DNS Doctoring - network range

Similar Messages

• DNS Doctoring issue - ASA 5540

  I am in the process of setting up a segrated Guest Wifi network in my office and in doing so realized that I can not access my NAT'd externally facing web servers through this network. This guest network is using 8.8.8.8 for DNS and is properly resolving the external IP for the servers, but the pages refuse to load. If I go directly to the Private IP of the servers, the pages load. These NAT'd servers are on the DMZ interface of my ASA, whereas the "Guest network" resides on the Internal interface.
  I came accross this: "By default the Cisco ASA will not allow packet redirection on the same interface (outside) which is tried by the guest client trying to access the DMZ server by its NAT’d public IP address.", which perfectly describes my issue. The article goes on to say that my checking the "Translate the DNS replies that match the translation rule" box (enable DNS Doctoring) in the NAT rule, the ASA would essentially rewrite the external IP to the private IP. This however is not working and the pages still won't come up.
  Am I not understanding this right? What am I missing from this set up?

  Hello Tom,
  If the server is on a different interface than the clients why don't you simple do a static one to one from the private to the global IP address.
  EX
  static (dmz,inside) public ip private ip
  Rate all of the helpful posts!!!
  Regards,
  Jcarvaja
  Follow me on http://laguiadelnetworking.com

• ARD Client Doesn't Show When Using Scanner and Network Range

  All-
  When I use the Scanner in ARD3 to scan a remote Network Range over the internet, the ARD client that I KNOW EXISTS in that same IP range DOES NOT show up (other ARD clients that I'm not interested in do show up, but not the specific ARD client I need to observe/control).
  If I then call the user at the remote ARD client on the telephone, and have them give me their IP address (using www.whatismyip.com, for example), I can use the Scanner in ARD3 to "find" the ARD client and add it to my All Computers list. Process: change the popup box to read "Network Address" instead of "Network Range" and set the IP address field to the address provided by the user.
  Why doesn't the remote ARD client show up when I scan for it using a Network Range in ARD3? Obviously, I don't want to have to call up each user every time I need to perform maintenance/control a client to get their (dynamic) IP address.
  I could use dynamic DNS, but that's overkill. If I know (from experience) that my ARD clients are in IP ranges X, Y, and Z, then I SHOULD be able to simply scan for them (or so I thought).
  Any help appreceated.

  Updated to ARD3.1 (admin and clients), but that did not solve the issue.
  Let me try to restate the problem:
  The ARD client is out of state/across the country (i.e., different sub-net) using a dynamically assigned IP adddress. I can (for now) connect to that ARD client successfully, and perform all ARD functions (that I've tried so far) becasue I know (for now) that client's IP address (I called and spoke with the user who used www.whatismyip.com to give me their IP address). So what's the problem, you ask?
  Some time in the future, that same ARD client will have a new, dynamically assigned IP address. I'd like to be able to connect to that client without having to call on the telephone and ask the user what IP address they have been assigned now.
  My thinking was that I could make a pretty good guess at their IP address (based on their old IP address, and the way Cable and Telco ISPs allocate/lease IP addresses). For example, if their current dynamic IP address is 999.888.777.45, I could guess that a subsequent dynamically assigned IP address would be in the range 999.888.777.2 to 999.888.777.255. With ARD, I could simply scan that range of network addresses using the Scanner and quickly find the ARD client I want.
  I tried to do just that, and the ARD scanner did not find my client when I scanned the network range that the ARD client was actually in. It showed other ARD clients (that I do not administer, own, or want to hack into), but not the one I do want to observe/control/maintain (and have a legal right to). Somewhat paradoxically, when I used the Scanner to find the same ARD client by specific IP address, there was no problem.
  Why doesn't the ARD Scanner "see" the ARD client when scanning the network range?

• How can I map SSH from an outside network range to an internal host (ASA 5505)

  Cisco Adaptive Security Appliance Software Version 7.2(4)
  Device Manager Version 5.2(4)
  - External network range that needs SSH access: 8.8.8.0/24
  - Outside interface: 10.1.10.2 (NAT'd from 7.7.7.7)
  - Inside Network: 192.168.100.0/24
  - Inside host to redirect external SSH to: 192.168.100.98
  Hi All,
  I have a Cisco ASA 5505 (version above) and I have someone that needs to SSH into a box behind the ASA. I'm having a few issues trying to configure this access-list and NAT. I've tried many combinations and clearly my IOS is not as good as I thought.
  Can anyone help with this? What commands should I enter to accomplish mapping SSH from an outside network range to an internal host?
  Many thanks,
  Tarran

  This may or may not work depending on how your modem handles the natting. On your firewall try this -
  static (inside,outside) tcp interface 22 192.168.100.98 22
  then add this to your acl on the outside interface of your ASA -
  access-list outside_in permit tcp 8.8.8.0 255.255.255.0 host 10.1.10.2 eq 22
  if you don't have an acl applied then add this extra step -
  access-group outside_in in interface outside
  Jon

• Do I need a cable connecting my Time Capsule to Airport Express if I want to use the AE to extend my wifi network range?

  I'm a bit confused by conflicting advice given by my local Apple shop and my internet provider. 
  My cable modem is plugged into a Time Capsule which I use to access the net wirelessly almost all over the house.  The one spot the wireless doesn't quite reach is (of course) where I now need my office and iMac to be.
  I thought I could just plug in an Airport Express somewhere in the middle  to extend the network's range but the guy at my local Apple shop said the Airport Express would need to be connected not just to power but to the Time Capsule, via a cable.  That's fiddly and would involve cables running under the floor or along walls and ceilings, not something I can or really want to do.  It's not really practical to try and move the cable connection point either.
  My internet provider suggested a netgear wireless extender and said that would only need to be plugged into power.  The reviews of the netgear product I found comparing it to Airport Express suggest that the Express doesn't need to be connected to anything other than power either to extend a network range (which was what I originally thought).
  So I'm wondering which advice is correct? I've also read that the netgear product isn't all that easy to set up so I'd rather stick with.   Apple if it will do what I want.
  Thanks for any help out there

  I thought I could just plug in an Airport Express somewhere in the middle  to extend the network's range but the guy at my local Apple shop said the Airport Express would need to be connected not just to power but to the Time Capsule, via a cable.
  I'm sure that the guy at the Apple shop means well, but he is not correct. 
  While it would be preferable to connect the Time Capsule and AirPort Express using a wired Ethernet connection, the Express can connect wirelessly and extend the wireless signal the same way....IF...it is located where it can receive a good wireless signal.

• I have an AirPort Extreme time capsule . I need to extend my wifi network range. Which devise is better ?? Airport express or AirPort Extreme ??

  I have an AirPort Extreme time capsule . I need to extend my wifi network range. Which devise is better ?? Airport express or AirPort Extreme ??

  Since you have the new Time Capsule, then you will need a new AirPort Extreme to match the performance capabilities of the Time Capsule.
  If best quality is preferred, you will need to connect the Time Capsule and AirPort Extreme using a wired Ethernet connection between the devices. The advantage of doing it this way is that you can locate the AirPort Extreme exactly where it is needed...and there will be no loss of signal through the Ethernet cable.
  A wireless connection will result in a significant drop in performance, but it might be OK for your uses, if you want to try it that way first to see if the performance is acceptable.
  It is really important that the AirPort Extreme be located where it can receive a strong wireless signal from the Time Capsule.
  A line-of-sight relationship between the Time Capsule and AirPort Extreme would be the goal, with the AirPort Extreme located about half way between the Time Capsule and the general area where you need more wireless signal coverage.

• Using an Airport Express to extend my network range

  Dear all
  I live in a three storey house, my broadband modem/router is on the first floor and my Mac is on the third.
  I noticed that I kept losing my internet connection and the guy in the Apple shop recommended that I buy an Airport Express to extend the range of my current wireless network (and thereby achieve a strong connection on the third floor).
  I have bought the A. Express and my question is, do I need to plug my A. Express into the router or can I simply plug it into a plug socket on the third floor (with nothing wired up to it)?
  What is the best way to extend my wireless network range?
  Your help is greatly appreciated. I have read the user manual but it is not clear on this point.
  Thank you

  Dear Bob
  Thank you very much for your prompt response.
  No, unfortunately the Apple guy did not explain that I needed an Apple router/modem in order to extend my network range with the AirPort Express - how disappointing. I will return the product and look for an alternative.

• Network Range Scan Finds Nothing Outside My Zone

  When I launch ARD and try to do a Newtork Range scan, I get no results. It spends and looks like it is searching, but then ziltch. The thing is, I have another Mac on the same network and when I do the same network range scan on it, it finds everything. As far as I can tell all the settings are the same on each Mac. The only difference is one is my laptop, G4 Aluminum, and the one that works is my G5 desktop. Another thing, if I put a specific address in the "Network Address" scan field it will find the computer, PC or Mac. Any guesses? Thanks,
  -Dave

  is the one that won't find anything connected wirelessly? or vice versa? check your firewall settings.

• Hi, I have a Powermac with Mavericks and an iPhone 5S. I just recently switched from Verizon with unlimited downloads to limited of 500mb per month. I just purchased a Powerlink Outdoor Plus which is supposed to increase the network range for over 1 mile

  Hi, I have a Powermac with Mavericks and a recently purchased iPhone 5S. I just  switched from Verizon with unlimited downloads to limited of 500mb per month, so I purchased a Powerlink Outdoor Plus which is supposed to increase the network range for over 1 mile. I am still getting the same distance range with my iPhone with the Verizon router. I was wondering if I need to make adjustments in the Network Settings. Does anyone know about this particular subject?
  Thanks,
  Kevin

  Okay, I'll admit I don't know much about your configuration. A standard cellular package for a cellphone means you get your signal from a tower somewhere.  It won't have anything to do with a router which will be a WiFi connection from a router.  If you're talking about that, the Powerlink appears to be a directional antenna.  You should get better transmission/reception in the direction it is pointed, but likely worse in other directions than if you were using an omnidirectional antenna.  I presume you have it all hooked up correctly so the router is actually using the Powerlink antenna.
  By the way, those distance ratings are always exaggerated.  Maybe you'd get 1 mile if there was only dry air between you and the antenna and no trees, buildings, etc., and that would probably be just barely getting a signal.  You should see improvement but don't go to a coffeeshop 1 mile away in a city and expect to see your router.  We have a directional antenna on the roof of our house that looks like a satellite dish and I barely pick up the wireless service node a block away (with apartment buildings in between).  Thre may also be a difference between using it to send a signal and receiving a signal.  You might even need two, one at each end, to get 1 mile.

• Airport Extreme off a Router which provides DNS - Guest Networks

  I am sure that I am not alone here.
  I have a BTBroadband wireless ADSLModem/Router which provides DNS for the network.
  Off tyhe router is a Netgear switch which has connected to it an Airport Extreme. Also off this switch I have many other peripherals - such as Time Capsule, iMac etc.
  So the arrangement is simple in logical terms:
  BT Modem------->Wireless Router (which allocates DNS)---------->Switch----------->Airport Extreme  etc.
  IP Settings as follows
  192.168.0.1 for Wireless Router - which allocates DNS in range 192.168.0.2 to 0.150.
  I have allocated a fixed IP on the Airport Extreme of 192.168.0.151
  The devices thart run off this are all having DNS allocated by the router - not the Airport Extreme.
  So - how do I set up (or can I set up) the Guest Wireless Network?
  Let's assume Router Wireless Network is call MainWireless with a Password MainWord, The Airport Extreme is acting in Bridge Mode and has the exact same 'Create a wireless network' called MainWIreless and Password MainWord (as per best practices in using these to provide the best 'network hopping' capabilities for devices (I actually have 2 other wireless devices from TimeCapsules that operate the wireless in the same way).
  All of this works fine.
  However when I set up the Guest Network on the Airport Extreme - simply by enabling it - I provide a new Guest Network name of GuestWireless with a password GuetsPassword. In theory it should all work fine, however the devices connecting to the Guest Network cannot get to the internet (effectively I don't think that the 'iPhone for example' is being allocated a correct IP Address - in fact I know that it isn't as its a 169 range and a different subnet).
  So - the only way I can think of doing this is to go into the Network Settings on the Airport Extreme, Change Bridge Mode Wireless to DHCP and NAT and then go into Network Options. Here I am a bit lost and need help.
  To summarise - Main Router Address 192.168.0.1 allocates range 192.168.0.2 to 150, Airport Extreme Address (static) address 192.168.0.151.
  Airport Extreme DHCP and NAT Network Options has:
  IPv4 DHCP Range - I have set to 192.168.0.152 to 255
  Guest IPv4 DHCP Range 10.0.0 152 to 255
  NAT Port Mapping Protocol is switched Off
  - This won't even save.
  Should be simple I would have thought. Think again...
  Please help - mwhat should I / can I do to enable a guest wireless network?

  Thanks for all that - I suspected as much (and I did mean DHCP not DNS).
  So - if I disable DHCP on the HomeHub3 IP 192.168.0.1, and set the Airport Extreme IP Address at 192.168.0.2, what do I do with DHCP and NAT settings to have a Main and Guest Wireless Network?
  I can easily change the order of things if necessary to be :
  BT Modem (192.168.0.1 with DHCP disabled)--->Airport Extreme (192.168.0.2 (set to get DNS from 192.168.0.1) )--->Switch---->Various wired and wireless devices.

• How can I locate my lost iPod touch within my WiFi network range?!

  I am still using my 1st gen iPod touch from 2008 for apps and music and other uses.  I rely on it quite a bit although of course I have a separate cell phone for now (will eventually get an iPhone).  However, I synced it with iTunes right before going on a long shopping spree Thursday afternoon then hooked it to my car's stereo system to listen to as I often do.  Upon returning home, tired and with multiple bags, I was trying to juggle them all on several trips from my car to front door (about 30 ft.).  The iPod touch always picks up my WiFi network in my car as soon as I pull in, and with my hands full on my last trip I realized I'd forgotten to disconnect my iPod touch so I could bring it in too.  I'll admit I was getting bogged down and annoyed so I disconnected it then remember also dropping some bags and picking them up from the parking space.  An hour later, after finally getting most bags and myself at least somewhat settled, I remembered I hadn't reconnected my iPod touch to its JBL docking system.  I soon realized I couldn't find it in the house and went with a flashlight to look in the car and outside between the house and car.  I searched for hours in all likely places and again the next day.  I also thought about an hour after losing it to check AirPort Utility's advanced pane which includes the logs, wireless clients and DHCP clients.  Sure enough it was still picking the device up, every 30 minutes or so periodically showing "binding added" and "binded dropped" for my iPod's IP address via NAT, and also "associated with" and "disassociated with" the iPod's unique MAC address.
  My worst fear was that I dropped it outside and someone dishonest took it, but that seems unlikely because I really don't have those kinds of neighbors and I searched immediately for it everywhere it could be (in my car, under it, outside everywhere I walked, in the house in the oddest places like under furniture, in discarded shopping bags, the trash can and even the freezer!  Sure enough, for 13 hours AirPort Utility showed activity contacting (or detecting) the device as mentioned above, until about 9:30 the next morning.  Since then there has been no log activity detected, and the device itself listed with MAC address has also disappeared under the "DHCP Clients" pane of AirPort Utility. I realize this could simply be the battery dying after all this time (although it should be in sleep mode), but the point is it was close by for all that time even after I'd searched for it, so it is unlikely someone found it easily after I searched everywhere I'd been in the short distance from parked car to home.  It also has a black rubber "suit" so the entire thin 8GB device is thin and completely black all over, further disguising it, especially at night.
  My question is that since this is not an iPhone and I cannot "call it" to find it, and it is only a 1st gen. iPod touch without a built-in speaker to make loud noises unless hooked to headphones or a line output, how can I find it?  It does make the tiny super high-pitched digital beeps when I get a "push" notification but I don't see how that does me any good unless someone from an app I use tries to contact me while I'm in extremely close proximity to hear those faint tones. Anyway, I really do need it and it's driving me crazy knowing it is within such a short range from me either inside my house or car (or outside in a short straight path from car to my doorstep) yet I am helpless.  Is there anything anyone can suggest?  It's almost worst than knowing I lost it anywhere, because I know it's here, but want to find it soon before someone else does (if outside) or the trash gets thrown out (if it fell in there) or it gets run over if on the street somewhere I missed. 

  There is no way to automatcally locate it.
  Since WiFi does not travel far talk to your neighbors. Perhaps one of them (or their children) found your iPod.
  If this does not work make a more thorough search of your house to find it.

• Using TC to extend network range.

  My home network is currently set up with 2x b/g AX's in a WDS configuration. I also have a TC (b/g and n capable) for backups. I am wondering if I can add the TC into the wireless network (rather than just joining it) to increase my range. I am thinking of using the TC as the main and the two AX as remotes to extend the network. Will this slow down my TC backups? Also would this now allow me to use TC backup from a larger range (obviously I imagine if im out of the n 5.0ghz range and its connecting to the TC via the AX this would decrease the speed, but the extra backup range would be very useful)?

  I guess I did not make myself clear when I said that everything would drop down to "g" wireless if you choose WDS. If you configure the TC to "participate in a WDS arrangement", everything...both bands on your TC....automatically drop down to 2.4 GHz "g" wireless, so the maximum speed you will attain will be "g" levels on your "n" Time Capsule.
  WDS is a "g" technology. it cannot operate at "n" level speeds.
  But, with the other 2 AirPort Express devices on the WDS network, the first will drop the bandwidth in half on the entire network and the second will drop that in half again on the entire network.
  Your entire WDS network will be operating at maximum "g" wireless with only one quarter of the original bandwidth on the network. The maximum speed that you will able to attain on the network will be approximately 13 Mbps.
  Since "n" wireless at 2.4 GHz can attain speeds of up to 130 Mbps and up to 300 Mbps at 5 GHz, your WDS network will be operating at only a small fraction of it's capability.
  If you want to use wireless only to "extend", (I suggested using ethernet with your two "g" AirPort Express devices) and you replaced the two "g" AirPort Express devices you have now with two new "n" versions, you could use Apple's "Extend a wireless network" feature and extend using wireless only.
  The "Extend a wireless network" setup will maintain "n" speeds throughout the network with a much smaller bandwidth loss (about 10-15% per device), so your network would still be working at 60-70% of it's capability. Unfortunately, you cannot use your "g" AirPort Express devices for this purpose.

• Using AE to extend network range

  I'm sure this has been asked but since the search is turned off I can't find it.
  I have an Airport Express (older G) that I use for Airtunes. I have a AEBS (n) and a G5 iMac desktop and and a 14" iBook and a black MacBook. Lately the black Macbook airport signal has become flacky at best often dropping off completely. I think the card might be going south as the other two computers work fine. I'm wondering if I could use the AE to extend the network and still allow to stream Airtunes. I can't seem to find anything that either forbids or allows this.
  Any help would be appreciated.

  I just got off the phone with AppleCare. I've got a similar setup. iMac 24" serving as the iTunes Library hub, connected to the Airport Extreme. I've got a MacBook AppleTV and an iPodTouch. I have PC speakers hooked up to the AppleTV and can choose to turn these speakers on through iTunes. Recently upgraded to the 2.0 software for my iPodTouch and downloaded the Remote app.
  So, now I purchased an Airport Express to put upstairs in the bedroom to connect with my Altec Lansing inMotion iM600 speakers. I setup the Airport Express and the light is green. I've connected my speakers and switched the source to Aux....all I get is static.
  Apple Care told gave me three things to try.
  Click the extend this network on you AEBS.
  Make sure Airport is on for my main iMac (this part doesn't make sense since because you would think the signal from my iMac is being transmitted via the Ethernet cable connected to the AEBS and then broadcast to the AE.
  Bottom line, I think it will support both. Streaming music and extending your range.
  Good luck,
  Mark

• AirPort Express won't extend network range

  I spent 5 hours on the phone with three different apple reps changing every possible setting on the airport express that i wanted to use to extend the range of my existing network and even though AirPort utility said everything was set up right, the AX was only connected as a client. It was on the network, but not broadcasting ANY signal. This was at an office building with an AirPort Extreme as the base station. Both devices are brand new. 802.11n. I then took it home to see if it would extend the range of my home network which is set up using an AirPort Express as the base station. After trying every possible set up option there i was left with the same result. No broadcasting from the remote Express. It broadcasts when it's a base station, but not as a remote extender. What's the problem?!

  I am going nuts too trying to configure my Airport Express to extend the range of my Airport Extreme. Nothing seems to work and I've been at this off and on for months. The Extreme works fine (it's an "n") but the Express (I think a "g") won't cooperate. And Apple has no current definitive step-by-step instructions that help at all. Does anyone out there have a solution? Shouldn't this just be plug-and-play with a few tweaks to the settings?

• HT204371 How to setup Airport Express to extend my network range?

  I have an Airport Extreme as main router and want to install an Airport Express to extend the range of my wifi. However it only works when connected through an ethernet cable. How can I setup my Airport Express to work wirelessly and extend the wifi range?

  I have a Time Capsule in the basement and my daughter is 3 stories up on her iMac and she complains about speed while online. She is about 40 feet up from me with 3 ceilings in between.
  It is a nothing short of a miracle that she can get any signal at all under those conditions.
  Found an AirPort Express Base Station (the one that looks like a power bar for Apple laptops) - model # is A1084.
  Unfortunately, this older version of the Express does not have the capability to "extend a wireless network" using wireless only.
  You need the A1264 version, or the "new" AirPort Express (that looks like a miniature Time Capsule) if you want to try to "extend" using wireless only. In this case, you would want to locate the extending device approximately half the distance between the Time Capsule and her computer.
  I can't say that this will do a lot to improve things....it's going to be one of those situations where you won't know if it will work until you try.
  (or am I better off trying to run a super long Ethernet cable to her somehow?)
  This is by far the best choice in terms of performance. There is no signal loss in a wire. She will be amazed at how well and fast her Mac runs this way.