Router NAT IP block using Access List

Hi All
   Strange issue we have here. First time I've come across this.
   Question: Is it possible to use an access-list on a NAT IP address on a Cisco router? For example, say we have our internal mail server 192.168.1.5 and it's NATed to the outside on port 25 say to 222.1.1.5. Is there a way to apply an access list to this external IP so that only certain outside users can get to this server using port 25??
Thanks all!

Anyone?

Similar Messages

  • Static NAT using access-lists?

    Hi,
    i have an ASA5520 and im having an issue with static nat configuration.
    I have an inside host, say 1.1.1.1, that i want to be accessible from the outside as address 2.2.2.2.
    This is working fine. The issue is that i have other clients who i would like to access the host using its real physical address of 1.1.1.1.
    I have got this working using nat0 as an exemption, but as there will be more clients accessing the physical address than the nat address i would like to flip this logic if possible.
    Can i create a nat rule that only matches an access list i.e. 'for clients from network x.x.x.x, use the nat from 2.2.2.2 -> 1.1.1.1' and for everyone else, dont nat?
    My Pix cli skills arent the best, but the ASDM suggests that this is possible - on the nat rules page there is a section for the untranslated source to ANY, and if i could change ANY i would but dont see how to...
    Thanks,
    Des

    Des,
    You need to create an access-list to be used with the nat 0 statement.
    access-list inside_nonat extended permit ip 1.1.1.1 255.255.255.255 2.2.2.2 255.255.255.255
    - this tells the pix/asa to NOT perform NAT for traffic going from 1.1.1.1 to 2.2.2.2
    then use NAT 0 statement:
    nat (inside) 0 access-list inside_nonat
    to permit outside users to see inside addresses without NAT, flip this logic.
    access-list outside_nonat extended permit ip 2.2.2.2 255.255.255.255 1.1.1.1 255.255.255.255
    nat (outside) 0 access-list outside_nonat
    you'll also have to permit this traffic through the ACL of the outside interface.
    access-list inbound_acl extended permit ip 2.2.2.2 255.255.255.255 1.1.1.1 255.255.255.255
    - Brandon

  • Access-list block range of hosts

    cisco 2600 router with wic1-adsl card
    I'm having difficulty creating an access-list that will block a range of specified internet ip's but allow evrything else. Google finds loads of acl's showing how to permit a range but nothing about how to deny.
    In the past I've been able to deny a host using:
    access-list 105 deny   ip any host A.B.C.D. but that only blocks one host and not a range (unless you have loads of entries)
    My reason for this is to block baiduspider.com from accessing my server. Baidu uses a large range of ip's but so far they're confined to 123.125.*.*, 61.135.*.* and 220.181.*.*
    I tried:
    access-list 10 deny   123.125.0.0 0.0.0.255
    access-list 10 deny   220.181.0.0 0.0.0.255
    access-list 10 deny   61.135.0.0 0.0.0.255
    access-list 10 permit any
    all web traffic comes via the adsl-wic card in the router so I put:
    ip access-group 10 out
    into the dialer0 config but this didn't work.
    thanks for any help.

    it looks like I've done it. I was using the wrong subnet mask.
    I changed the access list to:
    access-list 10 deny   A.B.0.0    0.0.255.255 and from that moment baidu disappeared from the web log.

  • Need help for access list problem

    Cisco 2901 ISR
    I need help for my configuration.... although it is working fine but it is not secured cause everybody can access the internet
    I want to deny this IP range and permit only TMG server to have internet connection. My DHCP server is the 4500 switch.
    Anybody can help?
             DENY       10.25.0.1 – 10.25.0.255
                              10.25.1.1 – 10.25.1.255
    Permit only 1 host for Internet
                    10.25.7.136  255.255.255.192 ------ TMG Server
    Using access-list.
    ( Current configuration  )
    object-group network IP
    description Block_IP
    range 10.25.0.2 10.25.0.255
    range 10.25.1.2 10.25.1.255
    interface GigabitEthernet0/0
    ip address 192.168.2.3 255.255.255.0
    ip nat inside
    ip virtual-reassembly in max-fragments 64 max-reassemblies 256
    duplex auto
    speed auto
    interface GigabitEthernet0/1
    description ### ADSL WAN Interface ###
    no ip address
    pppoe enable group global
    pppoe-client dial-pool-number 1
    interface ATM0/0/0
    no ip address
    no atm ilmi-keepalive
    interface Dialer1
    description ### ADSL WAN Dialer ###
    ip address negotiated
    ip mtu 1492
    ip nat outside
    no ip virtual-reassembly in
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication pap callin
    ppp pap sent-username xxxxxxx password 7 xxxxxxxxx
    ip nat inside source list 101 interface Dialer1 overload
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip route 10.25.0.0 255.255.0.0 192.168.2.1
    access-list 101 permit ip 10.25.0.0 0.0.255.255 any
    access-list 105 deny   ip object-group IP any
    From the 4500 Catalyst switch
    ( Current Configuration )
    interface GigabitEthernet0/48
    no switchport
    ip address 192.168.2.1 255.255.255.0 interface GigabitEthernet2/42
    ip route 0.0.0.0 0.0.0.0 192.168.2.3

    Hello,
    Host will can't get internet connection
    I remove this configuration......         access-list 101 permit ip 10.25.0.0 0.0.255.255 any
    and change the configuration ....      ip access-list extended 101
                                                                5 permit ip host 10.25.7.136 any
    In this case I will allow only host 10.25.7.136 but it isn't work.
    No internet connection from the TMG Server.

  • Port Forwarding & Access List Problems

    Good morning all,
    I am trying to set up port forwarding for a Webserver we have hosted here on ip: 192.168.0.250 - I have set up access lists, and port forwarding configurations and I can not seem to access the server from outside the network. . I've included my config file below, any help would be greatly appreciated!  I've researched a lot lately but I'm still learning.  Side note:  I've replaced the external ip address with 1.1.1.1.
    I've added the bold lines in the config file below in hopes to forward port 80 to 192.168.0.250 to no avail.  You may notice I dont have access-list 102 that i created on any interfaces.  This is because whenever I add it to FastEthernet0/0, our internal network loses connection to the internet. 
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname pantera-office
    boot-start-marker
    boot-end-marker
    no logging buffered
    enable secret 5 $1$JP.D$6Oky5ZhtpOAbNT7fLyosy/
    aaa new-model
    aaa authentication login default local
    aaa session-id common
    dot11 syslog
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.0.1 192.168.0.150
    ip dhcp excluded-address 192.168.0.251 192.168.0.254
    ip dhcp pool private
       import all
       network 192.168.0.0 255.255.255.0
       dns-server 8.8.8.8 8.8.4.4 
       default-router 192.168.0.1 
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    ip domain name network.local
    multilink bundle-name authenticated
    crypto pki trustpoint TP-self-signed-4211276024
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-4211276024
     revocation-check none
     rsakeypair TP-self-signed-4211276024
    crypto pki certificate chain TP-self-signed-4211276024
     certificate self-signed 01
      3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
      69666963 6174652D 34323131 32373630 3234301E 170D3132 30383232 32303535 
      31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32313132 
      37363032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
      8100B381 8073BAC2 C322B5F5 F9595F43 E0BE1A27 FED75A75 68DFC6DD 4C062626 
      31BFC71F 2C2EF48C BEC8991F 2FEEA980 EA5BC766 FEBEA679 58F15020 C5D04881 
      1D6DFA74 B49E233A 8D702553 1F748DB5 38FDA3E6 2A5DDB36 0D069EF7 528FEAA4 
      93C5FA11 FBBF9EA8 485DBF88 0E49DF51 F5F9ED11 9CF90FD4 4A4E572C D6BE8A96 
      D61B0203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06 
      03551D11 04253023 82217061 6E746572 612D6F66 66696365 2E70616E 74657261 
      746F6F6C 732E6C6F 63616C30 1F060355 1D230418 30168014 31F245F1 7E3CECEF 
      41FC9A27 62BD24CE F01819CD 301D0603 551D0E04 16041431 F245F17E 3CECEF41 
      FC9A2762 BD24CEF0 1819CD30 0D06092A 864886F7 0D010104 05000381 8100604D 
      14B9B30B D2CE4AC1 4E09C4B5 E58C9751 11119867 C30C7FDF 7A02BDE0 79EB7944 
      82D93E04 3D674AF7 E27D3B24 D081E689 87AD255F B6431F94 36B0D61D C6F37703 
      E2D0BE60 3117C0EC 71BB919A 2CF77604 F7DCD499 EA3D6DD5 AB3019CA C1521F79 
      D77A2692 DCD84674 202DFC97 D765ECC4 4D0FA1B7 0A00475B FD1B7288 12E8
      quit
    username pantera privilege 15 password 0 XXXX
    username aneuron privilege 15 password 0 XXXX
    archive
     log config
      hidekeys
    crypto isakmp policy 1
     encr 3des
     authentication pre-share
     group 2
    crypto isakmp key xxxx address 2.2.2.2
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
    crypto map SDM_CMAP_1 1 ipsec-isakmp 
     description Tunnel to 2.2.2.2
     set peer 2.2.2.2
     set transform-set ESP-3DES-SHA 
     match address 100
    interface FastEthernet0/0
     description $ETH-WAN$
     ip address 2.2.2.2 255.255.255.0
     ip nat outside
     ip virtual-reassembly
     duplex auto
     speed auto
     crypto map SDM_CMAP_1
    interface FastEthernet0/1
     description $ETH-LAN$
     ip address 192.168.0.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly
     duplex auto
     speed auto
    interface Serial0/0/0
     no ip address
     shutdown
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 1.1.1.1
    no ip http server
    ip http authentication local
    no ip http secure-server
    ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
    ip nat inside source static tcp 192.168.0.254 20 1.1.1.1 20 extendable
    ip nat inside source static tcp 192.168.0.254 21 1.1.1.1 21 extendable
    ip nat inside source static tcp 192.168.0.252 22 1.1.1.1 22 extendable
    ip nat inside source static tcp 192.168.0.252 25 1.1.1.1 25 extendable
    ip nat inside source static tcp 192.168.0.250 80 1.1.1.1 80 extendable
    ip nat inside source static tcp 192.168.0.252 110 1.1.1.1 110 extendable
    ip nat inside source static tcp 192.168.0.250 443 1.1.1.1 443 extendable
    ip nat inside source static tcp 192.168.0.252 587 1.1.1.1 587 extendable
    ip nat inside source static tcp 192.168.0.252 995 1.1.1.1 995 extendable
    ip nat inside source static tcp 192.168.0.252 8080 1.1.1.1 8080 extendable
    ip nat inside source static tcp 192.168.0.249 8096 1.1.1.1 8096 extendable
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 100 remark CCP_ACL Category=4
    access-list 100 remark IPSec Rule
    access-list 100 permit ip 192.168.0.0 0.0.0.255 10.0.100.0 0.0.0.255
    access-list 101 remark CCP_ACL Category=2
    access-list 101 remark IPSec Rule
    access-list 101 deny   ip 192.168.0.0 0.0.0.255 10.0.100.0 0.0.0.255
    access-list 101 permit ip 192.168.0.0 0.0.0.255 any
    access-list 102 remark Web Server ACL
    access-list 102 permit tcp any any
    snmp-server community public RO
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps vrrp
    snmp-server enable traps ds1
    snmp-server enable traps tty
    snmp-server enable traps eigrp
    snmp-server enable traps envmon
    snmp-server enable traps flash insertion removal
    snmp-server enable traps icsudsu
    snmp-server enable traps isdn call-information
    snmp-server enable traps isdn layer2
    snmp-server enable traps isdn chan-not-avail
    snmp-server enable traps isdn ietf
    snmp-server enable traps ds0-busyout
    snmp-server enable traps ds1-loopback
    snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
    snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
    snmp-server enable traps disassociate
    snmp-server enable traps deauthenticate
    snmp-server enable traps authenticate-fail
    snmp-server enable traps dot11-qos
    snmp-server enable traps switch-over
    snmp-server enable traps rogue-ap
    snmp-server enable traps wlan-wep
    snmp-server enable traps bgp
    snmp-server enable traps cnpd
    snmp-server enable traps config-copy
    snmp-server enable traps config
    snmp-server enable traps entity
    snmp-server enable traps resource-policy
    snmp-server enable traps event-manager
    snmp-server enable traps frame-relay multilink bundle-mismatch
    snmp-server enable traps frame-relay
    snmp-server enable traps frame-relay subif
    snmp-server enable traps hsrp
    snmp-server enable traps ipmulticast
    snmp-server enable traps msdp
    snmp-server enable traps mvpn
    snmp-server enable traps ospf state-change
    snmp-server enable traps ospf errors
    snmp-server enable traps ospf retransmit
    snmp-server enable traps ospf lsa
    snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
    snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
    snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
    snmp-server enable traps ospf cisco-specific errors
    snmp-server enable traps ospf cisco-specific retransmit
    snmp-server enable traps ospf cisco-specific lsa
    snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
    snmp-server enable traps pppoe
    snmp-server enable traps cpu threshold
    snmp-server enable traps rsvp
    snmp-server enable traps syslog
    snmp-server enable traps l2tun session
    snmp-server enable traps l2tun pseudowire status
    snmp-server enable traps vtp
    snmp-server enable traps aaa_server
    snmp-server enable traps atm subif
    snmp-server enable traps firewall serverstatus
    snmp-server enable traps isakmp policy add
    snmp-server enable traps isakmp policy delete
    snmp-server enable traps isakmp tunnel start
    snmp-server enable traps isakmp tunnel stop
    snmp-server enable traps ipsec cryptomap add
    snmp-server enable traps ipsec cryptomap delete
    snmp-server enable traps ipsec cryptomap attach
    snmp-server enable traps ipsec cryptomap detach
    snmp-server enable traps ipsec tunnel start
    snmp-server enable traps ipsec tunnel stop
    snmp-server enable traps ipsec too-many-sas
    snmp-server enable traps ipsla
    snmp-server enable traps rf
    route-map SDM_RMAP_1 permit 1
     match ip address 101
    control-plane
    line con 0
     logging synchronous
    line aux 0
    line vty 0 4
    scheduler allocate 20000 1000
    end
    Any/All help is greatly appreciated!  I'm sorry if I sound like a newby!
    -Evan

    Hello,
    According to the config you posted 2.2.2.2 is your wan ip address and 1.1.1.1 is the next hop address for your wan connection. The ip nat configuration for port forwarding should look like
    Ip nat inside source static tcp 192.168.0.250 80 2.2.2.2 80
    If your provider assigns you a dynamic ipv4 address to the wan interface you can use
    Ip nat inside source static tcp 192.168.0.250 80 interface fastethernet0/0 80
    Verify the settings with show ip nat translation.
    Your access list 102 permits only tcp traffic. If you apply the acl to an interface dns won't work anymore (and all other udp traffic). You might want to use a statefull firewall solution like cbac or zbf combined with an inbound acl on the wan interface.
    Best Regards
    Lukasz

  • Access-list on secondary IP

    Hi,
    I would like to ask help if i can block the secondary IP internet access? i will place it on the primary access-list created.
    example
    (primary blocking internet access access-list)
    ip access-list extended http100
    permit tcp host 10.99.100.1 host 10.108.20.1 eq 80
    ip access-list extended http100
    permit tcp host 10.99.102.1 host 10.108.20.1 eq 80
    permit ip any any
    would the commands above block the internet of the secondary IP 10.99.102.x?
    thanks,
    Eduard

    Hi Rick,
    I have a router and currently blocks internet access on certain IP's. On that segment i created a secondary IP address 10.99.102.x.
    My question is how do i block secondary internet access by using an access-list?
    I thought of that since the secondary IP's interface is the same as the primary one, i'll put the exception there on the existing access-list. would it block the IP's of the secondary accessing the internet.
    Hope this is clearer.
    oh,i think i missed typed something on the access-list, let me create another example:
    ip access-list extended http101
    permit tcp host 10.99.100.1 host 10.100.100.1 eq 80 (primary ip and proxy)
    permit tcp host 10.99.102.1 host 10.100.100.1 eq 80 (secondary ip and proxy)
    deny tcp 10.99.100.0 0.0.0.255 host 10.100.100.1 eq 80
    deny tcp 10.99.102.0 0.0.0.255 host 10.100.100.1 eq 80
    permit ip any any
    all ip's internet will be blocked except for 10.99.100.1 and 10.99.102.1
    thanks,
    Eduard

  • Router Natting

    Hello,
    I have only 1 public IP on my router outside interface which is connected to ISP,
    I wanna just confirm the below from u experts,
    I want to create a site -to site VPN with other branches i have a proper IOS ------- I hope i can do it
    The public IP on router outside interface,, can i use the same IP for static natting of web server (one to one) ????? If suppose i use in static natting and if i ping from internet to the public IP it will ping to router interface or it will ping to server IP ????-------- I hope we can't do it.
    IF i m not wrong then,, i hope i can use service distrbution with that same public IP  but not static natting (one to one).
    i hope there is no concept of firewall that if we do natting we need a access-list, On router without an access-list also users from internet can access the inside servers only natting should be provided.
    Tx

    Hello Estela,
    1- Yes you can configure a VPN site to site as long as the router supports it
    2-You cannot do a static one to one with the outside interface of the asa that will be used for other host to go to the internet., instead of that you can configure port-forwarding that will work for inbound connections ( Just TCP and UDP as these protocols use ports)
    3-Yes, you can do it as I explained on previus answer
    4-That is correct, without ACL everything is allowed.
    Regards,
    Julio
    Rate helpful posts!

  • Access-list searching

    Hi all, I have only small questin. Do anyone of you know the way, how to easy find if communication is allowed or denied by access-list? I cannot try communication, I can only work with lines of access-list in console. Maybe its exist some program or script for searching in access-list. THX for you advice.

    a) sh access-list (name )
    It will show you the hitcount
    inet-FW# sh access-list no-nat-dmz
    access-list no-nat-dmz; 2 elements
    access-list no-nat-dmz line 1 permit ip 10.157.36.0 255.255.255.0 10.0.0.0 255.0
    .0.0 (hitcnt=0)
    access-list no-nat-dmz line 2 permit icmp 10.100.36.0 255.255.255.0 10.0.0.0 255
    .0.0.0 (hitcnt=0)
    you can use the Pipe command for specifics such as
    show access-list (name ) | include ftp
    it will give you all lines containing deny

  • Wi-Fi Card Access List no longer accessible

    At Telstra's suggestion I recently upgraded to a Telstra Gateway Max router. I set it up in the same way as my previous router with a Wi-Fi Access list of MAC addresses of devices to which I chose to give access to my Wi-Fi network. Yes I know that is not absolutely necessary but the facility is there so why not use it. Some time in the past few weeks the firmware on the router has been updated to cater for the new Telstra Air function. At the same time the ability to maintain the Wi-Fi Card Access List has disappeared although it still shows on the Help screen for the W-Fi functions. So now I am no longer able to add new devices or delete old devices from my Wi-Fi card Access List which is still being recognised by the software. This is a little like buying a family-size car and then having the dealer weld the back doors shut. The Telstra support staff struggle to understand the problem and suugest I contact the higher level support area who will not charge me if they can not solve the problem. Why should I pay for Telstra to solve a problem they caused! Has anyone else had a similar issue and how was it resolved?   

    It is something which has come up a few times since the release of the new Firmware update, it looks like it might be something to do with making Air work... but a number of features of the device in its initial state as intended by the manufacturer have been removed or limited by the Firmware in order to ensure the system runs as Telstra intend it to run... it is a matter of give and take... you have less features but it makes it simpler for the 'average user'...

  • WRT54Gv3 Looses/Blocks Internet Access

    After installing version 4.21.1 of the Linksys frimware on my router WRT54Gv3 it will loose and/or block access to the internet. It will do it at random times usually weeks apart. All the lights on the router look normal, my modem still shows a connection to the router. My computers will connect to the router wired or wireless and I can also login to the config page of the router. Visually everything looks fine. Power cycling the modem and router does not fix the problem. I have to perform a factory reset on the router before it will work again. Is anyone having this problem with v4 or below of the WRT54G router after installing 4.21.1 of the linksys firmware? My friends router does the same thing and he has v4. I have v3.
    Thanks

    Well my router has always had the default IP address.
    I also noticed that when the internet is being block that i can use the diagnostic tab and get a response using ping and perform trace routes.
    I can also release and renew my IP info from Comcast's DHCP Server.
    I've never had a signal issue with the router. I'm always able to connect to it using a wireless or wired connection. I connect successfully to the router it's that it blocks access to the internet to all the connected computers.
    I'm at a loss and so it seems with Linksys tech support. I had a chat with them and they made me do a factory reset then update the firmware and then perform a factory reset again. They felt that the firmware may have been somehow damaged when I previously updated the router. I feel like my router will start blocking internet access again by the end of the month. If not I'll let you know if resetting, flashing, and resetting thing worked.
    Message Edited by phoenixms on 06-05-200703:40 PM

  • BGP with access lists

    Hello,
    Can someone explain to me why we use access lists in a mpls cloud that uses IBGP. I thought for the most part  access lists were used on firewalls not routers running BGP. Do we even need access lists with bgp can't bgp work without access lists. What are the reasons for having access lists on a router for IBGP on a mpls cloud?
    Thanks,

    The only way to get access to your network is if the ISP misconfigures so that another company gets access to your IP networks by mistake or that someone gets access to a PC on the inside and can reach the networks from there. It could happen if someone accidentally downloads an e-mail attachment or something like that.
    It all depends on how critical the traffic is. If it's a bank there could be regulations in place that demands that all traffic is encrypted even if it is supposed to be private. If you compare it to a leased line, it's also secure as long as someone doesn't get access to it. So MPLS is like a virtual leased line in comparison.
    Daniel Dib
    CCIE #37149
    Please rate helpful posts.

  • MAC-Adress Filtering vs. Access - Lists

    We are using two WLC 4400 Series Controller for our Guest WLAN. They are installed the way Cisco Recommends . One in our LAN and one in the DMZ.
    I am looking for a possibility to deny company users the access to this WLAN with their notebooks. The WLAN has direkt internet access and we don't want our notebooks to be compromised...
    With MAC-Adress Filterring I can only permit access to a specific Wlan or is there a way to negogiate such a filter to use it for a denial?
    Is there a possibility to use access lists for the denial of specific Mac-Adresses to a specific WLAN ?
    Anyone an other good Idea how to solve this issue?

    Well... MAC-address filter would work, but if you have alot to input, it can be a headache. ACL's I don't think will work, because users will get an ip from the guest network and then how can you know who has what address. Create a username password webauth page. The credentials can be changed each day or week depending.... and give this out to guest users to access the guest network. Now internal user can't access this unless the username password slips out. If you really want to make it tough, use GPO and push out the wireless policy and lock out the feature to add a wireless network.

  • WRT1900AC does not block internet access in Parental Control

    Hi,My router does not block internet access on my other PC. I tryed "Always" tryed specific addresses, tryed IP addresses and everything tech support suggested. I even replaced the router at their advise. Nothing helped. I realize that the problem is not the router but probably my home network configuration, but I can't figure out what is it. To my defence, so couldn't they Does anybody have or had such a problem?Thank you

    What Firmware version is currently loaded?Can you post screen shots of how you have the controls configured?Does the User Manual give any configuration help?  Internet Service Provider and Modem Configurations  
     What ISP Service do you have? Cable or DSL?
     What ISP Modem Mfr. and model # do you have?  Router and Wired Configurations  
      Setup DHCP reserved IP addresses for all devices ON the router. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting and maintain consistency for applications that need to connect as well as mapped drives. 

  • ASA5520 access-list configuration?

    I have two asa5520s, version 7.2(2).
    I have use access-list for the firewall as:
    access-list outside extended permit ip object-group mydomain any
    access-list outside extended permit icmp object-group mydomain any
    access-group outside in interface outside.
    I believe that all the ip traffic should be allowed from machine AA in private network behind inside interface to a machine BB in public network (outside of outside interface of asa5520)
    (private) AA->asa5520->BB (public)
    However, it seems works for most of case, but, it do not work for certain port.
    telnet AA 80 -> it seems working fine
    telnet AA 3816 -> it is not work.
    when I do the packet trace on asa5520, it said access-list not allowed.
    Could anyone advice me what does my configuratin miss? How to corrrect this problem? and also, how can I see all the implicy rules which set by default?
    any comments will be appreciated
    Thanks in advance

    please upload/copy your config so we can see

  • Access list for ACS 3.3

    i wish to secure my ACS using access-list. however, allowing just tcp port 49 and/or tcp/udp port 65 doesnt seem to work. is there any other ports i need to open?

    When you say "it doesn't seem to work", what are you refering to, TACACS authentication or access to the ACS server for admin purposes?
    Can you add a "deny ip any any log" rule to the bottom of your access-list and check which protocols are being dropped?
    Thanks
    PD

Maybe you are looking for

  • [SOLVED] Only HDMI/Displayport audio outputs; no sound from speakers

    I have a Dell XPS14 running Arch, which has worked fine for a while, but now has suddenly stopped detecting the internal speakers and headphones, so it will not play sound.   I have tried a few things to narrow down the problem, but I've had no luck

  • At user-command with input on

    Hi,        In the below code i am using an option input on ,where the user has to give the inputs manually. After giving the input,if i give save the values which are fetched from itab are saved in ztable. wa_new-idrum1 which is given by user is not

  • What font is used on the mozilla website?

    Would love to use this for my website. Please help :)

  • Screen Capture for Droid Incredible 2

    I have been trying to figure out how to do the screen capture on my Droid Incredible 2. I accidently did it last night but I'm not sure what I pressed. Does anyone have any idea how to do it?

  • Errors after upgrading OS X

    So I've recently upgraded to a new iMac...it's great, but... Ever since I've upgraded OSX to 10.4.5, randomly apps will refuse to open. I get an error reading something along the lines of "_____.app cannot open. Error -10810". The application will re