Firewall/nat/routing issue

Similar Messages

• Firewall reverse routing issue:

  Dear Friends,
  I am using ASA 5505 with base license and ISP connected directly on the firewall.While L# switch is connected through firewall also.
  my configuration is :
  ASA Version 7.2(4)
  hostname CiscoFirewall03316
  domain-name default.domain.invalid
  enable password Ko5SCsPM2YQ1wt2G encrypted
  passwd Ko5SCsPM2YQ1wt2G encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.192.32.11 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 112.23.24.25 255.255.255.248
  interface Vlan10
  no nameif
  security-level 90
  ip address 192.168.0.3 255.255.240.0
  <--- More --->
  interface Vlan50
  no nameif
  security-level 80
  ip address 10.195.32.15 255.255.255.0
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  switchport access vlan 10
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  switchport access vlan 50
  interface Ethernet0/6
  interface Ethernet0/7
  <--- More --->
  ftp mode passive
  clock timezone IST 5 30
  dns domain-lookup inside
  dns domain-lookup outside
  dns server-group DefaultDNS
  name-server 121.242.190.181
  name-server 121.242.190.210
  domain-name default.domain.invalid
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  access-list in_out extended permit ip any any
  access-list out_in extended permit ip any any
  access-list out_in extended permit ip any 112.23.24.25 255.255.255.248
  access-list cisco_splitTunnelAcl standard permit 0.0.0.0 255.255.255.0
  access-list cisco_splitTunnelAcl_1 standard permit any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool ciscouser 10.10.10.240-10.10.10.249 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any outside
  <--- More --->
  asdm image disk0:/asdm-523.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group in_out in interface inside
  access-group out_in in interface outside
  route inside 192.168.0.0 255.255.240.0 192.168.0.2 1
  route outside 0.0.0.0 0.0.0.0 112.23.24.25 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  http server enable
  http 10.192.32.0 255.255.255.0 inside
  http 112.23.24.0 255.255.255.248 outside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-sha-hmac
  crypto ipsec transform-set TRANS_ESP_DES_SHA mode transport
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  <--- More --->
  crypto dynamic-map outside_dyn_map 20 set pfs
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 40 set pfs
  crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 60 set pfs
  crypto dynamic-map outside_dyn_map 60 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 80 set pfs
  crypto dynamic-map outside_dyn_map 80 set transform-set TRANS_ESP_DES_SHA
  crypto dynamic-map outside_dyn_map 100 set pfs
  crypto dynamic-map outside_dyn_map 100 set transform-set ESP-DES-SHA
  crypto dynamic-map outside_dyn_map 120 set pfs
  crypto dynamic-map outside_dyn_map 120 set transform-set ESP-DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  client-update enable
  no vpn-addr-assign aaa
  no vpn-addr-assign dhcp
  <--- More --->
  telnet 10.192.32.0 255.255.255.0 inside
  telnet 0.0.0.0 0.0.0.0 outside
  telnet 112.23.24.0 255.255.255.0 outside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  group-policy DefaultRAGroup internal
  group-policy DefaultRAGroup attributes
  dns-server none
  vpn-tunnel-protocol l2tp-ipsec
  group-policy cisco internal
  group-policy cisco attributes
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value cisco_splitTunnelAcl_1
  username test password tFqxsrS5ErBk4STW encrypted privilege 0
  username test attributes
  vpn-group-policy cisco
  username admin password V5OS2TRb/vQZ7oZ9 encrypted
  username ciscouser password 6aU35/UOvPoumpKWCFYSig== nt-encrypted privilege 0
  username ciscouser attributes
  vpn-group-policy DefaultRAGroup
  <--- More --->
  tunnel-group DefaultL2LGroup ipsec-attributes
  pre-shared-key *
  tunnel-group DefaultRAGroup general-attributes
  address-pool ciscouser
  default-group-policy DefaultRAGroup
  tunnel-group DefaultRAGroup ipsec-attributes
  pre-shared-key *
  tunnel-group DefaultRAGroup ppp-attributes
  no authentication chap
  authentication ms-chap-v2
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
  <--- More --->
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  policy-map type inspect im Google
  parameters
  match protocol msn-im yahoo-im
    drop-connection log
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:a883391680fa205ee31f05881761958c
  : end
  Everything is running fine on vlan 1 but vlan 10 is not running from user end.there is no ping from inside of 192.168.0.2
  Please advise me.Thanks

  There are 2 conflicting configuration:
  interface Vlan10
  no nameif
  security-level 90
  ip address 192.168.0.3 255.255.240.0
  and "route inside 192.168.0.0 255.255.240.0 192.168.0.2 1"
  How do you want to connect VLAN 10? is it on its own interface on the firewall? if it is, then you would need to configure a name for it, via the nameif command, and remove the above route inside
  if it is going to be a routed subnet via the inside interface, then the above route needs to be modified as follows:
  route inside 192.168.0.0 255.255.240.0 10.192.32.x
  --> 10.192.32.x needs to be the next hop which is your L3 switch vlan 1 interface ip
  and you would also need to shutdown interface vlan 10 on the ASA and remove the IP Address.

• Internal DNS server and NAT routing issue.

  Hi -- I am not terribly experienced with DNS and I am running into an issue that I can't seem to resolve. My company.com DNS information is hosted by an outside ISP for email, web, etc... but I have configured an A record there to point to the public IP to my mac os x server (server.company.com).
  We have a cisco router configured with one to one NAT from the public IP to the internal IP for our server in a 192.168.15.x subnet. The same router is running DHCP and and NAT on that subnet under a different public IP provided by our ISP.
  Our server is running DNS with recursion and has a "company.private" zone set up for internal services and machine names. Thus, the server is accessible via "server.company.com" from the outside and "server.company.private" from the private LAN.
  The problem is that I would like to be able to access some services simply via "server.company.com" both inside and outside the private network. Now, accessing the "server.company.com" services from the private lan does not work because the name resolves to the external IP and the external IP cannot be used internally due to NAT.
  Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
  I know that I could manually duplicate all entries for our domain from my ISP and host the same entries for internal clients, but it would be much easier to only have our server handle requests for itself. The server is running OS X Server 10.4.11.
  Thanks

  Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
  Ordinarily, no. Once your server thinks it is responsible for a zone (e.g. company.com) then it will answer all queries for that domain and never pass them upstream. Therefore you'd have to replicate all the zone data, including all the public records, and maintain them both.
  The one possible exception to this (I haven't tried) is to create a zone for server.company.com that has your internal address. In theory (like I said, I haven't tried this), the server should respond to 'server.company.com' lookups with its own zone data and defer all other lookups (including other company.com names since they're not in a zone it controls). Might be worth trying.

• How can I resolve a NAT config issues with Arris router & AE

  I'm having NAT conflict issues.  None of the existing threads on the forum match my configuration.  I have an Arris Cable Router/Modem (Time Warner) with 4 ports. Port 1 feeds an unmanaged switch for ethernet connected devices, and port 2 on the Arris router feeds and Airport Express.  Getting "Double NAT Status" on airport utility for the AE.   How can I resolve this while not effecting my wired devices ?  Thanks so much !

  To resolve the NAT conflict you simply need to reconfigure the AirPort Express as a bridge.
  You would do so using the AirPort Utility, as follows:
  Run the AirPort Utility, and then, select the AirPort Express.
  Select Edit.
  Select the Network tab.
  Change Router Mode to: Off (Bridge Mode)
  Select Update and allow the Express to restart.

• PS4 Party Chat NAT Type Issues

  Anyone else completely irritated and annoyed by the inability to party chat because of NAT Type? This is a ridiculous error I thought they'd fix in the next patch, turns out not. I have been unable to chat with anyone because of my NAT Type. I can play online and chat online just fine but party chat doesn't work. My NAT is Type 2. I don't want to hear I need to set up a static IP and DMZ blah blah blah. That stuff is way to complicated and shouldn't be necessary if I or any PS user should want to chat in a party. I had absolutely no issues on my xbox 360 chatting in a party and I'm on the same modem and internet router as it was.  I bought a PS4 to play and chat with friends and so far I haven't been able to chat with my friends at all. It's very irritating and annoying and I would like PSN to do something about it. A simple patch or anything to fix it, instead of being lazy and telling their 13 year old customers they have to set up static IP's and other ridiculous stuff. Please comment if you are having the same issues and hopefully Sony or PSN will see this and do something about it. I paid 400$ for a machine that requires me to hack into my own router in order to chat... Ridiculous. 
  Party Chat NAT Type Issues on PS4
  This issue has been reported to the network team who are investigating the cause of the problem. As a temporary fix you can normally fix the NAT type error by on or more users leaving and re-joining the party. 
   

  I draw your attention to the last paragraph where it states a NAT Type 2 connection means its connected correctly & optimal for gaming
  PS4 NAT Types:
  In the network settings of the PS4, it uses 3 different NAT types to classify how the PS4 is connected to the Internet:
  Type 1: The PS4 is sitting directly on the Internet with a public IP address. This setup doesn’t require NAT or inbound port forwarding and is used in scenarios where the PS4 is the only device wanting to use the Internet connection. This isn’t that common as most users share their Internet connection with other devices in their home.
  Type 2: This is the most common and ideal type where the PS4 is sitting behind a RG that is performing NAT. The PS4 will have a private IP address which is translated to a private or public IP address by the RG.
  Type 3: This usually implies you have a problem in the way the PS4 is accessing the Internet. This may be caused by a firewall or port restrictions. This isn’t ideal and will result in a sub-optimal gaming experience.
  The difference between a Type 2 and Type 1 NAT is usually physical and can’t be changed by settings alone. If you have a Type 2 or higher NAT type then you are connected correctly and can have an optimal gaming experience.

• Routing Issue with 3550

  I am having a routing issue with a 3550 switch. I have 5 vlans and I need one of the vlans to access a different router based on destination IP rather than our edge router. I have entered a static route on the 3550 that points to the secondary router whenever a certain network is tried to be accessed. My problem is I can't seem to get the traffic to flow correctly. When I trace route an address on the Internet the path shows as expected, the 3550 then my firewall then my edge router. When I trace an address that is on the other side of the secondary router I get the 3550 as the first hop, then nothing. I can ping the address so I know the path is up. What could be the issue? Thanks in advance.

  Hello,
  in addition to Mahmood´s post, what do you have defined as the next hop for the default route to the secondary router ? If you use an interface on the 3550 as the next hop, make sure that whatever is connected is in the same subnet, otherwise use the IP address of the next hop. So, let´s say your remote network is 192.168.1.0, and the secondary router is connected to FastEthernet0/1, your default route should look like this if the secondary router is in the same subnet (in this example, the IP address of the secondary router would be 172.16.1.2):
  interface FastEthernet0/1
  no switchport
  ip address 172.16.1.1 255.255.255.252
  ip route 192.168.1.0 0.0.0.255 FastEthernet0/0
  Otherwise, try:
  ip route 192.168.1.0 0.0.0.255 172.16.1.2
  where 172.16.1.2 would be the address of the secondary router.
  Does that make sense ?
  Regards,
  GNT

• No airtunes with pppoE due to routing issues?

  I just switched to an optical fiber to the home internet connection (which is getting pretty popular here in Japan). Needless to say, the network is very fast, however, I can no longer use airtunes via my airport express network. The airport express stations (both of them) no longer show up in iTunes. My guess is that this is due to a routing issue and the same problem must have been encountered by others before and hopefully solved. The new internet connection uses pppoE to make a connection to the internet service provider. This gives me an internet address of the form 125.197.xx.yy. I still have my airport express set to get an address via dhcp (which the new optical fiber hub provides) and is of the typical private network form 192.168.1.4. When I am connected by pppoE to the internet, my iTunes cannot see my airport express due to routing issues I assume. Is there an elegant solution to this -- can I use my airtunes and the internet at the same time? Would modifying the internet routing help here (I have used this before when I have had multiple interfaces going (e.g. one in a secure local lan and the other supporting an internet connection via ssh to the outside world). Any advise would be much appreciated. I haven't tried asking my airport express to log in via pppoE -- is this the only solution?

  Well as I have for my last several posts -- I solved the problem myself. I am pretty sure that the root cause was a routing problem (pretty obvious in fact). By have the airport express base station connect via pppoE itself (I have a remote relay airport express as well) and switching to NAT and DHCP distribution of addresses via the airport express, I can both see my airtunes as well as my ethernet connection. It is a non-ideal solution as I have a fixed IP which would have been convenient to log in from outside to, but I guess I can live with that.

• RV180 - DDNS behind 2nd NAT router

  Hello community,
  is it possible to use the DDNS feature (dyndns.com) behind a 2nd NAT router?
  Network is as follows:
  INTERNET - NAT-Router (unknown device) - Cisco RV-180 (NAT) - Clients
  Kind Regard,
  Michael

  If you put your dyndns client in front of the rv180 or one the nat router's dmz, you should get the correct IP address.  I usually use the DMZ port on a nat router when putting a vpn router behind a nat one--this solves a lot of the IP address issues for the vpn router.
  Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

• Does Stratus/RTMFP support P2P behind the same NAT/Router?

  Does Stratus/RTMFP support peers behind the same NAT/Router?
  (such that both peers have the same public IP address)
  That is: if two computers (each running Flash) are behind the same NAT, and connect to Stratus to get peerID;
  do we expect they can connect p2p?
  Or will each one get/see just the public IP address:port of the other?
  My initial tests indicate that this scenario fails [ICMP Destination Unreachable (port unreachable)]
  Is this just a limitation of my local router? does this work for others?
  Does Status expect the local router to detect/decode/resolve this situation?
  If the solution requires 10.1 groups, is there support to detect/diagnose when/if the peer is on the same LAN?

  Thanks for the info, sounds like RTMFP supports this, and hopefully the AFP code does the right thing.
  [so, officially, the original question is answered]
  Note: In one instance, i'm running two browsers on the same host,
  so even the inner/LAN addresses would be the same. Therefore, if A sends to B's inner/LAN address,
  the [Windows] OS network layer *should* recognize that and 'hairpin' without leaving the host, or crossing the firewall.
  (I say "should" because Unix generally does that, but I'll have to check to see about Windoze).
  [And such packets are probably invisible to Wireshark also, so how do i verify what's happening?
  oh sure, just reconfigure to boot Linux... ]
  So glad you explained that the client tries all three pathways; if it works as you say,
  then I can probably ignore the ICMP error from the local router (or, as you say, teach it to do the hairpin).
  Can you confirm that P2P will work between browsers (say Chrome to Firefox) on a single Windows host?
  [I really want to know if I'm failing because of network configuration or application code/error;
  at this point, I am able to correctly exchange the peerIds, and start the NetSteam.play,
  but the two sides do not appear to be exchanging audio/video]

• Possible internet routing issues driving me crazy!

  I've somehow hit a problem accessing a particular favourite website and it seems I may have a routing issue.
  I've spoken with a friend who is fairly network savvy and he's suggested I raise a case \ complaint with BT. I thought I'd use this forum to test if I'm missing something I could be doing to fix it before logging a problem with BT Helpdesk!
  I've a BT Homehub 2 (Current firmware    4.7.5.1.83.3.5 (Type B) and I can access pretty much all websites I care to look at without any issue at all, however the site I read most days is now no longer viewable on any of my 2 PC's nor my iPhone. When I try to access it I  get no error messages at all just a blank white page.
  Doesn't matter if I try using IE or Firefox or Chrome browers it's the same result - I just see a blank white page.
  The site in question www.celticquicknews.co.uk (or www.celticquicknews.com) and is definitely available, as I can access it when using a site such as http://www.free-internet-organization.tk/ on both my PC's and iphone so I know the web site is up and running and available for browsing but since Thursday lunchtime I've had no joy in being to access that particular site directly wihout resorting to using another middleman site to let me view it.
  I have tweeted the guy who hosts the www.celticquicknews.co.uk site and he's said his site is fine but has numerous similar queries around BTINTERNET folks having the same issue as I'm reporting.
  I run McAfee Internet Security and having disabled the various firewall \secure browsing functions no improvement still no joy.
  I did successfully somehow connect directy to the illusive web site this morning (Sunday 1st May) on my iphone at around 10am, but by the time I boiled the kettle to have a coffeee and sit and read the site it became inaccessable again on my iphone and both my PC's! So what's going on?
  www.celticquicknews.co.uk [217.174.253.143]
  www.celticquicknews.com [217.174.253.143]
  Homehub TCP\IP info is as below which I suspect is of value to the more techincal on the forum:
  Broadband network IP address    109.152.154.29
  Default gateway    217.32.142.102
  Primary DNS    194.72.0.114
  Secondary DNS    62.6.40.162
  ADSL line status
  Connection Information
  Line state    Connected
  Connection time    0 days, 01:11:16
  Downstream    15,978 Kbps
  Upstream    1,144 Kbps
  ADSL Settings
  VPI/VCI    0/38
  Type    PPPoA
  Modulation    G.992.5 Annex A
  Latency type    Interleaved
  Noise margin (Down/Up)    5.2 dB / 6.0 dB
  Line attenuation (Down/Up)    31.0 dB / 13.8 dB
  Output power (Down/Up)    23.6 dBm / 1.7 dBm
  C:\>tracert -d 217.174.253.143
  Tracing route to 217.174.253.143 over a maximum of 30 hops
    1    <1 ms    <1 ms    <1 ms  192.168.1.254
    2    15 ms    15 ms    15 ms  217.32.142.102
    3    18 ms    17 ms    16 ms  217.32.142.142
    4    22 ms    22 ms    21 ms  213.120.163.26
    5    22 ms    20 ms    21 ms  217.32.27.30
    6    21 ms    21 ms    21 ms  217.32.27.178
    7    22 ms    21 ms    21 ms  109.159.250.78
    8    33 ms    35 ms    35 ms  109.159.250.13
    9    28 ms    28 ms    29 ms  62.172.102.1
   10    29 ms    28 ms    28 ms  195.66.224.98
   11    33 ms    34 ms    33 ms  88.208.255.61
   12    38 ms    32 ms    33 ms  88.208.255.102
   13     *        *        *     Request timed out.
   14     *        *        *     Request timed out.
   15     *        *        *     Request timed out.
   16     *        *        *     Request timed out.
   17     *        *        *     Request timed out.
   18     *        *        *     Request timed out.
   19     *        *        *     Request timed out.
   20     *        *        *     Request timed out.
   21     *        *        *     Request timed out.
   22     *        *        *     Request timed out.
   23     *        *        *     Request timed out.
   24     *        *        *     Request timed out.
   25     *        *        *     Request timed out.
   26     *        *        *     Request timed out.
   27     *        *        *     Request timed out.
   28     *        *        *     Request timed out.
   29     *        *        *     Request timed out.
   30     *        *        *     Request timed out.
  Trace complete.
  C:\>
  I've reset my HH several times over the weekend and am baffled as to how I can somehow have 1 site excluded from my browsing options for no obvious reason other than a suspected internet routing issue.
  My iPhone is on ORANGE and when disabling the wireless connection it too is unable to view the site in question so it's a real pain!
  Not sure where to go to progress this so any help \ guidance is very much appreciated.......
  Solved!
  Go to Solution.

  Appreciate the help....been out for most of the day and checked in to see if any additional posts.
  I tried pinging the site and it does seem to resolve OK and also tried accessing site via IP but same issue - blank white page.
  >ping www.celticquicknews.co.uk
  Pinging www.celticquicknews.co.uk [217.174.253.143] with 32 bytes of data:
  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.
  Then tried the telnet command "telnet 217.174.253.143 80" and I do not get any errors and as suggested the command prompt goes blank but no matter what I type I get no errors or response from server 217.174.253.143.
  My IP address has changed from this morning and sadly still same issue for me.
  Internet connection configuration
  Connection Information
  Connection time
  0 days, 10:05:37
  Data Transmitted/Received (MB)
  10.8 / 29.4
  Broadband username
  [email protected]
  Password
  Not configured
  TCP/IP settings
  Broadband network IP address
  86.147.168.198
  Default gateway
  217.32.142.102
  Primary DNS
  194.72.0.114
  Secondary DNS
  62.6.40.162
  The tracert comments make sense so that's helped me understand, thanks for checking that out.
  So what's the best option for me? Am I wasting BT and my own time logging a case?
  I'd not usually bother pursuing this for the sake of a single web site but I'm bemused how this has happened since last week?
  Thanks again for all help and guidance.
  PJ

• Routing Issue with 2 Nics on Windows Server 2008 R2

  Good Day
  My issue is I needed to set up port forwarding for a web server to communicate with our hotels management server to check availability.
  Initially the server has a single Nic configured in the 172.26.1.0 /24 network  , Its default gateway the Switch vlan interface 172.26.1.1
  We have many vlans for all the systems in the hotel and the server also needs to communicate with 3 other servers on different subnets which it does just fine.
  I now added an additional adsl line with a managed router which has an interface of 192.168.10.1 /24 , My servers second NIC has the IP address 192.168.10.2 with its gateway being the 192.168.10.1
  This 192.168.10.0 network is in a L2 Vlan and the rest of the network does not know it exists. It was working fine then just stopped asfter i added a static route to the server , which i did with RRas... I did this as the server could not communicate with
  just one of the servers..
  If i disable the 172.26.1.0 NIC the port forwarding works but then obviously the rest of the network goes down.. I know its a routing issue but am lost
  please help

  Hello,
  using multiple default gateways is not a good idea.
  See details in http://support.microsoft.com/kb/159168/en-us
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Routing issue- seeing same IPs for two hops

  Hello All,
  I'm seeing two same IPs in the traceroute output. Is that due to routing issue that nexhop is as the same device for the first time?
  Log:
  6  10.30.102.26  61.060 ms 10.30.100.142  61.266 ms 10.30.102.26  61.071 ms
  7  10.30.102.26  61.139 ms  61.211 ms 10.61.191.2  60.948 ms
  Can you  guys help me to fix the issue??
  Regards,
  Thiyagu

  Are you load balancing anywhere?
  6 10.30.102.26  61.060 ms
     10.30.100.142  61.266 ms
     10.30.102.26  61.071 ms
  7 10.30.102.26  61.139 ms  61.211 ms
     10.61.191.2  60.948 ms
  HTH,
  John
  *** Please rate all useful posts ***

• Routing Issue with Telia

  I think verizon has a routing issue with Telia.

  thought I would share this,   Telia has admited an issue on their network
  Twitter / Telia_service: @Ungvall routing problem? This ...
  https://twitter.com/Telia_service/status/179661595276881921
  Cached
  Similar
  Share
  View shared post
  BTW Apparently @Telia_service had routing problems on both the latest iOS and ... DNS problem and we are working with Akamai for a sollution to this problem

• Problem with WRT54G and DSL NAT router

  I have a WRT54G connected to a Westell DSL NAT router. I would like to be able to allow incoming connections to my FreeBSD server.
  The Westell router allows me to set IP Passthrough (they call it "Single Static IP"). This gives the WRT54G the outside IP address given to the DSL router. I can then set up the WRT54G for DDNS and port forwarding to forward specific ports I want to my server.
  This works, for about 2-3 days. Then, I start to randomly lose outside connectivity. Web pages start coming up with missing elements, or taking a long time to load. This will eventually lead to total loss of outgoing communication.
  Normally, I would blame this on the Westell NAT router, but as I'm losing connectivity to the internet, I'm also losing connectivity to the WRT54G. It will try to load configuration pages but will be slow with missing elements, etc.
  All communications between computers on my inside network continue to function properly, it's just connectivity to the WRT54G and the internet that seem to start to fail.
  Does anyone have any idea what is going on? I just upgraded the firmware on the WRT54G from 1.01.1 to 1.02.0, but I don't imagine this will help.
  Thanks,
  David Chamberlain

  Try setting the MTU to manual and change the value to 1450
  "Only those who risk going too far can possibly find out how far one can go..."

• Setting up as a NAT router

  I want to try using Leopard Server on an Xserve as a NAT router. With 2 NICs the hardware is perfectly capable, but there seems to be a glitch in OSX that is preventing me from getting there.
  I have Ethernet 2 (en1) set up for the LAN (10.0.0.0 network) and intend to use Ethernet 1 (en0) for the WAN side of things and to this end have the en0 configurations at the top of the list of ports (as per instructions). But...
  NAT setup in Server Admin only lists ethernet ports that are open/connected. In order to do this I turn on the modem connected to Ethernet 1 and OSX configures the port from the DHCP server on the modem (192.168.x.x). Although this 'works' and allows me to browse the modem's web config GUI, it absolutely STOPS Server Admin. e.g. if I try and launch SA after switching on the modem, it sits there spinning the wheel without even showing a window - for as long as I wait. As soon as I turn OFF the modem (which de-configures the Ethernet 1 port) the SA window IMMEDIATELY appears and it commences its normal startup process. After which of course the only available interface in NAT setup is ... Ethernet 2:-(
  Nothing else seems to suffer when the modem is ON and Ethernet 1 is configured and connected - just Server Admin and this leaves me with a bit of a problem.
  When the modem is off, I cannot configure NAT in Server Admin as the required ethernet port is not listed, but when I turn the modem ON, I cannot run Server Admin.
  Anyone any suggestions as to how I can prevent or get around this?

  BigBex wrote:
  1) If I restore my 3GS or set it up as a new phone will I lose all my wifi settings? I ask this as I use various wifi and can't remember all the passwords.
  If you set up as a new phone, your iPhone will not retain its WiFi settings. However, these settings are stored in backups on iTunes, and are recoverable. If you restore from a backup instead of restoring as new, (provided that you have your iPhone backed up), then your iPhone will retain its WiFi settings.
  More about backups: http://support.apple.com/kb/ht1766 If you read this, you will find WiFi passwords listed under "iTunes will back up the following information."
  BigBex wrote:
  2) Why should thousands of customers be treated with utter contempt by Apple?
  Get this into your thick head Jobs - IT DOESN'T "JUST WORK"!!
  This is a user-to-user support forum. Not sure how to answer this question. Not enough information provided.