Monitoring Internet Router from inside network
I need help in setting this up. At the moment we are using Opmanager monitor our routers inside the network. I want to monitor our internet router sitting outside the network. Be really grate if someone can help out or point me out on how to set this up.
Regards
Thanks for your reply. Actually what I want is for my monitoring application sitting inside my network to monitor my internet router via SNMP. There is a FW in between
I have tried that PRTG application and its not bad. Thanks
Similar Messages
-
Using LDAP group to autenticate users from inside network to Internet
Hi team, I got an asa 5510 version 7.2.3 and i need to autenticate my users from inside network to internet using a security group in the Active Directory, anyone can help me with these?
This might not be complete for your needs but it may give you enough of what you need without having to purchase full url filtering etc.
Authenticate with LDAP as shown earlier in this thread, then use this aaa ldap with cut-through proxy -
PIX/ASA : Cut-through Proxy for Network Access using TACACS+ and RADIUS Server Configuration Example
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml
then do some filtering -
ASA/PIX 8.x: Block Certain Websites (URLs) Using Regular Expressions With MPF Configuration Example
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml -
Monitoring Exchange 2010 from external network
I would like to monitoring the following services pf Exchange 2010 from external network / internet
1) SMTP (To confirm the mail has been accepted for delivery)
2) ActiveSynch (Mobile device can login and synch different folders)
3) WebApp (Users can log and access mail)
I have created a script using test-Mailflow, test-activesynchconnectivity and Test-WebServicesConnectivity and running it on server from LAN. I want to monitor the above 3 areas from Internet(external network) to make sure these services are available
from Internet.
We have Barracuda as SMTP gateway, TMG for WebApp and MobileIron for ActiveSynch.
Will i be able to monitor these services from external network(internet) using test commands. What are the alternate ways to monitor the above services from external network.
ThanksWe are trying to build exactly similar to ExRCA. ExRCA is good but it is manual. We would like to build something similar to ExRCA which can monitor exchange services periodically and send alerts.
-
Internet Access from Inside to Outside ASA 5510 ver 9.1
Hi everyone, I need help setting up an ASA 5510 to allow all traffic going from the inside to outside so I can get internet access through it. I have worked on this for days and I have finally got traffic moving between my router and my ASA, but that is it. Everything is blocked because of NAT rules I assume.
I get errors like this when I try Packet Tracer:
(nat-xlate-failed) NAT failed
(acl-drop) Flow is denied by configured rule
Version Information:
Cisco Adaptive Security Appliance Software Version 9.1(4)
Device Manager Version 7.1(5)
Compiled on Thu 05-Dec-13 19:37 by builders
System image file is "disk0:/asa914-k8.bin"
Here is my ASA config, all I want for this exercise is to pass traffic from the inside network to the outside to allow internet access so I can access the internet and then look for specific acl's or nat for specific services:
Thank You!
Config:
ASA5510# sh running-config
: Saved
ASA Version 9.1(4)
hostname ASA5510
domain-name
inside.int
enable password <redacted> encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd <redacted> encrypted
names
dns-guard
interface Ethernet0/0
description LAN Interface
nameif Inside
security-level 100
ip address 10.10.1.1 255.255.255.252
interface Ethernet0/1
description WAN Interface
nameif Outside
security-level 0
ip address 199.199.199.123 255.255.255.240
boot system disk0:/asa914-k8.bin
ftp mode passive
dns domain-lookup Outside
dns server-group DefaultDNS
name-server 199.199.199.4
domain-name
inside.int
object network inside-net
subnet 10.0.0.0 255.255.255.0
description Inside Network Object
access-list USERS standard permit 10.10.1.0 255.255.255.0
access-list OUTSIDE-IN extended permit ip any any
access-list INSIDE-IN extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (Inside,Outside) source dynamic any interface
object network inside-net
nat (Inside,Outside) dynamic interface
access-group INSIDE-IN in interface Inside
access-group OUTSIDE-IN in interface Outside
router rip
network 10.0.0.0
network 199.199.199.0
version 2
no auto-summary
route Outside 0.0.0.0 0.0.0.0 199.199.199.113 1
route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Inside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username <redacted> password <redacted> encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
password encryption aes
Cryptochecksum:
<redacted>
: end
SH NAT:
ASA5510# sh nat
Manual NAT Policies (Section 1)
1 (Inside) to (Outside) source dynamic any interface
translate_hits = 0, untranslate_hits = 0
Auto NAT Policies (Section 2)
1 (Inside) to (Outside) source dynamic inside-net interface
translate_hits = 0, untranslate_hits = 0
SH RUN NAT:
ASA5510# sh run nat
nat (Inside,Outside) source dynamic any interface
object network inside-net
nat (Inside,Outside) dynamic interface
SH RUN OBJECT:
ASA5510(config)# sh run object
object network inside-net
subnet 10.0.0.0 255.255.255.0
description Inside Network Object
Hi all,Hello everyone, I need some help before my head explodes. IddddddddHello Mitchell,
First of all how are you testing this:
interface Ethernet0/0
description LAN Interface
nameif Inside
security-level 100
ip address 10.10.1.1 255.255.255.252
Take in consideration that the netmask is /30
The Twice NAT is good, ACLs are good.
do the following and provide us the result
packet-tracer input inside tcp 10.10.1.2 1025 4.2.2.2 80
packet-tracer input inside tcp 192.168.1.100 1025 4.2.2.2 80
And provide us the result!
Looking for some Networking Assistance?
Contact me directly at [email protected]
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
Note: Check my website, there is a video about this that might help you.
http://laguiadelnetworking.com -
How to manage c877(outside) in RFC1483 mode through ASA5505 from (inside)network
Hi All
Here is a quick summary of my network setup.
ISP ADSL2 -- C877 Router(RFC1483) -- ASA5505(PPPoE) -- Internal network(s).
I am trying to figure out how to correctly configure my C877 & my ASA so I can telnet and manage the C877 from one of the inside networks on the ASA5505.
With the current configuration I can ping the C877 but only from the outside (PPPoE) interface of my ASA5505. I cannot connect to it from any other inside network.
Interface connectivity is as follows:
ISP <-> C877 PoTS
C877 FA/0 <-> ASA Eth0/0[outside_public] [Zone SEC=0]
ASA Eth0/1[inside_private][Zone SEC=100] <-> HP L2 Switch
HP L2 Switch <-> Home PC.
Device IPs:
Cisco ASA [inside_private] gateway IP = 192.168.50.1 / 24
Home PC = 192.168.50.81 / 24
Router C877 IP = 192.168.50.2 / 24
Everything is working as expected, except I want to be able to manage the C877 from the Home PC, but currently I am not able to establish any connectivity to the C877 from the [inside_private] network.
Here is what I have tried so far but without luck:
Connected (a 2nd) network cable from the C877 to the L2 switch. No connectivity from the Home PC.
Connected (a 2nd) network cable from the C877 to ASA on another interface added to the [inside_private] network. No connectivity from the Home PC.
Any help much appreciated!
C877 config below:
Current configuration : 1422 bytes
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname c877
boot-start-marker
boot-end-marker
no aaa new-model
clock timezone UTC 11 0
crypto pki token default removal timeout 0
dot11 syslog
ip source-route
ip cef
ip domain name --CUT--
no ipv6 cef
multilink bundle-name authenticated
username --CUT-- privilege 15 password 7 --CUT--
bridge irb
interface ATM0
no ip address
no atm ilmi-keepalive
bridge-group 1
pvc 8/35
encapsulation aal5snap
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Vlan1
no ip address
bridge-group 1
interface BVI1
ip address 192.168.50.2 255.255.255.0
ip default-gateway 192.168.50.1
ip forward-protocol nd
no ip http server
no ip http secure-server
snmp-server community public RO
snmp-server ifindex persist
control-plane
bridge 1 protocol ieee
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
transport input all
end
ASA5505 config below:
ASA Version 9.1(3)
hostname asa5505
enable password --CUT-- encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd --CUT-- encrypted
names
interface Ethernet0/0
switchport access vlan 10
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 20
interface Ethernet0/3
switchport access vlan 30
interface Ethernet0/4
switchport access vlan 40
interface Ethernet0/5
interface Ethernet0/6
switchport access vlan 70
interface Ethernet0/7
switchport access vlan 70
interface Vlan1
nameif inside_private
security-level 100
ip address 192.168.50.1 255.255.255.0
interface Vlan10
nameif outside_public
security-level 0
pppoe client vpdn group ADSL2
ip address pppoe setroute
interface Vlan20
nameif inside_dmz
security-level 70
ip address 192.168.60.1 255.255.255.0
interface Vlan30
nameif inside_guest
security-level 50
ip address 192.168.70.1 255.255.255.0
interface Vlan40
nameif inside_experimental
security-level 60
ip address 10.0.0.1 255.255.0.0
interface Vlan70
nameif inside_phone
security-level 10
ip address 192.168.80.1 255.255.255.192
boot system disk0:/asa913-k8.bin
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns domain-lookup inside_dmz
dns server-group DefaultDNS
name-server 192.168.60.2
same-security-traffic permit intra-interface
object network LAN_private
subnet 192.168.50.0 255.255.255.0
object network LAN_dmz
subnet 192.168.60.0 255.255.255.0
object network LAN_guest
subnet 192.168.70.0 255.255.255.0
object network LAN_experimental
subnet 10.0.0.0 255.255.0.0
object network QNAP_host
host 192.168.50.9
object network INTELNUC_host
host 192.168.60.2
object network INTELNUC_prtgservice
host 192.168.60.2
object network INTELNUC_webservice
host 192.168.60.2
object network QNAP_management
host 192.168.50.9
object network QNAP_transmission
host 192.168.50.9
object network LAN_guest_wireless
range 192.168.70.31 192.168.70.50
object network QNAP_t51413
host 192.168.50.9
object network QNAP_u51413
host 192.168.50.9
object service 9000-9049
service udp destination range 9000 9049
object network C7940_u10000-20000
host 192.168.80.11
object network C7940_t5060
host 192.168.80.11
object network LAN_phone
subnet 192.168.80.0 255.255.255.192
object network SPINTEL_host
host --CUT--
object service 16384-32766
service udp source range 16384 32766
object network C7940_host
host 192.168.80.11
object service 10000-20000
service udp destination range 10000 20000
object network C7940_u5060
host 192.168.80.11
object-group network LAN_all
network-object object LAN_dmz
network-object object LAN_experimental
network-object object LAN_guest
network-object object LAN_private
network-object object LAN_phone
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service 5060 tcp-udp
port-object eq sip
object-group service 53 tcp-udp
port-object eq domain
access-list public_ACL extended permit tcp any object QNAP_host eq 8080
access-list public_ACL extended permit tcp any object QNAP_host eq 51413
access-list public_ACL extended permit udp any object QNAP_host eq 51413
access-list public_ACL extended permit tcp any object QNAP_host eq 9091
access-list public_ACL extended permit tcp any object INTELNUC_host eq 444
access-list public_ACL extended permit tcp any object INTELNUC_host eq www
access-list public_ACL extended permit object-group TCPUDP any object C7940_host eq domain inactive
access-list public_ACL extended permit tcp object SPINTEL_host object C7940_host eq sip
access-list public_ACL extended permit udp object SPINTEL_host object C7940_host eq sip
access-list public_ACL extended permit icmp object SPINTEL_host object C7940_host
access-list public_ACL extended permit object 10000-20000 object SPINTEL_host object C7940_host
access-list public_ACL extended permit ip object SPINTEL_host object C7940_host
access-list dmz_ACL extended permit icmp any any echo
access-list dmz_ACL extended permit udp any any eq snmp
access-list dmz_ACL extended permit ip object INTELNUC_host object-group LAN_all
access-list dmz_ACL extended deny ip any object LAN_private
access-list dmz_ACL extended deny ip any object LAN_guest
access-list dmz_ACL extended deny ip any object LAN_experimental
access-list dmz_ACL extended deny ip any object LAN_phone
access-list dmz_ACL extended permit ip any any
access-list guest_ACL extended permit icmp any any echo
access-list guest_ACL extended permit udp any any eq snmp
access-list guest_ACL extended permit object-group TCPUDP object LAN_guest_wireless object INTELNUC_host eq domain
access-list guest_ACL extended deny ip object LAN_guest_wireless object INTELNUC_host
access-list guest_ACL extended deny ip object LAN_guest_wireless object QNAP_host
access-list guest_ACL extended permit ip any object INTELNUC_host
access-list guest_ACL extended permit ip any object QNAP_host
access-list guest_ACL extended deny ip any object LAN_private
access-list guest_ACL extended deny ip any object LAN_dmz
access-list guest_ACL extended deny ip any object LAN_experimental
access-list guest_ACL extended deny ip any object LAN_phone
access-list guest_ACL extended permit ip any any
access-list phone_ACL extended permit udp object C7940_host object INTELNUC_host eq tftp
access-list phone_ACL extended permit icmp object C7940_host object SPINTEL_host
access-list phone_ACL extended permit object 16384-32766 object C7940_host object SPINTEL_host
access-list phone_ACL extended permit object-group TCPUDP object C7940_host any eq domain
access-list phone_ACL extended permit udp object C7940_host any eq ntp
access-list phone_ACL extended permit tcp object C7940_host any eq sip
access-list phone_ACL extended permit udp object C7940_host any eq sip
access-list phone_ACL extended permit ip object C7940_host any inactive
access-list phone_ACL extended permit ip object LAN_phone any inactive
pager lines 24
logging enable
logging asdm notifications
mtu inside_private 1500
mtu outside_public 1492
mtu inside_dmz 1500
mtu inside_guest 1500
mtu inside_experimental 1500
mtu inside_phone 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-714.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside_private,outside_public) source static C7940_u10000-20000 interface service 10000-20000 10000-20000
object network LAN_private
nat (inside_private,outside_public) dynamic interface
object network LAN_dmz
nat (inside_dmz,outside_public) dynamic interface
object network LAN_guest
nat (inside_guest,outside_public) dynamic interface
object network LAN_experimental
nat (inside_experimental,outside_public) dynamic interface
object network INTELNUC_prtgservice
nat (inside_dmz,outside_public) static interface service tcp 444 444
object network INTELNUC_webservice
nat (inside_dmz,outside_public) static interface service tcp www www
object network QNAP_management
nat (inside_private,outside_public) static interface service tcp 8080 8080
object network QNAP_transmission
nat (inside_private,outside_public) static interface service tcp 9091 9091
object network QNAP_t51413
nat (inside_private,outside_public) static interface service tcp 51413 51413
object network QNAP_u51413
nat (inside_private,outside_public) static interface service udp 51413 51413
object network C7940_t5060
nat (inside_private,outside_public) static interface service tcp sip sip
object network LAN_phone
nat (inside_phone,outside_public) dynamic interface
object network C7940_u5060
nat (inside_private,outside_public) static interface service udp sip sip
access-group public_ACL in interface outside_public
access-group dmz_ACL in interface inside_dmz
access-group guest_ACL in interface inside_guest
access-group phone_ACL in interface inside_phone
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
http server enable
http 192.168.50.0 255.255.255.0 inside_private
snmp-server host inside_dmz 192.168.60.2 community *****
snmp-server location inside_dmz
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint localtrust
enrollment self
fqdn asa5505.--CUT--
subject-name CN=sasa5505.--CUT--
keypair sslvpnkey
crl configure
crypto ca trustpool policy
crypto ca certificate chain localtrust
certificate --CUT--
telnet 192.168.50.0 255.255.255.0 inside_private
telnet timeout 60
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group ADSL2 request dialout pppoe
vpdn group ADSL2 localname --CUT--
vpdn group ADSL2 ppp authentication pap
vpdn username --CUT-- password --CUT-- store-local
dhcpd auto_config outside_public
dhcprelay server 192.168.60.2 inside_dmz
dhcprelay enable inside_private
dhcprelay enable inside_guest
dhcprelay enable inside_experimental
dhcprelay enable inside_phone
dhcprelay timeout 60
threat-detection basic-threat
threat-detection statistics host number-of-rate 3
threat-detection statistics port number-of-rate 3
threat-detection statistics protocol number-of-rate 3
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server --CUT-- source inside_private
ssl encryption aes256-sha1 aes128-sha1 3des-sha1 rc4-sha1
ssl trust-point localtrust outside_public
webvpn
anyconnect-essentials
username --CUT-- password --CUT-- encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
inspect icmp
inspect pptp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:--CUT--Ansar,
A source group or "group" is what you need to configure on the CSS in order for the backend servers to initiate a connection outbound on the CSS. It would be helpful if you could email me directly a piece of your config. Specifically I would need the "service" section in terms of which servers need outbound access as well as the content rules you have configured and the ACL section to confirm you are not blocking anything.
As an example.
If you had
service pete
ip address 1.1.1.1
active
content pete
add service pete
protocol tcp
port 80
vip address 2.2.2.2
active
group pete_out
vip address 2.2.2.2
add service pete
active
So what happens is when the service makes an outbound connection, the source ip address is now the vip address. When the return packet comes back, the CSS recognizes it and gets it back to the backend server.
You can also apply a source group via an acl as another option.
Regards
Pete..
[email protected] -
Protect internet Router from ddos attack
Hello,
i have small router 2911 connected the main internet router GSR this GSR has peering with ISPs , there is default route on 2911 send to GSR and all user connect on 2911 will go from 2911 to GSR, i had attack ddos attack on 2911 my question how can protect 2911 from this kind of attack, i have some queries if you can help me:
1. what is the access-list need to configure to protect the router 2911.for example ICMP, HTTP.......
2. what is the COOP configuration to allow us to able to access this router when attack and CPU high.
3. i heard ASR and 7200 has some feature to protect these router from ddos attack, is helpful for all kind of dedos attack
thanks in advanced.Hi Steven,
Have a look at the below mentioned link:
DDOS Protection
DDOS Protection 2
Regards,
Anim Saxena
Community Manager
*do rate helpful posts* -
Complex DNS? Cannot reach XServe from inside network
I'm trying to make DNS work on a XServe with Leopard Server installed.
I had to migrate (mostly manually) DNS from the old server.
The server runs DNS for about 50 websites, most of them on the server itself, some on other local machines. All these are configured with their external ip addresses.
From inside the building i cannot reach the server unless i make a subnet so the xserve acts as a router to. Then I can also use Server Admin e.g., which I cannot use without that subnet.
From witin the server DNS seems to work while just browsing the domains with Safari.
sudo changeip -checkhostname
Primary address = 10.0.2.15
Current HostName = dns.myserver.com
The DNS hostname is not available, please repair DNS and re-run this tool.
So i guess i made a mess..
host on xserve ip address (also from within xserve)
odin:~ admin$ host 10.0.2.15
Host 15.2.0.10.in-addr.arpa not found: 3(NXDOMAIN
host command on external ip address gave me one of the domains, but not dns.myserver.com.
$ host 192.xxx.xxx.xxx (of course i used the full external ip address)
192.xxx.xxx.xxx.in-addr.arpa domain name pointer dns.myserver.com.
Can anybody help?
Message was edited by: skipx2I'm trying to make DNS work on a XServe with Leopard Server installed.
I had to migrate (mostly manually) DNS from the old server.
The server runs DNS for about 50 websites, most of them on the server itself, some on other local machines. All these are configured with their external ip addresses.
From inside the building i cannot reach the server unless i make a subnet so the xserve acts as a router to. Then I can also use Server Admin e.g., which I cannot use without that subnet.
From witin the server DNS seems to work while just browsing the domains with Safari.
sudo changeip -checkhostname
Primary address = 10.0.2.15
Current HostName = dns.myserver.com
The DNS hostname is not available, please repair DNS and re-run this tool.
So i guess i made a mess..
host on xserve ip address (also from within xserve)
odin:~ admin$ host 10.0.2.15
Host 15.2.0.10.in-addr.arpa not found: 3(NXDOMAIN
host command on external ip address gave me one of the domains, but not dns.myserver.com.
$ host 192.xxx.xxx.xxx (of course i used the full external ip address)
192.xxx.xxx.xxx.in-addr.arpa domain name pointer dns.myserver.com.
Can anybody help?
Message was edited by: skipx2 -
Routing from internal network to external (internet) - is this possible ?
Hi all,
I know that private IPs cannot be used on the internet. But what will be the component that is preventing it ?
In this setup below, assuming i am assigned a /24 public ip block, but i am not going to use or assigned them (e.g. NAT), how/where will my packet from host 1 to 8.8.8.8 be dropped ?
Regards
NoobDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Well, as Jon has already noted, packet is forwarded only by its destination IP. Which means, if the original packet has only a private IP in its source address, it won't be involved in the forwarding decision. (Again, the source IP might still be subjected to analysis that will block the packet at some point.)
So, your private IP will only be a routing consideration if the receiving host is trying to reply and use your original source IP as the return packet's destinations IP. (I suspect you understand the foregoing, but I did want to insure there's no misunderstanding.)
Ok, so if the original destination host generates a packet with a private IP for destination IP, it would be (most likely be) treated, from that host, like any other packet that host generates with a private IP in the destination. I.e. The network will attempt to deliver it.
If the prefix destination is totally unknown, the packet will be dropped unless the forwarding router has a default route (or aggregate) that covers it.
Assuming there's a local private subnet, that matches the destination, the network will deliver it to that network, and if there's a host with that actual private IP, the packet will be delivered to it. Usually, the overlapping private IP host will drop the packet, as it won't have process expecting the packet, but it's possible, a process is might accept the packet and attempt to process it. Then, most likely, the process will go "huh?" and drop the packet. However, it's also possible the newly receiving host will reply to your original receiving host, i.e. those hosts will now fling packets back-and-forth, because of your original packet. Again, this is all very unlikely normally, more so if the network isn't "sloppy", but such routing is the basis for some DDoS attacks. (For example, I place another host's IP in my packet's source IP, and then send out ping to the network broadcast IP. Hosts receiving the ping will send a ping reply to the host I targeted.) -
i upgrade my iPhone 4 to iOS 6 and if I'm close to my router the signal indicator comes on and the phone connects to the wifi just fine, but if I step away from the router my phone does not have signal and cannot connect to Internet
I can use my iPhone only with wifi .
I don't get any signal and I can not connect to
The Internet without wifi.
When I don't use my wifi from home I have lost all connection to the net
My iPhone is on and working it does not shut down -
ARD works from inside network, but not from outside.
I can connect me MB to my G5 no problem when on the network inside my home. But if I'm on another network (and supply the correct IP address) I get an "ARD Not Active" error.
All seem to be well, both machine are up to date and this works locally.
What's wrong?That I can't tell. I travel and all I can do is open ports at home. I have no control over the hotel's systems.
This was up and working fine - now it just won't connect. Even for the same locations that used to work just fine.
But perhaps this is something:
I recently installed Parallels Desktop. Now in the Network pref Pane, there are "Parallels Guest-Host" and "Parallels NAT".
That's new, could it be a clue? -
Routes from BGP network statements are not tagged same as other BGP routes?
I have a question if BGP treats the routes it advertised by using the network statements the same way as the routes it learned or redistributed.
Here is what I did:
bgp 65113
network 1.2.3.4 mask 255.255.255.0
redistribute static route-map STATIC_INTO_BGP
ip route 1.2.3.4 255.255.255.0 null0
ip route ....
route-map STATIC_INTO_BGP permit 10
match ip address prefix-list STATIC_INTO_BGP
set community 65113:100
I had all the static routes, including the one to null0, in the prefix-list STATIC_INTO_BGP. So those routes could be tagged with the community value.
I found out that all the routes in the prefix list were tagedd correctly except for the one to null0 (the one advertised by the BGP network statement). I had to create a seperate prefix list just for this route and add to the route map to have it tagged correctly.
So my question is: is this how BGP supposed to function or did I do it incorrectly?
Thanks a lot
GaryThanks all for the help. I agree that if the static route is redistributed into BGP, there's no need to have a BGP network statement again.
How about this scenario:
I have a static route:
ip route 1.2.3.0 255.255.255.0 null0
I don't redistribute it into BGP, instead I use a network statement:
bgp xxxxx
network 1.2.3.0 mask 255.255.255.0
I create a prefix list and route map to tag it:
ip prefix-list set-community permit 1.2.3.0/18 le 32
route-map set-community permit 10
match ip address prefix-list set-community
set community xxxxx:100
Would this set the right community for 1.2.3.0/24 (and other length in the range 18-32)? IN thise case, I used a network statement not a redistribution.
Thansk
Gary -
Bad DNS return from inside network
Hello,
I am getting my butt kicked on this one. Our company site is now hosted on an external server. There was a DNS CNAME entry made on our domain controller that points www to
www.mycompany.com. Internally it used to work now we don't know what happened. When I use nslookup internally I get 192.185.5.155 I used to get 96.45.82.197. I still get 96.45.82.197 when on an external
server. If I change DNS server to 8.8.8.8 everthing works great, so I am guessing it has to be an entry somewhere. I have check hosts files, both DNS servers, the firewall, and switches. Still cannot find anything.
Any ideas?
TIA,
JimHi,
It sounds like you're having the same dns-zone in your local network as you have externally, and a mismatch between the records of www. Please verify (as you stated you've been doing some changes in the local dns) that your
www.mycompany.com record internally matches the external one (96.45.82.197 or what it was).
/Johan
Microsoft Certified Trainer
MCSE: Desktop, Server, Private Cloud, Messaging
Blog: http://365lab.net -
Cisco ASA 5505 Routing between internal networks
Hi,
I am new to Cisco ASA and have been configuring my new firewall but one thing have been bothering. I cannot get internal networks and routing between them to work as I would like to. Goal is to set four networks and control access with ACL:s between those.
1. Outside
2. DMZ
3. ServerNet1
4. Inside
ASA version is 9.1 and i have been reading on two different ways on handling IP routing with this. NAT Exempt and not configuring NAT at all and letting normal IP routing to handle internal networks. No matter how I configure, with or without NAT I cannot get access from inside network to DMZ or from ServerNet1 to DMZ. Strange thing is that I can access services from DMZ to Inside and ServerNet1 if access list allows it. For instance DNS server is on Inside network and DMZ works great using it.
Here is the running conf:
interface Ethernet0/0
switchport access vlan 20
interface Ethernet0/1
switchport access vlan 20
interface Ethernet0/2
switchport access vlan 19
interface Ethernet0/3
switchport access vlan 10
switchport trunk allowed vlan 10,19-20
switchport trunk native vlan 1
interface Ethernet0/4
switchport access vlan 10
interface Ethernet0/5
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/6
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/7
switchport access vlan 10
interface Vlan10
nameif inside
security-level 90
ip address 192.168.2.1 255.255.255.0
interface Vlan11
nameif ServerNet1
security-level 100
ip address 192.168.4.1 255.255.255.0
interface Vlan19
nameif DMZ
security-level 10
ip address 192.168.3.1 255.255.255.0
interface Vlan20
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-192.168.2.0
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network DNS
host 192.168.2.10
description DNS Liikenne
object network Srv2
host 192.168.2.10
description DC, DNS, DNCP
object network obj-192.168.4.0
subnet 192.168.4.0 255.255.255.0
object network ServerNet1
subnet 192.168.4.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network RFC1918
object-group network InternalNetworks
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq domain
service-object udp destination eq domain
service-object udp destination eq nameserver
service-object udp destination eq ntp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
port-object eq ftp
port-object eq ftp-data
object-group service rdp tcp-udp
description Microsoft RDP
port-object eq 3389
object-group service DM_INLINE_TCP_2 tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group service DM_INLINE_SERVICE_2
service-object tcp destination eq domain
service-object udp destination eq domain
object-group network DM_INLINE_NETWORK_1
network-object object obj-192.168.2.0
network-object object obj-192.168.4.0
access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
access-list dmz_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
access-list DMZ_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
access-list ServerNet1_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu ServerNet1 1500
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711-52.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,DMZ) source static obj-192.168.2.0 obj-192.168.2.0 destination static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp
object network obj_any
nat (inside,outside) dynamic interface
nat (DMZ,outside) after-auto source dynamic obj_any interface destination static obj_any obj_any
nat (ServerNet1,outside) after-auto source dynamic obj-192.168.4.0 interface
access-group ServerNet1_access_in in interface ServerNet1
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 192.168.4.0 255.255.255.0 ServerNet1
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.4.0 255.255.255.0 ServerNet1
ssh 192.168.2.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymousHi Jouni,
Yep, Finnish would be good also =)
In front of ASA is DSL modem, on the trunk ports is Hyper-V host that uses the trunk ports so that every VM has their VLAN ID defined in the VM level. Everything is working good on that end. Also there is WLAN Access Pois on one of the ASA ports, on the WLAN AP there is the management portal address on DMZ that i have been testing agains (192.168.3.4)
If i configure Dynamic PAT from inside to the DMZ then the traffic starts to work from inside to all hosts on DMZ but thats not the right way to do it so no shortcuts =)
Here is the conf now, still doesnt work:
interface Ethernet0/0
switchport access vlan 20
interface Ethernet0/1
switchport access vlan 20
interface Ethernet0/2
switchport access vlan 19
interface Ethernet0/3
switchport access vlan 10
switchport trunk allowed vlan 10,19-20
switchport trunk native vlan 1
interface Ethernet0/4
switchport access vlan 10
interface Ethernet0/5
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/6
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/7
switchport access vlan 10
interface Vlan10
nameif inside
security-level 90
ip address 192.168.2.1 255.255.255.0
interface Vlan11
nameif ServerNet1
security-level 100
ip address 192.168.4.1 255.255.255.0
interface Vlan19
nameif DMZ
security-level 10
ip address 192.168.3.1 255.255.255.0
interface Vlan20
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-192.168.2.0
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network DNS
host 192.168.2.10
description DNS Liikenne
object network Srv2
host 192.168.2.10
description DC, DNS, DNCP
object network obj-192.168.4.0
subnet 192.168.4.0 255.255.255.0
object network ServerNet1
subnet 192.168.4.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network RFC1918
object-group network InternalNetworks
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq domain
service-object udp destination eq domain
service-object udp destination eq nameserver
service-object udp destination eq ntp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
port-object eq ftp
port-object eq ftp-data
object-group service rdp tcp-udp
description Microsoft RDP
port-object eq 3389
object-group service DM_INLINE_TCP_2 tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group service DM_INLINE_SERVICE_2
service-object tcp destination eq domain
service-object udp destination eq domain
object-group network DM_INLINE_NETWORK_1
network-object object obj-192.168.2.0
network-object object obj-192.168.4.0
object-group network DEFAULT-PAT-SOURCE
description Default PAT source networks
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
network-object 192.168.4.0 255.255.255.0
access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
access-list dmz_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
access-list DMZ_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
access-list ServerNet1_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu ServerNet1 1500
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711-52.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
access-group ServerNet1_access_in in interface ServerNet1
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 192.168.4.0 255.255.255.0 ServerNet1
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.4.0 255.255.255.0 ServerNet1
ssh 192.168.2.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous -
ASA access from inside to outside interface
Hi
We need to make acces on our ASA device from inside network to outside interface.
The situation is next:
We have public external ip address and we need to access it from our inside network.
Can you please tell me if it is possible to do this?
Thank you.That's right, the solution is named Hairpinning aka U-turn.
The dynamic rule was the one suggested in my first reply:
global (inside) 1* interface *Assume you are using number one - See more at: https://supportforums.cisco.com/message/3867660#3867660
global (inside) 1* interface *Assume you are using number one - See more at: https://supportforums.cisco.com/message/3867660#3867660
global (inside) 1* interface *Assume you are using number one - See more at: https://supportforums.cisco.com/message/3867660#3867660
global (inside) 1* interface *Assume you are using number one - See more at: https://supportforums.cisco.com/message/3867660#3867660
global (inside) 1* interface *Assume you are using number one - See more at: https://supportforums.cisco.com/message/3867660#3867660
global (inside) 1* interface *Assume you are using number one -
Share wireless internet modem from one computer to another with router model WRT120N
I am trying to share an internet connection of my Sprint wireless modem from computer 1 to computer 2. Is there a way to share the internet connection? I have successfully set up a Home Group. I have tried to share my internet connection by
right clicking on the network connections icon in the system tray -->
Open Network and Sharing Center -->
"Change Adapter Settings -->
right clicking on "Modem -->
Properties -->
Sharing -->
Allow other network users to connect through this computer's connection --> *
Home networking connection: > Local Area Connection -->
OK **
* I get this error message
"The user name and password for this connection cannot be saved for use by all users. As a result, Internet Connection Sharing can only dial this connection when you are logged on. To enable automatic dialing, you should create a new connection for all users, save your user name and password for all users, and then enable sharing for the new connection."
** I get this error message
"Since this connection is currently active, some settings will not take effect until the next time you dial it."
Next Network Magic informs me that LAN has lost connection.
I disconnect from the internet connection then connect again.
Network Magic shows my computer is not connected to the router but the internet is connected as well as the 2nd computer (Sharing the internet to). I can still connect to the internet from my computer.
I tried opening google my IE 9 browser on computer 2, not able to connect. On computer 2 Network Magic shows that all devices are connected to the router but is not connected to the internet.
Home Groups are not available now on both computers but I am still able to connect to mapped network drives.
I am running Network Magic Basic on both computers.
ipconfig /all on computer 1 shows:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Michael>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : AnnaBannana-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
PPP adapter Mobile:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Mobile
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 173.153.207.50(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 68.28.58.92
68.28.50.91
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection 10:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : U600 EVDO Network Adapter #3
Physical Address. . . . . . . . . : 00-A0-C6-00-00-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WiMAX Network Adapter
Physical Address. . . . . . . . . : F4-63-49-03-58-B6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 70-71-BC-5D-DC-44
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:ad99:cf32:a:955e:5b9:b42c:197b(Prefe
rred)
IPv6 Address. . . . . . . . . . . : 2002:b8c3:8b53:a:955e:5b9:b42c:197b(Prefe
rred)
Site-local IPv6 Address . . . . . : fec0::a:955e:5b9:b42c:197b%2(Preferred)
Temporary IPv6 Address. . . . . . : 2002:ad99:cf32:a:f152:48a7:38e0:4bd8(Pref
erred)
Temporary IPv6 Address. . . . . . : 2002:b8c3:8b53:a:f152:48a7:38e0:4bd8(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::955e:5b9:b42c:197b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.137.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 242250172
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-C2-02-FF-70-71-BC-5D-DC-44
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{A05F6BCE-ED0A-4E3C-AFEA-96B9B0FC00E7}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{D73CCDF5-F1EE-4FBE-9C86-FB6D72F97B0C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:ad99:cf32::ad99:cf32(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 68.28.58.92
68.28.50.91
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{CDEAD959-7804-4D3A-8989-A5D8F1B154F5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1443:3dd8:473c:74ac(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::1443:3dd8:473c:74ac%26(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 335544320
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-C2-02-FF-70-71-BC-5D-DC-44
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{99E66CF3-88EA-4809-A033-6BB90F33EB9C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
ipconfig /all on computer 2 shows:
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Michael>IPCONFIG /ALL
Windows IP Configuration
Host Name . . . . . . . . . . . . : HP-Mini-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-26-5E-C1-25-70
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 0C-60-76-55-76-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Contro
ller (NDIS 6.20)
Physical Address. . . . . . . . . : 00-26-55-CD-33-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 0C-60-76-55-76-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:ad99:cf32:a:60ec:aea0:d494:59d1(Pref
erred)
Site-local IPv6 Address . . . . . : fec0::a:60ec:aea0:d494:59d1%1(Preferred)
Temporary IPv6 Address. . . . . . : 2002:ad99:cf32:a:e92e:d367:eddc:aaae(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::60ec:aea0:d494:59d1%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 17, 2011 11:23:38 PM
Lease Expires . . . . . . . . . . : Saturday, June 18, 2011 11:23:37 PM
Default Gateway . . . . . . . . . : fe80::955e:5b9:b42c:197b%16
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 369909878
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-F1-D7-F0-00-1E-33-A3-7E-43
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{056F6EC1-7291-43F0-AAD2-9B90787CF29C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{FB5BBB88-D238-474F-9958-88E1F2149ED3}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6FC9C384-65F1-4D3E-9BEB-4DC925A0F24F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{8992E75C-3566-440C-8167-94CD03CFCB37}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable Microsoft 6To4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Michael>See this thread: here.
However, please don't use 192.168.0.2 for the router but 192.168.137.2 instead. Home sharing uses 192.168.137.1 on the sharing computer instead of 192.168.0.1 as it was in earlier Windows versions.
To make the change, unplug the WRT from your network. Wire your second computer to a LAN port of the WRT.
Open the web interface at http://192.168.1.1/
On the main setup page, change the LAN IP address from 192.168.1.1 to 192.168.137.2.
On the same page, disable the DHCP server.
Save settings.
Unplug the computer. Now wire one of the numbered LAN ports of the WRT to your home sharing computer.
That's it.
Maybe you are looking for
-
++Custom Serialization with Complex Data type (Nested Classes)
Hi, We have a scenario wherein we need to write CUSTOM SERIALIZERS for complex datatypes like INVOICE & ORDER (INVOICE inturn has ADDRESS type among others, ORDER has ADDRESS type, a COLLECTION of type ORDERITEM each of which are Java Classes in them
-
MPEG-2 codecs missing from Adobe Media Encoder CS6 installed with Creative Cloud Membership
Some people who have downloaded Adobe Media Encoder with Premiere Pro CS6 as part of a Creative Cloud Membership subscription have a problem in which the MPEG2, MPEG2-DVD, MPEG2-Blu-ray, Dolby Digital, & MXF OP1a codecs are missing. To fix this issue
-
GL Line Item Upload: Assignment to Profitability Segment
Hi, I have a problem while loading GL line items using RFBIBL00 when assigning characteristic values to the "Assignment to Profitability Segment" Screen (SAPLKEAK,0300). I am passing the values thru RKE_* fields in BBSEG structure but the program is
-
No sound with any file type!
hi, ive rendered some videos from 3D studio max at work and put them into premier, then added wav's and mp3's for sound effects and background themes. they all worked fine at work but when i opened the project in my copy at home the sound files dont
-
Getting an "error 3005" on a distributed app...
I have searched and tried all of the solutions provided and none of them fix this issue. I have... 1) Recreated the ActiveX object on the front panel, re-compiled, rebuilt the application and no-go, same error 2) Manually registered the DLL using the