PAT between 2 networks on same interface
Hi,
I'm using asa 5505 with 8.4(2) and have the following problem.
I have 2 Networks. each Network has it's own externel Internet-Ip and also Mail-Server.
Here is the example:
Network1:
192.168.1.0/24
Mail-Server: 192.168.1.10
External: 1.1.1.1
Network2:
192.168.2.0/24
Mail-Server: 192.168.2.10
External: 2.2.2.2
Both Networks are connectet through a routing-network to the asa
interface: routed
net: 10.10.10.0/24
Now I want a communication between the two Mailservers with their external Ip-Address.
I did a static NAT from ipnt any to int any or also from int routed to int routed, but nothing worked.
Packet tracer showed at NAT-Lookup where the externel adress of the second Mailserver is passed:
Info
Static translate Network1 to Network1
But it should show a translation from network1 to network1-external
Due to Security reasons, I cannot paste the whole config. I hope the example tells enough about my Problem.
Under 8.0 I did the same configuration with Policy-Nat and it worked.
Thanks for help
Sent from Cisco Technical Support iPad App
Hello Roman,
1-Are they behind the same interface?
2-Can you explain a little bit better your network? A diagram would be great
Can you try this:
Object network Server-inside
host: 192.168.1.10
Object network: Server-secondary
host: 192.168.2.10
Object network Natted-inside
host 1.1.1.1
Object network Natted-secondary_server
host 2.2.2.2
Same-security permit intra-interface
nat (routed,routed) source static Server-inside Natted-inside destination static Server-secondary Natted-secondary_server
nat (routed,routed) source static Server-secondary Natted-secondary_server destination static Server-inside Natted-inside
Regards,
Julio
Similar Messages
-
It seems that the new version of iPhoto will no longer share photos between computers on the same network. Can anyone confirm this?
lovinmymac wrote:
I have "automatically create previews" in the preferences UNCHECKED. Why is Aperture creating previews? For the screen image?
You might also need to turn Preview generation off for any existing Projects. Select the Project in the Projects pane and use the cog button at the top of the pane to uncheck 'Maintain Previews For Project'.
Ian -
Communication between thread in the same process using file interface.
Hi,
I am developing driver and i need to communicate between two thread.
>can anyone guide me on implementing communication between two thread in the same process using File Interface. First thread will be driver and second will be application.I need to send IOCTL like commands using File interface ie is WriteFile(),ReadFile()
from Host process to driver through file-interface(which run's in driver context).Host process should not be blocked for the duration of the driver to process the command.
>File-interface will run in driver context and it will be responsible to receive command from application and pass it to the driver.
what are the complexity introduced?
>Can anyone also give me the link/reference to get more information on this topic?
>How to replace IOCTL command's for instance baud _rate change command with a file interface for example with IRP.Here is the detailed query:
Hardware Abstraction Layer will interact with Driver(Both will be running in complete different process) .there is a IOCTL for command and File interface for read and write.
My requirement is:
Both should run in the same process so HAL will run as one thread and driver as another thread in the same process .I don't want HAL to wait for completion of request and also i don't want driver to be blocked .
We are planning to use a File Interface for communication between Hardware abstraction layer and Driver
HAL will send the command or read/write operation to a file interface and driver will get the command or read/write request from the File interface
There is a flexibility to change Hardware Abstraction layer and also the Driver
Is it possible to use IOCTL between two thread under same process? if not what other options do we have.
Can we use File interface to send command (like IOCTL) between two thread? -
Is there a method or app to quickly switch between staff networks in the same building?
We have a pretty standard network at my job, we have 5 staff networks, Staff A, Staff B, etc. Obviously some networks work better in different parts of the building, but I find that my macbook air tends to hold onto a weaker network and I have click on the wifi icon in the menu bar, wait for it to look for networks then click on the appropiate network. I was just wondering if anyone knew of a method or an app that makes it a little quicker for me to switch between these network. Maybe something similar to having network locations set. Thanks in advance.
You might almost achieve your goal simply by requiring password on wake from sleep. the password prompt will have an option there to switch users.
If you truly want to make it automatic,
it's possible but a bit tricky.
first download and install [Apple fast user switching applet|http://www.apple.com/applescript/accountswitcher/index.html]. install it on account of user 2 and set it up to switch to user 1 when you run it. call it, say, userswitcher.app and save it for example in user2 documents folder.
next, copy and paste the following into text editor. format it as plain text and save it as userswitcher.sh in Documents folder as well.
<pre style="
font-family: Monaco, 'Courier New', Courier, monospace;
font-size: 10px;
margin: 0px;
padding: 5px;
border: 1px solid #000000;
width: 720px;
color: #000000;
background-color: #ADD8E6;
overflow: auto;"
title="this text can be pasted into the Script Editor">
#!/bin/bash
idl=$"`ioreg -c IOHIDSystem | awk '/HIDIdleTime/ {print int($NF/1000000000); exit}'`"
wt=$3600
if [ $idl -gt $wt ]; then
open /users/$USER/documents/userswitcher.app
fi</pre>
in the above wt is the wait time before switching and it's currently set to 3600 seconds (1 hour). adjust that as needed.
next make the script unix executable by running the following terminal command
chmod 755 ~/Documents/userswitcher.sh
Finally, download and install [Lingon|http://tuppis.com/lingon> and make a launch daemon to run the above script every minute.
Message was edited by: V.K. -
I have a Problem with Romming Between SSIDs withing the same WLC but with deferent VLAN .
HI All,
I have a Problem with Romming Between SSIDs withing the same WLC but with deferent VLAN . the WLC are providing the HQ and one of the Branches the Wireless services .
Am using all the available 9 SSIDs at the HQ , and am using only 4 of it at the Brnche.
The problem that i have are happening only at the Branch office as i cant room between the SSIDs within Diferent VLANs but i can do it with the one that pointing to the same VLAN. Once the client ( Laptop/Phone ) connected to one of the SSIDs. it imposiible to have him connected to the other ones with Different VLAN. meanwhile, It says its connected to the other SSID but its not getting IP from that pool.
here is the Show Run-Config from my WLC .. and the Problem happening between the SSID AMOBILE and ASTAFF. i have the Debug while am switching between the SSIDs if needed .
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.11.04 10:20:47 =~=~=~=~=~=~=~=~=~=~=~=
show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco 5500 Series Wireless LAN Controller"
PID: AIR-CT5508-K9, VID: V01, SN: FCW1535L01G
Burned-in MAC Address............................ 30:E4:DB:1B:99:80
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 12
Press Enter to continue or <ctrl-z> to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... WLAN Controller 5508
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 10.125.18.15
Last Reset....................................... Software reset
System Up Time................................... 41 days 5 hrs 14 mins 42 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... US - United States
--More or (q)uit current module or <ctrl-z> to abort
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +20 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 10
Number of Active Clients......................... 61
Burned-in MAC Address............................ 30:E4:DB:1B:99:80
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 12
Press Enter to continue or <ctrl-z> to abort
AP Bundle Information
Primary AP Image Size
ap3g1 5804
ap801 5192
ap802 5232
c1100 3096
c1130 4972
c1140 4992
c1200 3364
c1240 4812
c1250 5512
c1310 3136
c1520 6412
c3201 4324
c602i 3716
Secondary AP Image Size
ap801 4964
c1100 3036
--More or (q)uit current module or <ctrl-z> to abort
c1130 4884
c1140 4492
c1200 3316
c1240 4712
c1250 5064
c1310 3084
c1520 5244
c3201 4264
Press Enter to continue or <ctrl-z> to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Strong Password Check Features:
case-check ...........Enabled
consecutive-check ....Enabled
default-check .......Enabled
username-check ......Enabled
Press Enter to continue or <ctrl-z> to abort
Network Information
RF-Network Name............................. OGR
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
--More or (q)uit current module or <ctrl-z> to abort
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Fast SSID Change ........................... Enabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or <ctrl-z> to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or <ctrl-z> to abort
AP Summary
Number of APs.................................... 8
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KNOWLOGY_DC01 2 AIR-LAP1131AG-A-K9 00:1d:45:86:ed:4e KNOWLOGY_DC_Serv 1 US 1
KNOWLOGY_DC02 2 AIR-LAP1131AG-A-K9 00:21:d8:36:c5:c4 KNOWLOGY_DC_Serv 1 US 1
KN1252_AP01 2 AIR-LAP1252AG-A-K9 00:21:d8:ef:06:50 Knowlogy Confere 1 US 1
KN1252_AP02 2 AIR-LAP1252AG-A-K9 00:22:55:8e:2e:d4 Server Room Side 1 US 1
Anham_AP03 2 AIR-LAP1142N-A-K9 70:81:05:88:15:b5 default location 1 US 1
ANHAM_AP01 2 AIR-LAP1142N-A-K9 70:81:05:b0:e4:62 Small Conference 1 US 1
ANHAM_AP04 2 AIR-LAP1131AG-A-K9 00:1d:45:86:e1:b8 Conference room 1 US 1
ANHAM_AP02 2 AIR-LAP1142N-A-K9 70:81:05:96:7a:49 Copy Room 1 US 1
AP Tcp-Mss-Adjust Info
AP Name TCP State MSS Size
KNOWLOGY_DC01 disabled -
KNOWLOGY_DC02 disabled -
--More or (q)uit current module or <ctrl-z> to abort
KN1252_AP01 disabled -
KN1252_AP02 disabled -
Anham_AP03 disabled -
ANHAM_AP01 disabled -
ANHAM_AP04 disabled -
ANHAM_AP02 disabled -
Press Enter to continue or <ctrl-z> to abort
AP Location
Total Number of AP Groups........................ 3
Site Name........................................ ANHAM8075
Site Description................................. ANHAM 8075 Location
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
9 knowlogy_ogr Disabled None
7 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Anham_AP03 2 AIR-LAP1142N-A-K9 70:81:05:88:15:b5 default location 1 US 1
ANHAM_AP01 2 AIR-LAP1142N-A-K9 70:81:05:b0:e4:62 Small Conference 1 US 1
ANHAM_AP04 2 AIR-LAP1131AG-A-K9 00:1d:45:86:e1:b8 Conference room 1 US 1
ANHAM_AP02 2 AIR-LAP1142N-A-K9 70:81:05:96:7a:49 Copy Room 1 US 1
Site Name........................................ Knowlogy_DC
--More or (q)uit current module or <ctrl-z> to abort
Site Description................................. DC Center Access points
WLAN ID Interface Network Admission Control Radio Policy
2 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
3 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KNOWLOGY_DC01 2 AIR-LAP1131AG-A-K9 00:1d:45:86:ed:4e KNOWLOGY_DC_Serv 1 US 1
KNOWLOGY_DC02 2 AIR-LAP1131AG-A-K9 00:21:d8:36:c5:c4 KNOWLOGY_DC_Serv 1 US 1
Site Name........................................ OGR
Site Description................................. 1934 OGR Office
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
2 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
--More or (q)uit current module or <ctrl-z> to abort
7 knowlogy_ogr Disabled None
9 knowlogy_ogr Disabled None
8 knowlogy_ogr Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
KN1252_AP01 2 AIR-LAP1252AG-A-K9 00:21:d8:ef:06:50 Knowlogy Confere 1 US 1
KN1252_AP02 2 AIR-LAP1252AG-A-K9 00:22:55:8e:2e:d4 Server Room Side 1 US 1
Site Name........................................ default-group
Site Description................................. <none>
WLAN ID Interface Network Admission Control Radio Policy
1 knowlogy_ogr Disabled None
2 knowlogy_ogr Disabled None
3 knowlogy_ogr Disabled None
4 knowlogy_ogr Disabled None
5 knowlogy_ogr Disabled None
6 knowlogy_ogr Disabled None
7 knowlogy_ogr Disabled None
8 knowlogy_ogr Disabled None
--More or (q)uit current module or <ctrl-z> to abort
9 knowlogy_ogr Disabled None
10 management Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
Press Enter to continue or <ctrl-z> to abort
AP Config
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... KNOWLOGY_DC01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:1d:45:86:ed:4e
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.100
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................ wireless.knowlogy.com
Primary Cisco Switch IP Address.................. 10.125.18.15
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or <ctrl-z> to abortIP Address.................. 10.125.18.15
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
--More or (q)uit current module or <ctrl-z> to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX1134T0QG
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 48 days, 20 h 19 m 18 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:33 2013
Join Taken Time.................................. 0 days, 00 h 10 m 47 s
--More or (q)uit current module or <ctrl-z> to abort
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211b
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:1d:71:09:8f:90
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
--More or (q)uit current module or <ctrl-z> to abort
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
--More or (q)uit current module or <ctrl-z> to abort
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy DSSS parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 11
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
Current CCA Mode .......................... 0
ED Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
--More or (q)uit current module or <ctrl-z> to abort
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... KNOWLOGY_DC01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:1d:45:86:ed:4e
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.100
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
--More or (q)uit current module or <ctrl-z> to abort
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................ wireless.knowlogy.com
Primary Cisco Switch Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
--More or (q)uit current module or <ctrl-z> to abort
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
AP Serial Number................................. FTX1134T0QG
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
--More or (q)uit current module or <ctrl-z> to abort
AP Up Time....................................... 48 days, 20 h 19 m 18 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:33 2013
Join Taken Time.................................. 0 days, 00 h 10 m 47 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211a
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:1d:71:09:8f:90
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 20
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
--More or (q)uit current module or <ctrl-z> to abort
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 15 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 44
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
--More or (q)uit current module or <ctrl-z> to abort
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Press Enter to continue or <ctrl-z> to abort
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... KNOWLOGY_DC02
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:36:c5:c4
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.101
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
--More or (q)uit current module or <ctrl-z> to abort
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
--More or (q)uit current module or <ctrl-z> to abort
AP Serial Number................................. FTX1230T24F
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 48 days, 20 h 24 m 41 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:35 2013
Join Taken Time.................................. 0 days, 00 h 10 m 48 s
--More or (q)uit current module or <ctrl-z> to abort
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211b
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:a5:0c:30
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
--More or (q)uit current module or <ctrl-z> to abort
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
--More or (q)uit current module or <ctrl-z> to abort
Current Tx Power Level .................... 1
Phy DSSS parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
Current CCA Mode .......................... 0
ED Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
--More or (q)uit current module or <ctrl-z> to abort
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 3
Cisco AP Name.................................... KNOWLOGY_DC02
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:36:c5:c4
IP Address Configuration......................... DHCP
IP Address....................................... 10.22.1.101
Gateway IP Addr.................................. 10.22.1.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
--More or (q)uit current module or <ctrl-z> to abort
Cisco AP Group Name.............................. Knowlogy_DC
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.3.8.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Enabled
PoE Power Injector MAC Addr...................... Disabled
--More or (q)uit current module or <ctrl-z> to abort
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1131AG-A-K9
AP Image......................................... C1130-K9W8-M
IOS Version...................................... 12.4(23c)JA5
Reset Button..................................... Enabled
AP Serial Number................................. FTX1230T24F
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 22
WLAN 2 :........................................ 21
WLAN 4 :........................................ 25
WLAN 3 :........................................ 25
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
--More or (q)uit current module or <ctrl-z> to abort
AP Up Time....................................... 48 days, 20 h 24 m 41 s
AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
Join Date and Time............................... Tue Sep 24 21:24:35 2013
Join Taken Time.................................. 0 days, 00 h 10 m 48 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211a
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:a5:0c:30
Operation Rate Set
6000 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 20
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
--More or (q)uit current module or <ctrl-z> to abort
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 15 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 36
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161
TI Threshold .............................. -50
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
--More or (q)uit current module or <ctrl-z> to abort
Diversity.................................. DIVERSITY_ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Press Enter to continue or <ctrl-z> to abort
Cisco AP Identifier.............................. 5
Cisco AP Name.................................... KN1252_AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:21:d8:ef:06:50
IP Address Configuration......................... DHCP
IP Address....................................... 10.125.18.101
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 10.125.18.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Disabled
Cisco AP Location................................ Knowlogy Conference Rooms Side
Cisco AP Group Name.............................. OGR
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or <ctrl-z> to abort
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.0
Boot Version ................................... 12.4.10.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. PoE/Medium Power (15.4 W)
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1252AG-A-K9
AP Image......................................... C1250-K9W8-M
IOS Version...................................... 12.4(23c)JA5
--More or (q)uit current module or <ctrl-z> to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX122990L5
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 118
WLAN 1 :........................................ 111
WLAN 2 :........................................ 111
WLAN 4 :........................................ 112
WLAN 6 :........................................ 112
WLAN 7 :........................................ 111
WLAN 9 :........................................ 112
WLAN 8 :........................................ 112
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 26 days, 00 h 24 m 39 s
--More or (q)uit current module or <ctrl-z> to abort
AP LWAPP Up Time................................. 26 days, 00 h 23 m 48 s
Join Date and Time............................... Wed Oct 9 10:59:07 2013
Join Taken Time.................................. 0 days, 00 h 00 m 50 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 7
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:22:55:df:a5:90
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
--More or (q)uit current module or <ctrl-z> to abort
11000 Kilo Bits.......................... MANDATORY
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
--More or (q)uit current module or <ctrl-z> to abort
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 ..........Well you need to understand the behavior of h-reap or what it's called now, FlexConnect. In this mode, the clients are still remembers on the WLC until the session timer/idle timer expires. So switching between SSID's in h-reap will not be the same when switching when the AP's are in local mode.
Take a look at the client when connected in FlexConnect in the WLC GUI monitor tab. Thus will show you what ssid and vlan the client is on. Now switch to a different ssid and compare this. It's probably the same because the client has not timed out. Now go back to the other ssid and look again. Now on the WLC, remove or delete the client and then switch to the other ssid at the same time. Or switch SSID's and then remove the client. The client will join the new ssid and in the monitor tab, you should see the info.
There is no need to have clients have multiple SSID's unless your testing. Devices should only have one ssid profile configured to eliminate any connectivity issues from the device wanting to switch SSID's.
Sent from Cisco Technical Support iPhone App -
No ping between host in the same subnet
Hello,
I have a question about the ASA and the ARP traffic in IOS 9.1.2 for ASA 5585-X and multicontext. I have discovered a curious behaviour about the traffic ARP in the my CLUSTER of ASA's. When I try to send a ping between host in the same subnet and these host have as Gateway the interface of the ASA (ASA is his router) don't works, if I mark the check to enable the comunications between host connected to the same interface this cotinues without work. The only way to get my aim (ping between host), I need to implement and Access Rule allowing the traffic IP between my origin network and destination the same network.
I think that this is some feature of ASA that filter the ARP Request but I don't understand!!! Can I help me, please?
Thanks.Hi,
Your firewall should not see any traffic between the hosts on the same subnet.
If it is seeing traffic between the hosts then its likely that Proxy ARP on the ASA is the problem. Proxy ARP is enabled on the ASA by default on all interfaces. This essentially means that when the host connecting to the other host on the same subnet sends an ARP request the ASA might reply to that ARP request instead of the actual destination host. This is why traffic might get forwarded to the ASA instead of the actual host.
If you want to disable the Proxy ARP on some ASA interface then you can use
sysopt norpoxyarp
Where you replace the with the actual name you have given to the interface on the ASA. This disables the Proxy ARP
- Jouni -
Difference between new network and extended network
Difference between extended network and new network settings
An "extended" network acts as one large wireless network. Wireless devices can roam anywhere a signal is present and stay on the network without having to make any changes.
A "new" network will require that a wireless device manually "switch" to that network and enter the password for the network to connect whenever you want to use that network. In other words, a "new" network will use a different wireless network name and password, which will require that you manually log on to that network.
The exception would be if you created a "new" wireless network and used the same wireless network name, same wireless security settings and same password as the "main" network and connected the AirPort back to the main router using an Ethernet cable. In that case, you would have an "Ethernet extended wireless" network. -
IPS not detecting packets Entering & Exiting Same Interface
Hi,
Consider scenario :-
Host A--->Router B--->Router C
All are in the same subnet
Router C also has an active interface on another subnet.
When I telnet from A to C (interface with ip address in another subnet),
I force traffic from A to C to pass through B, by setting static routes AND ** DISABLING IP REDIRECTS ***
Trafic flows from A to B IN through Fa0/0, and OUT again through Fa0/0 from B to C
I have ACL's (permit/log) that show this flow !!!!
I also have IPS enabled in/out on Fa0/0 on router B.
However, traffic flowing through Router B, which enters / exits the same interface, does not get picked up by IPS. (I trigger signatures)
Is this normal ?? Or am I missing something ?I don't use the router IPS, but I'll give it a shot;-) I don't understand the network config. I'll try to redraw the network to see if I understand what you're saying:
Host A
(NET1/IP1)
|
-------- (NET1/IP3) Router C (NET2/IP4)---
|
(NET1/IP2)
Router B
Host A uses Router B as its gateway to NET2 and since redirects are disabled on router B, all traffic from Host A to IP4 flows through router B. If the diagram above is correct though, return traffic from router C will not be routed through Router B because the destination is on the same network as router C. How are you getting return traffic to flow through router B?
Based on the following doc:
http://www.cisco.com/application/pdf/en/us/guest/products/ps6634/c1244/cdccont_0900aecd80327257.pdf
If you're attempting to fire atomic signatures (single packet) then signatures should still fire anyway when inspected inbound. If you're attempting to trigger a stateful signature then this would be a plausible explanation. -
EAZYVPN and DMVPN on the same router,same interface
Hi all,
First of all, thanks in advance for the help. I have setup DMVPN and EAZYVPN on one router. Tunnel interface on Spoke one and Spoke two are up/up and show crypto ISakmp sa shows both tunnels are in idle. However, tunnel to Spoke one(10.10.1.1) keep bouncing on and off(see below). Every 30 sec or so, the tunnel gone back to IKE phase while tunnel for spoke two(5.5.5.1) still leave active. THe configuration on the HUB side is the same for both spoke!! show crypto ipsec sec shows both side has the same life time(IOS default). Could that be an IOS debug on the spoke one?
Hub :
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 15.1(3)T2, RELEASE SOFTWARE (fc1)
HUB#sh crypto ipsec security-association
Security association lifetime: 4608000 kilobytes/3600 seconds
Spoke one:
Cisco IOS Software, C2600 Software (C2600-ADVSECURITYK9-M), Version 12.4(8), RELEASE SOFTWARE (fc1)
SPOKE1#sh crypto ipsec security-association
Security association lifetime: 4608000 kilobytes/3600 seconds
HUB#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
5.5.5.1 5.5.5.2 QM_IDLE 1002 ACTIVE
10.10.1.1 10.10.1.2 MM_NO_STATE 1134 ACTIVE (deleted)
10.10.1.1 1.1.1.10 QM_IDLE 1126 ACTIVE
10.10.1.1 1.1.1.10 QM_IDLE 1076 ACTIVE
HUB#sh crypto se
HUB#sh crypto session
Crypto session current status
Interface: Serial0/1/1
Username: testuser
Profile: AccountingPro
Group: Accounting
Assigned address: 20.20.20.1
Session status: UP-ACTIVE
Peer: 1.1.1.10 port 60201
IKEv1 SA: local 10.10.1.1/500 remote 1.1.1.10/60201 Active
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 20.20.20.1
Active SAs: 2, origin: dynamic crypto map
Interface: Serial0/1/1
Username: testuser
Profile: AccountingPro
Group: Accounting
Assigned address: 20.20.20.2
Session status: UP-ACTIVE
Peer: 1.1.1.10 port 49768
IKEv1 SA: local 10.10.1.1/500 remote 1.1.1.10/49768 Active
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 20.20.20.2
Active SAs: 2, origin: dynamic crypto map
Interface: FastEthernet0/1
Profile: DMVPN
Session status: UP-IDLE
Peer: 5.5.5.2 port 500
IKEv1 SA: local 5.5.5.1/500 remote 5.5.5.2/500 Active
Interface: Serial0/1/1
Profile: DMVPN
Session status: DOWN-NEGOTIATING
Peer: 10.10.1.2 port 500
IKEv1 SA: local 10.10.1.1/500 remote 10.10.1.2/500 Inactive
HUB#
2. My second issue is, I use the same interface(s0/1/1=10.10.1.1) for eazyvpn access. The client from eazyvpn is connected fine,but does not receive traffric back(statics window show no decrypted=0 and reeiced=0). The eazy vpn can't even ping the IP address assigned to the vpn client(20.20.20.2), and the client can only pin 10.10.1.1 address. Reverse router is able but the 20.20.20.0/24 network didn't show up in the ip table of the HUB router!!!
DMVPN AND EAZYVPN SERVER config..
crypto keyring dmvpnkey
pre-shared-key address 0.0.0.0 0.0.0.0 key DMVPNLAB
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp policy 20
encr aes
authentication pre-share
group 2
crypto isakmp policy 30
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp policy 40
authentication pre-share
crypto isakmp keepalive 30
crypto isakmp xauth timeout 90
crypto isakmp client configuration group Accounting
key eazypvn
dns 4.2.2.2
wins 4.2.2.2
domain bigBois.com
pool dmAccouting
crypto isakmp profile AccountingPro
match identity group Accounting
client authentication list access_in
isakmp authorization list my_vpn
client configuration address respond
crypto isakmp profile DMVPN
keyring dmvpnkey
match identity address 0.0.0.0
crypto ipsec transform-set DMVPN ah-sha-hmac esp-aes
mode transport
crypto ipsec transform-set EAZYVPN esp-3des esp-md5-hmac
crypto ipsec profile dmvpnlab
set transform-set DMVPN
set isakmp-profile AccountingPro
crypto dynamic-map Remote_Acc 20
set transform-set EAZYVPN
set isakmp-profile AccountingPro
reverse-route
crypto map RemoteAcc client authentication list access_in
crypto map Remote_Acc client authentication list my_vpn
crypto map Remote_Acc 20 ipsec-isakmp dynamic Remote_Acc
interface Loopback0
ip address 192.168.200.1 255.255.255.0
interface Loopback2
ip address 172.16.10.1 255.255.255.0
interface Loopback3
ip address 172.16.15.1 255.255.255.0
interface Tunnel1
bandwidth 10000
ip address 4.4.4.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 10
ip nhrp authentication DMVPN
ip nhrp map multicast dynamic
ip nhrp network-id 7940
ip nhrp registration timeout 10
ip tcp adjust-mss 1360
tunnel source Serial0/1/1
tunnel mode gre multipoint
tunnel key 7940
tunnel protection ipsec profile dmvpnlab
interface FastEthernet0/0
description OUTSIDE
ip address 1.1.1.1 255.255.255.0
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
description INSIDE
ip address 5.5.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
interface Serial0/1/1
description to SPOKE1
ip address 10.10.1.1 255.255.255.0
crypto map Remote_Acc
interface Serial0/3/0
no ip address
shutdown
router eigrp 10
network 4.4.4.0 0.0.0.255
network 5.5.5.0 0.0.0.255
network 10.0.0.0
network 10.10.10.0 0.0.0.3
network 172.16.0.0 0.0.0.255
network 172.16.1.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 172.16.15.0 0.0.0.255
network 192.168.200.0
ip local pool dmAccouting 20.20.20.1 20.20.20.10
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
THanks a bunch for the help,
ErnestAny ideas why devices keep renewing phase 1?
Thanks, -
ITunes sharing between two users on same computer
i've tried searching for this, but i guess i don't know how to search it properly. What i need to do is have the itunes library of a different user account show up as a shared library on my main account (and visa versa) without having the laptop connected to a network.
Right now i have a lot of recordings for work in an itunes library of a different user account that i will need from time to time when teaching. i'd like to be able to have that show up as a shared library, and have my main library shared in the other user account so that i don't have to switch back and forth all the time. Using Tiger this worked like a charm, but with Leopard they only seem to share when my powerbook is connected to a network. i don't have a network connect at work nor am i likely to get one. Is there a setting i am missing?All the files are on the computer, right, not external drives? And all the accounts you want to share between can Share their Libraries AND Look for Shared Libraries? And iTunes is running in each user account?
I have to say I've never used this WITHOUT an internet connection as I have 'always on' broadband, but I cannot imagine why it would need a network when it's between users on the same computer. -
Relay traffic out same interface
Is it possible to relay traffic out of the same interface? For instance we have a computer on the Internet that only is accessible from our network. I'd like users to connect to our network, look at the ACL, and then connect to the remote computer. So basically I'm going right back out the same interface. VPN->outside interface->Internet. I'd still want split tunneling to be enabled and have this apply to only a specific IP or subnet. Is this possible?
This is the packet tracer result:
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
I can see the traffic comming from the VPN client to the IP, so the route is working. I get a teardown and built message in the log, but nothing saying the traffic is denied.
I think this info should cover what you're looking for:
group-policy GroupPolicy_ZSSL attributes
wins-server none
dns-server value 192.168.1.8 192.168.1.47
vpn-tunnel-protocol ikev2 ssl-client
default-domain value company.com
webvpn
anyconnect profiles value ZSSL_client_profile type user
username company password xxxxxxxxxxxxxx encrypted privilege 15
tunnel-group companyVPN type remote-access
tunnel-group companyVPN general-attributes
address-pool VPNPool
authentication-server-group MicrosoftIAS LOCAL
accounting-server-group MicrosoftIAS
default-group-policy companyVPN
password-management
tunnel-group companyVPN ipsec-attributes
ikev1 pre-shared-key ***** -
AP and AR in same interface?
Hi,
We are planning to do the AP and AR of a legacy system in SAP through interface. If both AP and AR are done from a common inventory, can we do both the AP and AR in the same interface? Or can it be done in two different interfaces? What is the difference between doing both in the same interface and two different interface?
Please give me some info on it. I'm new to FI..
Thanks..
Uma.I can't think of any. If you separate them, you can run them in parallel, so that should be quicker too.
But in the end, I think it's a business decision.
Rob -
NATting using the same interface ?
hi there,
I was wondering, is it possible to set up NAT/PAT for packets arriving/leaving (after being routed) the same interface , e.g. not going "through" the router ?
I think that this is not possible but I need to be sure... Any help ?
Thanks,
AlexThat is called nat on a stick.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml
Once you understand how to do this NAT will never confuse you again.
There may be a newer method with the new NAI interfaces in the latest IOS but I have not had time to test this and have not seen any documentation on using these new nat features for this purpose. -
Hi!
I apologize for how crazy my question sounds,, (& for everything that follows), but I'm at a loss as to the correct wording...I hope my explanation will clarify things, at least enough so that someone understands what I'm trying to say! Wish me luck!
I'm using Firefox 37.0.1 on Windows 8.1 & everything is up to date. The most important details for this problem will be my settings & addons for Firefox, so here goes:
I allow all cookies, but it's set to clear them when Firefox closes.
I do NOT save any history or passwords & I also have "Click & Clean" enabled, & I use it frequently, even though I don't save any history or anything else, just to add to my security/privacy, (guess I didn't use it often enough, huh?)
I have the box checked for "Do Not Track", (but I just learned the hard way that even so-called "nice" companies don't honor this request)
I have "Ghostery" as well as "Google Analytics Opt-out" enabled, (even though I don't use Google for my search engine, nor do I go to a Google site unless it's absolutely necessary, (I read about Google's penchant for following users everywhere in order to get their preferences, so I avoid them if at all possible).
In other words, I thought I was protected from tracking-related problems, but I need to know if these precautions are effective when using Firefox & having several tabs open...then opening another tab/window...are cookies & any other info "readable", (I don't know what word should be used here), from tab to tab in the same window, (which just happened to me), & is the cookie info readable from window to window? In other words, do I have to completely close out Firefox, delete cookies, then open a brand new window so that any session cookie info has been deleted to protect my browsing info from being accessed?
I know, I'm STILL not making much sense...here's what happened, (I won't divulge the site that did the 'cookie abuse', though.
I had several tabs open, as I usually do, because I was gathering info for research on a report I was working on. Suddenly, I remembered I had to order my hubby's birthday gift, so I opened another tab, (in the same window), to my favorite site & started searching for the items I wanted. I found what I was looking for & was getting ready to check out when I noticed something very odd...there were several "suggestions" listed for items I "might be interested in, based on my browsing", but the funny thing was, I didn't search for anything related to these suggested items! Instead, they were related to items in the other tabs I had open. Scary, underhanded stuff, if you ask me! I always knew not to have banking/financial sites open while surfing, but the tabs I had open were from sites where I was getting research info for my report, so no red flags went up when I went to the site to place my order.
So I guess the question I need answered is...is cookie info accessible only between tabs in the same browser window OR is it even accessible from window to window? Did I make sense yet? I sure hope so, because this incident has me absolutely flapping around like a fish that's just been pulled out of the water & is just left on the deck! This obvious assault on my privacy has hit me like a punch in the stomach, because I thought this site was one I could trust...especially since I had "Do Not Track", "Google Analytics Opt-out" & "Ghostery" enabled!
I just don't know how to deal with this, but obviously, I need to know the rules so this NEVER happens again. Luckily, there wasn't any finance-related breach, but my sense of trust has taken a BIG blow.
If this made sense to anyone, please advise me on the rules of 'cookie abuse' so I don't EVER let this happen again!
Also, is cookie info able to be shared between browsers, e.g. use Firefox for more personal/sensitive browsing & Opera for research activity?
Any & all advice is desperately needed & gratefully accepted! I sincerely hope this doesn't happen to anyone else because it really takes the wind out of your trust bubble. I've never been as surprised & disappointed at a company as I am about this. So sad.
Oh well, learn something new every day...too bad I learned not to trust. :(
Thanks in advance for your help.
Nuts4Mutts :(
P.S. If you need anything clarified, just askCookies are stored in a cookie jar and thus are shared among all open tabs and windows.
Only all Private Browsing mode tabs/windows use a separate cookie jar that is used for all PB mode tabs.
Note that session restore stores cookies of open tabs in the sessionstore.js file as part of stored session data.
* http://kb.mozillazine.org/browser.sessionstore.privacy_level -
Move an iTunes library between users on the same mac
How do I move an iTunes library between users on the same mac?
I accidentally created a secondary user on my mac some time ago when using the migration tool and am now going back and transferring all my files from the secondary to the admin user profile.
I wanted to know which itunes files/folders need to be copied over.
Is the process as simple as replacing the itunes folder on admin with the copied itunes folder from my secondary profile or do I need to delete the admin folder first and then copy the old folder over or do I delete the contents of the folder and replace with the copied contents?
I am using shared folders to move between users, but want to make sure that I am picking the right files to transfer.
Thanks in advance.Assuming you have left iTunes to default settings so everything is still in the iTunes folder the way iTunes likes it to be, copy the whole of the iTunes folder to the new location. If it is in the default directory (Home > Music) for iTunes the application will automatically use it there for the new account. If you put it elsewhere you will have to start iTunes and immediately hold down the option key to direct it to the new location.
It is just possible you will have to change permissions. If you encounter those issues read the part about changing permissions on the iTunes folder in: https://discussions.apple.com/message/11583914
This is all a slight variant on: iTunes: How to move [or copy] your music to a new computer [or another drive] - http://support.apple.com/kb/HT4527
Maybe you are looking for
-
Can't delete or edit a Mail account that is unable to connect and it keeps notifying me
Can't delete or edit a Mail account that is unable to connect and it keeps notifying me and asking for password. Macbook Pro with Yosemite. If I highlight the account and go to Mailboxes, "Edit smart mailbox" is greyed out. Delete the mailbox is an o
-
Nokia 7390 Keypads won't respond please Help!
Did anybody experienced keypad froze and would not respond at all except for the power button? this could happen with their new Nokia 7390?
-
Adobe PDF Creator (standard)
hi, I have builed a MS Access 2003 database and would like to know if we buy Adobe PDF Creator (the standard version), will it be possible to make PDF document from severals computer wich is operate by co-workers. In other words, do we have to by as
-
"Difficulty downloading episodes from your feed" error
There seem to be a lot fo threads like this, but none of the problems are quite the same. I've got a self-hosted wordpress site, and a soundcloud account. I applied for the podcasting beta from soundcloud, and the RSS they provide is here. If I add t
-
My MacBook was acting up so I took out the battery because it wouldn't let me shut down or restart. When I put the battery back in and turned it back on all of the icons on the right side of my menu bar were missing. There is no bluetooth, battery li