Router Configration
Dears,
Please tell me some interview question on SAP router.
I have configured it properly so just want to have some theoritical knowledge also.
Thanks for your help.
Deepak.
Hi Deepak,
Read contents from below link you will get lot of knowledge.
http://help.sap.com/saphelp_nw70/helpdata/EN/4f/992ce8446d11d189700000e8322d00/content.htm
Regards
Ashok
Similar Messages
-
Latop lose connection with router and reconnect every 3 min
hi,
i have bought a wrv200 router of yu company but i have a problem i think it is something with the settings of the router.when am on my latop on the electrical net i have no problem my connection to the router is pefect but when i go on my battery of my notebook i have connection to the router for 3 min then he desconnect en reconnect .so that is a problem if am dowloading something :s
can you help me
thnx,I don't think there is any issue with the router configration ,because the router can not differentiate between Electrical & Battery power to laptop .
So it has to be some Power settings on wireless card ,may be you can go to wireless card properties & try tweaking some settings in Power Management . -
Hi Experts, i have Linksy WRT54G, firmware 7.00.1, am using internet cable (DSL) my network provider shared folders for movies,songs etc....i can open that folder when i connect wire to direct system (not through router) run " //super-admin ", but sharing not open when i connect internet through router how can i set dynamic ip and pppoe ip both?? Please any one can tell?
summations wrote:
i dont really know about pppoe etc...
1st : actually my network service provider gave me user name and password which i put in router configration in PPPOE...
i switched the main wire to router WAN Port , and in LAN port there are two computer connected one is mine one is my brother... i am using router just as a hub ... in this process i cant able to see network sharing computers.. when i open run in windows and type " \\super-admin" (which my network gave my address his sharing drives) the sharing didnt open .... but when i type his ip like "\\10.0.4.3" then its open but speed is zero i mean i cant see movie on from that folder and even cant download coz speed is appx 56 kbs.....
2nd : when i connevt wire direct to my pc ("not through router"only one computer run) then i have put ip address in TCP/IPv4, ip : 192.168......and subnetmask 255.255.255.0 and default gateway "NIL"... then sharing running perfectly with no problem...
i have contact to my network service provider he told that you have to configure your linksys router, unfornunately he dont know about linksys router but he told me that he faced same problem in TPlink router , he solved the problem to set pppoe and dynamatic ip both in TPlink configration but he dont know about linksys that how to set both ip...
this is all information.. hope u got it... waiting for your answer................
am using windoiws 7ultimale
Regards
Ramiz
You mentioned on this post that you want the router to be a hub, do you intend to make the router a switch or a passthrough device. If so then you might need to read this link in cascading routers through LAN-to-LAN:http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&docid=785463d9ecaf4cac84aed245b08d615f_3733.xml&pid=80&r.... -
Can someone help me , i gave up
I have two main problems:
In a company which uses voip and initially it has only calls to and from the pstn and to...no calls yet going via wan...
1- i pluged 3 decitated pstn lines to 3 fxo ports ( ex. port 0/0/0 , 0/0/1, and 0/0/2) and i have 3 extensions (admins) ( ex. 100,101,102) and i when the extension 100 place outgoing call i want him to use the line pluged in the port 0/0/0 and when the extension 101 place outgoing call i want him to use the line pluged in the port 0/0/1 and 102 uses port 0/0/2...
the other employees have another shared pstn lines to use....
I can`t use voip dial peer as there are no calls are going via wan.....
2-in the cisco cme which i`m using
CME# sh ver
Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Fri 22-Jan-10 02:04 by prod_rel_team
and CME# show telephony-service all
CONFIG (Version=4.1(0))
=====================
Version 4.1(0)
Cisco Unified Communications Manager Express
the problem is that the ip phone 7937 is not supported.
It doesn`t appear in the ephone type and also in the telephony-service load ... ?
this file apps37sccp.1-2-1-0.bin is there when i place the dir flash: command
I tried to install both files cmterm-7937-sccp.1-0-1.cop.sgn and cmterm-7937-sccp.1-4-3.zip in to the flash, the 7937 still can`t registered with the cme?
can any one help me plz?
thanksthanks, but
The cisco ios version is Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)
and the cme version is CONFIG (Version=4.1(0))
=====================
Version 4.1(0)
Cisco Unified Communications Manager Express
I want to upgrade the cisco ios version to 12.4(22)YB1 and the cme to 7.1 to support the conference ip phone 7937.
There is no enough memory in the flash ,so during the upgrading i will have to comfirm the erasing of the whole
flash .Then i`ll install the new ios and also the new cme version- ofcourse befor that i`ll backup the router
configration..
1- By doing this upgrading , is there something will get affected(like ip phones licenses, basic configurable automated attendant that cme ships with or ....) and does everything will return to work normally?
2-Is there any advices from you to guarantee that i`ll not face any problem...?
3- when outside call ( eg.from my mobile or pstn) dial into the company and the 333(receptionist) phone rings - it is written from unknown number even after i add the command caller-id enable. -
Do gatekeepers need a dedicated physical interface
I recently took control of a network that has several h323 vtc endpoints registered to a gatekeeper.
The 3700 router that is the gatekeeper has a physical interface that appears to only exist to be the IP address of the gatekeeper. The 3700 router has other physical interfaces such as the serial interface to the WAN plus the gateway interface for the LAN.
The 10/100 interface with the gatekeeper IP address has no other configuration besides the "ip address" command. It is also physically connected to the switch.
All the gatekeeper unique configs are in the gatekeeper config on the 3700.
Do I really need to dedicate a physical interface so be the gatekeeper? Can I usa loopback interface or use my gateway ip address?
Thank you.We've redeployed out gatekeeper using /32 loop back interfaces. We have 2 routers each with a /32 loop back. Then we have 1 gatekeeper on each router configred in a cluster with each other. It works great. Now we can use that physical interface for something else and we have redundancy.
Thanks for the input. -
hello,
I recently moved and got a new modem. now my wireless router isnt working. does anyone know what i can do to set it up again? Ive reinstalled the software and set up a new network but it tells me it cant connect. thanksWell the router configration is all based on your internet service provider ..
So could you let us know who is your internet service provider so that we could help you with the router configration ? -
Netbios/Partial Qualified Domain name for a Mac?
Is it possible to set a Netbios/Partial Qualified Domain name for a Mac the way one sets it for a PC? If so, where can this be set? Apparently, this is what my router uses to report clients connected by DHCP.
Mikethat did not work - I have a name entered in the
Sharing preference menu, and it does not show up.
Did you try setting the "DHCP Client ID" in the Network pane of System Preferences?
Even doing this may not work though... I know I had trouble getting a host name to show up correctly at my work. The DHCP server had picked up the previous name of my system and there didn't seem to be anything I could do from the client side to get it changed. The old system name was associated with my machines MAC address in the DHCP server and nothing I did from the client seemed to allow me to refresh the name the server had already latched onto. The network guys eventually had to delete the entry for my system off of the DHCP server and then allow my system to request a new IP address and refresh it's entry in the server. I have no idea how you might do something like this on a LinkSys router. I suppose the DHCP servers that run on these little personal routers are pretty rudimentary. I guess you might try doing some sort of reset on the router to see if it would reload client names. Or if you have your router configred to only allow connections from specific MAC addresses you might try deleting the entry for your Mac and then adding it back to see if that would trigger it to pick up a new client name.
sorry; I started a new thread because my question
is now much more focused. Someone told me the
Linksys router gets that info from the netbios name,
so I figured I should ask that specific question
with that specific subject title - maybe someone
knows how to specify this netbios name for a Mac,
but might not know or care anything about routers
and my specific problem.
It seems understandable that PCs would send their NetBIOS names to a DHCP server... but it seems to me that a Mac would send it's "sharing" name. I doubt that a LinkSys router would specifically request a NetBIOS name, but I don't really know... I don't have any experience with them. I suppose you could try turning on "Window Sharing" in system preferences to see it that made you Mac look more like a Windows box to the router. :^\
Steve -
Nokia n95 wifi connect to the router no getway rep...
i have nokia n95 i have a wofi router i want to connect my router ti using browsing when i connect the wifi to the router the message " no getway reply" so i need to full configration so pls help
Solved!
Go to Solution.There may be a few ways to go around this.
-Perhaps you may try opening the web browser > options > clear privacy data > all.
-If this does not help then go to the menu > tools > settings > connections > access points > scroll down to the router and delete the access point and try using the WLAN wiz to redefine the access point.
Mark me a KUDOS if this has helped... -
Typical configuration for Pix501 after router
Our network topology is:
wire from street -> cable modem -> router -> computers
The router is a simple Netgear wireless router. We want to install a Pix501 firewall for one of the computers only (cant do it for all computers for a complicated reason). So we want it to look like this:
wire from street -> cable modem -> router -> Pix501 -> one computer
The router uses IP addresses 192.168.1.x. We installed the Pix501 as shown above, but no matter what configuration we try, it is not working.
I've searched high and low through this forum for typical configuration to use in the Pix501. I've also read the official Cisco configuration guide at
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html ... but they all seem to discuss topologies where the Pix501 is between the cable modem and the router.
Can someone point me to a reference document that suggests a typical Pix501 configration settting for where the Pix501 is between the router and computer? Once I get a good starting point, I'm sure I can take it from there. Thanks!Hi,
If your aim is to just simply allow outbound traffic from the user behind the PIX to the Internet then there should not be that many things to configure on the PIX.
It would either have a static "outside" interface configuration with a static default route configuration pointing towards the Router gateway interface in the network 192.168.1.0/24.
If you have the PIX using DHCP then it will probably get the IP address and default route from the Router automatically.
Next you would have to make sure you have configured Dynamic PAT for the user so its connection will show up coming from the 192.168.1.0/24 address space to the Router. Otherwise it might be visible to the Router with its original IP address and naturally the connections wouldnt work.
I guess you could always share the current configuration and let us see if there are any problems there. The software version and the device itself are pretty old though. Pretty ancient configuration format
- Jouni -
Platin GUI Configration Problem
Hi Experts,
I Just Installed PlatinGUI on Ubuntu And Followed the Procedure Explained in Following Thread:
Link:http://forums.sdn.sap.com/thread.jspa?threadID=1214463
But I got Confused As i have Router String, Application Server ,Instance Number , System ID and Description with Me which i Generally put in SAPGuI for Windows.
Can AnyOne Provide Me Connection String if :
Description: ABCD
Application Server: 1.1.1.1
Instance Number : 00
System ID : XYZ
SAProuter String: 2.2.2.2
Thanks In AdvanceHi Naveen,
I did This Earlier But it is giving Error Which is As Follows :
Error: internal error
Location: SAProuter 21.10 on 'SVRQWR01'
Tue Feb 16 23:24:56 2012
Release 701
Component NI (network interface), version 38
rc = -93, module nirout.cpp, line 2286
Detail NiRClientHandle: route expected
And Also I wanted to now which all values from above Example are Mandatory to Pass in PlatinGui Configration String..
Regards,
Ashish Sachdeva -
Hi expert
I am sap BASIS admin last one year , I have no idead , how configre stms , we have Prodction server(prd-500) development server(dev-204) and Quality server(qty-300).
How will configre the TMS(Transport management system) , Please guide me .
thanks
with best regards
venkatHi,
first of all you decide which system you want to make domain controler (DEV or QAS or PRD) in configuration of TMS.
Than login in 000 client (which system you want to make domain controler.run STMS & click on
overview --->Transport routes -->
And than Configuration -> Standard configuration->Three system in landscape.
give their SID.
login on other system & run stms give domain controler name (Domain_SID)in Transp. Domain .
Accept this request in domain controler .And than click on system & run update configuration.
karan -
Hi,
I have 2800 series route at central location with PRI line and remote location with BRI line and DLINK router. i have 10 remote site.
Now i want to connect my multiple remote site through BRI to my PRI at central location
can you guide me with the configration at the central location PRI part
I am in INDIA
Bhargavin india we have E1 as a PRI follow the procedure.
Configuring Channelized E1 ISDN PRI
To configure ISDN PRI on a channelized E1 controller, use the following commands beginning in global configuration mode:
Command Purpose
Step 1
isdn switch-type switch-type
Selects a service provider switch type that accommodates PRI. (Refer to Table 17 for a list of supported switch type keywords.)
Step 2
controller e1 slot/port
or
controller e1 number
Defines the controller location in the Cisco 7200 or Cisco 7500 series router by slot and port number.
Defines the controller location in the Cisco 4000 series or the Cisco AS5200 universal access server by unit number.1
Step 3
framing crc4
Defines the framing characteristics as cyclic redundancy check 4 (CRC4).
Step 4
linecode hdb3
Defines the line code as high-density bipolar 3 (HDB3).
Step 5
pri-group [timeslots range]
Configures ISDN PRI.
.1 Controller numbers range 0 through 2 on the Cisco 4000 series and 1 to 2 on the Cisco AS5200 access server.
If you do not specify the time slots, the specified controller is configured for 30 B channels and 1 D channel. The B channel numbers range 1 to 31; channel 16 is the D channel for E1. Corresponding serial interfaces numbers range 0 to 30. In commands, the D channel is interface serial controller-number:15. For example, interface serial 0:15.
Table 17lists the keywords for the supported service provider switch types to be used in Step 1 above.
Dlink you have to configure simple dial-up connectivity with PRI.
Thanks,
Dharmesh Purohit -
How do I use my airport extreme with my FIOS router?
How do I use my AirPort Extreme base station with my FIOS Router to extend my network? I have hard disks connected to my AirPort Extreme and would lik to access them.
Probably can't answer all your questions - but.... I use a Linksys (wired and wireless) router as my primary entry point for FIOS. I use a Time Capsule and an Airport Express as a common wireless connection. So I have two visibile wireless networks and use them both depending on where I am in the house. Both the TC and AEx can be seen either wirelessly or wired from the entire network. Note - the Linksys provides all the DHCP - you set the apple routers as "bridge mode."
-
ASA 5505 VPN clients can't ping router or other clients on network
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
Result of the command: "show running-config"
: Saved
ASA Version 7.2(4)
hostname ASA
domain-name default.domain.invalid
enable password kdnFT44SJ1UFX5Us encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.0.0.4 Server
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list vpn_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 10.0.0.192 255.255.255.192
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNpool 10.0.0.220-10.0.0.240 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
static (inside,outside) tcp interface pop3 Server pop3 netmask 255.255.255.255
static (inside,outside) tcp interface www Server www netmask 255.255.255.255
static (inside,outside) tcp interface https Server https netmask 255.255.255.255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable 480
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
group-policy vpn internal
group-policy vpn attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_splitTunnelAcl
username admin password wwYXKJulWcFrrhXN encrypted privilege 15
username VPNuser password fRPIQoKPyxym36g7 encrypted privilege 15
username VPNuser attributes
vpn-group-policy vpn
tunnel-group vpn type ipsec-ra
tunnel-group vpn general-attributes
address-pool VPNpool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:df7d1e4f34ee0e155cebe86465f367f5
: end
Any ideas what I need to add to get the vpn client to be able to ping the router and clients?
Thanks.I tried that and it didn't work. As for upgrading the ASA version, I'd like to but this is an old router and I don't have a support contract with Cisco anymore, so I can't access the latest firmware.
here is the runnign config again:
Result of the command: "show startup-config"
: Saved
: Written by enable_15 at 01:48:37.789 MDT Wed Jun 20 2012
ASA Version 7.2(4)
hostname ASA
domain-name default.domain.invalid
enable password kdnFT44SJ1UFX5Us encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.0.0.4 Server
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list vpn_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 10.0.0.192 255.255.255.192
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNpool 10.0.0.220-10.0.0.240 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
asdm location Server 255.255.255.255 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
static (inside,outside) tcp interface pop3 Server pop3 netmask 255.255.255.255
static (inside,outside) tcp interface www Server www netmask 255.255.255.255
static (inside,outside) tcp interface https Server https netmask 255.255.255.255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable 480
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
group-policy vpn internal
group-policy vpn attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_splitTunnelAcl
username admin password wwYXKJulWcFrrhXN encrypted privilege 15
username VPNuser password fRPIQoKPyxym36g7 encrypted privilege 15
username VPNuser attributes
vpn-group-policy vpn
tunnel-group vpn type ipsec-ra
tunnel-group vpn general-attributes
address-pool VPNpool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:78864f4099f215f4ebdd710051bdb493 -
Firewall reverse routing issue:
Dear Friends,
I am using ASA 5505 with base license and ISP connected directly on the firewall.While L# switch is connected through firewall also.
my configuration is :
ASA Version 7.2(4)
hostname CiscoFirewall03316
domain-name default.domain.invalid
enable password Ko5SCsPM2YQ1wt2G encrypted
passwd Ko5SCsPM2YQ1wt2G encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 10.192.32.11 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 112.23.24.25 255.255.255.248
interface Vlan10
no nameif
security-level 90
ip address 192.168.0.3 255.255.240.0
<--- More --->
interface Vlan50
no nameif
security-level 80
ip address 10.195.32.15 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 10
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 50
interface Ethernet0/6
interface Ethernet0/7
<--- More --->
ftp mode passive
clock timezone IST 5 30
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 121.242.190.181
name-server 121.242.190.210
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list in_out extended permit ip any any
access-list out_in extended permit ip any any
access-list out_in extended permit ip any 112.23.24.25 255.255.255.248
access-list cisco_splitTunnelAcl standard permit 0.0.0.0 255.255.255.0
access-list cisco_splitTunnelAcl_1 standard permit any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool ciscouser 10.10.10.240-10.10.10.249 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
<--- More --->
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group in_out in interface inside
access-group out_in in interface outside
route inside 192.168.0.0 255.255.240.0 192.168.0.2 1
route outside 0.0.0.0 0.0.0.0 112.23.24.25 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 10.192.32.0 255.255.255.0 inside
http 112.23.24.0 255.255.255.248 outside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_DES_SHA mode transport
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
<--- More --->
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set TRANS_ESP_DES_SHA
crypto dynamic-map outside_dyn_map 100 set pfs
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
client-update enable
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
<--- More --->
telnet 10.192.32.0 255.255.255.0 inside
telnet 0.0.0.0 0.0.0.0 outside
telnet 112.23.24.0 255.255.255.0 outside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server none
vpn-tunnel-protocol l2tp-ipsec
group-policy cisco internal
group-policy cisco attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cisco_splitTunnelAcl_1
username test password tFqxsrS5ErBk4STW encrypted privilege 0
username test attributes
vpn-group-policy cisco
username admin password V5OS2TRb/vQZ7oZ9 encrypted
username ciscouser password 6aU35/UOvPoumpKWCFYSig== nt-encrypted privilege 0
username ciscouser attributes
vpn-group-policy DefaultRAGroup
<--- More --->
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup general-attributes
address-pool ciscouser
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
<--- More --->
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
policy-map type inspect im Google
parameters
match protocol msn-im yahoo-im
drop-connection log
service-policy global_policy global
prompt hostname context
Cryptochecksum:a883391680fa205ee31f05881761958c
: end
Everything is running fine on vlan 1 but vlan 10 is not running from user end.there is no ping from inside of 192.168.0.2
Please advise me.ThanksThere are 2 conflicting configuration:
interface Vlan10
no nameif
security-level 90
ip address 192.168.0.3 255.255.240.0
and "route inside 192.168.0.0 255.255.240.0 192.168.0.2 1"
How do you want to connect VLAN 10? is it on its own interface on the firewall? if it is, then you would need to configure a name for it, via the nameif command, and remove the above route inside
if it is going to be a routed subnet via the inside interface, then the above route needs to be modified as follows:
route inside 192.168.0.0 255.255.240.0 10.192.32.x
--> 10.192.32.x needs to be the next hop which is your L3 switch vlan 1 interface ip
and you would also need to shutdown interface vlan 10 on the ASA and remove the IP Address.
Maybe you are looking for
-
RFC : Transaction Program not Registered
Hi Folks, We have registered the server program from the middleware onto SAP R/3 System and is successfully registered as per the logs. As a next step, we have logged into R/3 System, SM59, in the RFC destination (Type TCP/IP) after specifying the re
-
HELP! 5800 FREEZES ON ALARM! Desperately needed.
Hi, My nokia 5800 xpress music has had a problem before with freezing, but I chose to ignore it as it wasn't troublesome. However, this morning it froze at the beginning of my alarm going off. So I took the battery out and put it back again. As it tu
-
How do I reset any transforms on a placed ID page?
I have an ID document that is composed of other placed ID pages. I changed a dimension on the placed pages and synced them, but the changes are not showing up in the master document where the pages are placed. How do I trigger the page to update? For
-
How do I get iTunes to stop dropping while I'm shopping?
iTunes drops every time I use it. No other app comes close to being this bad. I have to start over about every three or four minutes.
-
I have to migrate and upgrade database from Oracle 10.2.0.3 (Solaris) to 11.2.0.3 (Linux). I know I can use datapump and TTS to migrate data. My steps would be Install oracle 11.2.0.3 binaries on Linux box and create the database with same name on So