DM-VPN with Static NAT for Spoke Router. Require Expert Help
Dear All,
This is my first time to write something .
i have configure DM-VPN, and it's working fine, now i want to configure static nat.
some people will think why need static nat if it's working fine.
let me tell you why i need. what is my plan.
i have HUB with 3 spoke. some time i go out side of my office and not able to access my spoke computer by Terminal Services. because its by dynamic ip address. so what i think i'll give one Static NAT on my HUB Router that if any one or Me Hit the Real/Public IP address of my HUB WAN Interface from any other Remote location so redirect this quiry to my Terminal Service computer which located in spoke network.
will for that i try but fail.
will again the suggestion will come. why not to use .. Easy VPN. well sound great. but then i have to keep my notebook with me.
i'll also do it but now i need that how to do Static NAT. like for normal Router i am doing which is not part of VPN.
ip nat inside source static tcp 192.168.1.10 3389 interface Dialer1 3389
but this time this command is not working, because the ip address which i mention it's related HUB Network not Spoke
spose spoke Network: 192.168.2.0/24
and i want on HUB Router:
ip nat inside source static tcp 192.168.2.10 3389 interface Dialer1 3389
i am using Cisco -- 887 and 877 ADSL Router.
but it's not working, Need experts help. please write your comment's which are very important for me. waiting for your commant's
fore more details please see the diagram.
for Contact Me: [email protected]
hi rvarelac thank you for reply :
i allready done that , i put a deny statements in nat access-list excluding the vpn traffic , but the problem still there !
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key 12344321 address 1.1.1.1
crypto ipsec transform-set Remote-Site esp-aes esp-sha-hmac
mode tunnel
crypto map s2s 100 ipsec-isakmp
set peer 1.1.1.1
set transform-set Remote-Site
match address vpnacl
interface GigabitEthernet0/0
crypto map s2s
Extended IP access list lantointernet
30 deny icmp 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
40 deny igmp 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
50 deny ip 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
80 permit ip any any
Similar Messages
-
NAT overload has been done successfully as follows:
1. ip nat inside and ip nat outside configured on the appropriate interfaces i.e.fa0/0 and fa0/1
2. default route added on the router.
3.additional configuration is added:
ip nat inside source list 1 interface fa0/1 overload
access-list 1 permit 192.168.1.0 0.0.0.255
Now I am trying to use static NAT for FTP:
ip nat inside source static tcp 192.168.1.X 21 x.x.x.x 21 extendable
But this does not work please help. I am trying to access FTP server from LAN by entering public address in the browser. Can access the FTP server with private address but this defeats the purpose of FTP. Please help.Router(config)#interface fa0/0
Router(config-if)#ip address 192.168.1.254 255.255.255.0
Router(config-if)#no shut
Router(config-if)#ip nat inside
Router(config-if)#interface fa0/1
Router(config-if)#ip address 203.109.120.2 255.255.255.252
Router(config-if)#no shut
Router(config-if)#ip nat outside
Router(config)#ip route 0.0.0.0 0.0.0.0 interface fa0/1
Router(config)#ip nat inside source list 1 interface fa0/1 overlaod
Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255 -
I have a Maxtor 3200 which has stopped communicating with my iMac for no reason can you help i'am running the latest system
I have never seen this before. Try using these installers
Flash Player for ActiveX (Internet Explorer)
Flash Player Plug-in (All other browsers) -
DMVPN Hub router with static NAT
Hi everyone,
I'm trying to setup a lab enviroment to stablish a DMVPN. I have two routers CISCO 2811, IOS version 12.4(3j). I need to configure those routers to stablish a DMVPN. For the spoke router, I have have an ISP that provides dynamic addressing. For the hub router, I have a public static IP address assignde by the ISP. But I have a Watchguard firewall in the middle doing static 1-to-1 NAT for that address. Now the questions are:
1) Can I stablish the DMVPN between the routers with that firewall in the middle?
2) In case it is possible, what will the physical hub address be? And is there something I need to change on the firewall configuration?
3) In case it isn't possible, what other options do I have to stablish a VPN tunnel between the routers in those conditions?
Is there is anything else you need to know to understand the situation, please ask. I haven't configure neither of the routers yet, because I think I need to be sure of these concepts first. Thanks for any help you could bring.
Gustavo!
-
Static Policy NAT in VPN conflicts with Static NAT
I have a situation where I need to create a site-to-site VPN between an ASA 5505 using IOS 7.2 and a Sonicwall NSA4500. The problem arises in that the LAN behind the Cisco ASA has the same subnet as a currently existing VPN created on the Sonicwall. Since the Sonicwall can't have two VPNs both going to the same subnet, the solution is to use policy NAT on the ASA so that to the Sonicwall, the new VPN appears to have a different subnet.
The current subnet behind the ASA is 192.168.10.0/24 (The Sonicwall already has a VPN created to a different client with that same subnet). I am trying to translate that to 192.168.24.0/24. The peer LAN (behind the Sonicwall) is 10.159.0.0/24. The pertinent configuration of the ASA is:
interface Vlan1
ip address 192.168.10.1 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.24.0 255.255.255.0 10.159.0.0 255.255.255.0
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 10.159.0.0 255.255.255.0
static (inside,outside) 192.168.24.0 access-list VPN
crypto map outside_map 1 match address outside_1_cryptomap
In addition to this, there are other static NAT statements and their associated ACLs that allow certain traffic through the firewall to the server, e.g.:
static (inside,outside) tcp interface smtp SERVER smtp netmask 255.255.255.255
The problem is this: When I enter the static policy NAT statement, I get the message "Warning: real-address conflict with existing static" and then it refers to each of the static NAT statements that translate the outside address to the server. I thought about this, and it seemed to me that the problem was that the policy NAT statement needed to be the first NAT statement (it is last) so that it would be handled first and all traffic destined for the VPN tunnel to the Sonicwall (destination 10.159.0.0/24) would be correctly handled. If I left it as the last statement, then the other static NAT statements would prevent some traffic destined for the 10.159.0.0/24 network from being correctly routed through the VPN.
So I tried first to move my policy NAT statement up in the ASDM GUI. However, moving that statement was not permitted. Then I tried deleting the five static NAT statements that point to the server (one example is above) and then recreating them, hoping that would then move the policy NAT statement to the top. This also failed.
What am I missing?Hi,
To be honest it should work in the way I mentioned. I am not sure why it would change the order of the NAT configurations. I have run into this situation on some ASA firewalls running the older software (older than 8.2) and the reordering of the configurations has always worked.
So I am not sure are we looking at some bug or what the problem is.
I was wondering if one solution would be to configure all of the Static NAT / Static PAT as Static Policy NAT/PAT
I have gotten a bit rusty on the older (8.2 and older) NAT configuration format as over 90% of our customer firewalls are running 8.3+ software.
I was thinking of this kind of "static" configuration for the existing Static PAT configurations if you want to try
access-list STATICPAT-SMTP permit tcp host eq smtp any
static (inside,outside) tcp interface smtp access-list STATICPAT-SMTP
access-list STATICPAT-HTTPS permit tcp host eq https any
static (inside,outside) tcp interface https access-list STATICPAT-HTTPS
access-list STATICPAT-RDP permit tcp host eq 3389 any
static (inside,outside) tcp interface 3389 access-list STATICPAT-RDP
access-list STATICPAT-TCP4125 permit tcp host eq 4125 any
static (inside,outside) tcp interface 4125 access-list STATICPAT-TCP4125
access-list STATICPAT-POP3 permit tcp host eq pop3 any
static (inside,outside) tcp interface pop3 access-list STATICPAT-POP3
Naturally you would add the Static Policy NAT for the VPN first.
Again I have to say that I am not 100% sure if this was is the correct format maybe you can test it with a single service that has a Static PAT. For example the Static PAT for RDP (TCP/3389). First entering the Static Policy NAT then removing the Static PAT and then entering the Static Policy PAT.
Remember that you should be able to test the translations with the "packet-tracer" command
For example
packet-tracer input outside tcp 1.1.1.1 12345
- Jouni -
Configure static NAT for range of ports
Hi,
I have a 2911 with a 3CX IP PBX behind it that needs to have a static NAT to the 3CX server for TCP/UDP 5060 and UDP 9000-9049. Do I have to create a static NAT entry for every single port in order for this to work, or can a range be defined in the NAT entries?
As an example, say my 3CX server has an internal IP of 192.168.1.25 and my external IP is 1.2.3.4. Would I have to create an entry for each port?
ip nat inside source static tcp 192.168.1.25 5060 1.2.3.4 5060
ip nat inside source static udp 192.168.1.25 5060 1.2.3.4 5060
ip nat inside source static udp 192.168.1.25 9000 1.2.3.4 9000
ip nat inside source static udp 192.168.1.25 9001 1.2.3.4 9001
and so on...
Is this the correct way to do it, or is there another better way?
Also, I only have one public IP to work with, and there are multiple other hosts on this network that need to have access to the internet. Right now I have NAT setup with overload so that the other hosts can get to the Internet. Here's my config for that:
ip nat pool PATPOOL 1.2.3.4 1.2.3.4 netmask 255.255.255.252
ip nat inside source list NAT_ACL pool PATPOOL overload
ip access-list standard NAT_ACL
remark PAT to outside
permit 192.168.1.0 0.0.0.255
exit
My question with this is will the static NAT work if I already have NAT overload configured as above?
Thanks for the help in advance.
Austin
PS here is 3CX documentation on this subject http://www.3cx.com/blog/voip-howto/cisco-voip-configuration/I ended up creating a static NAT entry for each individual port mapping. This worked just as it was supposed to.
I have seen examples of people using route maps and ACLs to accomplish forwarding a range ports. I have yet to see official documentation from Cisco on this, and in some cases those examples did not seem to work correctly.
ASAs with the latest code have the ability to forward a range of ports, but based on my research IOS lacks this feature.
In my case, forwarding 50 ports wasn't so bad. However, if you have hundreds or thousands of ports to forward you may want to try the route map/ACL approach.
Hopefully this information useful to others. -
Static MAC for a router interface
I have a Cisco 851 router that is setup as a VPN device. I have a managed switch connected to an interface on the 851. I want to be able to assign a static MAC for the paticular interface so that the connected switch is the only device allowed to connect to that port. However, the router must still be able to learn and pass traffic from MAC addresses of devices connected to the switch. Is this possible?
Interesting, thanks for the report/tip!
-
Hello,
It has been a while since I last worked on firewall. Please take a look at info below.
INSIDE does not have access to Internet
Services/Servers in DMZ need to be accessible from Internet
CONFIG
names
interface Ethernet0/0
nameif outside
security-level 0
ip address X.X.X.46 255.255.255.240 standby X.X.X.45
interface Ethernet0/1
speed 1000
duplex full
nameif inside
security-level 100
ip address INSIDE.254 255.255.254.0 standby INSIDE.253
interface Ethernet0/2
interface Ethernet0/2.1
description LAN Failover Interface
vlan 20
interface Ethernet0/2.2
description STATE Failover Interface
vlan 30
interface Ethernet0/3
description DMZ INTERFACE
speed 100
duplex full
nameif dmz
security-level 100
ip address DMZ.254 255.255.255.0 standby DMZ.253
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
dns server-group DefaultDNS
domain-name CDGI.com
same-security-traffic permit inter-interface
access-list NAT0_INSIDE_DMZ remark NO NAT FROM INSIDE TO DMZ
access-list NAT0_INSIDE_DMZ extended permit ip INSIDE.0 255.255.254.0 DMZ.0 255.255.255.0
access-list OUTSIDE_TO_DMZ extended permit ip any host X.X.X.41
access-list OUTSIDE_TO_DMZ extended permit tcp any host X.X.X.41 eq www
access-list OUTSIDE_TO_DMZ extended permit icmp any host X.X.X.41 echo
access-list OUTSIDE_TO_DMZ extended permit icmp any host X.X.X.41 echo-reply
access-list OUTSIDE_TO_DMZ extended permit ip any host X.X.X.42
access-list OUTSIDE_TO_DMZ extended permit tcp any host X.X.X.42 eq www
access-list OUTSIDE_TO_DMZ extended permit icmp any host X.X.X.42 echo
access-list OUTSIDE_TO_DMZ extended permit icmp any host X.X.X.42 echo-reply
access-list NO-NAT-INTERNAL extended permit ip INSIDE.0 255.255.254.0 DMZ.0 255.255.255.0
access-list NO-NAT-INTERNAL extended permit ip INSIDE.0 255.255.254.0 192.168.254.0 255.255.255.0
access-list NO-NAT-DMZ extended permit ip DMZ.0 255.255.255.0 192.168.254.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu management 1500
ip local pool SSLCLIENT_IP_POOL 192.168.254.1-192.168.254.25 mask 255.255.255.0
failover
failover lan unit primary
failover lan interface FAILOVER Ethernet0/2.1
failover link STATEFUL Ethernet0/2.2
failover interface ip FAILOVER 172.31.254.254 255.255.255.252 standby 172.31.254.253
failover interface ip STATEFUL 172.31.254.250 255.255.255.252 standby 172.31.254.249
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (dmz) 0 access-list NO-NAT-DMZ
static (dmz,outside) X.X.X.41 DMZ.49 netmask 255.255.255.255
static (dmz,outside) X.X.X.42 DMZ.28 netmask 255.255.255.255
access-group OUTSIDE_TO_DMZ in interface outside
route outside 0.0.0.0 0.0.0.0 X.X.X.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service resetoutside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect http
service-policy global_policy global
===========================================================================================
As you see above, config has ACL that allows traffic from Internet to DMZ and has static NAT. The hosts in DMZ are still not accessible.
Please help.
Thanks,
Paresh.Hi,
For Inside to internet:
you have no global( outside) as well as nat(inside) configured.
nat(inside) 1 0 0
global(outside) 1 interface
For second part, I see no problem in the config, is it not working?
Regards.
Alain -
Setting up static nat for ip addresses
We recently switched to a verizon fios line. Our company has two offices (CA, NC). There are servers in NC that we need to be able to print to printers in CA.
We have 5 static IP's from Verizon, I set 3 of the remaining IPs as a static nat to the private ips of the printers. I cannot ping these static public ips. I even have the port forwarding from UDP/TCP set to any for both the Source and Destination ports.
Can anyone help me as to why I cannot ping these IP addresses?
I can ping the private IP's from the private network (CA) that the printers are on.
Solved!
Go to Solution.No, it does not. But they are working this morning. Maybe the DNS needed to propigate? Not sure but it works now.
-
Static IP for Mac OS 10.5 -- Help!
I'm not sure how to set up an static IP for my macbook. It will be using my airport, not my built in ethernet. Can someone provide me a step by step guide? I'm lost. Thanks!
SystemPreferences-->Network-->select Airport-->click Advanced-->TCP/IP tab.
configure ipv4 --manually
enter your IP
subnet
router IP
click OK --> click Apply -
Inter-VPN routing with export map for host routes
Hi,
I am trying to export host routes from a connected network from one VRF to multiple other VRFs. This is to allow the leaking specific host routes for management purposes. However, I suspect that the /32 host route(s) actually need to be present in the management VRF so the RTs are added accordingly, rather than just specified in the match clause of the MGMT VRF export map.
Ideally here, I only want to export 10.111.111.254/32 from the connected network 10.111.111.0/24 in the MGMT VRF. The only way around this I can see it to move 10.111.111.0/24 behind another device, and add specific host route(s) within the MGMT VRF for the 10.111.111.X/32 host routes (which are redistributed into the MGMT VRF), using the additional device as the next-hop.
ip vrf MGMT
rd 1:1
export map MGMT-EXPORT-MAP
route-target export 1:1
route-target import 1:1
route-target import 1:1001
ip vrf CUST-B
rd 1:2
export map CUSTOMERS-EXPORT-MAP
route-target export 1:2
route-target import 1:2
route-target import 1:1000
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip vrf forwarding MGMT
ip address 10.111.111.1 255.255.255.0
interface FastEthernet0/0.200
encapsulation dot1Q 101
ip vrf forwarding CUST-B
ip address 10.96.2.1 255.255.254.0
router bgp 65000
bgp router-id 1.1.1.1
no bgp default ipv4-unicast
bgp log-neighbor-changes
address-family ipv4 vrf CUST-B
redistribute connected
no synchronization
exit-address-family
address-family ipv4 vrf MGMT
redistribute connected
no synchronization
exit-address-family
ip prefix-list CUSTOMERS seq 5 permit 10.96.2.0/23
ip prefix-list ONPREMISE seq 5 permit 10.111.111.0/24
ip prefix-list ONPREMISE seq 10 permit 10.111.111.254/32
route-map CUSTOMERS-EXPORT-MAP permit 10
match ip address prefix-list CUSTOMERS
set extcommunity rt 1:1001 additive
route-map MGMT-EXPORT-MAP permit 10
match ip address prefix-list ONPREMISE
set extcommunity rt 1:1000 additive
Cheers,
MattHi Matt
Yes the X/32 routes needs to be present in the VRF Routing-Table and if they are to be learnt statically then the MP-iBGP config for that particular VRF address-family has to redistribute static routes as well.
Regards
Varma -
Site-to-site vpn with 2 asa and home router
I am trying to establish a site-to-site vpn between 2 ASAs and am able to get the tunnel to establish and can get connectivity from the remote end of the connection to the local side. However, traffic from the local side is not able to get to the remote end. We have 2 ASA 5505 establishing the tunnel, on the remote end there is a linksys home router forwarding all traffic to the ASA outside interface on a private subnet. Our layout is as follows.
Internal Network Local ASA ISP1 ISP2 Remote Router Remote ASA Remote Network
192.168.1.0/24 local-gateway/public ip public ip/192.168.0.1/24 192.168.0.10/10.10.10.254 10.10.10.0/24
10.10.10.0/24 (remote) -> 192.168.1.0/24 (local) works
192.168.1.0/24 (local) -> 10.10.10.0/24 (remote) does not work
Below are the configs of the local and remote asa. any help would be greatly appreaciated.
local-asa
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.6 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Switch
host 192.168.1.5
description 2960-24 Switch
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network Mark_Public
host 76.98.2.63
description Mark Public
object network Mark
subnet 10.10.10.0 255.255.255.0
description Marks Network
object network Mark_routed_subnet
subnet 192.168.0.0 255.255.255.0
access-list outside_access_in extended permit icmp any4 any4 echo-reply
access-list outside_access_in extended permit tcp any object home-app-svr object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit ip object Mark 192.168.1.0 255.255.255.0
access-list outside_cryptomap extended permit ip 192.168.1.0 255.255.255.0 object Mark
access-list Home standard permit 192.168.1.0 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static Mark Mark no-proxy-arp
object network obj_any
nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
route outside 10.10.10.0 255.255.255.0 24.163.112.1 1
route outside 10.10.10.0 255.255.255.0 76.98.2.63 128
aaa-server Radius protocol radius
aaa-server Radius (inside) host 192.168.1.101
key *****
user-identity default-domain LOCAL
aaa authentication ssh console Radius LOCAL
aaa authentication telnet console Radius LOCAL
aaa authentication enable console Radius LOCAL
aaa authentication http console Radius LOCAL
aaa authentication serial console Radius LOCAL
aaa accounting enable console Radius
aaa accounting serial console Radius
aaa accounting ssh console Radius
aaa accounting telnet console Radius
http server enable
http 192.168.1.0 255.255.255.0 inside
http 66.162.9.0 255.255.255.0 outside
http 76.98.2.63 255.255.255.255 outside
http 10.10.10.0 255.255.255.0 inside
snmp-server host inside 192.168.1.101 community *****
snmp-server location 149 Cinder Cross
snmp-server contact Ted Stout
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps cpu threshold rising
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map0 1 match address outside_cryptomap
crypto map outside_map0 1 set peer 76.98.2.63
crypto map outside_map0 1 set ikev1 transform-set ESP-3DES-MD5 ESP-3DES-SHA
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=stout-fw
keypair vpn.stoutte.homeip.net
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpoint Home--Server-CA
enrollment terminal
subject-name CN=stout-fw,O=home
keypair HOME-SERVER-CA
crl configure
crypto ca trustpoint HOME-SSL
enrollment terminal
fqdn stoutfw.homeip.net
subject-name CN=stoutfw,O=Home
keypair HOME-SSL
no validation-usage
crl configure
crypto ca trustpoint SelfSigned
enrollment self
fqdn stoutfw.homeip.net
subject-name CN=stout-fw
keypair SelfSigned
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment self
fqdn 192.168.1.6
subject-name CN=stout-fw
keypair SelfSigned
crl configure
crypto ca trustpool policy
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable outside
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 20
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.168.1.5 source inside prefer
ssl trust-point SelfSigned outside
ssl trust-point ASDM_TrustPoint2 inside
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
username stoutte password 0w8WOxYi69SDg3bs encrypted privilege 15
username stoutte attributes
webvpn
anyconnect keep-installer installed
anyconnect profiles value VPN_client_profile type user
tunnel-group 76.98.2.63 type ipsec-l2l
tunnel-group 76.98.2.63 general-attributes
default-group-policy GroupPolicy1
tunnel-group 76.98.2.63 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
authentication-server-group Radius LOCAL
default-group-policy GroupPolicy_VPN
dhcp-server link-selection 192.168.1.101
tunnel-group VPN webvpn-attributes
group-alias VPN enable
class-map inspection_default
match default-inspection-traffic
remote-asa
: Saved
ASA Version 9.1(1)
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.10.10.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 192.168.0.10 255.255.255.0
ftp mode passive
clock timezone EDT -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name netlab.com
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Ted
subnet 192.168.1.0 255.255.255.0
description Teds Network
object network Ted_Public
host 24.163.116.187
object network outside_private
subnet 192.168.0.0 255.255.255.0
object network NETWORK_OBJ_10.10.10.0_24
subnet 10.10.10.0 255.255.255.0
access-list outside_cryptomap extended permit ip 10.10.10.0 255.255.255.0 object Ted
access-list outside_access_in extended permit icmp any4 any4 echo-reply
access-list outside_access_in extended permit ip object Ted 10.10.10.0 255.255.255.0
access-list outside_access_in extended permit ip object Ted_Public any
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
logging debug-trace
nat (inside,outside) source static NETWORK_OBJ_10.10.10.0_24 NETWORK_OBJ_10.10.10.0_24 destination static Ted Ted no-proxy-arp
object network obj_any
nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.0.1 1
route outside 192.168.1.0 255.255.255.0 192.168.0.1 1
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 24.163.116.187 255.255.255.255 outside
http 192.168.0.0 255.255.255.0 outside
http 10.10.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto map outside_map2 1 match address outside_cryptomap
crypto map outside_map2 1 set peer 24.163.116.187
crypto map outside_map2 1 set ikev1 transform-set ESP-3DES-MD5 ESP-3DES-SHA
crypto map outside_map2 interface outside
crypto ikev2 enable outside
crypto ikev2 enable inside
crypto ikev1 enable outside
crypto ikev1 enable inside
ssh 10.10.10.0 255.255.255.0 inside
ssh timeout 30
console timeout 0
dhcpd address 10.10.10.1-10.10.10.20 inside
dhcpd enable inside
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
username admin password 8Ec7AqG6iwxq6gQ2 encrypted privilege 15
tunnel-group 24.163.116.187 type ipsec-l2l
tunnel-group 24.163.116.187 general-attributes
default-group-policy GroupPolicy1
tunnel-group 24.163.116.187 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:2f4107de10e7171c3d951745c56b8d01
: end
no asdm history enableI am trying to establish a site-to-site vpn between 2 ASAs and am able to get the tunnel to establish and can get connectivity from the remote end of the connection to the local side. However, traffic from the local side is not able to get to the remote end. We have 2 ASA 5505 establishing the tunnel, on the remote end there is a linksys home router forwarding all traffic to the ASA outside interface on a private subnet. Our layout is as follows.
Internal Network Local ASA ISP1 ISP2 Remote Router Remote ASA Remote Network
192.168.1.0/24 local-gateway/public ip public ip/192.168.0.1/24 192.168.0.10/10.10.10.254 10.10.10.0/24
10.10.10.0/24 (remote) -> 192.168.1.0/24 (local) works
192.168.1.0/24 (local) -> 10.10.10.0/24 (remote) does not work
Below are the configs of the local and remote asa. any help would be greatly appreaciated.
local-asa
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.6 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Switch
host 192.168.1.5
description 2960-24 Switch
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network Mark_Public
host 76.98.2.63
description Mark Public
object network Mark
subnet 10.10.10.0 255.255.255.0
description Marks Network
object network Mark_routed_subnet
subnet 192.168.0.0 255.255.255.0
access-list outside_access_in extended permit icmp any4 any4 echo-reply
access-list outside_access_in extended permit tcp any object home-app-svr object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit ip object Mark 192.168.1.0 255.255.255.0
access-list outside_cryptomap extended permit ip 192.168.1.0 255.255.255.0 object Mark
access-list Home standard permit 192.168.1.0 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static Mark Mark no-proxy-arp
object network obj_any
nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
route outside 10.10.10.0 255.255.255.0 24.163.112.1 1
route outside 10.10.10.0 255.255.255.0 76.98.2.63 128
aaa-server Radius protocol radius
aaa-server Radius (inside) host 192.168.1.101
key *****
user-identity default-domain LOCAL
aaa authentication ssh console Radius LOCAL
aaa authentication telnet console Radius LOCAL
aaa authentication enable console Radius LOCAL
aaa authentication http console Radius LOCAL
aaa authentication serial console Radius LOCAL
aaa accounting enable console Radius
aaa accounting serial console Radius
aaa accounting ssh console Radius
aaa accounting telnet console Radius
http server enable
http 192.168.1.0 255.255.255.0 inside
http 66.162.9.0 255.255.255.0 outside
http 76.98.2.63 255.255.255.255 outside
http 10.10.10.0 255.255.255.0 inside
snmp-server host inside 192.168.1.101 community *****
snmp-server location 149 Cinder Cross
snmp-server contact Ted Stout
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps cpu threshold rising
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map0 1 match address outside_cryptomap
crypto map outside_map0 1 set peer 76.98.2.63
crypto map outside_map0 1 set ikev1 transform-set ESP-3DES-MD5 ESP-3DES-SHA
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=stout-fw
keypair vpn.stoutte.homeip.net
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpoint Home--Server-CA
enrollment terminal
subject-name CN=stout-fw,O=home
keypair HOME-SERVER-CA
crl configure
crypto ca trustpoint HOME-SSL
enrollment terminal
fqdn stoutfw.homeip.net
subject-name CN=stoutfw,O=Home
keypair HOME-SSL
no validation-usage
crl configure
crypto ca trustpoint SelfSigned
enrollment self
fqdn stoutfw.homeip.net
subject-name CN=stout-fw
keypair SelfSigned
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment self
fqdn 192.168.1.6
subject-name CN=stout-fw
keypair SelfSigned
crl configure
crypto ca trustpool policy
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable outside
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 20
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.168.1.5 source inside prefer
ssl trust-point SelfSigned outside
ssl trust-point ASDM_TrustPoint2 inside
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
username stoutte password 0w8WOxYi69SDg3bs encrypted privilege 15
username stoutte attributes
webvpn
anyconnect keep-installer installed
anyconnect profiles value VPN_client_profile type user
tunnel-group 76.98.2.63 type ipsec-l2l
tunnel-group 76.98.2.63 general-attributes
default-group-policy GroupPolicy1
tunnel-group 76.98.2.63 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
authentication-server-group Radius LOCAL
default-group-policy GroupPolicy_VPN
dhcp-server link-selection 192.168.1.101
tunnel-group VPN webvpn-attributes
group-alias VPN enable
class-map inspection_default
match default-inspection-traffic
remote-asa
: Saved
ASA Version 9.1(1)
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.10.10.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 192.168.0.10 255.255.255.0
ftp mode passive
clock timezone EDT -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name netlab.com
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Ted
subnet 192.168.1.0 255.255.255.0
description Teds Network
object network Ted_Public
host 24.163.116.187
object network outside_private
subnet 192.168.0.0 255.255.255.0
object network NETWORK_OBJ_10.10.10.0_24
subnet 10.10.10.0 255.255.255.0
access-list outside_cryptomap extended permit ip 10.10.10.0 255.255.255.0 object Ted
access-list outside_access_in extended permit icmp any4 any4 echo-reply
access-list outside_access_in extended permit ip object Ted 10.10.10.0 255.255.255.0
access-list outside_access_in extended permit ip object Ted_Public any
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
logging debug-trace
nat (inside,outside) source static NETWORK_OBJ_10.10.10.0_24 NETWORK_OBJ_10.10.10.0_24 destination static Ted Ted no-proxy-arp
object network obj_any
nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.0.1 1
route outside 192.168.1.0 255.255.255.0 192.168.0.1 1
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 24.163.116.187 255.255.255.255 outside
http 192.168.0.0 255.255.255.0 outside
http 10.10.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto map outside_map2 1 match address outside_cryptomap
crypto map outside_map2 1 set peer 24.163.116.187
crypto map outside_map2 1 set ikev1 transform-set ESP-3DES-MD5 ESP-3DES-SHA
crypto map outside_map2 interface outside
crypto ikev2 enable outside
crypto ikev2 enable inside
crypto ikev1 enable outside
crypto ikev1 enable inside
ssh 10.10.10.0 255.255.255.0 inside
ssh timeout 30
console timeout 0
dhcpd address 10.10.10.1-10.10.10.20 inside
dhcpd enable inside
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
username admin password 8Ec7AqG6iwxq6gQ2 encrypted privilege 15
tunnel-group 24.163.116.187 type ipsec-l2l
tunnel-group 24.163.116.187 general-attributes
default-group-policy GroupPolicy1
tunnel-group 24.163.116.187 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:2f4107de10e7171c3d951745c56b8d01
: end
no asdm history enable -
Can you help? Two dialer interfaces with IP SLA for default route failover - issues
I have an issue with a Cisco 2821, it has an ADSL2+ HWIC whose ATM interfaces is linked to dialer 1 and a Gi0/1 interface with a pppoe client which is linked to dialer 2. Both dialer interfaces are up with their respective IP addresses. If the ADSL on dialer 1 fails i want the IP SLA to kick and and replace the default route for dialer 1 with one for dialer 2.
This config works if you manually shut down the dialer 1 interface, it injects the default route for dialer 2 and then when you unshut the interface, the default route for dialer 1 comes back. The problem i have is if you take out the cable for the ATM interface and take it down, it does not take the route out the routing table and the default route for dialer2, which works if you just shut down dialer 1 does not appear.
whats the difference between shutting down dialer1 and it fails over the default route and taking the cable out then it does not?
Here is my config, i'm sure its something simple i'm doing wrong, can anyone help???
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging message-counter syslog
enable secret 5 $1$qOOJ$HV5AH6US/YZMuCGPYp3pP.
no aaa new-model
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 192.168.0.1
ip dhcp pool pool1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 188.92.232.50 188.92.232.100
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
no dspfarm
archive
log config
hidekeys
track 1 ip sla 1 reachability
interface GigabitEthernet0/0
description Gi0/30 Local LAN
ip address 192.168.0.1 255.255.255.0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
snmp trap ip verify drop-rate
no mop enabled
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
interface ATM0/2/0
description ATM0_DSL
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
dsl enable-training-log
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
keepalive 1 3
no cdp enable
ppp lcp predictive
ppp authentication pap chap callin
ppp chap hostname ********@ccsleeds.net
ppp chap password 0 ********
ppp pap sent-username *******@ccsleeds.net password 0 ********
interface Dialer2
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
encapsulation ppp
dialer pool 2
keepalive 1 3
no cdp enable
ppp lcp predictive
ppp authentication pap chap callin
ppp chap hostname **********@adsllogin.co.uk
ppp chap password 0 *********
ppp pap sent-username *********@adsllogin.co.uk password 0 ***********
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2 10
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip sla 1
icmp-echo 8.8.8.8 source-interface di1
timeout 1000
threshold 100
frequency 3
ip sla schedule 1 life forever start-time now
access-list 1 permit 192.168.0.0 0.0.0.255
control-plane
gatekeeper
shutdown
line con 0
line aux 0
line vty 0 4
password test
login
scheduler allocate 20000 1000
endSure that EEM can shut/unshut interface...you have "event track" in EEM for monitoring track events...for example:
event manager applet test
event track 1 state down
action 1.0 command "enable"
action 1.1 command "conf t"
action 1.2 command "interfac dialer 1"
action 1.3 command "shut"
action 1.4 syslog "Dialer 1 down!!!"
action 1.5 end
This would be an example from head :)
You would need another EEM similar to this one for unshutting interface with "event track 1 state up" for bringing interface up again.
Again as I said you would need to test this before putting in production and you would maybe need to tweak this a little bit acording to your needs...
BR,
Dragan -
2 xboxes or ps3's with open nat for the rv042? yes i can!
i signed up specifically to tell future and current rv042 users that after a year of muckin' around with this fairly advanced networking technology, i've finally discovered how to open the nat types of 2 xboxes, instead of one being open and all others being moderate or strict. i'll break it down simply, 3074 port forwarded for the one, and dmz host for the other one. i couldn't figure out for the life of me, why the dmz host wouldn't open the nat type of the 2nd xbox at first, thats when it dawned on me that xboxes aren't capable of understanding the rv042 dmz host. so i tested the dmz host on my computer and it worked, putting my computer wide open to all ports on the internet. so what i tried was internet connection sharing, plugging my xbox wired into my computer which is set as the dmz host. i was all excited, jumping up and down for joy when i had succeeded in what took me an entire year to figure out. why so happy, do you ask? i don't think all of you know just how painful it is to not be able to open the same port more than once on the same network, very, very, aggravating. if you are having the same problem and don't understand how to do what i've explained, just ask. i cannot stand the thought that there are others out there like me that haven't been able to figure this out, it just causes me more pain. i will help.
I am having the same issue. My roommate and I both have our own copies of MW3 and our own xbox 360's connected to the same router/modem. We have Verizon Fios and the modem is an Actiontec MI424WR. We have no problem playing at the same time online as long as we are not in the same match. However, when we try to play in the same match, we can never get into a match. It just keeps cycling through the "searching for matches screen. We were at one point having issues with the OPEN NAT type but that has been solved, don't have me how, it just started working after I set the router back to defaults and we haven't had issues since.
I tried the link above, but that doesn't seem to help my issue and I think you are having the same issue has me. If you figure it out, please let me know. -
Static NAT for Secondary IP addresses
I am running a Novell SBS 6.0 SP4 server w/Border Manager 3.6 Sp2 with two
Netcards. My Two public IP address w/different subnets on the same Net
card will keep running but the secondary IP address fail after a few
hours, but can be pinged from inside the Network. The following is how my
config is setup:
Netcard #1(public):
IP #1 - 66.170.173.100 Subnet 255.255.255.240
Static/Dynamic 66.170.173.17 -> 192.xxx.1.22
66.170.173.18 -> 192.xxx.1.23
66.170.173.20 -> 192.xxx.2.25
IP #2 - 66.170.173.17 Subnet 255.255.255.248
Static/Dynamic - Disabled
Secondary Ip Address bound -> 66.170.173.18
-> 66.170.173.20
Netcard #2 (private)- 192.xxx.1.16
The modem is connected directly to Netcard #1 with not router between
them. Is there something wrong with this setup or is there something else
I have to do? My filters seem to be working fine as far as I know.
Thank you,
[email protected]> hi Ken,
>
> do you have a way to verify that the secondary IP addresses work
properly if
> they're associated to another device?
> What's the agreement you have with your ISP about the two subnet of
> addresses? Are they aware that they're associated to the same physical
> device? I'm wondring if there is something wrong in the wireless system
that
> prevents ARP from working properly in that configuration.
>
> --
> Caterina Luppi
> Novell Support Connection Volunteer Sysop
> <[email protected]> wrote in message
> news:zj7mc.1918$[email protected]..
> > > Hi Ken,
> > >
> > > > Whos router are we talking about? Is it the modem of the ISP just
> > before
> > > > my server or my internal switches for my workstations?
> > >
> > > sorry, my bad. I was referring to the modem of the ISP. I suspect
this
> is
> > > not a modem only, right? I mean, you have an ethernet connection
between
> > the
> > > modem and the BM server, correct? In this case the device of your
ISP is
> > a
> > > modem/router, not a modem only.
> > > Are you using DSL or cable?
> > > --
> > > Caterina Luppi
> > > Novell Support Connection Volunteer Sysop
> > >
> > >
> > Yes, we are running wireless DSL. They called it a modem, but it might
be
> > a router.
> >
> > [email protected]
>
>
I just received an email back from the ISP and they said they have had
troubles with that modem and ARP tables. They are going to swap out the
modem when they get the new type of modems in. I will post back the
outcome when they swap them out.
Thank you for the help,
[email protected]
Maybe you are looking for
-
Do you want to erase this iPhone and sync with this iTunes library?
Why ON EARTH would I want to do this?? Come on Apple, copy protection aside, this is the stupidest prompt in the history of prompts. The basic problem (if you Google it) that many many many many legitimate purchaser's of music are running into is th
-
Same Channel on Different WLANs and RTS/CTS
Hi I have 2 questions about physical layer of wireless lan. 1-) Many WLANs(SSID) use same channel for communication, that means they use same frequency, what prevents the collisions between different wlans but same channel?( I am asking about RF sign
-
Export PSD file / open in Photoshop elements?
I have created a folder of image files in Photoshop CS4 that I would like to share with a friend. I have a Mac, and the friend has a PC with Photoshop Elements. Can the native PSD files be opened in Elements? thanks
-
I am new to SAP-HCM & learning it under IDES 6.0. I have the following queries: 1. Let us assume my company is implementing the modules MM and some sub modules of HCM in parallel. Is it ideal to create just one project (together for both MM & HCM
-
Can you set permissions to be different on 2 USB disks/folders
I have two usb disks connected to my Airport Extreme and would like to restrict access to each disk separately if that is possible and if it is I would also like to restrict access down to folder level on each disk. Does anyone know if this can be do