How access Office LAN via Cisco Router & Switches HELP!!
Hello everyone!
For starters I am no Cisco guru but at least find my way around a few things here and there.
I work as the IT dude for a company with two branches at different geolocations.
Our local network infrastructure at both HQ and branch offices comprise a Cisco 1941 Router and SF 300 24P Managed switches which hooks up our servers, workstations and VoIP phones.
The dedicated internet [DI] is connected via a Hughes radio link which belongs to the telco and on a different IP class and connects to interface 0/0 of Cisco 1941. Interface 0/1 is then connected to one of the SF 300 24P managed switches on another IP class for LAN [192.168.1/24]
I have three questions.
1. How do I access for example the File Server on the Corporate LAN from home?
2. How do I get workstations at branch offices authenticate with Active Directory Server at the HQ?
3. How do I get to get VoIP phones in branch offices hooked up to HQ VoIP PBX?
Thank you very much.
Hello everyone!
For starters I am no Cisco guru but at least find my way around a few things here and there.
I work as the IT dude for a company with two branches at different geolocations.
Our local network infrastructure at both HQ and branch offices comprise a Cisco 1941 Router and SF 300 24P Managed switches which hooks up our servers, workstations and VoIP phones.
The dedicated internet [DI] is connected via a Hughes radio link which belongs to the telco and on a different IP class and connects to interface 0/0 of Cisco 1941. Interface 0/1 is then connected to one of the SF 300 24P managed switches on another IP class for LAN [192.168.1/24]
I have three questions.
1. How do I access for example the File Server on the Corporate LAN from home?
2. How do I get workstations at branch offices authenticate with Active Directory Server at the HQ?
3. How do I get to get VoIP phones in branch offices hooked up to HQ VoIP PBX?
Thank you very much.
Similar Messages
-
Setting PPPoE clients speed Via Cisco router
Hi i have a 7200 cisco router working as NAS (network access server) for PPPoE sessions , the clients connected DSLAMS and the Cisco connected to an AAA external Raduis server.
i want to set the user speed Via cisco router in a way which can be controlled in the Radius server , and not through the actual speed of the DSLAMS ports
Thanks alotHello Mohamed,
there is a feature called controlled subscriber bandwidth that may fit your needs:
see
http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_con_sub_bdwth_ps6441_TSD_Products_Configuration_Guide_Chapter.html
it manipulates the ATM traffic parameters on a per user basis
these settings can be done on radius AV:
example:
The following example shows how to configure RADIUS attributes for a user profile for DBS:
[email protected] Password = "userpassword1", Service-Type = Outbound
Service-Type = Outbound,
Cisco-Avpair = "vpdn:tunnel-id=tunnel33",
Cisco-Avpair = "vpdn:tunnel-type=l2tp",
Cisco-Avpair = "vpdn:l2tp-tunnel-password=password2",
Cisco-Avpair = "vpdn:ip-addresses=172.16.0.0",
Cisco-Avpair = "atm:peak-cell-rate=155000",
Cisco-Avpair = "atm:sustainable-cell-rate=155000"
Hope to help
Giuseppe -
How to Recover Password on Cisco 2960 Switch?
How to Recover Password on Cisco 2960 Switch? Who knows, please tell me the detail steps, thank you very much!
You can find the detail steps on this article, hope can solve your problem.
http://www.briefingwire.com/pr/how-to-recover-password-on-cisco-2960-switch
and as I research, the WS-C2960X-48TS-L on sale on 3anetwork.com now, get a quote for the big discount.
WS-C2960X-48TS-L
http://www.3anetwork.com/cisco-ws-c2960x-48ts-l-price_p1542.html -
We have a need to netboot a PC with Linux via a Cisco router (I.E. PXEboot).
We have copied the PXE linux.cfg files to the Cisco router's flash, (Cisco 2821, IOS Advanced Security 15-1.2-T1).
We have setup the router as a TFTP server with defaulted path as tftp-server flash:tftpboot
From the pc's CMOS, we selected PXE boot.
With "debug ip packet detail", we can see the DHCP request from the PC.
We cannot however, get the router to download the Linux files to the PC.
Manually we tried:
c:\ tftp 10.0.0.1 get default - no go.
ANYONE have an idea????
Thanks
Frank/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Hi Ash,
Thanks for the assistance.
The laptop is directly connected to the Cisco 2821 routers g0/0 interface.
The router is configured to be a DHCP server with the Cisco 2821 router IP address on g0/0 set in the DHCP configuration to be the default router. The router’s IP address is excluded from DHCP. (10.0.0.30)
If the laptop’s bios is set to PXE boot, it seems to receive an IP address from the router I.E. 10.0.0.1– verified by statically assigning another pc IP address 10.0.0.1– the 2nd pc receives an error of IP address conflict. Then set the second pc to obtain its’ IP address via DHCP, and while running debug ip packet detail on the router, I see the router running through the DHCP assignment process and finally assigns the 2nd pc 10.0.0.2.
So needless to say, I believe the DHCP setup is functioning correctly.
The problem we have at this point is nailing down the TFTP-server function running on the Cisco 2821 router.
We were able to create the directory tree on the Cisco 2821 routers flash and then copy the correct files into each directory within flash.
Using WinXP DOS prompt, tftp does not seem to function.
With debug ip packet detail running on the router and Wireshark running on the PC, we run from a DOS window c:\tftp 10.0.0.1 GET \default. No matter how we specify the path, end result is an error of some kind.
We watch debug and wireshark display the communications of the PC and router talking, but cannot seem to get the requested file.
Perhaps WinXP tftp server is flawed.
If we load TFTP32 and attempt to send and/or receive a file from flash, works fine.
The router tftp config is as:
tftp-server flash:/tftpboot/dsl/pxeboot.cfg
The actual files name is "default" and is found on the Cisco 2821 flash:/tftpboot/dsl/pxeboot.cfg directory.
No ACLs on the Cisco router and the router is pretty much right out of the box.
Firewall is disabled on both PCs.
Ping to/from the PC/router works fine.
Thanks again
Frank -
IDS shunning - IDS can't blocking via Cisco Router
Hello all.
I've configured IDS to shun with cisco router. I think all of setting fine, but IDS can't configure acl on the router via telnet.
Here is the output from ids using sh statistics networkAccess.
if you see the output, the state is Inactive.
Could you please let me know why the state is falling down inactive..
regards,
John.
IDS# sh statistics networkAccess
Current Configuration
AllowSensorShun = false
ShunMaxEntries = 250
NetDevice
Type = Cisco
IP = 192.168.1.10
NATAddr = 0.0.0.0
Communications = telnet
ShunInterface
InterfaceName = serial0/0
InterfaceDirection = in
State
ShunEnable = true
NetDevice
IP = 192.168.1.10
AclSupport = uses Named ACLs
State = Inactive <-- why???
IDS#This means the sensor had a problem either connecting to or reconfiguring the router.
What to do:
Configure network access to Disable Shunning and apply the changed config.
Now configure network access to Enable Shunning again and apply the changd config.
This will cause the network access controller to disconnect from the router and try to connect again.
Check the network access statistic and see if it is still inactive.
If it is then execute "show events past 00:10:00 to see all events in the past 10 minutes. Find the status event where you applied the change to Enable Shunning again, and start looking at the later events. Search for error or status events that might show what errors the network access controller was running in to.
Typical causes: Wrong username or password. Sensor is not able to telnet to the router because either the router is not reachable from the sensor IP, or the router does not have telnet enabled, or the router's access list prevents the sensor from connecting.
Other things you can check:
Create a service account on the sensor.
Login through the service account.
From the service account try to telnet to the router using the same username and password configured in the network access controller configuration on the sensor.
And see if you can get into the router.
You might also try running a sniffer between the router and sensor and monitor the connection. You can look for any error message coming back from the router, or at least see where in the connection the sensor is stopping. -
After installing the printer successfully on my desktop wireless through the cisco router I attempted to add my laptop a hp G60-635DX notebook. After installing the printer I got a message that a driver cannot be found! I called cisco and they offered online help for a $ 69.00 contract for 1 year! Looking for cheaper alternative!!!
Does the Asaro run DHCP? If so, turn off all access points except the one running DHCP and connect the printer. Then you can turn on the other APs.
Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
I am employed by HP -
Unable to Access Company LAN via VPN
Hello,
I have a ASA 5505 that I have been using to test run the IPSec VPN connection after studying the different configs and running through the ASDM I keep getting the same issue that I can't receive any traffic.
The company LAN is on a 10.8.0.0 255.255.0.0 network, I have placed the VPN clients in 192.168.10.0 255.255.255.0 network, the 192 clients can't talk to the 10.8 network.
On the Cisco VPN client I can see lots of sent packets but none received.
I think it could be to do with the NAT but from the examples I have seen I believe it should work.
I have attached the complete running-config, as I could well have missed something.
Many Thanks for any help on this...
FWBKH(config)# show running-config
: Saved
ASA Version 8.2(2)
hostname FWBKH
domain-name test.local
enable password XXXXXXXXXXXXXXX encrypted
passwd XXXXXXXXXXXXXXXX encrypted
names
name 9.9.9.9 zscaler-uk-network
name 10.8.50.0 inside-network-it
name 10.8.112.0 inside-servers
name 17.7.9.10 fwbkh-out
name 10.8.127.200 fwbkh-in
name 192.168.10.0 bkh-vpn-pool
interface Vlan1
nameif inside
security-level 100
ip address fwbkh-in 255.255.0.0
interface Vlan2
nameif outside
security-level 0
ip address fwbkh-out 255.255.255.248
interface Vlan3
nameif vpn
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Ethernet0/0
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
banner login Trespassers will be Shot, Survivors will be Prosecuted!!!!
banner motd Trespassers will be Shot, Survivors will be Prosecuted!!!!
banner asdm Trespassers will be Shot, Survivors will be Prosecuted!!!!
boot system disk0:/asa822-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name test.local
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_UDP_1 udp
port-object eq 4500
port-object eq isakmp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
protocol-object udp
access-list inside_access_in extended permit tcp 10.8.0.0 255.255.0.0 any object-group DM_INLINE_TCP_2 log warnings inactive
access-list inside_access_in extended permit ip inside-network-it 255.255.255.0 any inactive
access-list inside_access_in extended permit tcp 10.8.0.0 255.255.0.0 host zscaler-uk-network eq www
access-list inside_access_in extended permit ip inside-servers 255.255.255.0 any log warnings
access-list USER-ACL extended permit tcp 10.8.0.0 255.255.0.0 any eq www
access-list USER-ACL extended permit tcp 10.8.0.0 255.255.0.0 any eq https
access-list outside_nat0_outbound extended permit ip bkh-vpn-pool 255.255.255.0 10.8.0.0 255.255.0.0
access-list outside_access_in extended permit udp any host fwbkh-out object-group DM_INLINE_UDP_1 log errors inactive
access-list inside_nat0_outbound extended permit object-group DM_INLINE_PROTOCOL_1 10.8.0.0 255.255.0.0 any
access-list inside_nat0_outbound_1 extended permit ip 10.8.0.0 255.255.0.0 bkh-vpn-pool 255.255.255.0
access-list UK-VPN-USERS_splitTunnel extended permit ip 10.8.0.0 255.255.0.0 bkh-vpn-pool 255.255.255.0
access-list UK-VPN-USERS_splitTunnel extended permit ip inside-servers 255.255.255.0 bkh-vpn-pool 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu vpn 1500
ip local pool UK-VPN-POOL 192.168.10.10-192.168.10.60 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
nat-control
global (inside) 1 interface
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 1 10.8.0.0 255.255.0.0 dns
nat (outside) 0 access-list outside_nat0_outbound outside
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 17.7.9.10 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 10.8.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint BKHFW
enrollment self
subject-name CN=FWBKH
crl configure
crypto ca certificate chain BKHFW
certificate fc968750
308201dd 30820146 a0030201 020204fc 96875030 0d06092a 864886f7 0d010105
05003033 310e300c 06035504 03130546 57424b48 3121301f 06092a86 4886f70d
ccc6f3cb 977029d5 df42515f d35c0d96 798350bf 7472725c fb8cd64d 514dc9cb
7f05ffb9 b3336388 d55576cc a3d308e1 88e14c1e 8bcb13e5 c58225ff 67144c53 f2
quit
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.8.0.0 255.255.0.0 inside
ssh timeout 30
ssh version 2
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy UK-VPN-USERS internal
group-policy UK-VPN-USERS attributes
dns-server value 10.8.112.1 10.8.112.2
vpn-tunnel-protocol IPSec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value UK-VPN-USERS_splitTunnel
default-domain value test.local
address-pools value UK-VPN-POOL
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol webvpn
username admin password XXXXXXXXXXXXXXXXX encrypted privilege 15
username karl password XXXXXXXXXXXXXXX encrypted privilege 15
tunnel-group UK-VPN-USERS type remote-access
tunnel-group UK-VPN-USERS general-attributes
address-pool UK-VPN-POOL
default-group-policy UK-VPN-USERS
tunnel-group UK-VPN-USERS ipsec-attributes
pre-shared-key *****
tunnel-group IT-VPN type remote-access
tunnel-group IT-VPN general-attributes
address-pool UK-VPN-POOL
default-group-policy UK-VPN-USERS
tunnel-group IT-VPN ipsec-attributes
pre-shared-key *****
class-map ALLOW-USER-CLASS
match access-list USER-ACL
class-map type inspect http match-all ALLOW-URL-CLASS
match not request header from regex ALLOW-ZSGATEWAY
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map type inspect http ALLOW-URL-POLICY
parameters
class ALLOW-URL-CLASS
drop-connection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
policy-map ALLOW-USER-URL-POLICY
class ALLOW-USER-CLASS
inspect http
service-policy global_policy global
service-policy ALLOW-USER-URL-POLICY interface inside
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:00725d3158adc23e6a2664addb24fce1
: endHi Karl,
Please make the following changes:
ip local pool VPN_POOL_UK_USERS 192.168.254.1-192.168.254.254
access-list inside_nat0_outbound_1 extended permit ip 10.8.0.0 255.255.0.0 192.168.254.0 255.255.255.0
no nat (outside) 0 access-list outside_nat0_outbound outside
access-list UK-VPN-USERS_SPLIT permit 10.8.0.0 255.255.0.0
group-policy UK-VPN-USERS attributes
split-tunnel-network-list value UK-VPN-USERS_SPLIT
no access-list UK-VPN-USERS_splitTunnel extended permit ip 10.8.0.0 255.255.0.0 bkh-vpn-pool 255.255.255.0
no access-list UK-VPN-USERS_splitTunnel extended permit ip inside-servers 255.255.255.0 bkh-vpn-pool 255.255.255.0
access-list inside_access_in extended permit ip 10.8.0.0 255.255.255.0 192.168.254.0 255.255.255.0
management-access inside
As you can see, I did create a new pool, since you already have an interface in the 192.168.10.0/24 network, which does affect the VPN clients.
Once you are done, connect the client and try:
ping 10.8.127.200
Does it work?
Try to ping other internal IPs as well.
Let me know how it goes.
Portu.
Please rate any helpful posts
Message was edited by: Javier Portuguez -
SKY modem/router can't allow to access my TC via Finder? Please help
Hi
I am looking for some help to set my TC so I can access it from anywhere. I know it can be done by enabling WAN under "file sharing". However I got TC set in bridge mode at this moment so I can't enable WAN protocol under "file sharing". WAN appears as a option once I change TC "bridge mode" option to "Share public IP address" etc but then my internet connection is dead. Of course I need to mention here that I got Netgear modem/router with enabled UnPN connected to TC via WAN port. I guess I need set this modem/router first. I am just trying to get access to TC from anywhere by Go/Connect to server.
How can I achieve that?
ThanksAre you using proxy?
If your using proxy it refuse to access the localhost. -
Cannot print to printer on ethernet lan via wireless router
Hi,
Apple Macbook connected via Airport running class A network 10.0.0.X, which is connected to a Netgear 4 port router running class C network 192.168.0.X. Also on this class C network is a LAN network printer and a Windows PC. The Netgear router is connected to the internet and the Apple Macbook can connect to the internet and can ping the printer connected to the Netgear router, but when it sends a print job to this printer, the response is "Printer is busy. Will Retry in 30 seconds"
The windows PC can print to the network printer (both connected to the same netgear router) just fine.
the Macbook is running 10.4.11.
Please help.. and thanks in advance!Network Printer Troubleshooting
Ping printer: If you have the printers IP address open Terminal (Applications/Utilities) and at the prompt type: ping {printerIP}. You will get a reply or failure.
If you haven't done so already, try resetting the printing system.
OS X Mavericks: Reset the printing system also Yosemite -
Hi all,
I have maybe a strange situation. I recently started testing a VPN service on my home network. Ideally I would like most of my home machines to connect through this VPN. I am using it for both privacy and to circumvent geo-restricted sites. I have a router, Asus WL-500gp which is running the Tomato Firmware, and I did first attempt to setup OpenVPN on it which did work but didn't provide very much bandwidth due to probably not having enough processing power to deal with the encryption and the compression involved. I was only able to get about 5Mbit down when normally I get approx 30+ so this was not an acceptable performance hit.
I then decided to try setting up the VPN on my media server which is running Arch(of course). This was easily accomplished and is working extremely well with approx 25Mbs down. An acceptable performance hit. Now, as it stands only this machine is running through the VPN, the rest of the machines are still connecting to the net normally through the router. Is there a way to have other devices on my lan also get forwarded through the VPN on my Arch server. I do realize I could run my server as a router but I would rather leave the tomato router for that as it works well and is easy to setup whereas I suspect it may be complicated to setup on Arch. Is it possible to configure the tomato to forward certain IP's(my wired network is all static ip's) or even MAC's to the media server rather than the ISP. I suspect it can be done with some new routes added in but I am not that familiar with routing tables to figure it out.
So for example my tomato router is on ip 192.168.1.1, media server is on 192.168.1.2, xbmc 1 is on 192.168.1.3, xbmc 2 is on 192.168.1.4 etc. So say I would also like to have xbmc 1 and 2 go through the VPN as well. Is there a relatively simple way to accomplish this? I am thinking something along the lines of having the tomato forward request from IP 192.168.1.3-192.168.1.4 to 192.168.1.2(rather than the default gateway), then on the server tell it to forward these request to tun0(the VPN's network device).
Any thoughts? Anyone done something like this?
Thanks,
Kevin
Last edited by ould (2012-12-26 13:29:59)Xyne wrote:
My first thought was to just set the server up as a router, but then I got to the part where you reject the idea. If you change your mind, you may find my recent notes on configuring something similar useful.
I'm pretty much a networking noob so I may be way off, but I would try the following. Here I'm assuming that the lan and vpn interfaces on the server are eth0 and tun0, respectively. These commands are adapted from the aforementioned notes.
On the server:
# Enable IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Allow postrouting to tun0. You may want to use "-s" here to strictly limit forwarding to IPs on your LAN.
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
# Enable forwarding from the LAN to the VPN (and back via related and established connections).
# Again, you may want to use "-s".
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
After that, I think you can you just need to set the server as the default gateway on the other machines. I am not familiar with the Tomato firmware, but I would expect there to be some easy way to do it there.
You probably want the router to return the VPN's DNS servers instead of your ISP's DNS servers if you use DHCP on the LAN.
Thank you very mach! It's has been useful for me when i wanna connect my VBox mashines to do my lab) -
How to create tunnel in cisco router
Please give me command wise configuration about creating tunnel in router as:
tunnel ip address:-
destination ip
source ip:-
any other commandHello Sunil,
I guess what Jed wants to stress is that prior to IOS 12.2(8)T, a tunnel interface would not go down even if the underlying physical connection would go down. As of IOS 12.2(8)T, you can configure keepalives on the tunnel interface, which cause the interface to go down when the keepalives are missed.
Check this document for details:
Cisco IOS Software Releases 12.2 T
Generic Routing Encapsulation (GRE) Tunnel Keepalive
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cec.html
As for the tunnel configuration itself, in addition to a basic GRE tunnel as mentioned in the post above, there are additional ways to configure a tunnel. In the links below, you find many configuration examples:
Generic Routing Encapsulation (GRE)
Introduction
http://www.cisco.com/en/US/customer/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.html
IPSec Negotiation/IKE Protocols
Configuration Examples and TechNotes
http://www.cisco.com/en/US/customer/tech/tk583/tk372/tech_configuration_examples_list.html
Regards,
GNT -
This feature exists on an XFXboard. Their tech support says there is a way to connect to the board. Ping will not work as there is no IP address when off. Linksys tech is suggesting that one must disable the software firewall and other things that are questionble to me. In search of guidance
check out this link
http://www.ezlan.net/WOL.html -
At my work we have a modem and router to network 8 different pc's- all hard wired. My boss wants me to add an airport extreme so that he can get wireless connection on mobile devices. when i plug in the airport it creates a new network and i need to be able to connect to the existing network and not have the routers compete. is there a way to make the airport an access point instead? maybe by adding it to the exisiting router instead of one of the workstations?
When you introduced the AirPort Extreme, you had a condition where you have two routers in series. The simpliest solution is to reconfigure the downstream router (in this case the Extreme) as a bridge. This will allow the upstream router to provide the required NAT & DHCP services to all network clients regardless of which router they are connected to.
To reconfigure the Extreme as a bridge, you will use the AirPort Utility. (Note: I will provide the steps for using AirPort Utility v5.x)
AirPort Utility > Select the AirPort > Manual Setup
Internet > Internet Connection tab > Connection Sharing = Off (Bridge Mode) -
Please help me access my locked IPhone 4s! Thanks!
Here's a list of specific error codes & there resolution:
http://support.apple.com/kb/TS3694
Try recovery mode again, as outlined in the first article I gave you. Make sure there are no Firewalls turned on or any Anti-Virus software running. If it errors out again, pay attention to any code shown. -
Remote Command Tool for Cisco Routers/Switches
Is anyone aware of any tools or scripts out there which allow preconfigured commands to be remotely run again Cisco Router/Switches and display the output result?
I'm looking for a tool which I can give our Service Desk personnel that will allow them to select from a list of commands enter a target IP Address of a router/switch and then the tool will display the vlan table or the running config of a particular switch-port so they can see if its configured on the correct data vlan or its missing its voice vlan etc.
For example a Service Desk Operator needs to check what vlan a switch-port is on. So they open the tool, enter the switches IP address and the port number and select an option like "display a switch-ports vlan" and the tool will login into the switch in the background run a show command on the switch and then output the result.
Thanks.Check out rConfig. You will be able to run multiple instances of it i.e. one instance for your standard configuration backups and another for more specific configuration downloads info like show vlan bri commands etc for service desk staff to view.
You could also use the IOS menu function and create menus or role based access on each of your devices for your users.
Regards
Stephen
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
Maybe you are looking for
-
Multiple devices showing in text message forwarding
Is anybody seeing multiple devices when turning on "Text Message Forwarding" (Continuity for SMS) in iOS 8.1?
-
New Mac Book Pro user. Just bought last night and am setting up calender. iCal is displaying events from 1:00pm and later but will not allow me to view or add events earlier. Is there a simple fix for this? With thanks from a new Mac user. Don
-
Hi There, This is my first post on TechNet so hello. I am having a problem with one of our users when she opens Microsoft Word. Anytime she opens it she has to open it in safe mode. I have tried the repair tool that comes all ready in Microsoft Offic
-
Window Machines autheticating to Mac OS X computers when they shouldn't
I have a semi large network that has a Linux machine with Samba, and uses that to authenticate domain logins & shares on the network. However some Windows machines seems to want to authenticate to a Mac OS X computer instead of the Linux Samba machin
-
Temporary VO throws JBO-25058: Definition 0 of type Attribute is not found
Hello, I'm working with ADF 11.1.1.5. I know that this error message usually indicates a misspelled attribute name. But my code ist this:ViewObject tVO = _myApplicationModel.createViewObjectFromQueryStmt(null, "select coun