RA VPN into ASA5505 behind C871 Router with one public IP address

Similar Messages

• Verizon 4G LTE Broadband Router - Does Verizon Issue You With A Public IP Address?

  Hi,
  http://www.verizonwireless.com/home-office-solutions/4g-lte-broadband-router-with-voice/
  Regarding the above Verizon 4G LTE Broadband Router, does Verizon issue you with a public IP address that can be accessed from outside of their network or do they issue you with a private IP addresss just like they do with their JetPacks?
  Thank you!

      That's an excellent question olimits7! It will be my pleasure to assist with your inquiry. Our voice and data services are transmitted using a 10-digit mobile number on our network. May I ask do you have the mobile number on your account? If you are interested in a private IP address then we can discuss options. Please advise so we can begin.
  Thank you…
  ArnettH_VZW
  Follow us on Twitter @VZWSupport

• TS4139 I had 2 MobileMe email addresses, but only went thru ICloud process with one (my main address). Now the secondary address is not working with iCloud. Did I have to go thru the process with both addresses? Can I get that address back?

  I had 2 MobileMe email addresses, but only went thru iCloud process with one (my main address). Now the secondary address is not working with iCloud. Did I have to go thru the process with each address? Can I still get that secondary address to work with iCloud?

  It was totally separate. I just now went back to a previous email from Apple to that secondary address which urged me to transition to iCloud. I followed the link and it prompted me thru the process and the address is now able to send/receive emails. Thanks.

• Controlling multiple Macs remotely behind a router with ARD

  Greetings! My problem is that I cannot access more that one computer in ARD. I have ARD installed on my Macbook and the computers I want to control are at my parents house. Remote management and login are enabled of course but the router needs to be configured to forward ports 3283 and 5900. But as far as I know these ports can be forwarded for one local ip only meaning that I have to somehow change the default 3283 and 5900 to some other ports in order to access them.
  So the question is, how can I change the default ports for remote management on os x snow leopard? Other than that, does ARD offer any other way to access multiple computers behind a router?
  Many many thanks!

  In regards VPN, take a look at VPN-X from Birdssoft which is an easy to install and low-cost solution perfect for this purpose (among others).
  Basically speaking, after having installed and configured VPN-X on your Mac and ONE remote Mac and opened the ports in the firewall you establish a connection between your and the remote network and gain complete access to the remote network.
  Alternatively, you can use Teamviewer for giving support.

• How to configure an ASA with 2 Public IP address.

  Hi, I have to configure a router ASA 5505 with 2 Publics IP, our ISP give us a 3 Public IP, and actually our configuration is like this:
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.x.x 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 200.91.x.x 255.255.255.248
  The problem is: If I create a new Vlan, the interface overlaps.
  How can I solve that problem??
  Thanks for your answers!!!

  Answered in duplicate post:
  https://supportforums.cisco.com/discussion/12150111/how-configure-asa-2-public-ip-address

• How to configure ASA5512X DMZ with a Public IP address?

  Hi;
  I hav a ASA5512X firewall with 6 interface, interface 0 has been assigned to a WAN connectivity with ADSL, in which my ISP gave me two static IPs (not a block range of IP), my ISP mapped the Mac address of an interface to a ip address, this is what they called "Dynamice-Static" which is likely you research a mac address of an device on DHCP server, then it always giving you the same ip address.
  Here is the scenario, in order to have the 2nd static IP, I need to give them the mac address of another interface on ASA5512x.  I am thinking to give them the interface mac address of interface #3,  however; the public ip address assigned to interface 0 is a WAN and the public ip address assigned to interface 3 will be on the same subnet from ISP, in this scenario, any problem and limitation, also; can I create a nat to translate the public ip on DMZ to one of the host in inside LAN?

  What are you trying to do? What is the purpose of the second public ip? You can use that guy for any number of things. One to one NAT for one thing or another is most common [mail server, web server, RDP terminal, ect]. All of those would go over the same interface to get out to the internet.
  Dynamic-Static is PAT. One IP address, multiple clients using different ports. Simliar to NAT, but different in how the translation is handled.
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_dynamic.html#wp1078939
  SOOOO To answer what you are asking, just give them the MAC of the Interface 0. You can't have overlapping IPs on the interfaces. Won't work. Also if nothing is plugged into that interface, that IP won't do you any good. You could have a DMZ switch that your ASA and ISP link into, and have that second IP assigned to a device you plug into that DMZ switch. I've had to do that with some VCS servers to get Jabber working on it.

• New Asa 5505... Anyway to set up behind home router with no internal DNS?

  Since the home router is the DNS server, the Asa has no internal DNS which is probably the cause of no internet. Is there any way around this?

  Can you not simply use the ASA as the DHCP server and include the DNS server in your DHCP configuration ?
  Jon

• How configure two nodes with one public one private network

  ... with distinct subnet and one physical NIC in vmware simulated two network?
  which are the switch in sun cluster?
  thanks.

  If your switch support VLAN tagging, you can use both NIC's for public and private using different VLAN ID's

• Windows 10 reservation with one e-mail address on different devices?

  I would say you can based on this information
  "In order to register your install of Windows 10 an activation code will be created to uniquely identify your system. This is likely going to be some type of a hash code based on your unique system hardware configuration. It will probably use a combination of individual hardware ID’s for multiple items in your system like the hard drive, network card, video card. motherboard and possibly your Microsoft account to build this unique identifier."
  http://winsupersite.com/windows-10/could-your-microsoft-account-and-windows-10-activation-be-connect...

  Dear colleagues,
  I`m reading different posts for reserving and getting the new Windows 10 OS, but one thing is missing for me. If I have several laptops and home workstations, all running Windows 7 Ultimate / Windows 8.1 Pro, can I reserve a copy for each of this devices using one and the same mail address. The reservation will be made on every device.
  Please apologise me if this info is written in this forum, i just can`t find it.
  This topic first appeared in the Spiceworks Community

• How can i split Client Network traffic and My exchange traffic with two differnet ip address?

  Hello Everyone
  sorry for my bad English and also my bad explaine
  here is my network looks like
  all the client on one subnet and network is 192.168.0.0
  i have Dsl router that connect to Tmg server
  i have Tmg with two NIC
  1-192.168.0.4
  2- 2 Public Ip address
  i want to do this
  i want to split user's traffic and my exchange traffic
  i mean i want to route user's traffic with one public ip addresss
  and my exchange server's traffic with another public address
  but when i add additional ip address at Tmg or create new NIC card
  all of my traffic route with one public ip Address what should i do?

  Hi Uhan,
  You need to use ENAT fuction on TMG to achive this
  On the External NIC assing the Second IP as Additionl IP address (VIP)
  Create a network Rule to NAT traffice From Exchange server IP address to the required Public IP which you need the E NAT.
  Ensure you are creating rule only from Exchange server IP and not all INternal.
  Look at the below Doc you step by step config
  http://www.isaserver.org/articles-tutorials/configuration-general/Configuring-One-to-One-NAT-TMG-2010.html

• Multiple DMVPN instance on the same router one public interface

  I know it possible to run multiple instances DMVPN on a router with one public interface.
  Question:
  If I take one of my site and put it on a different tunnel from all other remote sites will it be able communication to the other site directly?  I am running EIGP through the gre Tunnel
  example of the hub site:
  interface Tunnel100
  bandwidth 100000
  ip address 192.168.105.254 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip hello-interval eigrp 1 1
  ip hold-time eigrp 1 3
  no ip next-hop-self eigrp 1
  ip nhrp authentication L3GR@RD
  ip nhrp map multicast dynamic
  ip nhrp map group WAR-881-VPN1 service-policy output SHAPE->20M
  ip nhrp map group PLA-2811-VPN1 service-policy output SHAPE->T1(MLPPPx2)
  ip nhrp map group LIV-2811-VPN1 service-policy output SHAPE->T1(MLPPPx2)
  ip nhrp map group BRM-2811-VPN1 service-policy output SHAPE->T1(MLPPPx2)
  ip nhrp map group ELP-2811-VPN1 service-policy output SHAPE->T1(MLPPPx2)
  ip nhrp map group RAN-2811-VPN1 service-policy output SHAPE->T1(MLPPPx2)
  ip nhrp map group LAB-2911-VPN1 service-policy output SHAPE->T1(MLPPPx2)
  ip nhrp map group ORE-2811-VPN1 service-policy output SHAPE->5M
  ip nhrp map group VAU-2811-VPN1 service-policy output SHAPE->10M
  ip nhrp map group CAVAURTVP001 service-policy output SHAPE->10M
  ip nhrp network-id 100
  ip nhrp holdtime 600
  ip nhrp max-send 1000 every 10
  ip nhrp redirect
  ip tcp adjust-mss 1360
  no ip split-horizon eigrp 1
  ip summary-address eigrp 1 10.87.0.0 255.255.0.0
  load-interval 30
  delay 100
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 100
  tunnel vrf PUBLIC
  tunnel protection ipsec profile IPSEC-DMVPN
  interface Tunnel300
    bandwidth 100000
    ip address 192.168.106.254 255.255.255.0
    no ip redirects
    ip mtu 1400
    ip hello-interval eigrp 1 15
    ip hold-time eigrp 1 45
    no ip next-hop-self eigrp 1
    ip nhrp authentication L3GR@RB
    ip nhrp map multicast dynamic
    ip nhrp map group CAVAURTVP001 service-policy output SHAPE->10M
    ip nhrp network-id 100
    ip nhrp holdtime 600
    ip nhrp max-send 1000 every 10
    ip nhrp redirect
    ip tcp adjust-mss 1360
    no ip split-horizon eigrp 1
    ip summary-address eigrp 1 10.87.0.0 255.255.0.0
    load-interval 30
    delay 100
    tunnel source GigabitEthernet0/0
    tunnel mode gre multipoint
    tunnel key 100
    tunnel vrf PUBLIC
    tunnel protection ipsec profile IPSEC-DMVPN
  Thanks the help in advance,
  Nigel

  Hello Mr Manhurt,
  I can help you. But first what is EIGP?

• QuickVPN - RV110W behind DSL Router

  Hi all,
  I have a Cisco RV110W behind an Actiontek V1000H DSL router supplied by my ISP.
  I'd like to be able to make use of the Cisco QuickVPN client. According to my ISP placing the Actiontek into bridge mode cannot be done.
  On the Actiontek I have forwarded the following ports to my RV110W's address:
  60443/tcp
  4500/udp
  500/udp
  On the RV110W I have ensured that remote management is enabled (on port 60443).
  When attempting to connect with the client (using port 60443) - I get this far:
  2012/01/30 11:16:21 [STATUS]OS Version: Windows 7
  2012/01/30 11:16:21 [STATUS]Windows Firewall Domain Profile Settings: ON
  2012/01/30 11:16:21 [STATUS]Windows Firewall Private Profile Settings: ON
  2012/01/30 11:16:21 [STATUS]Windows Firewall Private Profile Settings: ON
  2012/01/30 11:16:21 [STATUS]One network interface detected with IP address 192.168.245.164
  2012/01/30 11:16:21 [STATUS]Connecting...
  2012/01/30 11:16:22 [DEBUG]Input VPN Server Address = xx.xx.xx.xx
  2012/01/30 11:16:22 [STATUS]Connecting to remote gateway with IP address: xx.xx.xx.xx
  2012/01/30 11:16:22 [WARNING]Server's certificate doesn't exist on your local computer.
  2012/01/30 11:16:23 [WARNING]Remote gateway wasn't reached...
  2012/01/30 11:16:23 [WARNING]Failed to connect.
  2012/01/30 11:16:23 [WARNING]Failed to connect!
  Any suggestions? Is this configuration even possible?
  Thanks!

  Hi, Rudi & Craig
  I just tested another diffrent way, which way as Craig's book did, I set
  Master's IP is DSL Router inside IP which same as "PUBLIC" Network Card's
  IP address (10.0.0.101) when setting the MASTER's configuration in
  iManager, it still working fine. Then it will be the best way if the ISP
  change my static Public IP.
  BTW, Craig, when you have chance, can you memtion this on your web site or
  in your book (when you have new version book), BM38SP5 got a bug, the
  vpn.jar cannot set Non-BM VPN Slave (I used Linksys router for Slave
  server), I called Novell support engineer, he said Novell knew this error,
  I have to use the vpn.jar which in BM38SP4_IR5 to setup Non-BM VPN Salve.
  But there is another problem, the vpn.jar which in BM38SP4_IR5 cannot set
  MASTER VPN server. The only way to do the job is install BM38SP5, setup
  MASTER VPN server, setup C2S VPN, then copy the vpn.jar which in
  BM38SP4_IR5 in, to setup Non-BM VPN Salve. I hope you can understand my
  poor Engish.
  James
  > Rudolf Thilo wrote:
  > Hello James.
  >> In Craig's book, there is a sample
  >> for VPN Slave Server behind DSL router.
  >> But I don't know I can setup Master VPN
  >> server behind DSL router or not.
  > It works, starting with BM3.8. IIRC Craig has an example
  > in his book? You will need to specify the DSL router's
  > (static!!) public IP address as the MASTER's public IP
  > when setting um the MASTER's configuration.
  > Regards, Rudi.

• VERIZON 4G LTE Broadband Router with Voice

  I am thinking of using this device in my vacation home to monitor and control a wi-fi thermostat.  Can I leave it on 24X7 unattended for a few months at a time?  Is it reliable or does it need constant rebooting.  What kind of data usage might I expect?

  Nope!
  Nope, it will need to be rebooted.
  Data usage is controlled by the users and equipment connection to the LAN side of the router. Otherwise, the router itself uses a negligible amount of data measured in kilobytes per month. 
  If long term reliability is your concern have a look at the Craddlepoint or Pepwave embedded modem/router M2M devices from the 3GStore.com.
  However, if you expect to control this HVAC Wall mounted Wi-Fi thermostat, over the internet, then you’re in for another surprise: the lack of a public facing IP address. There appears to be three alternatives to this problem:
  Try setting up a VPN client on your end through a VPN Server on the internet
  Obtain a static IP address from Verizon Wireless for the one time fee of $500
  Use another provider with a public IP address.

• Configure WRT54G Wireless Router with PUBLIC IP address and use DHCP for internal computers

  Hi,I have an Internet online service with 5 public IP addresses. The router and the AP are connected to a switch. I would like to configure a WRT54G wireless router with one of this IP public Address and use DHCP (with private ip address)  for the computers that will connect to the AP. As the AP is connected to the switch it is possible that other wired computers that are connected to the same switch can obtain an IP address from the DHCP ?
   Thansk in advance
   

  Thanks for your help. Please correct me if Im wrong. After connecte the equipments the way you suggestI setup a static IP address (The public IP)  in the WRT54GI enable DHCP in the WRT54G with a range from 10.10.0.100 to 10.10.0.200 (as an example) The gateway is the Public IP address right ? How do I route the 10.10.0.x addresses to the public IP address. Thansk again 

• How Can i Use two Different Public IP Addresses no my DMZ with ASA Firewall.

  How To Using Two Different Public IP Address on My DMZ with ASA 5520
  Postado por jorge decimo decimo em 28/Jan/2013 5:51:28
  Hi everyone out there.
  can any one please help me regarding this situation that im looking for a solution
  My old range of public ip address are finished, i mean (the 41.x.x.0 range)
  So now i still need to have in my DMZ another two servers that will bring some new services.
  Remember that those two server, will need to be accessable both from inside and from outside users (Internet users) as well.
  So as i said, my old range of public ip address is finished and we asked the ISP to gives some additional public
  ip address to address the need of the two new servers on DMZ. and the ISP gave us the range of 197.216.1.24/29
  So my quation is, on reall time world (on the equipment) how can i Use two different public ip address on the same DMZ
  on Cisco ASA 5520 v8??
  How my configuration should look like?
  I was told about implementing static nat with Sub Interfaces on both Router and ASA interface
  Can someone please do give me a help with a practical config sample please. i can as well be reached at [email protected]
  attached is my network diagram for a better understanding
  I thank every body in advance
  Jorge

  Hi,
  So looking at your picture you have the original public IP address range configured on the OUTSIDE and its used for NAT for different servers behind the ASA firewall.
  Now you have gotten a new public IP address range from the ISP and want to get it into use.
  How do you want to use this IP address range? You want to configure the public IP addresses directly on the servers or NAT them at the ASA and have private IP addresses on the actual servers (like it seems to be for the current server)?
  To get the routing working naturally the only thing needed between your Router and Firewall would be to have a static route for the new public network range pointing towards your ASA OUTSIDE IP address. The routing between your Router and the ISP core could either be handled with Static Routing or Dynamic Routing.
  So you dont really need to change the interface configuration between the Router and ASA at all. You just need a Static route pointing the new public IP address towards the ASA outside IP address.
  Now when the routing is handled between the ISP - ISP/Your Router - Your Firewall, you can then consider how to use those IP addresses.
  Do you want to use the public IP addresses DIRECTLY on the HOSTS behind the firewall?This would require you to either configure a new physical interface with the new public IP address range OR create a new subinterface with the new public IP addresses range AND then configure the LAN devices correspondingly to the chosen method on the firewall
  Do you want to use the public IP addresses DIRECLTY on the ASA OUTSIDE as NAT IP addresses?This would require for you to only start configuring Static NAT for the new servers between the inside/dmz and outside interface of the ASA. The format would be no different from the previous NAT configuration other than for the different IP addresses ofcourse
  Of the above ways
  The first way is good because the actual hosts will have the public IP addresses. Therefore you wont run into problems with DNS when the LAN users are trying to access the server.
  The second way is the one requiring the least amount of configurations/changes on the ASA. In this case though you might run into problem with DNS (to which I refer above) as the server actually has a private IP address but the public DNS might reply to the LAN hosts with a public IP address and therefore connections from LAN could fail. This is because LAN users cant connect to the servers OUTSIDE NAT IP address (unless you NAT the server to public IP address towards LAN also)
  Hopefully the above was helpfull. Naturally ask more specific questions and I'll answer them. Hopefully I didnt miss something. But please ask more
  I'm currently at Cisco Live! 2013 London so in the "worst case" I might be able to answer on the weekend at earliest.
  - Jouni