NAT configuaration question

10.10.10.4 (255.255.55.248) is my workstation on Vlan1 (10.10.10.1) see attached.
My fw log indicates drop packet to 10.10.10.4. Does this show my 10 addr is visible externally? Is my internal addr. being NATed correctly?
If NAT config is wrong, how do I correct it?
Regards

Hi there
assuming that you have in your cbac only two interfaces inside and outside no DMZ!!!
i would like to suggest :
1-the vty access-list must be applied on VLAN inbound, to prevent any spoofing of your 10.10... network.
2-the access-list 2000 is good it will allow what must be allowed from outside to your network and at the same time it implement the RFC 2829, so it s placed in the right place dialer inbound.
3-the MARSFW inspection rule must be applied on vlan 1 inbound and removed from dialer0, this inspection rule will create the statefull database and dynamic entries those entries will be appended to your access-list 2000 the puporse of those dynamic entries is to allow the returned traffic for the session initiated from your internal network to the outside network.
4- the nat configuratiion is correct! must work!!.
5- but i dont see any inpspection for your HTTP traffic in the inspection RULE so it will be dropped automaticaly i think!!!, suggestion try to add to the inspection rule
(ip inspect MARSFW http)
also if your are using port 8080 for http instead of 80 use :
(ip port-map http port 8080) at the global config
try and let us know the result
HTH
please do rate if it does clarify

Similar Messages

  • NAT -LAST Question

    Dear All,
    i have the following question regarding the NAT Configuration.
    as Every One Knows we have in NAT Terminology the following Terms :-
    1- Inside Local Address, which is Private Network or which is MY LAN IP Address .
    2- Inside Global Address, which is the legitimate IP Address assigned by the NIC Or the ISP Provider, which is the Real IP Address.
    now, the 2 terms which i mention is used only in STATIC ,Dynamic , Overloading NAT.
    Now, My question is :-
    1- if i have this real IP Address assigned by my ISP, 64.202.88.20 , and i have an Internal WEB SERVER inside My Company and the WEB SITE is on it.
    i want to make NAT to let all the People from out side access this Server through NAT it self by http. how can i wrote the IP NAT COMMAND ?
    which one is the OUTSIDE LOCAL ADDRESS & which one is the OUTSIDE GLOBAL ADDRESS ?
    Please Reply .

    Thanks For your reply.
    i have only 2 question here.
    1- this will allow any one from OUTSIDE like internet, when he type in the Browser :-
    ( this IP is assign for example to this Domain www.FAS200.COM ).
    http://www.fas200.com ,
    the Request will come to this Router and there will be a translation from this Real IP address to this Internal IP Address, and the User will Not never know that there was a internal IP. is that correct ?
    2- if i have my Exchange server, and i did the MX record to map to this IP, how the command is ?
    3- what is the meaning of OUTSIDE LOCAL ADDRESS & OUTSIDE GLOBAL ADDRESS ?
    please update me .

  • NAT Pool question

    I have a question on how NAT pools, or sNAT works with ACE in one-arm mode.
    As I understand it, when the client sends the request to ACE, it changes the destination IP to a rServer and source IP to the sNAT address.  When the rServer responds, it sends traffic back through the ACE via the sNat.  How exactly does this work?  I can't ping the sNAT address I configured, so how is the sNAT associated with the ACE in any way?  How does traffic make it's way back to the ACE when the sNAT doesn't seem to be advertised externally in any way.  And one more quick question, should the sNAT be on the rServer subnet or the ACE subnet?  Just trying to understand so we can make good design decisions.

    Tbone,
    When you use SNAT you generally use a nat-pool address that will bring the traffic back to the ACE interface that the traffic left on. In a typical one-armed mode the Nat-pool would be in the same subnet as the ACE interface and rservers.
    If the servers are local to the ACE you usually point the servers default gateway to the SVI or FW interface rather than the ACE. If SNAT is not used the client IP enters the ACE destined to the VIP. ACE will change the destination address to the rserver. Since the original client IP will be seen by the server it will reply to the default gateway. If the ACE does not get the server reply it cannot change the SYN ACK back to the VIP address that the client originally sent the connection to. This would result in a connection failure. When you use SNAT with a Nat-pool that is local to the server it will not use it's gateway but will reply directly back to the ACE since it owns this IP.
    If the servers are not local to the ACE you would want to configure the nat-pool IPs to be local to the interface vlan the traffic egresses to get to the rserver. This way your routing will bring the server reply back to the ACE.
    Let me know if this helps with your understanding or if you have more questions.
    Best regards
    Jim

  • ASA5505 NAT CONFIG QUESTION? OPEN STATIC IP

    8.2
    HI ALL
    Here is my scenerio and I have worked on this with TAC support over the last month, we finally made progress by getting our ISP to activate the 5 static IPs but here is my issue.
    basically we have a VOIP phone that is "remote". This phone needs to come through the Public IP to an internal address of 192.168.10.57.
    We tried only allowing certain "ports" to pass, such as SIP, RTP> but the remote phone still cannot reach the phone server at 192.168.10.57
    So
    I want to open it completely as this phone pc is the ONLY device on that public IP.
    so my 2 questions are.
    what do i need to config as a rule/ command to make this happen. were I want the public IP of 50.x.x.x to corelate directly and openly to the internal of 192.168.10.57?
    Also what is the command to allow the public IP to be pingable? so i can just confirm that it is reachable. I know at the very end we turned it off with a sort of ICMP command.
    Thank you all for your time and help. if you need more info please ask.

    Thank you very much for your help.
    I applied 
    access-list out-in extended permit icmp any host 50.x.x.x
    and now i can ping TY
    But,
    I applied
    static (inside,outside) 50.245.59.98 192.168.10.57 netmask 255.255.255.255
    ANd got this error:
    ciscoasa(config)# static (inside,outside) 50.245.59.98 192.168.10.57 netmask 2$
    ERROR: mapped-address conflict with existing static
      inside:192.168.10.57 to outside:50.245.59.98 netmask 255.255.255.255
    I just want this port "wide open" to see if the remote phone will connect to it.
    here is my edited SH RUN
    ASA Version 8.2(1)
    hostname ciscoasa
    enable password PfdcbR/f90Mel1yp encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.10.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 50.X.X.X 255.255.255.248
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    banner login
    banner login &
    banner login ~
    banner login ***********Warning*******
    banner login
    banner login ^
    ftp mode passive
    access-list out-in extended permit tcp any host 50.X.X.X eq 3462
    access-list out-in extended permit tcp any host 50.X.X.X eq sip
    access-list out-in extended permit tcp any host 40.X.X.X eq ftp-data
    access-list out-in extended permit tcp any host 40.X.X.X eq ftp
    access-list out-in extended permit icmp any host 50.X.X.X
    access-list split standard permit 192.168.10.0 255.255.255.0
    access-list nonat extended permit ip 192.168.10.0 255.255.255.0 192.169.169.0 255.255.255.0
    access-list FTP remark Allow
    access-list FTP extended permit tcp any eq ftp any eq ftp
    access-list FTP extended permit tcp any any eq ftp-data
    pager lines 24
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    ip local pool ippool 192.169.169.1-192.169.169.254 mask 255.255.255.0
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list nonat
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp interface ftp 192.168.10.2 ftp netmask 255.255.255.255
    static (inside,outside) tcp interface ftp-data 192.168.10.2 ftp-data netmask 255.255.255.255
    static (inside,outside) 50.X.X.X 192.168.10.57 netmask 255.255.255.255
    access-group out-in in interface outside
    route outside 0.0.0.0 0.0.0.0 50.X.X.X 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    aaa authentication telnet console LOCAL
    aaa authentication http console LOCAL
    http server enable
    http 0.0.0.0 0.0.0.0 inside
    http 192.168.10.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    sysopt connection timewait
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 inside
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 5
    console timeout 0
    management-access inside
    dhcpd address 192.168.10.50-192.168.10.100 inside
    dhcpd dns 75.75.75.75 75.75.76.76 interface inside
    dhcpd lease 86400 interface inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    enable outside
    svc image disk0:/anyconnect-dart-win-2.5.3041-k9.pkg 1
    svc enable
    port-forward rdpfromsslvpn 5050 50.X.X.X 5050 remote desktop server from ssl vpn
    tunnel-group-list enable
    group-policy RemoteAccess internal
    group-policy RemoteAccess attributes
    banner value *****************************WARNING**********************************
    banner value Access Beyond This Point Requires Prior Authorization from your Network Administrator
    banner value ****************************************************************************
    vpn-tunnel-protocol svc webvpn
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split
    webvpn
      url-list none
      svc ask enable default webvpn
    username aalmonte password m7vzxUlfTDi05gS6 encrypted privilege 0
    username aalmonte attributes
    vpn-group-policy RemoteAccess
    username mmaccormack password IWIdkIPCDtg4CmHR encrypted privilege 0
    username mmaccormack attributes
    vpn-group-policy RemoteAccess
    username lmaccormack password qRsbIpdvRgZhIVS/ encrypted privilege 0
    username lmaccormack attributes
    vpn-group-policy RemoteAccess
    username admin password V8ctuy0OtxmDU4HD encrypted privilege 15
    username rdirkee password mHVkPntgw4LQyh.U encrypted
    username rdirkee attributes
    service-type remote-access
    username wmaccormack password AhNi5Rk6JFlHU9Fy encrypted privilege 0
    username wmaccormack attributes
    vpn-group-policy RemoteAccess
    username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
    username rickg password 46/GVMAZTuz4ywzs encrypted privilege 0
    username rickg attributes
    vpn-group-policy RemoteAccess
    service-type remote-access
    username jgoucher password fMhOfzHeEB1lu9z6 encrypted privilege 0
    username jgoucher attributes
    vpn-group-policy RemoteAccess
    username smaccormack password LCkB1kwdtIbPmtQK encrypted privilege 0
    username smaccormack attributes
    vpn-group-policy RemoteAccess
    username rmaccormack password JG98o0q2ozZeYYrv encrypted privilege 0
    username rmaccormack attributes
    vpn-group-policy RemoteAccess
    username bmaccormack password JTx67mnIFw62G6kx encrypted privilege 0
    username bmaccormack attributes
    vpn-group-policy RemoteAccess
    tunnel-group RemoteAccess type remote-access
    tunnel-group RemoteAccess general-attributes
    address-pool ippool
    default-group-policy RemoteAccess
    tunnel-group RemoteAccess webvpn-attributes
    group-alias RemoteAccess enable
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect icmp
    service-policy global_policy global
    prompt hostname context
    TYVM

  • Time capsule IP settings / NAT / DHCP / questions

    I'm trying to set up a Time Capsule in my apartment, to use as a wireless router with several apple computers. I've been using an Airport Express in the past. I'm having problems setting up the computers to get individual IP addresses, not in conflict with each other, while still receiving the Internet signal.
    My DSL comes with a stable IP address which I have assigned to the Capsule, along with associated subnet mask, router address (the router in the building from the service provider, which is working fine), and DNS server addresses.
    Trouble is, if I set my capsule to assign IPs through DHCP or share a signal IP, it shows blinking amber on reboot. Strangely, as a bridge, with one computer assigned the same IP I'm able to get the internet, but if I want to use more than one computer, I get an error message about IP duplication. I'm also wondering about double NAT (which I'm not as familiar with). ANother question is whether to plug into the WAN or LAN port. The airport setup seems to want me to use the WAN port (and says that no ethernet plugged in there is a problem). Is it?
    Finally, I was wondering if I can use my old airport express to extend my range and/or network a second printer in the other room. Do the two routers need to be connected by an ethernet cable? Can the airport express be remotely set up to use the same network the Time Capsule is plugged into from the wall?
    Many thanks for anybody's help with this.

    The airport setup seems to want me to use the WAN port (and says that no ethernet plugged in there is a problem). Is it?
    Yes you want the DSL modem plugged into the WAN port.
    Does your DSL require PPPoE? If so, after configuring the Time Capsule to get a connection using PPPoE... ensure that you DISABLE PPPoE on each of your computers. Only one device should be handling PPPoE.
    Finally, I was wondering if I can use my old airport express to extend my range and/or network a second printer in the other room.
    Yes as long as you configure the Time Capsule to work in an 802.11g compatible mode AND you configure both the Time Capsule and AirPort Express (AX) to wirelessly connect using WDS.
    Do the two routers need to be connected by an ethernet cable?
    No

  • Nat Type question for PS3 (wrt610N)

    I have the wrt610N on cable internet and am playing Modern Warefare 2 on the PS3. Since day 1 I have had a Type 2 Nat type according to the PS3's internet connection test.  Modern Warfare 2 has a Nat Type indicator on the lobby screen and mine has always said Moderate. 
    Well, after a little research, I forwarded my ports and presto, it said my NAt type was open. Yesterday I accidently unplugged the router and now my lobby screen is saying moderate again.  My ports are still forwarded, so I have no idea what is going on.  Any ideas? 
    Someone suggested that I can just go in the router and set it to open, but this does not sound right.  Also, I was reading some posts on here and noticed people mentioning something about home network defender in the management tab.  I have no such option.  Anyone know why?   
    Solved!
    Go to Solution.

    Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter...Leave Username blank & in Password use admin in lower case...
    On the set-up tab change the MTU Size to 1365 and click Save Settings...Click on "Administration" tab and disable the option UPnP and click Save Settings...Once you return to the set up page click on the Security tab and uncheck Filter Anonymous Internet Requests and click on Save Settings...
    Click on "Applications and Gaming" tab and then click on "Port Range Forwarding" subtab...
    1) On the first line in Application box type in ABC, in the start box type in 80 and End box type in 80, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
    2) On the second line in Application box type in DEF, in the start box type in 443 and End box type in 443, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
    3) On the third line in Application box type in GHI, in the start box type in 5223 and End box type in 5223, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
    4) On the fourth line in Application box type in JKL, in the start box type in 3478 and End box type in 3479, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
    5) On the fifth line in Application box type in MNO, in the start box type in 3658 and End box type in 3658, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
    6) On the sixth line in Application box type in PQR, in the start box type in 10070 and End box type in 10080, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box and click on Save Settings
    7) Now assign the given ip address on your PlayStation ip address :- 192.168.1.20, subnet mask :- 255.255.255.0, default gateway :- 192.168.1.1...
    8) Also assign the dns addresses on the PlayStation Primary dns :- 4.2.2.2...Secondary dns :- 192.168.1.1
    9) Turn off your modem, router, and PlayStation...Wait for a minute...
    10) Plug the modem power first, wait for another minute and plug the router power cable, wait another minute and turn on the PlayStation and test it...
    ** Also reduce the MTU and disable the UPnP on the PS3.

  • NAT/PAT question

    I have a new firewall I am turning up. On the firewall I have 3 dmz interfaces (2 are turned up currently) and an inside interface towards the customers interanl network.
    What I am attempting to do is to send traffic to the customers internal networks 10.0.0.0/8 networks, 172.16.0.0/12 and 192.168.0.0/16 networks without doing any NAT.
    I want to send any INET destined traffic as the PAT address using the inside interface IP of 10.91.13.17 such as google.com. The DMZ source for this communication is 192.168.14.0/27 CETCNET. I've attached a config. I was thinking a NONAT acl and NAT definition and a global definition along these lines:
    object-group network ATK_PRIVATE_NETS
    network 10.0.0.0 255.0.0.0
    network 172.16.0.0 255.240.0.0
    network 192.168.0.0 255.255.0.0
    access-list NONAT_CETC permit ip 192.168.14.0 255.255.255.224 object-group ATK_PRIVATE_NETS
    access-list CETC_INET_NAT permit ip 192.168.14.0 255.255.255.224 any
    nat (CETCNET) 0 access-list NONAT_CETC
    nat (CETCNET) 10 access-list CETC_INET_NAT
    global (inside) 10 interface
    But I still get the feeling I'm missing something. Version is 8.2.(5)29. Looking forward to reading any suggestions anyone might have. I like to keep it simple as possible on firewalls like this.

    Hi,
    Thanks for your response and for your help. I own a Pix too. It works fine. It changes the source port to a port belonging to the port pool.
    But, the Catalyst 6506 doesn't behave as it should. Into the logs, I see that :
    (...) wanted 32838 got 1027 (...)
    Allocated Port for xxx.235.225.25 -> xxx.xxx.84.225: wanted 32840 got 1024
    i: tcp (xxx.235.225.25, 32840) -> (xxx.2.0.36, 21) [27171]
    created edit_context (xxx.235.225.25,32840) -> (xxx.2.0.36,21)
    TCP s=32840->1024, d=21
    where xxx.xxx.84.225 is my NAT address.
    So, Catalyst 6506 tries to keep the source port but it fails. As I look the translation table (show ip nat translation), I see that the source port isn't allocated, so why the Catalyst didn't keep it.
    My big issue is that there's an ACL on a router above my own router. I can't change this ACL which denies any request to tcp port 1025. So, as long as the Catalyst 6506 will NAT on this port, my users won't be able to access to the Internet.
    That's the reason why I do need to find a workaround.
    Thanks for helping.

  • NAT type question.

    Why am I unable to get a NAT type higher then 3 with my Playstation 3, even after putting in the Playstation's IP address into the DMZ. I have also tryed just opening to correct ports to the port range forward to know avail.

    Upgrade the firmware on the router to the latest version. It will work fine.

  • ASA5510 NAT configuration question

    Hello friends...
    I have 30 IP cameras with a private IP address:
    10.1.1.1 – 10.1.1.30
    I have a Cisco ASA 5510 firewall.
    I want to be able to use one public IP address, example, 50.50.50.50
    With a specific port to go to a different internal camera,
    Example
    50.50.50.50:3001 should be NATTED to camera 10.1.1.1
    50.50.50.50:3002 should be NATTED to camera 10.1.1.2
    50.50.50.50:3003 should be NATTED to camera 10.1.1.3
    50.50.50.50:3004 should be NATTED to camera 10.1.1.4
    Etc…
    How do I do this? I know how to create NAT… just not like this, please help!!
    Any help is greatly appreciated.
    Thanks
    David

    Hi,
    No worries.
    static (inside,outside) tcp 50.50.50.50 3001 10.1.1.1 80
    static (inside,outside) tcp 50.50.50.50 3002 10.1.1.2 80
    static (inside,outside) tcp 50.50.50.50 3003 10.1.1.3 80
    static (inside,outside) tcp 50.50.50.50 3004 10.1.1.4 80
    static (inside,outside) tcp 50.50.50.50 3005 10.1.1.5 80
    Dan

  • Time Capsule with Double NAT status - Question.

    Hi all.. would appreciate some advice.
    I have a Time capsule set to DHCP/NAT.
    I have a second Airport extreme connected to TC via eithernet (about 100 yards away) set to Bridge to further my signal on a big property.
    I have several Aiport Expresses for Airplay only.
    I recently called Apple and they told me to set my TC to DHCP/NAT and chose ignore.
    I had problems with my computers connecting to the internet (they connected to my network, but not internet.  Or occasionally I would get errors on my MBP that said could not connect this IP address is used by another device).  It was sporatic.  Apple told me this was likely because I have 20-30 wifi devices in my house and my ISP is not providing enough IP addresses.  They told me that DHCP/NAT makes my TC 'be in charge' of these IP addresses.
    I am using Frontier service.  Modem from Frontier is Netgear B90 - 755044 - 15.
    When I set up this modem, I turned the wifi portion off.  And currently the wireless light on the modem doesn't ever blink, so I believe it is off.
    So why am I getting the Double NAT error since my Modem appears to have the wifi portion turned off?
    Thank you very much!

    Thanks again Bob!
    I called Frontier... they refused to show me how to put my modem/router in Bridge mode.  Hypothentically, if I did that, would that solve this problem?  Sounds like it would.  They said they won't show me how to do it because they use PPPoE or something and if I put into bridge mode I won't get internet access.  Is that true?  They only use bridge mode for businesse they said.
    I never wanted a modem/router.... I wish I only had a modem! .  Maybe I will call them back and ask only for a modem.  Good idea.
    Attaching a screen shots below.
    If I go into My connection at the top, hit Edit.... no where in there is a bridge option.
    If I go to that green Enabled one under VC's... where it says PPPoE, there is a selection to choose Bridge.
    See below.
    But I'm too chicken and I don't know if that is the answer or not.
    Thougths?
    Thanks again Bob!

  • Airport express and Negear adsl router

    I have a wi-fi netgear dg834g adsl router, which is connected to internet; my imac has not an airport card so it connects to the router with the ethernet port. Now, I have the airport express: what i'd like to do, is to connect my playstation (or pc) to the ethernet port of the airport express, but in another room. The poin is, Airport as to act as Wds and i know my router doesn't support it: but, if I buy another adsl router, or I add another access point to my router which supports wds, will it work? Cause on Apple support it seems you have to youse an airport base station only to do that. That would be crazy!

    This is in the faq:
    # Question: Can AirPort Express be used for a Wireless Distribution System (WDS)?
    Answer: Yes. AirPort Express can be a WDS main, remote, or relay station. It can function as a WDS main whether or not you are using it as a router to share your Internet connection (NAT).
    # Question: Can networkable game consoles and digital video recorders join my network via AirPort Express?
    Answer: Yes, if you have the proper network adapters for your devices and have set them up properly. They can connect wirelessly when AirPort Express is your only base station or when it's in WDS mode. They can connect via wire when AirPort Express is a WDS remote (the reason for this is described in the next question). They cannot connect either way when AirPort Express is in client mode.
    # Question: Since AirPort Express only has one Ethernet port, does it act as a LAN port, WAN port, or both?
    Answer: Depending on how you have it set up, the Ethernet port can function as a LAN port (defined as either simple bridging or sharing your Internet connection via network address translation) or a WAN port (connecting to your broadband Internet service provider or upstream router). However, it never acts as both simultaneously in the way that the original AirPort Base Station (Graphite) can. When the AirPort Express is using network address translation, the Ethernet port acts as a WAN port. When it is set up as a WDS remote station, it can act as a LAN port. Assuming that your Internet service provider only gives you one IP address (the most common scenario for homes), this means that AirPort Express can only accommodate wired clients when acting as a WDS remote base station or bridge. Therefore, if you need to support wired clients and only want to get one base station (or router, as it's the routing capacity of AirPort Express that is relevant here), you should get the AirPort Extreme Base Station instead.
    so maybe i'm right,but I want to be sure

  • Dbms_output.put_line in this query

    I want to put a  dbms_output.put_line in this query so it will give my the property_id is checking first in the PM_EXCHANGE_PROPERTY_PRIORITY
    (its part of a more bigger procedure)
    dbms_output.put_line('RESORT ID  one=> '||rci_dep_rec.resort_id);
            with    
                base_prop as (                                
                    select /*+ MATERIALIZE */ property_id, priority
                    from   PM_EXCHANGE_PROPERTY_PRIORITY ppp
                    where  ppp.exchange_affiliation = 'RCI'
                    and    ppp.master_property_id in (select ppp2.master_property_id
                                                                 from   P_PM_PROPERTY ppp1, PM_EXCHANGE_PROPERTY_PRIORITY ppp2
                                                                 where  ppp1.rci_id_number = rci_dep_rec.resort_id
                                                                 and    ppp1.property_active = 'Y'
                                                                and    ppp1.exchange_affiliation = ppp.exchange_affiliation
                                                                 and    ppp2.property_id = ppp1.property_id)
                    union
                    select property_id, 99999
                    from   P_PM_PROPERTY ppp
                    where  ppp.rci_id_number = rci_dep_rec.resort_id
                    and    ppp.property_active = 'Y'
                    and    not exists (select 1 from PM_EXCHANGE_PROPERTY_PRIORITY ppp1 where ppp1.property_id = ppp.property_id)
                    order by 2
            select pput.pm_unit_type_id
          bulk collect into pm_unit_type_ids
           from   P_PM_UNIT_TYPE pput, S_PM_EXCHANGE_MAPPING spem, base_prop bp
           where  spem.exchange_affiliation = 'RCI'
           and    spem.resortcode = rci_dep_rec.resort_id
           and    ((spem.unitnumber = rci_dep_rec.unit_no and rci_dep_rec.resv_type = 'WEEKS')
                  or  (spem.unitnumber = rci_dep_rec.unit_type and rci_dep_rec.resv_type = 'POINTS'))
           and    rci_dep_rec.start_dt between spem.begin_date and spem.end_date
           and    pput.property_id = spem.property_id
           and    pput.pm_unit_type_active = 'Y'
           and    instr(spem.unittypecode, pput.pm_unit_type) > 0
           and    spem.property_id = bp.property_id
           ORDER BY bp.priority,pput.pm_unit_type_priority;
        end;
         dbms_output.put_line('RESORT ID => '||rci_dep_rec.resort_id);
    but im not sure where i can put ii, i have it to give my the resort_id
    i want to know which one the property_id is checking first, there is only two , one has a higher priority
    for example if i hardcoded it
    select /*+ MATERIALIZE */ property_id, priority
                    from   PM_EXCHANGE_PROPERTY_PRIORITY ppp
                    where  ppp.exchange_affiliation = 'EZY'
                    and    ppp.master_property_id in (select ppp2.master_property_id
                                                                 from   P_PM_PROPERTY ppp1, PM_EXCHANGE_PROPERTY_PRIORITY ppp2
                                                                 where  ppp1.rci_id_number = '8789'
                                                                 and    ppp1.property_active = 'Y'
                                                                and    ppp1.exchange_affiliation = 'RCI,II'
                                                                 and    ppp2.property_id = 'VDG')
            union
                    select property_id, 99999
                    from   P_PM_PROPERTY ppp
                    where  ppp.rci_id_number ='8789'
                    and    ppp.property_active = 'Y'
                    and    not exists (select 1 from PM_EXCHANGE_PROPERTY_PRIORITY ppp1 where ppp1.property_id = 'VDG')
                    order by 2 
    i would get this
       PROPERTY_ID|PRIORITY
        VDR         |1
        VDG         |2
    thanks for help or tips

    Hi Nat,
    Your question is not very clear (other wise you would have an answer from this forum by now).
    What you are showing is an SQL (which is part of bigger picture). Bigger picture is important. Is it a PL/SQL procedure or function?
    DBMS_OUTPUT.PUTLINE is a procedures call, that can be called in PL/SQL. What you have shown us is a SQL from within the PL/SQL.
    Please do NOT paste a larger piece of code.
    The place where you ave shown the DBMSOUTPUT.PUT_LINE seems correct.
    However,
    You said
    but im not sure where i can put ii, i have it to give my the resort_id
    i want to know which one the property_id is checking first, there is only two , one has a higher priority
    The sequence in which rows are processed does NOT matter in SQL and there is no such thing as "checking first". ALL the rows that satisfy the criteria. Since you have ORDER BY the rows will be returned in that order.
    Please explain what problem you are trying to solve.
    Whenever you have a problem, please post a little sample data (CREATE TABLE and INSERT statements, relevant columns only) from all tables involved, so that the people who want to help you can re-create the problem and test their ideas.
    Also post the results you want from that data, and an explanation of how you get those results from that data, with specific examples.
    Always say which version of Oracle you're using (for example, 11.2.0.2.0).
    See the forum FAQ: https://forums.oracle.com/message/9362002
    Hope this helps.
    vr,
    Sudhakar

  • I can't send iTunes gift cards it says i need to contact customer support to complete my transaction

    PLEASE HELP

    Apple is not here. Apple does nat answer questions here.
    Conact customer support as you were instructed.
    iTunes Support -
    http://www.apple.com/support/itunes/

  • Cisco ASA Site to Site IPSEC VPN and NAT question

    Hi Folks,
    I have a question regarding both Site to Site IPSEC VPN and NAT. Basically what I want to achieve is to do the following:
    ASA2  is at HQ and ASA1 is a remote site. I have no problem setting up a  static static Site to Site IPSEC VPN between sites. Hosts residing at  10.1.0.0/16 are able to communicate with hosts at 192.168.1.0/24, but  what i want is to setup NAT with IPSEC VPN so that host at 10.1.0.0/16  will communicate with hosts at 192.168.1.0/24 with translated addresses
    Just an example:
    Host N2 (10.1.0.1/16) will communicate with host N1 192.168.1.5 with  destination lets say 10.23.1.5 not 192.168.1.5 (Notice the last octet  should be the same in this case .5)
    The same  translation for the rest of the communication (Host N2 pings host N3  destination ip 10.23.1.6 not 192.168.1.6. again last octet is the same)
    It sounds a bit confusing for me but i have seen this type of setup  before when I worked for managed service provider where we had  connection to our clients (Site to Site Ipsec VPN with NAT, not sure how  it was setup)
    Basically we were communicating  with client hosts over site to site VPN but their real addresses were  hidden and we were using translated address as mentioned above  10.23.1.0/24 instead of (real) 192.168.1.0/24, last octet should be the  same.
    Appreciate if someone can shed some light on it.

    Hi,
    Ok so were going with the older NAT configuration format
    To me it seems you could do the following:
    Configure the ASA1 with Static Policy NAT 
    access-list L2LVPN-POLICYNAT permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0
    static (inside,outside) 10.23.1.0 access-list L2LVPN-POLICYNAT
    Because the above is a Static Policy NAT it means that the translation will only be done when the destination network is 10.1.0.0/16
    If you for example have a basic PAT configuration for inside -> outside traffic, the above NAT configuration and the actual PAT configuration wont interfere with eachother
    On ASA2 side you can normally configure NAT0 / NAT Exemption for the 10.1.0.0/16 network 
    access-list INSIDE-NONAT remark L2LVPN NONAT
    access-list INSIDE-NONAT permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
    nat (inside) 0 access-list INSIDE-NONAT
    You will have to take into consideration that your access-list defining the L2L-VPN encrypted traffic must reflect the new NAT network 
    ASA1: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.23.1.0 255.255.255.0 10.1.0.0 255.255.0.0
    ASA2: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
    I could test this setup tomorrow at work but let me know if it works out.
    Please rate if it was helpful
    - Jouni

  • ASA IPsec Remote Access VPN | NAT Question

    We have a situation where a company that needs remote VPN access to our network is having an IP conflict with our subnet.  I know this is a common issue and can often be resolved on the client side by changing the metirc on the network interface, but I am looking for a better solution on our end so I do not have to suggest workarounds.
    Part of the problem is likely that our subnet is "too big", but I'm not going to be changing that now.
    We are using 10.0.0.0/24 and the remote is using 10.0.11.0/24 and 10.1.0.0./16
    I played around with some NAT rules and feel that I am missing something  I am looking for suggestions, please.
    Thank you.

    Hi,
    This depends on your ASA firewalls software version and partly on its current NAT configurations.
    I presume the following
    Interfaces "inside" and "outside"
    VPN Pool network of 10.10.100.0/24 (or some 192/172 network)
    Software 8.2 and below
    access-list VPN-POLICYNAT remark Static Policy NAT for VPN Client
    access-list VPN-POLICYNAT permit ip 10.0.0.0 255.255.255.0 10.10.100.0 255.255.255.0
    static (inside,outside) 192.168.10.0 access-list VPN-POLICYNAT
    Key things to keep in mind with this software level is that if any of our internal hosts on the network 10.0.0.0/24 also have a "static" configuration that binds their local IP address to a public IP address then you might have to insert the above configuration and then remove the original "static" command and enter it back again.
    This will change the order or the "static" commands so that the original "static" command wont override this new configuration as they are processed in order they are inserted to the configuration. The remove/add part is just to change their order in the configuration
    Software 8.3 and above
    object network LAN
    subnet 10.0.0.0 255.255.255.0
    object network LAN-VPN
    subnet 192.168.10.0 255.255.255.0
    object-group network VPN-POOL
    subnet 10.10.100.0 255.255.255.0
    nat (inside,outside) 1 source static LAN LAN-VPN destination static VPN-POOL VPN-POOL
    In the above configuration we do the same as in the older software versions configuration but we have the number "1" in the "nat" configuration which places it at the very top of your NAT configurations and therefore it applies. No need to remove any existing configuration and enter them again like in the old software
    In addition to the above NAT configuration you naturally have to make sure that the traffic to the NATed LAN network goes to the VPN. So if using Split Tunnel the NAT network needs to be added to the VPN ACL. If using Full Tunnel then naturally everything should already be coming through the VPN. I imagine though that you are using Split Tunnel, or?
    Hope this helps
    Please do remember to mark a reply as the correct answer if it answered your question.
    Feel free to ask more if needed
    - Jouni

Maybe you are looking for

  • CATT for Creation of transfer orders

    Hi, Can anyone tell me what exactly is the procedure for creating a user executable CATT for creation of multiple transfer orders (Transaction code LT01). Please treat this as urgent. Regards, Surya

  • Web gallery and aol browser

    my parents using a pc cannot access our pictures uploaded using the aol browser - is web gallert not compatible with the aol browser? o

  • How get window between selection screen and alv output

    Hi Friends, I am displaying ALV report now i want to display small window with one button and it should show list of fields before displaying alv output. means i want a window showing list of fields of internal table coming from program.and when i wi

  • LovInput

    sorry about the repost but my previous posts were under the name LOV field and this may cause misunderstandings as the text in the message refers to the lovInput. please bare with the inconvenience. here is the problem again I used the <lovInput> tag

  • PowerShell: Want to get the length of the string in output

    Hi All, I am typing this but it is not working. Does anyone know what I could be doing wrong. The command I wrote is:                      GCI -file  | foreach {$_.name} | sort-object length | format-table name, length But it is not working. I am exp