Simple Router Config Issues
Forgive me, I have configured several routers on the inside but never a default gateway. It seems simple enough but I am stuck.
I can ping the Gateway from the inside. I can ping the inside from the gateway. I can ping the outside from the gateway, but I cannot ping the out side from the inside. (Or get to the DNS server assuming they have ICMP turned off) Heres my config (IPS have been changed to protect the innocent:) )
My guess is something is screwed up with NAT
Configuring g
!b
boot-start-ma
no
ip subnet-zeroered, becomes
no ip routinghe configurat
!n
!e
no ip cef
interface Ethernet0er enable secret: b
ip address 63.223.13.115 255.255.255.128The enable password is used when you do n
ip access-group 20 out
[OK]
ip nat outside
*Mar
enable
no ip route-cacheith some older sof
half-duplexs, and Trans
!i
ip nat inside source list 20 pool poolone
ip nat inside source static 192.168.10.5 63.223.13.121
ip classless
ip route 0.0.0.0 0.0.0.0 63.223.13.1
no ip http server
access-list 20 permit 192.168.0.0 0.0.255.255
banner login ^Cc
###### WARNING ######
AUTHORIZED ACCESS ONLY^C
line con 0
password 7 03005A1C011C70
login
line aux 0
line vty 0 4
password 7 06020E364B5D58
login
no scheduler allocate
end
ZaxT1#
Pro Inside global Inside local Outside local Outside global
--- 63.223.13.121 192.168.10.5 --- ---
ZaxT1#
I do not know how you generated this config listing but it seems to be quite garbled. So I am not sure how accurately we can evaluate it.
But one things that does appear to be there is that you are using access list 20 to control what addresses get translated by NAT and it permits 192.168.0.0/16. So that any address in 190.168.0.0 will get translated. However the same access list is applied outbound on Ethernet 0. So Ethernet 0 will only permit outbound traffic whose source address is 190.168.x.x. Except all these addresses have been translated so that the source address is no longer 192.168.x.x. This would prevent any traffic going out through Ethernet 0.
Do not use the same access list to control translation and to control outbound traffic on the interface.
HTH
Rick
Similar Messages
-
Hi all,
Hopefully this will be a nice easy one for you all.
I have recently configured and installed an 851 router successfully :) I now only have one issue, the damn thing switches itself off after a period of inactivity!
If I want to use it again I have to issue a reset command then a boot command.
This takes me to the:
router>
prompt. I then have to issue a copy start run command. And then a no shut on each of my interfaces.
Obviously I would just like the router to stay up and running. But I cant work out how to do it. Im sure that this is just a simple config issue and I would dearly love for you all to solve it!
If any of you know the answer can you please provide clear an accurate commands as I will copy it parrott fashion into the router.
Thank you all in advance.
StuartHello,
as spremkumar already pointed out the config register usually is set to 0x2102. You can reconfigure the register by:
Router#configute terminal
Router(config)#config-register 0x2102
Router(config)#end
Then perform a reload and check whether the config is present after the router finished booting.
Hope this helps! Please rate all posts.
Regards, Martin -
WRT54G firmware failure leaving no access to router config
I have a WRT54G router. Running Vista SP2 64-bit on a laptop wired to router. When I first tried to upgrade the firmware I was connected wirelessly. (I know, please just think it but don't type it) During the upgrade the internet connection disconnected and the upgrade failed. I am connecting right now wirelessly using someones unsecure network. I attempted to upgrade the firmware to 8.00.7. Since then I am unable to access the router config using IP 192.168.1.1. I have read as many posts as I can handle. I have checked and that is the IP showing in Vista, (Network & Sharing, view status, properties) however I cannot ping that IP. It times out every time. I have done all the resets (10 seconds and up to 1 minute) on the router and power cycle etc. Nothing. I downloaded the firmware utility and I get an error message everytime that it is unable to get responses from the server. I have tried my password, which I think is gone due to all the resets, and am using admin as the password. I have disabled my firewall. I do have Network Magic and when I checked control internet access it says I am able to do so. Is there a way to disable Network Magic? Can that be the issue? When all this started I had my own internet connetion. I'm in the process of moving so I have disconnected my internet service. Since I'm only trying to connect to the router locally, do I really need to have a live internet connection? Please, HELP! I don't want to buy a new router. This one has been very reliable. If I do have to buy something new, can you recommend something just as reliable.
There have been 2 or 3 times where it looked as though I was going to be able to connect to config interface and the firsrt basic screen loads with minimal data and no clickable links to allow me to change screens. The "&" from one of the links that is supposed to appear but does not, is the only thing that appears in that area and if I click it, I either get a error from IE that it cannot connect, or, it takes me to the Ports screen with minimal data and I cannot progress from there. In the top right corner of the screen, it does show the firmware version is 8.00.7. ?????
P.S. Obviously, I'm not very computer savvy so excuse me if I'm missing the obvious.
Message Edited by Steviegt on 09-29-2009 08:38 AM
Message Edited by Steviegt on 09-29-2009 08:43 AM
Windows Vista Home Premium SP2 64-bit
Internet Explorer v8
Office 2007 SP2 Home and Student
Outlook 2007 Standalone
ESET Smart Security
WRT54G v8.00.6
Solved!
Go to Solution.Its Great that your issue has been resolved now...
-
Reg:FWSM router mode issue
Hi,
I have a Cisco FWSM installed on Cisco 7613 router,the topology is like mentioned below,
7613+{FWSM}------3560---------3560----[10.220.0.0/29,10.220.1.0/29,10.220.2.0/29]
Here we created a p2p link between 7613 gig port and switch3560 gig port (say 10.220.1.252/29) and then there ia a trunk between both 3560 switches ,We wish to run FWSM in router mode and configured vlan groups 10(101,102)and 20(200,201),assigned both these groups to firewall module on router on vlan 200 ip add 192.168.2.1/24 has been given, while on fwsm on int vl 200, 192.168.2.2 ip has been given,although the interfaces are up and pinging their individual ip ads they are not pinging each other(both ip ads appear in sh arp though.Kindly help in resolving this issue.
Also i configured inside vlan 201as inside its also up and visible in arp of router but not pinging others kindly help in the resolution of this issue.
We need to put this firewall in front of the router which has a serial line to another 7600 router,how would i take traffic to fwsm ,pls suggest what else do i need to do ,as i m new to FWSM .
router config:
Router#sh firewall module
Module Vlan-groups
04 1,2
Router#sh firewall vlan-group
Display vlan-groups created by both ACE module and FWSM
Group Created by vlans
1 ACE 100-101,200-202
2 <empty>
Router#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.225.62.145 - 001d.a156.9300 ARPA GigabitEthernet10/1
Internet 10.225.62.146 107 001d.a1a5.fbc1 ARPA GigabitEthernet10/1
Internet 192.168.2.1 - 001d.a156.9300 ARPA Vlan200
Internet 192.168.2.2 7 0007.0e5c.3d00 ARPA Vlan200
Internet 192.168.3.1 4 0007.0e5c.3d00 ARPA Vlan201
Internet 192.168.3.2 - 001d.a156.9300 ARPA Vlan201
Fwsm config:
hostname FWSM
interface Vlan200
nameif outside
security-level 0
ip address 192.168.2.2 255.255.255.0
interface Vlan201
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect smtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:4e3eadb1a489f3b696d0c6da8b1b20b9
: end
FWSM#
FWSM# sh arp
outside 192.168.2.1 001d.a156.9300
inside 192.168.3.2 001d.a156.9300
eobc 127.0.0.81 0000.1800.0000
FWSM# sh int
Interface Vlan200 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 0007.0e5c.3d00, MTU 1500
IP address 192.168.2.2, subnet mask 255.255.255.0
Traffic Statistics for "outside":
6 packets input, 658 bytes
12 packets output, 1316 bytes
474 packets dropped
Interface Vlan201 "inside", is up, line protocol is up
Hardware is EtherSVI
MAC address 0007.0e5c.3d00, MTU 1500
IP address 192.168.3.1, subnet mask 255.255.255.0
Traffic Statistics for "inside":
6 packets input, 658 bytes
7 packets output, 726 bytes
107 packets droppedhi,
thanks for being so helpful,there is a little issue thats arisen, i can not ping inside address configured on fwsm(192.168.3.1)where as i can ping 192.168.3.2 on router interface.i cannot telnet fwsm using its outside interface ip 192.168.2.2 either,hereis my FWSM config ,kindly suggest if there is any mistake .
thanks.
Also i tried to ping inside fwsm interface from my client 10.220.2.2 and enabled debug,to get these ,
FWSM# debug icmp trace 255
debug icmp trace enabled at level 255
FWSM# ICMP echo request (len 50 id 2 seq 34642) 10.220.2.2 > 192.168.2.2
ICMP echo reply (len 50 id 2 seq 34642) 192.168.2.2 > 10.220.2.2
ICMP echo request (len 50 id 2 seq 34898) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 50 id 2 seq 34898) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 35154) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 35154) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 43602) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 43602) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 49746) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 49746) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 55634) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 55634) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 50 id 2 seq 25683) 10.220.2.2 > 192.168.2.2
ICMP echo reply (len 50 id 2 seq 25683) 192.168.2.2 > 10.220.2.2
ICMP echo request (len 50 id 2 seq 25939) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 50 id 2 seq 25939) 192.168.3.1 > 10.220.2.2
Kindly suggest what could be done.
thanks. -
I have an Airport Extreme as my router and am using time capsule to extend the network in my new house. My ISP is only providing me 4-5 ip addresses and wants me to set up my router to issue out new ip addresses for all my devices.How do I fix this?Help.
They said I need to change my settings to NAT settings. I haven't been able to figure out or find anything. I have also spoken to Apple Support on the phone for hours without being able to figure out how to do this ( i don't think he knew much either lol.) Please help me because I've got about 15-20 devices in my house that require to be connected to the internet and this is just making things ridiculously slow and painful for me.
Thanks!It is on DHCP & NAT under router mode yet my isp is still the one issuing ip addresses to my devices instead of the router issuing them
-
I can sync bookmarks in firefox for android, but only the ones that are on Bookmarks main folder, the folders create below the main folder are not synchronized. Is this a bug or a config issue?
ThanksThanks Barney, I tried that but all that comes up in Spotlight are the log files that show the file paths! I don't know how Steam works. Are all the files held by Steam on their server perhaps?
-
I have created a simple config file using something like:
XMLEncoder e = new XMLEncoder(
new BufferedOutputStream(
new FileOutputStream("Config.xml")));
e.writeObject(base.toString());
e.writeObject(numberFrom);
e.writeObject(numberTo);
e.writeObject(numberPad);
e.writeObject(maxTasks);
e.writeObject(maxSubTasks);
e.writeObject(textFrom);
e.writeObject(textTo);
e.close();which produces a file like:
<?xml version="1.0" encoding="UTF-8"?>
<java version="1.4.2_05" class="java.beans.XMLDecoder">
<string>C:\</string>
<int>1</int>
<int>20</int>
<int>2</int>
<int>0</int>
<int>1</int>
<string>a</string>
<string>z</string>
</java> I want to make it a bit more version proof so need to get something more like:
<?xml version="1.0" encoding="UTF-8"?>
<program name=myprog>
<dir>C:\</dir>
<version>1</version>
<myval1>20</myval1>
<myval2>2</myval2>
</program>There's probably loads of errors in that bit;) but you get the idea. I'm a bit new to xml programming.
Can anyone give me any urls of help or examples that might do this?
Thanks,
David.You could use a binding api such as JAXB or xmlbeans. In essence these apis abstract the xml as pure java objects. Alternatively you could use an xml parser such as dom4j and build the XML 'by hand'. This class will create an example config file and write it to the file system
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.serialize.OutputFormat;
import org.apache.xml.serialize.XMLSerializer;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
* Class to create a simple xml config file using W3C api
* @author wollnyj
public class CreateConfig {
* create the config file
*?xml version="1.0" encoding="UTF-8"?>
*<program name=myprog>
* <dir>C:\</dir>
* <version>1</version>
* <myval1>20</myval1>
* <myval2>2</myval2>
*</program>
* @param configFile
* @throws ParserConfigurationException
* @throws IOException
public CreateConfig(String configFile) throws ParserConfigurationException, IOException {
//Document doc = parseXml(configFile);
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
Document doc = factory.newDocumentBuilder().newDocument();
Element program = doc.createElement("program");
program.setAttribute("name","myprog");
Element dir = createEle("dir","c:\\",doc);
Element version = createEle("version","1",doc);
Element val1 = createEle("myval1","20",doc);
// etc...
program.appendChild(dir);
program.appendChild(version);
program.appendChild(val1);
doc.appendChild(program);
write(doc,new File(configFile));
* @param args
* @throws Exception
public static void main(String[]args) throws Exception {
CreateConfig create = new CreateConfig("F:\\config.xml");
* Write an xml document to the file system
* @param document The document to be written
* @param xmlFile The output file
* @throws IOException The file does not exist or could not be created
private void write(Document document, File xmlFile) throws IOException {
OutputFormat format = new OutputFormat(document);
format.setIndent(4);
format.setLineSeparator(System.getProperty("line.separator"));
format.setLineWidth(80);
FileWriter writer = new FileWriter(xmlFile);
XMLSerializer fileSerial = new XMLSerializer(new BufferedWriter(writer), format);
fileSerial.asDOMSerializer();
fileSerial.serialize(document);
private Element createEle(String name, String value, Document doc) {
Element ele = doc.createElement(name);
Text textNode = doc.createTextNode(value);
ele.appendChild(textNode);
return ele;
} -
Disappearance of IP Routing config on 6509
Our 6509 Switch (Cisco WS-C6504-E) suddenly lost its Routing table & entire Routing configs including all Static & Dynamic route configurations.
We had to turn on ip routing & restore the routing configuration .
Have anyone experienced this & does it could be some kind of caveat with the MSFC or the Layer 3 engine .
Any thoughts are welcome.
No config changes were applied to the switch ; except only a SNMP ip address was allowed .
Thanks
PrabsAh, ok, thanks. I guess that was pretty obvious, now that I know the answer.
The "ip routing" command isn't mentioned anywhere in the CLI documentation, but I guess if I'd thought about it a little longer, I may have come to the same conclusion.
Thanks Tom. -
Review my first 892 router config
This is the first router config that I have done, and I used CLI to program a Cisco model 892. There are about 10 users behind this router connected to a series SG300 switch. This router will provide DHCP, VLANs, and NAT access to the internet (via cable modem). The lan port is FE0 and the WAN port is FE8 to the internet. There are 4 Cisco WAP321 connected with two SSID's. The guest SSID (internet access only) uses VLAN2 and the normal SSID uses VLAN1.. Please let me know if there are security or efficiency improvements that I can add to this. Thanks!
! Last configuration change at 20:04:03 PST Mon Dec 22 2014
! NVRAM config last updated at 15:10:16 PST Mon Dec 22 2014
! NVRAM config last updated at 15:10:16 PST Mon Dec 22 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname gateway
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
no aaa new-model
clock timezone PST -8 0
ip cef
ip dhcp excluded-address 192.168.10.1 192.168.10.99
ip dhcp excluded-address 192.168.8.1 192.168.8.99
ip dhcp pool data
import all
network 192.168.8.0 255.255.255.0
default-router 192.168.8.1
dns-server 192.168.8.60
domain-name summmitdrive.local
ip dhcp pool guest_wifi
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 64.59.168.13 64.59.168.15
no ip domain lookup
ip domain name summitdrive.local
ip host gateway 192.168.0.1
ip host fs1 192.168.8.60
ip name-server 64.59.168.13
ip name-server 64.59.168.15
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO892-K9 sn FCZ1714C2ZD
username sdcadmin privilege 15 secret 4 zsc1w55wVxL1behpFMAW8XrxKcVujVnNHLpMKP.ZgXk
redundancy
ip ssh version 2
interface Loopback0
ip address 192.168.0.1 255.255.255.0
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
interface FastEthernet0
switchport mode trunk
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface FastEthernet4
no ip address
interface FastEthernet5
no ip address
interface FastEthernet6
no ip address
interface FastEthernet7
no ip address
interface FastEthernet8
ip address 184.71.128.156 255.255.255.252
ip access-group INBOUND_INTERNET in
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
interface Vlan1
description data_vlan
ip address 192.168.8.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan2
description guest_vlan
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list NAT interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 184.71.128.154
ip access-list extended INBOUND_INTERNET
permit icmp any host 184.71.125.118 echo-reply
permit icmp any host 184.71.125.118 time-exceeded
permit icmp any host 184.71.125.118 unreachable
deny ip any any log
ip access-list extended NAT
permit ip 192.168.0.0 0.0.255.255 any
ip access-list extended SSH
permit ip 192.168.8.0 0.0.0.255 any
control-plane
mgcp profile default
line con 0
logging synchronous
line aux 0
line vty 0 4
access-class SSH in
exec-timeout 5 0
login local
transport input ssh
ntp server 1.ca.pool.ntp.org
ntp server 0.ca.pool.ntp.org
endI've modified inbound_internet:
ip access-list extended INBOUND_INTERNET
permit icmp any host 184.71.125.118 echo-reply
permit icmp any host 184.71.125.118 time-exceeded
permit icmp any host 184.71.125.118 unreachable
permit udp any any eq ntp
permit tcp any any established
deny ip any any log
The idea is to block anything inbound unless it is an already established connection from the inside. Does that make sense? -
Security Wireless 857w router config.
Hi,
I do have adsl & wireless internet connection running properly under my Cisco 857w router.
However, I am trying to configuring with out success the (wap), my wifi internet connection still open for everyone.
I will really appreciate your advices.
Thanks in advance.
Daniel.Hi Brandon,
Thanks for your response, but unfortunally I could not setup my Wireless Security yet.
With the following config I am unable to connect with my laptop:
Encryption mode: "Cipher TKIP"
Authentication Key Management:
Key Management: "Mandatory" "WPA"
WPA Preshared key: "xxxxxxxxx" "ascii"
I mean, if I want to connect with my laptop via wifi the router encryption modes need to be configure to (none).
Here below I attached my router config, maybe you can see what is wrong on it.
Thanks in advance.
Daniel -
I am a developer getting started with Solaris 10 configuration. I recently installed Solaris 10 and have run into an issue with network connectivity.
I have done much research on this and I was able to get communiction to the internet established once, but the settings were lost on reboot.
Overview - The Solaris box is connected to a router which is acting as a DHCP server.
AMD 64 dual 2.6
nForce4+ integrated NIC
1) I am not able to obtain an address from the router. Nor do I get a respons back when I ping it. I get an IP etc if I boot into Windows so phyicial connectivity is fine.
2) Upon reboot the device nfo0 as shown using ifconfig -a has an IP of 0.0.0.0.
3) If I run ifconfig [hostname] my machine gets the ip from the hosts file, but I would like to obtain this from the router.
4) NOTE - the machine shows as active on my router, but the Solaris box cannot be reached from other computers on the networ, nor do I get a reply back when pinging the router from the Solaris box.
GOAL - reach and obtain a DHCP from the router and have the changes stick upon reboot.
/etc/hosts contents
127.0.0.1 localhost loghost
192.168.1.55 solarisX /*<-- this is what I get when I do ifconfig nfo0 solarisX */
/etc/hosname.nfo0
netmask + 255.255.255.0
solarisX
/etc/defaultrouter
192.168.1.254
/et c/netmasks
192.168.0.0 255.255.2550
Specific Steps taken:
Using the driver nfo-2.4.5 locate at http://homepage2.nifty.com/mrym3/taiyodo/eng/ I did the following.
% cd /.../nfo-x.x.x
% rm obj Makefile
% ln -s Makefile.${KARCH}_${COMPILER} Makefile
% ln -s ${KARCH} obj
where ${KARCH} is the result of `isainfo -n`, and ${COMPILER} is
"gcc" or "suncc" which you want to use to make the driver.
4. Testing
Testing before installation is strongly recommended.
# cd /.../nfo-x.x.x
# /usr/ccs/bin/make install
# ./adddrv.sh
# /usr/ccs/bin/make uninstall (for solaris7, don't remove the file )
# modload obj/nfo
# devfsadm -i nfo (for solaris7, use drvconfig and reboot with -r )
# ifconfig nfoN plumb ( where N is an instance number, typcally 0 for first card)
# ifconfig -a ( you will see an entry for nfoN)
# ifconfig nfoN YOUR-HOST-NAME
# ifconfig nfoN ( ensure IP address is correct)
# ifconfig nfoN up ( and then you can test with ping, telnet, ftp ...)
5. Installation
After you ensure that the nfo driver is fully functional, install it.
(1) copy the nfo driver into the kernel directory
# cd /.../nfo-x.x.x
# /usr/ccs/bin/make install
If you do not test the nfo driver yet, execute the following commands:
# ./adddrv.sh
# devfsadm -i nfo (for solaris7, use drvconfig and reboot with -r)
(2) Configure the network interface. Create and/or modify the following file:
/etc/hostname.nfoN
(3) Reboot the system.
# init 6
Edited by: hedger on Nov 16, 2007 11:17 PMThanks Alan. I worked on trying to get the NIC working again last night. I had it working once, although the settings did not perist. I can still get the device to load, but I can't communciate with the router (it's not physical because another OS can reach it.
I took your advice and tried the sys-unconfig. But I did not have much success.
I am wondering if plopping in a new PCI NIC would be the most efficient route to get the server up.
What kind of NIC do you utilize and have had success with?
I am looking at possibly a DLINK DFE-530 or NetGear FA-311. I don't need wireless at this point just a rock solid DEV box.
Thanks again for the previous info.
Ted -
How can I resolve a NAT config issues with Arris router & AE
I'm having NAT conflict issues. None of the existing threads on the forum match my configuration. I have an Arris Cable Router/Modem (Time Warner) with 4 ports. Port 1 feeds an unmanaged switch for ethernet connected devices, and port 2 on the Arris router feeds and Airport Express. Getting "Double NAT Status" on airport utility for the AE. How can I resolve this while not effecting my wired devices ? Thanks so much !
To resolve the NAT conflict you simply need to reconfigure the AirPort Express as a bridge.
You would do so using the AirPort Utility, as follows:
Run the AirPort Utility, and then, select the AirPort Express.
Select Edit.
Select the Network tab.
Change Router Mode to: Off (Bridge Mode)
Select Update and allow the Express to restart. -
Hi guys,
I am having some trouble with this config. All i am looking to do is a simple reverse proxy to this one host. When the page comes up it prompts me to download a bin file.... Probe succeeds and it says its working. I would also like to redirect to /spend What am i missing?
PA-ACE-4700-SLB/Spend-Support# show run
Generating configuration....
crypto chaingroup SPEND-CHAINGROUP
cert AddTrustExternalCARoot.crt
cert COMODOHigh-AssuranceSecureServerCA.crt
access-list allow line 8 extended permit ip any any
probe tcp HTTPS_PROBE
port 443
interval 5
passdetect interval 5
receive 3
connection term forced
open 2
probe tcp TCP8005_PROBE
port 8005
interval 5
passdetect interval 5
receive 3
connection term forced
open 2
rserver host Spend
ip address 10.0.10.22
inservice
serverfarm host SPEND
probe HTTPS_PROBE
rserver Spend 443
inservice
ssl-proxy service SPEND-SSLPROXY
key ProdKEYPAIR.PEM
cert WWW-PROD-CERT.crt
chaingroup SPEND-CHAINGROUP
class-map type http loadbalance match-any L5
2 match http url /.*
class-map match-all SPEND-CLASS
2 match virtual-address 10.0.1.110 tcp eq https
policy-map type loadbalance first-match HTTPS
class L5
serverfarm SPEND
policy-map multi-match SPEND-SLB
class SPEND-CLASS
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip icmp-reply active
nat dynamic 1 vlan 1000
ssl-proxy server SPEND-SSLPROXY
interface vlan 1000
ip address 10.0.1.109 255.255.255.0
access-group input allow
nat-pool 1 10.0.1.110 10.0.1.110 netmask 255.255.255.255 pat
service-policy input SPEND-SLB
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.1.8
Thanks!
-AndyHey Andy what´s up?
Ok, Could you explain a little bit what seems to be the issue which you got or what you want to accomplish here?
You said, you are typing: https://10.0.1.110 and it should show the content of 10.0.10.22 but it is not or you are typing
https://10.0.1.110/spend and you expect the ACE magicly know what to do?
Could you specify a little bit?
If you are trying to do the following:
https://10.0.1.110/spend
then you may try something like:
class-map type http loadbalance match-any spend
2 match http url /spend
policy-map type loadbalance first-match HTTPS
class spend
serverfarm SPEND
class L5
serverfarm serverfarm-for-others
Please specify what you are looking for.
Jorge -
Can you help? Two dialer interfaces with IP SLA for default route failover - issues
I have an issue with a Cisco 2821, it has an ADSL2+ HWIC whose ATM interfaces is linked to dialer 1 and a Gi0/1 interface with a pppoe client which is linked to dialer 2. Both dialer interfaces are up with their respective IP addresses. If the ADSL on dialer 1 fails i want the IP SLA to kick and and replace the default route for dialer 1 with one for dialer 2.
This config works if you manually shut down the dialer 1 interface, it injects the default route for dialer 2 and then when you unshut the interface, the default route for dialer 1 comes back. The problem i have is if you take out the cable for the ATM interface and take it down, it does not take the route out the routing table and the default route for dialer2, which works if you just shut down dialer 1 does not appear.
whats the difference between shutting down dialer1 and it fails over the default route and taking the cable out then it does not?
Here is my config, i'm sure its something simple i'm doing wrong, can anyone help???
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging message-counter syslog
enable secret 5 $1$qOOJ$HV5AH6US/YZMuCGPYp3pP.
no aaa new-model
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 192.168.0.1
ip dhcp pool pool1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 188.92.232.50 188.92.232.100
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
no dspfarm
archive
log config
hidekeys
track 1 ip sla 1 reachability
interface GigabitEthernet0/0
description Gi0/30 Local LAN
ip address 192.168.0.1 255.255.255.0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
snmp trap ip verify drop-rate
no mop enabled
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
interface ATM0/2/0
description ATM0_DSL
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
dsl enable-training-log
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
keepalive 1 3
no cdp enable
ppp lcp predictive
ppp authentication pap chap callin
ppp chap hostname ********@ccsleeds.net
ppp chap password 0 ********
ppp pap sent-username *******@ccsleeds.net password 0 ********
interface Dialer2
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
encapsulation ppp
dialer pool 2
keepalive 1 3
no cdp enable
ppp lcp predictive
ppp authentication pap chap callin
ppp chap hostname **********@adsllogin.co.uk
ppp chap password 0 *********
ppp pap sent-username *********@adsllogin.co.uk password 0 ***********
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2 10
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip sla 1
icmp-echo 8.8.8.8 source-interface di1
timeout 1000
threshold 100
frequency 3
ip sla schedule 1 life forever start-time now
access-list 1 permit 192.168.0.0 0.0.0.255
control-plane
gatekeeper
shutdown
line con 0
line aux 0
line vty 0 4
password test
login
scheduler allocate 20000 1000
endSure that EEM can shut/unshut interface...you have "event track" in EEM for monitoring track events...for example:
event manager applet test
event track 1 state down
action 1.0 command "enable"
action 1.1 command "conf t"
action 1.2 command "interfac dialer 1"
action 1.3 command "shut"
action 1.4 syslog "Dialer 1 down!!!"
action 1.5 end
This would be an example from head :)
You would need another EEM similar to this one for unshutting interface with "event track 1 state up" for bringing interface up again.
Again as I said you would need to test this before putting in production and you would maybe need to tweak this a little bit acording to your needs...
BR,
Dragan -
E4200 - Okay router, setup issues
I chose this router over the Netgear N750 because of previous bad experience with their customer support and over the Asus RT-N56U b/c of a compatibility issue with a specific application.
The Cisco Connect Software is very poor software. No OSX Lion support so I could not use my Mac for setup and it could not even detect the router on a wired connection on a Windows 7 PC through a simple Dell unmanaged switch. Even the router setup software built into Windows had no problem with that. I had to rely on manual setup which was straightforward.
Range was mostly adequate for me with both 2.4 and 5 Ghz over 5,000 sq. ft. of indoor space with no direct line of sight, through many walls, multiple floors, and the outside patio also, although with a few connected devices I found the 5 Ghz band somewhat unreliable at times. Wired gigabit performance was good enough for my purposes.
Overall a decent router, not bad, not great. It seems like you are using an outdated version of Cisco Connect Software… There is a new release of the Cisco Connect Software that supports Mac OS X (10.7 "Lion")… So you need to download the latest Cisco Connect from the Cisco Website (homesupport.cisco.com) or you can use this link: http://homesupport.cisco.com/en-us/support/routers/E4200 ... After downloading you need to set the router to factory defaults, power cycle the whole network and then run the Cisco Connect that you downloaded…
For more information about setting up E4200 router with Cisco Connect. Please refer to the link below.
http://www6.nohold.net/Cisco2/ukp.aspx?pid=93&login=1&vw=1&app=search&articleid=22732&userrole=Links...
Maybe you are looking for
-
Content Viewer and interactive charts
Hello I have created an interactive chart using HTML5 and Javascript and imported in InDesign using the Overay--> Webcontent. The animation and the interaction is working well on the iPad2, but when I click on the screen to interact with the chart th
-
Rebuilding help- need tips for Capital One Accounts
Hi- Thank you all for all the wonderful information, you make rebuilding seem so easy and attainable! I never realized all the different versions of scoring, how to do debt validation, get errors removed from my report and where to focus my attention
-
HT203521 Note field data deleted for all calendar events
All information at Note Field in calendar events as deleted. All remain information is there. Is there any issue at iCloud? How can I get back this information? Regards Edison
-
I am creating database material and would like to know if the internet can be technically called as a database? It has data/information stored in it and can I call it as a database. I would like someone to clarify. I was creating this question. Q.3)
-
What is valuation class In MM?
Hi, What is valuation class in MM? Ram Rathode Note : Please search forum before posting,search forum,wiki,sap help etc., Edited by: Jeyakanthan A on Jun 1, 2011 11:46 AM