Nat in Cisco 4900M device

Hi there
Do you know if it´s possible to configure NAT in a Cisco 4900M device?, Is it possible upgrading the IOS version? or we only can do it with a Cisco 6500 device
Version 15.0(2)SG, RELEASE SOFTWARE (fc4)

Layer 3 switches, except for the 7200, will NEVER support NAT.  Period.

Similar Messages

  • Is it recommend to have a vulnerability scan for Cisco ASA device.

    Dear everyone. 
    I have a doubt on vulnerability scan for Cisco ASA device. Currently we have a vulnerability for network devices include firewall. But after run the vulnerability scan for cisco ASA, found nothing show in the scan report. 
    Is it recommend to have a vulnerability scan for Cisco ASA and will it be defeat the purpose of firewall?

    Do I understand are you asking can you configure the ASA to allow an external user run a scan against the internal network?
    If so, the answer is generally no. The ASA will, by default, not allow any inbound connections (or attempted connections) that are not explicitly allowed in an inbound access-list (applied to the outside interface). In most cases there would also need to be network address translation (NAT) rules configured.
    If you had a remote access VPN, you could allow the external scanner to log in via that, Then they would then have the necessary access to scan the internal systems (assuming the VPN granted access to all the internal networks)

  • Azure multiple site-to-site VPNs (dynamic gateway) with Cisco ASA devices

    Hello
    I've been experimenting with moving certain on-premise servers to Azure however they would need a site-to-site VPN link to our many branch sites e.g. monitoring of nodes.
    The documentation says I need to configure a dynamic gateway to have multiple site-to-site VPNs. This is not a problem for our typical Cisco ISR's. However three of our key sites use Cisco ASA devices which are listed as 'Not Compatible' with dynamic routing.
    So I am stuck...
    What options are available to me? Is there any sort of tweak-configuration to make a Cisco ASA work with Azure and dynamic routing?
    I was hoping Azure's VPN solution would be very flexible.
    Thanks

    Hello RTF_Admin,
    1. Which is the Series of CISCO ASA device you are using?
    Thank you for your interest in Windows Azure. The Dynamic routing is not supported for the Cisco ASA family of devices.
    Unfortunately, a dynamic routing VPN gateway is required for Multi-Site VPN, VNet to VNet, and Point-to-Site.
    However, you should be able to setup a site-to-site VPN with Cisco ASA 5505 series security appliance as demonstrated in this blog:
    Step-By-Step: Create a Site-to-Site VPN between your network and Azure
    http://blogs.technet.com/b/canitpro/archive/2013/10/09/step-by-step-create-a-site-to-site-vpn-between-your-network-and-azure.aspx
    You can refer to this article for Cisco ASA templates for Static routing:
    http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx
    If your requirement is only for Multi-Site VPN then there is no option but to upgrade the device as Multisite VPN requires dyanmic routing and unfortunately there is no tweak or workaround due to hardware compatibility issue.
    I hope that this information is helpful
    Thanks,
    Syed Irfan Hussain

  • Cisco Prime device challenge

    How do I connect via server console to cisco prime infrastructure?
    I can ssh and telnet to it.
    What happens if the CPI is  not  pingable?
    Kindly revert,
    Regards,
    Tioluwani

    Please see a description of the issue below as regarding my first discussion above
    a description of the problem(s)I am facing with the Cisco Prime device.
    I can't connect to it via the web management interface
    It takes several attempts to boot the device... most cases it hangs in the initial stages of booting. At times it is able to boot into console mode. 
    ​I would appreciate if someone could come and look at the device
    Regards,
    Tioluwani.

  • Cisco 4900M integrated X2 ports, CVR-X2-SFP10G and SFP-10G-SR

    Hi,
    We are going to order two(2) cisco 4900M switches for core and twelve (12) 2960S switches for access (4 stacks with 3 switches each), connected to the core with 10G MM optical paths (up to 300M each).  In addition I have one gigabit half-card but it is not related to my questions here. Please see my attached diagram.
    So my questions are:
    1. Point 1.Can we use integrated eight X2 ports of every of the both 4900M switches as plugging into four of them four convertors CVR-X2-SFP10G and to plug on every of the convertors sfp tranceivers SFP-10G-SR - as it is described on the diagram, or I need for something more in addition to described? I found only some minimum soft releases to use as requirement to use these convertors and sfp tranceivers, but is there something additional I need?
    Note:I'm asking that because Dynamic Conf Tool doesn't give me to do such configuration, actually these convertors and SFPs are missing there at all, but it sometimes happens with some products...  In documentation it is described this should work (if I didn't pass something which is my main consern and why I'm asking here).
    2.Point 3.If this shouldn't work, the other alternative (not described in my diagram) is to use X2-10GB-SR modules without any SFPs - just ot use SC connectors for the optical cables instead of LC. So my question in that case is will 10G links work between X2-10GB-SR at one side and SFP-10G-SR at the other side where I have 2960S switches and this is the only option? Is is expected to have some problems in that scenario?
    Note:Actually if Point 1 is workable I prefer to use it instead of Point 2 because of minor price optimization when using SFPs with convertors in comparisson to X2-10GB-SR.
    3. If the both variants are possible, which one is preffered and why, what advantages does it have (for example low latency of something else)?
    Thank You in Advance
    Asen

    Just for your information, a fiber link does not care if one end of the fiber has an GBIC (SC-type connector) and the other end has a SFP (LC-type of connector); or any other transceiver footprint (X2, CFP, etc.)..  The thing that is important is that each module is the same specification, and matches the fiber type and link length of the network (10GBASE-SX in this example).
    Good luck.

  • Cisco PIX Device Manager Version 3.0(2)

    Hi
    I have a PIX 515E:
    Cisco PIX Firewall Version 6.3(4)
    Cisco PIX Device Manager Version 3.0(2)
    Compiled on Fri 02-Jul-04 00:07 by morlee
    CCP-Firewall001 up 2 years 65 days
    Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz
    Flash E28F128J3 @ 0x300, 16MB
    BIOS Flash AM29F400B @ 0xfffd8000, 32KB
    0: ethernet0: address is 0012.80be.450d, irq 10
    1: ethernet1: address is 0012.80be.450e, irq 11
    Licensed Features:
    Failover: Disabled
    VPN-DES: Enabled
    VPN-3DES-AES: Disabled
    Maximum Physical Interfaces: 3
    Maximum Interfaces: 5
    Cut-through Proxy: Enabled
    Guards: Enabled
    URL-filtering: Enabled
    Inside Hosts: Unlimited
    <--- More ---> Throughput: Unlimited
    IKE peers: Unlimited
    This PIX has a Restricted (R) license.
    Serial Number: 808480455 (0x30306ec7)
    Running Activation Key: 0xac646fed 0xf8b86795 0xc3951ec2 0xb32aed09
    It's operate with Java plug in 1.4.1 y I have a PC with IE 7 and Plug in 1.6.0 y doesn't download the PDM.
    Are there a solution for it?

    Try Disable Java on Internet Options. This issue oculd be releated to Java version also.

  • Cisco View Device Manager

    Hi,
    is there anybody who can tell me how to bring the Cisco View Device manager for 6500er up? I've installed the CVDM V.1.1 in the bootflash of my 6500er, IOS version is 12.2(18)SXF4 enterprise services. Installed java on the client is v.1.4.2_06. After launching the CVDM whithout proxy settings the windows starts gathering information, after a few seconds it stops with an error "java.lang.NullPointerException". This failure appeared with Mozilla 2.0.0.8 and IE 6.0, on the 6500er all vty lines are idle. Is anybody here who can help to solve the problem?

    Here the text from the readme file; try to get the zip-file via the Bug-Id:
    09-December-2005
    This patch provides fix for the following bug:
    CSCsc10956 - CVDM 1.1 does not work with 12.2(18)SXF
    SUPPORTED IOS VERSION:
    12.2(18)SXF
    SIZE:
    5,593,057 Bytes
    DOWNLOADING AND MOVING FILES TO TFTP SERVER:
    cvdm-c6500-1.1-CSCsc10956.zip contains the following two files
    * cvdm-c6500-1.1.tar and
    * cvdm-c6500-1.1_K9.tar (for Cisco IOS Cryptographic software)
    Unzip cvdm-c6500-1.1-CSCsc10956.zip and copy one of the tar files to a TFTP server
    Make sure to enter filenames exactly as they appear; (filenames are case-sensitive).
    TRANSFERRING FILES TO YOUR SWITCH:
    Step 1 : Access the switch CLI using a Telnet connection or the console port.
    Step 2 : Transfer the files from the TFTP server to the bootflash of the switch. Issue
    the following command:
    # archive tar /xtract tftp:// / bootflash:
    where is the filename of the CVDM-C6500 tar file you want to install
    and is the IP address of the TFTP server. Make sure to enter filenames
    exactly as they appear (filenames are case-sensitive). Make sure you are not in
    configuration mode when issuing the archive command.
    Step 3 : If you are not in configuration mode, issue the following command:
    # configure terminal
    Step 4 : Set HTTP server and path. For example:
    # ip http path bootflash:
    Please refer cvdm-c6500-1_1_readme.pdf in http://www.cisco.com/cgi-bin/tablebuild.pl/cvdm-6k for
    further details on CVDM-C6500.

  • Power Cable for Cisco 4900M in China

    Hello,
    Recently I want place to place an order for Cisco  4900M switch for a project in China. But I couldn't find the part number  for the power cable in this country. The nearest country I could find is  CAB-AS3112-C15-AU which is Australia.
    Please advise it would alright if I use this part number....
    Thanks,

    You can read on the Internet how the Chinese sockets are made, and order an compatible cable.

  • HP DAC Copper Cable with Cisco 4900M

    We have HP C7000/VC-Flex 10 Module  that I would like to connect to our Netapps NFS datastore.  The Cisco  switch that I will be using between HP Flex-10 and Netapps is Cisco  4900M.  I have a HP cable AP784A direct attach copper SFP+ to SFP+.   Which module I need to purchase and insert into my 4900M to support 10Gb  connectivity via HP DAC 10Gb cable.
    Please Advise!

    You need
    4900M 4 port 10GE half card with X2 interfaces (WS-X4904-10GE)
        OR
    4900M 8 port 10GE half card with X2 interfaces (WS-X4908-10GE)
    WITH
    Cisco OneX Converter Module Converts an X2 Interface into One SFP+ Interface (CVR-X2-SFP10G)
    I would recommend you to use following DAC cables from Cisco.
    • SFP-H10GB-CU1M: 10GBASE-CU SFP+ Cable 1 meter (Version -02)
    • SFP-H10GB-CU3M: 10GBASE-CU SFP+ Cable 3 meter (Version -02)
    • SFP-H10GB-CU5M: 10GBASE-CU SFP+ Cable 5 meter (Version -02)

  • DAC cable between HP Flex-10 and Cisco 4900M

    We have HP C7000/VC-Flex 10 Module that I would like to connect to our Netapps NFS datastore.  The Cisco switch that I will be using between HP Flex-10 and Netapps is Cisco 4900M.  I have a HP cable AP784A direct attach copper SFP+ to SFP+.  Which module I need to purchase and insert into my 4900M to support 10Gb connectivity via HP DAC 10Gb cable.
    Please Advise!

    You need
    4900M 4 port 10GE half card with X2 interfaces (WS-X4904-10GE)
        OR
    4900M 8 port 10GE half card with X2 interfaces (WS-X4908-10GE)
    WITH
    Cisco OneX Converter Module Converts an X2 Interface into One SFP+ Interface (CVR-X2-SFP10G)
    I would recommend you to use following DAC cables from Cisco.
    • SFP-H10GB-CU1M: 10GBASE-CU SFP+ Cable 1 meter (Version -02)
    • SFP-H10GB-CU3M: 10GBASE-CU SFP+ Cable 3 meter (Version -02)
    • SFP-H10GB-CU5M: 10GBASE-CU SFP+ Cable 5 meter (Version -02)

  • Cannot access share.acrobat using cisco proxy device

    I have a user who has successfully uploaded a document to share, but is unable to access the resulting shared document e.g through a link like this one: https://share.acrobat.com/adc/document.do?docid=8e9f16eb-42f8-49d0-94a8-2013000eveec , (I have deliberately changed a couple of letters in this link)
    The user gets the error message: 'Internet Explorer Cannot Display the webpage'. The address bar shows the link url.
    I can repeat this behaviour and think I have narrorwed it down to an interaction between our cisco proxy device and acrobat.com.
    As the user can successfully navigate other parts of the site, is there some different coding using in the 'shared document' area that the other areas of the site doesn't use?
    Has anyone else experienced or reported with type of issue??
    Any suggestions appreciated,
    Nick

    Hi Michelle,
    I'm afraid my previous post was misleading!
    I managed to get to the login page (https://www.acrobat.com/#/share/HaveAdobeID and https://www.acrobat.com/#/share/ShareBegin) when I was trying IE6, and got over-enthusiastic.
    When I double-checked, I again get 'the page cannot be displayed' as I try and log in (https://share.acrobat.com/?app=share). DOH!
    I tried adding share.acrobat.com to trusted sites in both IE6 and 7 as you suggest, and also adding *.acrobat.com
    I have tried the site on IE 6 and 7, using Vista and XP. Unfortunately the only common thing seems to be our Cisco content engine and those TCP_CLIENT_REFRESH logs I mentioned before.
    Thanks very much for trying to help,
    Salty

  • Enable "linemode" on Cisco IOS device

    Hi Experts,
    I would like to monitor some telnet traffic with a tcpdump/wireshark. As I know because of the mode between Telnet Client and Telnet Server these "double-characters" appears (when client type something):
    From Cisco device we can connect to another device in line mode with a command like this:
    connect 10.0.0.1 /line
    But is there a way to use this option on all my VTY lines, on my AccessServer (2811 router)?

    Hi,
    There isn't any specific command to activate a tunnel using 3DES and the only thing is, the isakmp and ipsec policies should match on both the sides, which you are already aware of.
    Regards,
    Arul

  • Adding a cisco pix device to CSM 3.3

    I've been trying to add a cisco pix6.3 to a New CSM 3.3 server and it complains that my credentials are bogus, I can log in to the pix's PDM using the same credentials so I'm stumped, Is there a way that I can get a better idea of what is happening under the hood? I tried a debug and the server is clearly hitting the pix and it is responding but no go.
    I figured it out, the csm was set to use the users login credentials instead of the device credentials.

    Try Disable Java on Internet Options. This issue oculd be releated to Java version also.

  • Non CISCO unknown devices are being discovered in LMS

    Hi!
    I have had no problem with discovery which was used on cdp basis so far.
    Now the CDP packets do not arrive via new MPLS backbone network.  I have to use the "ping sweep feature in IP range" feature. I had to enter more than 400 subnet from file before there are more than 400 branches. ( etc. 10.31-9.1-50.252 255.255.255.252 )
    I have experienced two problems
    1. The discovery never end ( now this is not important ) :-)
    2. The common services -- device management shows discovered unknown devices whose ip addresses out side the range what are entered by me in the ping sweep range and theirs OID is not CISCO.
    (  1.3.6.1.4.1.2001.1.1.1.1  ,  1.3.6.1.4.1.11.2.3.9.1  ,  1.3.6.1.4.1.674.10892.2  , 1.3.6.1.4.1.18334.1.1.1.2.1.7.1.2 and even more )
    Due to more than 300 unknown devices the LMS device number is beyond the license number!!!!!
    Our questions.
    Why does lms add the unknown devices ( non cisco devices ) to the inventory ?
    How could lms discover  these devices ??? ) ( theirs IP are out of ping sweep range and non cdp capable devices )
    Thanks in advance!

    Thank you!
    The unknown devices were in unreachable state and they were added to DCR.
    I don't use include or exclude filter what were referred by bug.
    In spite of i use seed device list from file the LMS ping sweep debug log shows that LMS try to ping other IP addresses!!!!
    You're right, it is not normally operation may be TAC will be needed to  solve it.
    ( whether who tested it ?)
    Regards,

  • Configuring PAT/NAT in cisco routers

    hello, first sorry for my bad english
    i just wanted to know how configuring PAT (port address translation)
    like this :?
    amir(config)#ip nat inside source static tcp 192.168.1.1 1000 172.16.1.1 1000
    or not?
    2nd question i have is:
    when i need to write: "ip nat inside source"... and when i need to write "ip nat outside" ..
    and the last question for now is:
    how i can (if that's possible) to configure dynamic PAT - I mean that any computer on my LAN will go out to the internet with the same address but with diffrent ports - in random mode.(i mean without configuring static one by one)
    i hope i was clear enough, tanks a lot!

    Hi Tiger,
    1) Yes your first statement is a static PAT statement which will say source ip with source port 1000 is translated to 172.16.1.1 with same port number but yes it is a static PAT entry.
    2) Coming to your 2nd question
    "ip nat inside source" is a global config command which says any traffic which hits the inside interface nat the source ip address.
    "ip nat inside" is a interface mode command which should be done going to any interface. This command specifies which will be an inside interface which will nat the incoming traffic.
    3) Coming to your last question
    For dynamic PAT you just need to configure overload command at the end of your nat statement.
    This link will give you a very broad and nice picture of how NAT can be configured in different situation
    http://www.cisco.com/warp/public/556/12.html#6
    HTH
    Ankur

Maybe you are looking for

  • Is this a JOGL bug with GLJPanel, a driver problem, or what?

    I've been trying to eliminate a problem I've been experiencing with my WorldWind Java (WWJ) application and I think I've finally taken a step torward finding the root cause, but I'm not sure whose problem it is yet or who to report it to, so I though

  • My wife deleted my bookmarks, is there a way to recover them

    Ok so my wife and I share an apple ID. We share it on the both Iphones and both Mac Book Pro's. She ws on her computer today and deleted all the bookmarks that weren't hers. So when i fire up my Mac Book none of my bookmarks are there. Please tell me

  • Trouble with imessage

    My iMessage works correctly with all of my contacts (that have an iphone/imessage) except for one. The one that it doesn't work for does definitely have an iphone and has imessage set up. It was working before but now it isn't. Why does it only not w

  • Macbook pro will not pair with Vizio sound bar.

    Macbook will not pair with Vizio sound bar. It has paired and worked fine in the past. in the menu bar at the top of the screen it says it is connected but it is not. when I open the bluetooth preferences and try to pair it says pairing failed. any h

  • Problem in adobe offline forms

    Hi All, I am developing an application on Adobe Interactive Forms. I am working on the example given in SDN online, offline with file upload.  Online Scenario is working fine and i could able to get the data even from back end executing BAPI. But pro