG300 and Cisco 3560 switches.
3560 is my Core Switch and SG300 is access switch.
From 3560 VLAN information is not passed to SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Please suggest how this issue is resolve.
Regards,
JItesh Mahajan.Dear Aleksandra,
Below Configuration is right or wrong for 3560 and SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan remove VLAN 1
switchport native vlan 1
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Regards,
JItesh Mahajan. -
I have an LC/APC fiber patch cord infrastructure and I want to connect it to Cisco Catalyst 6500 & Cisco Access 3750 Switches. what type of transceiver should be used?
I read a note on Cisco website stating the following for Cisco SFP+ transceivers:
Note: "Only connections with patch cords with PC or UPC connectors are supported. Patch cords with APC connectors are not supported. All cables and cable assemblies used must be compliant with the standards specified in the standards section"Thank you, but my question is that I have a single mode fiber patch cord with LC/APC connector while cisco stating a note that only use LC/PC or LC/UPC type of connectors with SFP+ transceiver.
So what type of transceiver should I use to connect LC/APC patch cord to cisco switches? Is there another type or SFP+ still can be used? -
Is there a Cisco AireOS to Cisco IOS XE conversion tool?
Hi,
We're currently migrating some AireOS WLCs networks into 5760 IOS XE.
Is there a tool or procedure available to converte an Cisco AireOS configuration into Cisco IOS XE?
I'm currently looking into the the "Cisco AireOS to Cisco IOS XE Command Mapping Reference, Cisco IOS XE Release 3SE" document and I was wondering is there is an easy way to do this
Kind regards,
VascoThere is not real tool that does this conversion. It's best to treat this as a Greenfield implementation.
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"***** -
Re-Paired Cisco DMM and Cisco Show & Share
Hi ...
guys ... do anyone have experience to re-paired Cisco DMM and Cisco Show & Share ? I do re-paired it, but it doesn't success. First i pair Cisco Show and Share with Cisco DMS it success, but when i pair Cisco DMM with Cisco Show and Share it doesn't success (the proccess took so long about 30 minute i do ctrl C and it says failed to install certificate from Cisco Show and Share).
Anyone have idea ?
BRAvoid Pairing Failures
•Pairing fails when you complete these steps in the wrong order. You must use AAI on your Cisco Cisco Show and Share appliance before you use AAI on your Cisco DMM appliance. Do not reverse this order or try to use AAI simultaneously on both appliances.
•Do not use the POP option on the pairing menu. Doing so may cause Cisco Show and Share to fail. If you accidently choose the POP option, you will need to re-pair the Cisco Show and Share and DMM appliances.
Pair Your Appliances
Procedure
Step 1 From the appliance that runs Cisco Show and Share 5.2:
a. Log in as admin to the Appliance Administration Interface (AAI).
b. Choose APPLIANCE_CONTROL > PAIR APPLIANCE.
c. Choose DMM.
Warning Do not choose any other option than DMM.
d. Enter the fully-qualified domain name (FQDN) for your Cisco DMM appliance.
This is the DNS name. Do not enter an IP address.
e. Press Enter.
Your Cisco Show and Share appliance receives and successfully imports a digital certificate from your Cisco DMM appliance.
Step 2 From the appliance that runs Cisco Digital Media Manager 5.2:
a. Log in as admin to the Appliance Administration Interface (AAI).
b. Choose APPLIANCE_CONTROL > PAIR APPLIANCE.
c. Choose SHOW_AND_SHARE.
Warning Do not choose any other option than SHOW_AND_SHARE.
d. Enter the fully-qualified domain name (FQDN) for your Cisco Show and Share appliance.
This is the DNS name. Do not enter an IP address.
e. Press Enter.
Your Cisco DMM appliance receives and successfully imports a digital certificate from your Cisco Show and Share appliance.
See Cisco Link :
http://www.cisco.com/en/US/docs/video/digital_media_systems/5_x/5_2/dms/aai/administration/guide/pair.html -
CISCO SPA-504G & CISCO SPA-525G plug nad play???
Hi,
we have CCM 7.1.5 and I need to add about 100 new phone/users. we received good price for this two phones CISCO SPA-504G & CISCO SPA-525G.
This one look and I think is the same linksys spa 942 phone, and for that one I need to do provisioning to get them to work.
Are this two phones CISCO SPA-504G & CISCO SPA-525G, "plug and play" does CCM recognized them like other Cisco phones (like 7941....)
THX,
IVanSounds like you need to adjust the dial plan string under the relevant Ext tab on the admin web interface of the phone.
-
Cisco view for Cisco 7201 router
Hi ,
We have LMS 3.0.1 and we are not able to get cisco view for Cisco 7201 router.
Any help would be appricated.
thanks,
SamirMake sure you have version 22.0 of the Rtr7000 CiscoView package loaded. You can update your CiscoView packages under Common Services > Software Center > Device Update.
-
Difference between Cisco DCNM and CISCO Fabric Manager
Hello Everyone,
I am new to Cisco SAN and just would like to know the differences between cisco DCNM and Cisco Fabric manager and which one is latest as of now.
regards
VINAYHi Viany,
Fabric Manager was renamed DCNM starting at 5.2.
Fabric Manager only monitors SAN Fabrics, while DCNM 5.2 and above can monitor both SAN Fabrics and Ethernet LANs.
Regards,
David -
2 Cisco Iron Port (Cisco C370) Email appliances Solution Required
Hi All,
I NEED THE
technical proposal based on below requirements:
2 Cisco Iron Port (Cisco C370) Email appliances with below options for 3000 users licenses:
1) Anti-spam
2) Anti-virus
3) Content Filtering
4) DLP
5) Encryption (Optional)Any technical proposals will need to be provided from your Sales Ops/Account team - or reseller. I would suggest opening a dialouge with them, in order to get the answer you are looking for. It will not come from the support forums.
http://www.cisco.com/web/services/order-services/index.html
https://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=4161&KeyCode=195185_1
http://www.cisco.com/en/US/products/ps10154/index.html
Hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!) -
2 Cisco Iron Port (Cisco C370) Email appliances solution
i need
technical proposal based on below requirements:
2 Cisco Iron Port (Cisco C370) Email appliances with below options for 3000 users licenses:
1) Anti-spam
2) Anti-virus
3) Content Filtering
4) DLP
5) Encryption (Optional)Any technical proposals will need to be provided from your Sales Ops/Account team - or reseller. I would suggest opening a dialouge with them, in order to get the answer you are looking for. It will not come from the support forums.
http://www.cisco.com/web/services/order-services/index.html
https://grs.cisco.com/grsx/cust/grsCustomerSurvey.html?SurveyCode=4161&KeyCode=195185_1
http://www.cisco.com/en/US/products/ps10154/index.html
Hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!) -
Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis
We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.Hi,
So you have N7k acting as L3 with servers connected to 4510?.
Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
This will help narrow down if issue is between server to 4510 or 4510 to N7k.
Thanks,
Nagendra -
Cisco ASA 5510 - Cisco Client Can Connect To VPN But Can't Ping!
Hi,
I have an ASA 5510 with the configuration below. I have configure the ASA as remote access vpn server with cisco vpn client, my problem now is I can connect but I can't ping.
Config
ciscoasa# sh run
: Saved
ASA Version 8.0(3)
hostname ciscoasa
enable password 5QB4svsHoIHxXpF/ encrypted
names
name xxx.xxx.xxx.xxx SAP_router_IP_on_SAP
name xxx.xxx.xxx.xxx ISA_Server_second_external_IP
name xxx.xxx.xxx.xxx Mail_Server
name xxx.xxx.xxx.xxx IncomingIP
name xxx.xxx.xxx.xxx SAP
name xxx.xxx.xxx.xxx WebServer
name xxx.xxx.xxx.xxx cms_eservices_projects_sharepointold
name 192.168.2.2 isa_server_outside
interface Ethernet0/0
nameif outside
security-level 0
ip address IncomingIP 255.255.255.248
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.253 255.255.255.0
management-only
passwd 123
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
object-group service TCP_8081 tcp
port-object eq 8081
object-group service DM_INLINE_TCP_1 tcp
port-object eq 3389
port-object eq ftp
port-object eq www
port-object eq https
port-object eq smtp
port-object eq pop3
port-object eq 3200
port-object eq 3300
port-object eq 3600
port-object eq 3299
port-object eq 3390
port-object eq 50000
port-object eq 3396
port-object eq 3397
port-object eq 3398
port-object eq imap4
port-object eq 587
port-object eq 993
port-object eq 8000
port-object eq 8443
port-object eq telnet
port-object eq 3901
group-object TCP_8081
port-object eq 1433
port-object eq 3391
port-object eq 3399
port-object eq 8080
port-object eq 3128
port-object eq 3900
port-object eq 3902
port-object eq 7777
port-object eq 3392
port-object eq 3393
port-object eq 3394
port-object eq 3395
port-object eq 92
port-object eq 91
port-object eq 3206
port-object eq 8001
port-object eq 8181
port-object eq 7778
port-object eq 8180
port-object eq 22222
port-object eq 11001
port-object eq 11002
port-object eq 1555
port-object eq 2223
port-object eq 2224
object-group service RDP tcp
port-object eq 3389
object-group service 3901 tcp
description 3901
port-object eq 3901
object-group service 50000 tcp
description 50000
port-object eq 50000
object-group service Enable_Transparent_Tunneling_UDP udp
port-object eq 4500
access-list inside_access_in remark connection to SAP
access-list inside_access_in extended permit ip 192.168.2.0 255.255.255.0 host SAP_router_IP_on_SAP
access-list inside_access_in remark VPN Outgoing - PPTP
access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any eq pptp
access-list inside_access_in remark VPN Outgoing - GRE
access-list inside_access_in extended permit gre 192.168.2.0 255.255.255.0 any
access-list inside_access_in remark VPN - GRE
access-list inside_access_in extended permit gre any any
access-list inside_access_in remark VPN Outgoing - IKE Client
access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq isakmp
access-list inside_access_in remark VPN Outgoing - IPSecNAT - T
access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq 4500
access-list inside_access_in remark DNS Outgoing
access-list inside_access_in extended permit udp any any eq domain
access-list inside_access_in remark DNS Outgoing
access-list inside_access_in extended permit tcp any any eq domain
access-list inside_access_in remark Outoing Ports
access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit ip 172.16.1.0 255.255.255.0 any
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any any eq pptp
access-list outside_access_in extended permit gre any any
access-list outside_access_in extended permit gre any host Mail_Server
access-list outside_access_in extended permit tcp any host Mail_Server eq pptp
access-list outside_access_in extended permit esp any any
access-list outside_access_in extended permit ah any any
access-list outside_access_in extended permit udp any any eq isakmp
access-list outside_access_in extended permit udp any any object-group Enable_Transparent_Tunneling_UDP
access-list VPN standard permit 192.168.2.0 255.255.255.0
access-list corp_vpn extended permit ip 192.168.2.0 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool POOL 172.16.1.10-172.16.1.20 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 2 Mail_Server netmask 255.0.0.0
global (outside) 1 interface
global (inside) 2 interface
nat (inside) 0 access-list corp_vpn
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp Mail_Server 8001 ISA_Server_second_external_IP 8001 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 8000 ISA_Server_second_external_IP 8000 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server pptp isa_server_outside pptp netmask 255.255.255.255
static (inside,outside) tcp Mail_Server smtp isa_server_outside smtp netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 587 isa_server_outside 587 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 9444 isa_server_outside 9444 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 9443 isa_server_outside 9443 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3389 isa_server_outside 3389 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3390 isa_server_outside 3390 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3901 isa_server_outside 3901 netmask 255.255.255.255
static (inside,outside) tcp SAP 50000 isa_server_outside 50000 netmask 255.255.255.255
static (inside,outside) tcp SAP 3200 isa_server_outside 3200 netmask 255.255.255.255
static (inside,outside) tcp SAP 3299 isa_server_outside 3299 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server www isa_server_outside www netmask 255.255.255.255
static (inside,outside) tcp Mail_Server https isa_server_outside https netmask 255.255.255.255
static (inside,outside) tcp Mail_Server pop3 isa_server_outside pop3 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server imap4 isa_server_outside imap4 netmask 255.255.255.255
static (inside,outside) tcp cms_eservices_projects_sharepointold 9999 isa_server_outside 9999 netmask 255.255.255.255
static (inside,outside) 192.168.2.0 access-list corp_vpn
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set transet esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set pfs
crypto dynamic-map dynmap 10 set transform-set transet ESP-3DES-SHA
crypto map cryptomap 10 ipsec-isakmp dynamic dynmap
crypto map cryptomap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx interface inside
dhcpd domain domain.local interface inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
tftp-server management 192.168.1.123 /
group-policy mypolicy internal
group-policy mypolicy attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN
username vpdn password 123
username vpdn attributes
vpn-group-policy mypolicy
service-type remote-access
tunnel-group mypolicy type remote-access
tunnel-group mypolicy general-attributes
address-pool POOL
default-group-policy mypolicy
tunnel-group mypolicy ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp
service-policy global_policy global
prompt hostname context
Cryptochecksum:b8bb19b6cb05cfa9ee125ad7bc5444ac
: end
Thank you very much.Here is the output:
ciscoasa# packet-tracer input outside icmp 172.16.1.10 8 0 192.168.2.1
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (inside,outside) 192.168.2.0 access-list corp_vpn
nat-control
match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
static translation to 192.168.2.0
translate_hits = 0, untranslate_hits = 139
Additional Information:
NAT divert to egress interface inside
Untranslate 192.168.2.0/0 to 192.168.2.0/0 using netmask 255.255.255.0
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit ip any any
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
Additional Information:
Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (inside,outside) 192.168.2.0 access-list corp_vpn
nat-control
match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
static translation to 192.168.2.0
translate_hits = 0, untranslate_hits = 140
Additional Information:
Phase: 11
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule -
Cisco ASA 5505, Cisco VPN Client and Novell Netware
Hi,
Our ISP have installed Cisco ASA 5505 firewall. We are trying to connect to our Novell 5.1 server using VPN client.
I installed VPN client on a laptop that is using wireless connection. I connect using wireless signal from near by hotel and I am able to connect to my firewall usinging vpn client and also able to login in using Novell client for XP.
When I use same vpn client and Novell client at home that is not using wireless connection, but DSL connection amd not able to login or find the tree.
The only difference in two machine is laptop using wireless connection and my home machine is using wired connection using DSL.If your remote end of the services in question support IPsec IKEv1 as the VPN type then, yes - the 5505 can be a client for that service. At that point it looks like a regular LAN-LAN VPN which is documented in many Cisco and 3rd party how-to documents.
-
I have a Cisco 5505(base license) and a Cisco 3750(48 port). I want to be able to connect to the 3750 on different vlans(for home lab),but I'm no able to ping the "outside" IP of the ASA. I can ping the different vlans from the ASA once I created the routes from the ASA.
3750 config:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname SwitchA
no aaa new-model
switch 1 provision ws-c3750-48p
ip subnet-zero
ip routing
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet1/0/1
description Uplink to Cisco ASA 5505
switchport access vlan 100
switchport mode access
spanning-tree portfast
interface FastEthernet1/0/2
no switchport
no ip address
interface FastEthernet1/0/3
interface FastEthernet1/0/4
interface FastEthernet1/0/5
switchport access vlan 10
interface FastEthernet1/0/6
interface Vlan1
no ip address
interface Vlan2
ip address 10.10.0.1 255.255.255.0
interface Vlan3
ip address 10.10.1.254 255.255.255.0
interface Vlan10
no ip address
interface Vlan100
description SW-to-ASA
ip address 172.16.100.2 255.255.255.0
interface Vlan172
no ip address
interface Vlan182
no ip address
interface Vlan192
no ip address
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.100.1
ip http server
ip http secure-server
ASA Config:
interface Vlan1
shutdown
no nameif
no security-level
no ip address
interface Vlan10
nameif users
security-level 100
ip address 172.16.10.254 255.255.255.0
interface Vlan172
no nameif
security-level 100
ip address 172.16.100.1 255.255.255.0
interface Vlan192
nameif OUTSIDE
security-level 0
ip address 192.168.1.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 192
interface Ethernet0/1
description Trunk to Switch
switchport access vlan 172
Is this even doable?Hi,
I believe you have the problem with your no-nat configurations..... you to exempt NAT for the traffic from 172.16.10.0 (Anyconnect VPN pool) to 192.168.1.0/24 (Inside LAN) to make this work
object network acvpnpool
subnet <anyconnect VPN Subnet>
object network insidelan
subnet <inside lan subnet>
nat (inside,outside) source static acvpnpool acvpnpool destination static insidelan insidelan
Make sure that you are able to reach the GW/Inside ip adress of the firewall from LAN machine.... all routing in place properly..... Thanks!!!
Regards
Karthik -
Cisco 871 to Cisco ASA 5545 Site-to-Site VPN Split Tunnel not working.
Tunnel comes up and can see and access protected traffic but cannot access web (Split Tunnel). Don't know if access problem or route issue.
Listed below is configuration for Cisco 871, any help very much appreciated.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key test address x.x.x.x
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to x.x.x.x
set peer x.x.x.x
set transform-set ESP-3DES-SHA
match address 100
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address 4.34.195.193 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
crypto map SDM_CMAP_1
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 172.200.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ip tcp adjust-mss 1452
ip route 0.0.0.0 0.0.0.0 4.34.195.193 permanent
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
logging trap debugging
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 172.200.1.0 0.0.0.255 172.16.2.0 0.0.0.255I don't see any NAT configuration above. Check you can PING out to the internet (8.8.8.8 for example) from the router itself as it won't need NAT to PING from the outside interface.
Have a look at this document on setting up NAT for your inside devices:
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html
Maybe you are looking for
-
LV 8 problem with New Report.vi in compiled program
I'm a novice LV programmer trying to finish my first project. The project is the automation of an air flow stand using field point for acquisition/control. Have the code written and everything seems to work fine until I compile. Specifically, I ge
-
How do make the colours less warm?
I shoot under yellow lights. Then the colours in the video is very warm. Too gold and orange. How do you make it less warm?
-
Does VGA Transfer Sound as well?
I have a white macbook and purchased a mini dvi to vga connection so i can connect it to my college class projector. anyways, obviously the images will transfer to the screen but will sound go to the speakers as well?
-
How to define RADIO BUTTONS in MODULE POOL PROG.?
Hi Experts, I need to keep the RADIO BUTTONS in 1000_screen of my_module_pool prog., like, I hv 2 fields in this screen, as expected, the first shuld hv DEFAULT selection. So, I just simply, dragged & dropped 2 radio buttons from left menu of the scr
-
Why can I not download a file in Safari
I've got an eMail from WeTransfer.com which contains a link to download a video file. However, when I click on the link, Safari takes me to the WeTransfer site but it won't actually download the file - I have an icon in the middle of the screen showi