Static PAT help
I want people on the outside going to https://1.1.1.68 to be allowed and be redirected to inside address
192.168.168.242
outside interface IP address is 1.1.1.65 255.255.255.240
Here is what I was going to configure, will this accomplish what I want?
object network 1.1.1.68_OWA
host 1.1.1.68
object network TCP_OWA_242_443
host 192.168.168.242
nat (inside,outside) static 1.1.1.68_OWA service tcp https https
access-list outside_inbound extended permit tcp any4 host 192.168.168.242 object-group DM_INLINE_TCP_242_443
Thanks,
Mike
When I first looked at it I thought DM_INLINE_TCP_242_443 was a protocol group you had defined somewhere else but not included in the snippet.
From your revision it looks like you're calling the network group where the port # or service group should be. I think what you're looking for is something like this:
object network 1.1.1.68_OWA
host 1.1.1.68
object network TCP_OWA_242_443
host 192.168.168.242
nat (inside,outside) static 1.1.1.68_OWA service tcp https https
access-list outside_inbound extended permit tcp any object TCP_OWA_242_443 eq https
Similar Messages
-
Static PAT entry blocking Branch site from accessing resource on same port. How to get around this?
Hello, I have a UC560 and UC540 connected using an IPSec Site to Site tunnel.
There is a server on the main site they are trying to access (lets say IP is 192.168.1.252) and they need to access this server on ports 13000, 14000, and 15000.
Unfortunately, since there are users from the internet and other places that need to access this server on these ports, these static pat entries are in the server (Lets say 99.99.99.99 is the WAN IP):
ip nat inside source static tcp 192.168.1.252 13000 99.99.99.99 13000 extendable
ip nat inside source static tcp 192.168.1.252 14000 99.99.99.99 14000 extendable
ip nat inside source static tcp 192.168.1.252 15000 99.99.99.99 15000 extendable
The users in the branch site that is connected via VPN can reach this server on all TCP ports(RDP, http, etc) so that's not the issue. When I remove these nat statements, the VPN users can access the resource via that port (I.e telnet 192.168.1.252 13000 ) whereas they are shut down and connection fails if the static pat entries are in there.
I need to have outside users and VPN users be able to access this server whether they are coming in across the VPN goin to 192.168.1.252:13000 or coming in from the internet on 99.99.99.99:13000
Is there a way around this other than forcing the VPN users to access this server via the WAN IP for these ports? And does anyone know the logic behind this? I'm curious. From what I've seen in other cases, this is expected behavior, I'd just like a better understanding of it.
Any help on this would be GREATLY appreciated! Thank youI hope I explained this properly. If not, please let me know!
Thanks -
Hi to all,
I would like to know if it is possible to create a static Port Address Translation (PAT) that would translate a routable IP address to a private address where a GRE tunnel would end.
In other words, I am trying to see if we can use a static PAT for a GRE tunnel like the one that we can used to reach a HTTP server using a private IP address via static PAT to a routable IP address.
Just trying to see if it is possible to initiate a GRE tunnel from 192.168.1.1 (R1) and used 1.1.1.1 (R2), IP address reachable via internet, as destination address, in the case where we would do a PAT translation on R2 in order to actually terminate the tunnel on R3 router. The static PAT on R2 would translate 1.1.1.1 to 172.16.1.2.
I am basically looking for an equivalent to the following static PAT but for GRE tunnel
ip nat inside source static tcp 10.10.10.5 80 192.168.2.1 80
Thanks for your help
StephaneHello Stephane,
GRE is neither TCP nor UDP, GRE has its own protocol number 47. You can allow the traffic by either by calling GRE instead of TCP or UDP or by just putting a normal IP static NAT entry.
Extended IP access list GRE
10 permit tcp any any eq 47 log <--- No Hits
15 permit tcp any any log <--- No Hits
20 permit udp any any eq 47 log <--- No Hits
25 permit udp any any log <--- No Hits
30 permit gre any any log (20 matches)
40 permit ip any any (43 matches)
*Mar 1 00:27:48.435: IP: tableid=0, s=10.10.10.2 (local), d=10.10.10.1 (Tunnel1), routed via FIB
*Mar 1 00:27:48.435: IP: s=10.10.10.2 (local), d=10.10.10.1 (Tunnel1), len 100, sending
*Mar 1 00:27:48.435: ICMP type=0, code=0
*Mar 1 00:27:48.435: IP: s=192.168.9.5 (Tunnel1), d=192.168.8.2 (FastEthernet0/0), len 124, sending, proto=47
I hope it helps great for you. Please rate if you fell this is helpfull.
Thanks,
Kasi -
Configure static PAT for port range
Hi,
could someone help with this:
we have an ASA 5510 version 8.2 and ASDM 6.4. we want to configure a static PAT for a range of TCP and UDP port. in the nat configuration window we have just to enter one port ( range are note accepted).
Thanks,Hi,
In software levels 8.2 and below the only option is to generate a separate configurations for each port. This is easiest achieved through the CLI and using some text editor to help generate the possibly large configurations.
On ASA software 8.3 and above (where NAT format was completely redone) you have the option to use a single "nat" command to configure Static PAT for a continuous range of ports.
So your option is to either generate a separate "static" configuration for each port or upgrade the software to a newer one to be able to do Static PAT for a range of ports.
Naturally the update involves rewriting the current NAT configuratins into a new format even though booting to newer software usually converts the configurations automatically but with varying success.
- Jouni -
I have a simple small network setup here, and trying to setup a simple Static PAT on HTTPS, for some reason the NAT rule is dropping the packet. Here is the setup.
Internal Subnet: 172.31.0.0/24
External Internet DHCP
Host object: 172.31.0.13
There is also a SSL anyconnect VPN setup but is using port 444.
object network obj_any-01
nat (inside,outside) dynamic interface
object network LD-App01
nat (inside,outside) static interface service tcp https https
nat (inside,any) after-auto source static obj-172.31.0.0 obj-172.31.0.0 destination static Personal-VPN Personal-VPN no-proxy-arp
object network obj-172.31.0.0
subnet 172.31.0.0 255.255.255.0
object network Personal-VPN
subnet 172.31.1.0 255.255.255.0
object network obj_any-01
subnet 0.0.0.0 0.0.0.0
object network LD-App01
host 172.31.0.13
access-list inside_access_in extended permit ip any any
access-list inside_nat0_outbound extended permit ip 172.31.0.0 255.255.255.0 object Personal-VPN
access-list Personal-VPN-ACL standard permit 172.31.0.0 255.255.255.0
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any object LD-App01 eq https
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
Here is the packet trace
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.31.0.0 255.255.255.0 inside
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit tcp any object LD-App01 eq https
Additional Information:
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
object network LD-App01
nat (inside,outside) static interface service tcp https https
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Please Help...
Thanks,
LeeHere is the current object list and the nat command with the failure message. I'm also running the current 8.4(3)
LD-FW01# show run ob
object network obj-172.31.0.0
subnet 172.31.0.0 255.255.255.0
object network Personal-VPN
subnet 172.31.1.0 255.255.255.0
object network obj_any-01
subnet 0.0.0.0 0.0.0.0
object network LD-App01
host 172.31.0.13
description Spiceworks
object service https
service tcp source eq https
object network outside_int_ip
host 76.188.84.144
LD-FW01# con t
LD-FW01(config)# object network LD-App01
LD-FW01(config-network-object)# nat (inside,outside) 1 source static LD-App01 $
ERROR: Address 75.188.84.144 overlaps with outside interface address.
ERROR: NAT Policy is not downloaded -
Static input help for DATS type
Hello,
I'd like to link static input help for screen field of DATS type. If I click on help linked to this screen field I get CONVT_NO_NUMBER error: 'Unable to interpret "=2" as a number.'
My steps:
- In Screen Painter I selected desired screen field and selected DATS type and "1 Show at selection" in its details.
- I defined global variable with same name as desired screen field
What's the problem?
Best regards,
Josef MotlHi,
do this way.....
first declare the variable in program as
1. data: date type sy-datum.
2. now go to your screen,(click on F6) use get from Program
now choose date form it , and say ok, now save it and activate it.
delete the old one..
now you will be able to get all the things which you want.
automatical validation also possible, and F4 also possible.
Regards
vijay -
IOS static PAT NVI policy-based
hi
im trying to implement static PAT on a IOS router, with NVI nat
i have done this before with the Old inside/outside nat with the command below, but with NVI nat (ip nat source static) im missing the Route-map option
ip nat inside source static tcp 4.4.4.4 25 5.5.5.5 25 route-map xxx
cisco TAC, says it is not possible. but is there a workaround ?
im using NVI because i have implemted hairpinning nat. for internal web servers.Anyone ?
Sent from Cisco Technical Support iPhone App -
Non-static variable Help needed
Hi, I am creating a multi threaded web server but get the following error
non-static variable this cannot be referenced from a static context
HttpRequest request = new HttpRequest(connectionSocket);
Please could someone help.
Many Thanks
import java.io.* ;
import java.net.* ;
import java.util.* ;
public final class MultiWebServer
public static void main(String argv[]) throws Exception
// Set the port number.
int port = 6789;
// Establish the listen socket.
String fileName;
ServerSocket listenSocket = new ServerSocket(port);
// Process HTTP service requests in an infinite loop.
while (true) {
// Listen for a TCP connection request.
Socket connectionSocket = listenSocket.accept();
// Construct an object to process the HTTP request message.
HttpRequest request = new HttpRequest(connectionSocket);
// Create a new thread to process the request.
Thread thread = new Thread(request);
// Start the thread.
thread.start();
final class HttpRequest implements Runnable
final static String CRLF = "\r\n";
Socket socket;
String requestMessageLine;
String fileName;
Date todaysDate;
// Constructor
public HttpRequest(Socket socket) throws Exception
this.socket = socket;
socket = null;
// Implement the run() method of the Runnable interface.
public void run()
try {
processRequest();
} catch (Exception e) {
System.out.println(e);
private void processRequest() throws Exception
// Get a reference to the socket's input and output streams.
//InputStream is = new InputStream(socket.getInputStream());
//DataOutputStream os = new DataOutputStream(socket.getOutputStream());
BufferedReader inFromClient =
new BufferedReader(new InputStreamReader(
socket.getInputStream()));
DataOutputStream outToClient =
new DataOutputStream(
socket.getOutputStream());
// Set up input stream filters.
requestMessageLine = inFromClient.readLine();
//BufferedReader br = null;
// Get the request line of the HTTP request message.
String requestLine = null;
// Display the request line.
System.out.println();
System.out.println(requestLine);
StringTokenizer tokenizedLine =
new StringTokenizer(requestMessageLine);
if (tokenizedLine.nextToken().equals("GET"))
fileName = tokenizedLine.nextToken();
if ( fileName.startsWith("/")==true )
fileName = fileName.substring(1);
File file = new File(fileName);
int numOfBytes = (int)file.length();
FileInputStream inFile = new FileInputStream(fileName);
byte[] fileInBytes = new byte[numOfBytes];
inFile.read(fileInBytes);
/* Send the HTTP header */
outToClient.writeBytes("HTTP/1.1 200 Document Follows\r\n");
if (fileName.endsWith(".jpg"))
outToClient.writeBytes("Content-Type: image/jpeg\r\n");
if (fileName.endsWith(".jpeg"))
outToClient.writeBytes("Content-Type: image/jpeg\r\n");
if (fileName.endsWith(".gif"))
outToClient.writeBytes("Content-Type: image/gif\r\n");
if (fileName.endsWith(".html"))
outToClient.writeBytes("Content-Type: text/html\r\n");
if (fileName.endsWith(".htm"))
outToClient.writeBytes("Content-Type: text/html\r\n");
outToClient.writeBytes("Content-Length: " + numOfBytes + "\r\n");
outToClient.writeBytes("\r\n");
/* Now send the actual data */
outToClient.write(fileInBytes, 0, numOfBytes);
socket.close();
else
System.out.println("Bad Request Message");
todaysDate = new Date();
try {
FileInputStream inlog = new FileInputStream("log.txt");
System.out.println(requestMessageLine + " " + todaysDate );
FileOutputStream log = new FileOutputStream("log.txt", true);
PrintStream myOutput = new PrintStream(log);
myOutput.println("FILE -> " + requestMessageLine + " DATE/TIME -> " + todaysDate);
catch (IOException e) {
System.out.println("Error -> " + e);
System.exit(1);
socket.close();import java.io.* ;
import java.net.* ;
import java.util.* ;
public final class MultiWebServer
public MultiWebServer(){
try{
// Set the port number.
int port=6789;
// Establish the listen socket.
String fileName;
ServerSocket listenSocket=new ServerSocket(port);
// Process HTTP service requests in an infinite loop.
while(true){
// Listen for a TCP connection request.
Socket connectionSocket=listenSocket.accept();
// Construct an object to process the HTTP request message.
HttpRequest request=new HttpRequest(connectionSocket);
// Create a new thread to process the request.
Thread thread=new Thread(request);
// Start the thread.
thread.start();
}catch(IOException ioe){
}catch(Exception e){
public static void main(String argv[]) throws Exception
new MultiWebServer();
final class HttpRequest implements Runnable
final static String CRLF = "\r\n";
Socket socket;
String requestMessageLine;
String fileName;
Date todaysDate;
// Constructor
public HttpRequest(Socket socket) throws Exception
this.socket = socket;
socket = null;
// Implement the run() method of the Runnable interface.
public void run()
try {
processRequest();
} catch (Exception e) {
System.out.println(e);
private void processRequest() throws Exception
// Get a reference to the socket's input and output streams.
//InputStream is = new InputStream(socket.getInputStream());
//DataOutputStream os = new DataOutputStream(socket.getOutputStream());
BufferedReader inFromClient =
new BufferedReader(new InputStreamReader(
socket.getInputStream()));
DataOutputStream outToClient =
new DataOutputStream(
socket.getOutputStream());
// Set up input stream filters.
requestMessageLine = inFromClient.readLine();
//BufferedReader br = null;
// Get the request line of the HTTP request message.
String requestLine = null;
// Display the request line.
System.out.println();
System.out.println(requestLine);
StringTokenizer tokenizedLine =
new StringTokenizer(requestMessageLine);
if (tokenizedLine.nextToken().equals("GET"))
fileName = tokenizedLine.nextToken();
if ( fileName.startsWith("/")==true )
fileName = fileName.substring(1);
File file = new File(fileName);
int numOfBytes = (int)file.length();
FileInputStream inFile = new FileInputStream(fileName);
byte[] fileInBytes = new byte[numOfBytes];
inFile.read(fileInBytes);
/* Send the HTTP header */
outToClient.writeBytes("HTTP/1.1 200 Document Follows\r\n");
if (fileName.endsWith(".jpg"))
outToClient.writeBytes("Content-Type: image/jpeg\r\n");
if (fileName.endsWith(".jpeg"))
outToClient.writeBytes("Content-Type: image/jpeg\r\n");
if (fileName.endsWith(".gif"))
outToClient.writeBytes("Content-Type: image/gif\r\n");
if (fileName.endsWith(".html"))
outToClient.writeBytes("Content-Type: text/html\r\n");
if (fileName.endsWith(".htm"))
outToClient.writeBytes("Content-Type: text/html\r\n");
outToClient.writeBytes("Content-Length: " + numOfBytes + "\r\n");
outToClient.writeBytes("\r\n");
/* Now send the actual data */
outToClient.write(fileInBytes, 0, numOfBytes);
socket.close();
else
System.out.println("Bad Request Message");
todaysDate = new Date();
try {
FileInputStream inlog = new FileInputStream("log.txt");
System.out.println(requestMessageLine + " " + todaysDate );
FileOutputStream log = new FileOutputStream("log.txt", true);
PrintStream myOutput = new PrintStream(log);
myOutput.println("FILE -> " + requestMessageLine + " DATE/TIME -> " + todaysDate);
catch (IOException e) {
System.out.println("Error -> " + e);
System.exit(1);
socket.close(); -
Hey guys i need some help
I used to have 2 sticks of ddr333 and have now upgraded to ddr400,when i had the 333 PAT was no problem,now with my new RAM i can run it on ultra-turbo but still no PAT,why???
Please help me solve this problem.
Thanks!Quote
Originally posted by Jones
hi
set your ddr selection to AUTO not ddr400
set mat to turbo
set dot to off
up your memory voltages to 2.75
set fsb to 201
and that should do it
otherwise also add this
set mat to ultra turbo
and fsb to 225
pat will be enabled but it wont say so in cpu-z
Hello Jones,
How can you know for sure if PAT is enabled?
I got PAT disabled according to CPU-Z, with anything above 218Mhz (Neo2 FIS2R, BIOS 1.9).
With FSB 218mhz/ultra turbo, PAT enabled according to cpu-z, I got around 5.300 MB/s in Sandra.
With suggested settings (225mhz FSB/ultra turbo) I got a little lower benchmark (5.250 MB/s in Sandra).
I think PAT is disabled @225mhz/ultra turbo, turbo or fast, and the memory benchmark is almost the same as 218mhz + PAT because the higher clock...
With 225Mhz plus PAT, the memory benchmark would be a lot higher than @ 218mhz…
I tried go over 218MHz with CoreCenter, but this software don’t make any difference in benchmarks. This software is just a placebo!
The only result I got w/CoreCenter is with detecting/report softwares (CPU-Z, WCPU, MBM5). All software’s shows higher clocks after user CoreCenter, but make no differences in real world.
Anybody knows how go over 218MHz with PAT enabled?? (Neo2 FIS2R)
Regards,
M.W -
Hello..
I am new to Java and trying to create a Binary Tree, however I have encountered an error "non-static methos cannot be referenced from static context?" and I am unsure how to correct it.. I have C++ background and am unfamiliar with this type of error?
My BTNode class:
public class BTNode
private Object data;
private BTNode left, right;
public BTNode(Object initialData, BTNode initialLeft, BTNode initialRight)
data = initialData;
left = initialLeft;
right = initialRight;
public BTNode()
{ this(null, null, null); }
public BTNode(Object newdata)
{ this(newdata, null, null); }
//NODE methods
public Object getData() //return and set data in node
{return data;}
public void setData(Object data)
{this.data = data; }
public BTNode getLeft() //return and set left child
{return left; }
public void setLeft(BTNode left)
{this.left = left; }
public BTNode getRight() //return and set right child
{return right; }
public void setRight(BTNode right)
{this.right = right; }
public boolean isLeaf() //return true if this is leaf node
{return (left == null)&&(right == null); }
// TREE Methods - for tree starting at this node
// get specific data from a tree
public Object getLeftmostData()
{ if(left == null)
return data;
else
return left.getLeftmostData(); }
public Object getRightmostData()
{ if(right == null)
return data;
else
return right.getRightmostData(); }
// print data in a tree
public void inorderPrint()
if (left != null)
left.inorderPrint( );
System.out.println(data);
if (right != null)
right.inorderPrint( ); }
public void preorderPrint()
System.out.println(data);
if (left != null)
left.preorderPrint( );
if (right != null)
right.preorderPrint( ); }
public void postorderPrint()
if (left != null)
left.postorderPrint( );
if (right != null)
right.postorderPrint( );
System.out.println(data); }
// pretty print a tree
//public void print(int depth);
//Interface for Nodes in Binary Tree (3)
//removing nodes from a tree
//returns reference to tree after removal of node
public BTNode removeLeftmost()
if (left == null) // we are as deep as we can get
return right; // remove this node by returning right subt ree
else
{ // keep going down recursively
left = left.removeLeftmost( );
// when done, return node that act ivated this
// method as root of t ree
return this; }}
public BTNode removeRightmost()
if (right == null) // we are as deep as we can get
return left; // remove this node by returning left subt ree
else
{ // keep going down recursively
right = right.removeRightmost( );
// when done, return node that activated this
// method as root of tree
return this; }}
//returns number of nodes in tree
public static long treeHeight(BTNode root)
if (root == null)
return -1;
else
return 1 + Math.max(treeHeight(root.left),
treeHeight(root.right));
public static long treeSize(BTNode root)
if (root == null)
return 0;
else
return 1 + treeSize(root.left) + treeSize(root.right);
//copying a tree: returns reference to root of copy
// public BTNode treeCopy(BTNode root);
public static BTNode insertNode(BTNode root, int key){
if (root == null) // null tree, so create node at root
return new BTNode(new Integer(key));
Integer data_element = (Integer) root.data;
if (key <= data_element.intValue())
root.setLeft(insertNode(root.left, key));
else root.setRight(insertNode(root.right, key));
return root; }
public static BTNode findNode(BTNode root,int key){
if (root == null)
return null; // null tree
Integer data_element = (Integer) root.data;
if (key == data_element.intValue())
return root;
else
if (key <= data_element.intValue())
return findNode(root.left, key);
else return findNode(root.right, key); }
public static BTNode removeNode(BTNode root, int key){
if (root == null) return null;
Integer data_element = (Integer) root.data;
if (key < data_element.intValue())
root.setLeft(removeNode(root.left, key));
else if (key > data_element.intValue())
root.setRight(removeNode(root.right,key));
else { // found it
if (root.right == null) root = root.left;
else if (root.left == null) root = root.right;
else { //two children
Integer temp = (Integer)
root.left.getRightmostData();
root.setData(temp);
root.setLeft(root.left.removeRightmost());
return root; }
Main class:
import java.util.Random;
public class Lab21 {
/** Creates a new instance of Lab21 */
* @param args the command line arguments
public static void main(String[] args) {
int UpperLimit = 50000;
int Num_Nodes = 500;
Random generator = new Random();
int TR_create = generator.nextInt(UpperLimit);
Integer cast = new Integer(TR_create); // Needed to cast initial value to BTNode object
BTNode Tree_Root = new BTNode(cast); // Creating root object
BTNode result = new BTNode(); // Creating new node object to use for tree
result.insertNode(Tree_Root,TR_create); // Inserting first Node
if (UpperLimit <=0)
throw new IllegalArgumentException("UpperLimit must be positive: " + UpperLimit);
if (Num_Nodes <=0)
throw new IllegalArgumentException("Size of returned List must be greater than 0.");
for( int x = 0; x < Num_Nodes; ++x)
int value = generator.nextInt(UpperLimit);
result.insertNode(Tree_Root,value);
//BTNode.inorderPrint();
System.out.println("The height of this tree is " + BTNode.treeHeight(Tree_Root));
System.out.println("The smallest number in the tree is " + BTNode.getLeftmostData());
}The error is occuring with the last line where I am trying to access getLeftmostData();
Any help would be apprecited with this..
ThankyouUser 557835:
You need to use the name of the instance rather than the name of the class. It should be something like this:System.out.println("The smallest number in the tree is " + result.getLeftmostData());User 135880 -
I just upgraded my iMac to Mountain Lion and my bluetooth headset doesn't work. All I get is static. Worked fine with Lion. It doesn't work with my new MacBook Pro either.
I use the headset extensively talking on Skype and gtalk with my partner.
Help!!!If you've tried the SMC reset then try a Pram reset:
http://support.apple.com/kb/ht1379 -
Wrt54g version 3 static arp help?
First off hello all i have a PS3 and its set up to automatically turn on with remote play.
As some of you may know the 54G is one of the routers that makes the PS3 turn on without remote play being active.
after some searching it seems its tied to ARP and other people have been successful assigning a static ARP to the address on the PS3 ( PS3 outside of DNS range)
The only thing is a wasnt able to track down a way to do it with the linksys. I was advised on one forum to use telnet but when i type /telnet 192.168.1.1 i get a message
connecting to 192.168.1.1...could not open connection to the host, in port 23: connect failed
im running linksys firmware 4.21.1 and my WRT54G is connected by ethernet to the router.
im sure this question seems silly to some and i apologize. i tried searching around the web and couldnt seem a way to set this up.
any help is greatly appreciated. hoping i do not need to buy a new router
Best Wishes Adam
Message Edited by addertay on 03-19-2008 08:49 AMyou did not list your router model # & and guessing your laptop has a internal NIC. If everything worked fine b4, I'm assuming something just got hosed up. I would power down your laptop, gaming devices, & anything else you have connected/ using the router. I would then reset the router. Most models have a button you depress for a FULL 10-15 seconds. Then power up your laptop & test your connection. If all is well, set your security functions, etc. Then connect the rest of your equipment.
Good luck & let us know how it turns out or if we can assist further. -
After having inserted my own router as the internet gateway router and relegated the Verizon one to be a secondary one that just communicates with the STBs I would like to know if any could explain to me how to set up static routes to be able to access it via a wired connection as I would like to turn of the wireless side of it.
Now have a double NAT'd setup as follows
ONT -> WAN Netgear subnet 192.168.0
Netgear Lan port 1 -> Wan VZ Westell subnet 192.168.1
Moca connections to STBs
Ethernet connections to exposed (Port forwarded) machines
Netgear Lan Port 2 -> Wan Dlink subnet 192.168.3
Dlink Lan port -> 1GB NIC desktop machine 192.168.3.99
From the desktop machine at 192.168.3.99 I want to be able to get to the admin pages of the VZ router at 192.168.1.1 and also to some exposed machines on the 192.168.1 subnet
I'm guessing I need static routes defined at the dlink router at 192.168.3.1 and the netgear router at 192.168.0.1
On paper this looks very simple but I cannot work out what the static routes are meant to say
Any have any hints that would help me out?Fixed it. once I looked at the Westell logs
Finally realized that the static routes I built were fine and the problem is that I was being blocked at the firewall.
Can't put the router in the DMZ and can't port forward to the the router's lan ip address (192.168.1.1). Allowed remote admin on the router and it works fine - would be nice if the router allowed you to choose some obscure port but I guess it's not really much of a sexurity risk as the router's wan port is inside the private network anyway. -
Establishing a Static IP help please :)
In order to establish a static ip i need the DNS Server address, however, when it is the same as the Default Gateway address you have to either go to your router's web interface or call your internet provider to obtain your DNS Server address. I was wondering if it is even possible to establish a Static IP w/ your phone as your modem/router and if so how do i obtain my DNS server adress when their is no router web interface. thanks for the help
Post relates to: Pre Plus p101vzw (Verizon)ElliottG wrote:
and it just won't work. The internet will work, but I go check my ip, then go to restart my router, I do that, and reload the whatismyip page, my external ip changes...
It is normal because you have dynamic IP address. Every router/modem restart will get you a different IP address. All machines on the internet will only "see" your external IP. Internal IP (192.168.1.whatever) will not be "seen" from the internet.
When you go into control panel and go into internal protocol (tcp/ip) and set everything up, does the ip have to be outside the limits of the dhcp limit? Ex. 192.168.1.100 tp 192.168.1.49? I set it as 192.168.1.175 and it still doesn't work so I really need some help please...
You are mixing private IP with real/internet IP addressing scheme. They are 2 different things.
I'm probably guessing I need to get a static ip from my isp...but how come in all the guides it doesn't say that? and i'm sure my isp won't be too keen on giving me a static ip...
For simplicity, I guess. Yes, you must spend extra money to get static IP. -
Here are the relevant parts of my config:
interface Vlan1
nameif inside
security-level 100
ip address 172.18.67.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 71.x.x.x 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list NAT extended permit ip 172.18.67.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list NAT extended permit ip 172.18.67.0 255.255.255.0 10.41.0.0 255.255.0.0
access-list Port_Forwarding-ACL extended permit tcp any host 172.18.67.2 eq 3389
global (outside) 1 interface
nat (inside) 0 access-list NAT
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 3389 172.18.67.2 3389 netmask 255.255.255.255
access-group Port_Forwarding-ACL in interface outside
route outside 0.0.0.0 0.0.0.0 71.169.11.1 1
Here is a packet tracer output:
eas-ny-pinn# packet-tracer input outside tcp 1.1.1.1 3389 172.18.67.2 3389
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.18.67.0 255.255.255.0 inside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group Port_Forwarding-ACL in interface outside
access-list Port_Forwarding-ACL extended permit tcp any host 172.18.67.2 eq 3389
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT
Subtype: rpf-check
Result: DROP
Config:
static (inside,outside) tcp interface 3389 172.18.67.2 3389 netmask 255.255.255.255
match tcp inside host 172.18.67.2 eq 3389 outside any
static translation to 71.169.11.10/3389
translate_hits = 0, untranslate_hits = 6
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Why is this failing?This is what I get now.
eas-ny-pinn# packet-tracer input outside tcp 1.1.1.1 3389 71.169.11.10 3389
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (inside,outside) tcp interface 3389 172.18.67.2 3389 netmask 255.255.255.255
match tcp inside host 172.18.67.2 eq 3389 outside any
static translation to 71.169.11.10/3389
translate_hits = 0, untranslate_hits = 18
Additional Information:
NAT divert to egress interface inside
Untranslate 71.169.11.10/3389 to 172.18.67.2/3389 using netmask 255.255.255.255
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Maybe you are looking for
-
AIM and ichat, video not working
I have 2 aol email accounts and aim with those. I am a little confused on some things. First I have the free aol email and instant messenger. Nothing is downloaded onto my computer, I just signed up for an email account and set it up in mail and icha
-
Confusion about third-party-libraries in different versions in CE 71.
Hi After some research on the use of different versions of third-party-libraries in SAP netweaver CE 7.1, I am actually quite confused and would be happy if someone could shed a light on that subject.... 1. Is there a way to tell netweaver CE 7.1 to
-
Mouse goes dead when printer powered up
I have a Beige, but recently was given an early G3 iMac, 233mhz processor, 288mb ram. I successfully installed OS 9.2.2 (starting with an OS 9.1 iMac disk..........the iMac had 8.6 on it) and updated the firmware; removed the hard drive, hooked it up
-
I have a JPG. that shows up in my Library. I can actually see it. when I choose show info. and use that name to find it's path, only an alias comes up. when I double click on the alias, it says, can't find the photo. I also have searched for it by da
-
how do you program page down page up in step loops