Using NAT During a Network Transition

We have a couple of hosts in a network where that network will be removed.  These hosts are NTP servers so there are many devices setup to talk to the IP Addresses of these NTP servers.  The network that the NTP servers are in is an interface vlan on a Nexus 7000 series with Release 6.2(8a).  The network that the NTP servers will move to is also an interface vlan on the same Nexus 7000.  I had thought that maybe the use of a NAT could be done to readdress these devices.  That way the network infrastructure that points to the old IP Addresses would still work and allow us time to get all the network infrastructure that points to these NTP servers changed.
From my research it appears that the NX-OS does not support NAT.  If NAT is not supported would there be another useful way to accomplish the readdressing?
Thanks in advance.
-Ed

You could try hanging an IOS or ASA device off somewhere and hairpin-nat it.

Similar Messages

  • An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP).

    Hello everyone:
    I know this question have been asked in these forums quite a few times. I apologize if it is a repeat telecast but I was not able to find a suitable solution pertaining to my problem.
    I have a AP/SM setup that is configured to get EAP-PEAP authentication from Windows 2012 Server. I have setup everything and have verified that the EAP-PEAP authentication works fine on AP/SM by getting authentication from FreeRADIUS server. Now, when I try
    to get authentication from Windows Server, I am getting a reject. The Event log shows this generic message:
    Reason Code: 23
    Reason:
        An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
    There is nothing in the EAP logs that is obvious too:
    "USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1
    07/11/2014 00:05:57 4927",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
    "USIL01PMPTST01","IAS",07/11/2014,11:59:44,11,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1 07/11/2014 00:05:57 4927",30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
    "USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1
    07/11/2014 00:05:57 4928",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
    "USIL01PMPTST01","IAS",07/11/2014,11:59:44,11,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1 07/11/2014 00:05:57 4928",30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
    "USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,11,"PEAP_TEST",0,"311 1 10.120.133.1
    07/11/2014 00:05:57 4929",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
    "USIL01PMPTST01","IAS",07/11/2014,11:59:44,3,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,11,"PEAP_TEST",23,"311 1 10.120.133.1 07/11/2014 00:05:57 4929",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
    So, basically, the sequence is this:
    request , challenge, request , challenge, request, reject
    Any idea what might be happening?
    Thank you.

    Hi,
    Have you installed certificates on the NPS server properly? Have you selected the proper certificate in the properties of PEAP?
    Here is an article about the Certificate requirements of PEAP,
    Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS
    http://support.microsoft.com/kb/814394
    If your certificate matches the requirement, you may try to reinstall the certificate by export and import.
    To export a certificate, please follow the steps below,
    Open the Certificates snap-in for a user, computer, or service.
    In the console tree under the logical store that contains the certificate to export, click
    Certificates.
    In the details pane, click the certificate that you want to export.
    On the Action menu, point to
    All Tasks, and then click Export.
    In the Certificate Export Wizard, click No, do not export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
    Provide the following information in the Certificate Export Wizard:
    Click the file format that you want to use to store the exported certificate: a DER-encoded file, a Base64-encoded file, or a PKCS #7 file.
    If you are exporting the certificate to a PKCS #7 file, you also have the option to include all certificates in the certification path.
    If required, in Password, type a password to encrypt the private key you are exporting. In
    Confirm password, type the same password again, and then click
    Next.
    In File name, type a file name and path for the PKCS #7 file that will store the exported certificate and private key. Click
    Next, and then click Finish.
    To import a certificate, please follow the steps below,
    Open the Certificates snap-in for a user, computer, or service.
    In the console tree, click the logical store where you want to import the certificate.
    On the Action menu, point to
    All Tasks, and then click Import to start the Certificate Import Wizard.
    Type the file name containing the certificate to be imported. (You can also click
    Browse and navigate to the file.)
    If it is a PKCS #12 file, do the following:
    Type the password used to encrypt the private key.
    (Optional) If you want to be able to use strong private key protection, select the
    Enable strong private key protection check box.
    (Optional) If you want to back up or transport your keys at a later time, select the
    Mark key as exportable check box.
    Do one of the following:
    If the certificate should be automatically placed in a certificate store based on the type of certificate, click
    Automatically select the certificate store based on the type of certificate.
    If you want to specify where the certificate is stored, select
    Place all certificates in the following store, click
    Browse, and choose the certificate store to use.
    If issue persists, you may try to re-issue the certificate.
    For detailed procedure, you may refer to the similar threads below,
    Having issues getting PEAP with EAP-MSCHAP v2 working on Windows 2008 R2
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/c66cf0a8-24dd-4ccd-b5bb-16bd28ad8d4c/having-issues-getting-peap-with-eapmschap-v2-working-on-windows-2008-r2?forum=winserverNAP
    Hope this helps.
    Steven Lee
    TechNet Community Support

  • WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found.

    I have two forests with a transitive on-way trust between them: PROD -> TEST (test trusts PROD). I had previously had kerberos authentication working with winrm from PROD to machines in TEST. I have verified the trust is healthy, I also verified users
    in TEST can use WINRM with kerberos just fine. Users from PROD cannot connect via kerberos to machines in TEST with winrm.
    I have verified the service has registered the appropriate SPNs. I ran dcdiag against all my PROD and TEST domain controllers and didn't find anything that would prevent kerberos from happening. I even tried disabling the firewall entirely on my TEST dcs
    but that didn't gain me anything.
    I've enabled kerberos logging but only see the expected errors such as it couldn't find a PROD SPN for the machine, which it shouldn't from what I understand, it should go to the TEST domain and find the SPN from there.
    I'm really out of next steps before I call PSS and hope someone here has run into this and could provide me some next steps.
    PowerShell Error:
    Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found.  
     Possible causes are:
      -The user name or password specified are invalid.
      -Kerberos is used when no authentication method and no user name are specified.
      -Kerberos accepts domain user names, but not local user names.
      -The Service Principal Name (SPN) for the remote computer name and port does not exist.
      -The client and remote computers are in different domains and there is no trust between the two domains.
     After checking for the above issues, try the following:
      -Check the Event Viewer for events related to authentication.
      -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
     Note that computers in the TrustedHosts list might not be authenticated.
       -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
        + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
        + FullyQualifiedErrorId : PSSessionStateBroken
    winrs Error:
    Winrs error:
    WinRM cannot process the request. The following error occured while using Kerberos authentication: The network path was not found.  
     Possible causes are:
      -The user name or password specified are invalid.
      -Kerberos is used when no authentication method and no user name are specified.
      -Kerberos accepts domain user names, but not local user names.
      -The Service Principal Name (SPN) for the remote computer name and port does not exist.
      -The client and remote computers are in different domains and there is no trust between the two domains.
     After checking for the above issues, try the following:
      -Check the Event Viewer for events related to authentication.
      -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
     Note that computers in the TrustedHosts list might not be authenticated.
       -For more information about WinRM configuration, run the following command: winrm help config.

    Hi Adam,
    I'm a little unclear about which SPNs you were looking for, in which case could you confirm you were checking that on the computer object belonging to the actual destination host it has the following SPNs registered?
    WSMAN/<NetBIOS name>
    WSMAN/<FQDN>
    If you were actually trying to use WinRM to connect to the remote forest's domain controllers, then what you said makes sense, but I was caught between assuming this was the case or you meant another member server in that remote forest.
    Also, from the client trying to connect to this remote server, are you able to telnet to port 5985? (If you've used something other than the default, try that port)
    If you can't, then you've got something else like a firewall (be that the Windows firewall on the destination or a hardware firewall somewhere in between) blocking you at the port level, or the listener on the remote box just isn't working as expected. I
    just replied to your other winrm post with steps for checking the latter, so I won't repeat myself here.
    If you can telnet to it and the SPNs exist, then you might be up against something called selective authentication which has to do with how the trust was defined. You can have a read of
    this to learn a bit more about selective trusts and whether or not it's affecting you.
    Cheers,
    Lain

  • File Sharing in virtualbox using NAT

    I have Win2K installed as a guest machine  in virtualbox.  I have no problems accessing the Internet using NAT with the NIC set to DHCP.
      Will I be able to access the Arch host (and vice-versa) using NAT networking or will I have to setup bridge-networking?  I know there is a wiki on virtualbox, but it didn't seem to cover this other than giving more detailed instructions on bridge-networking.  At this point I only want to know if file sharing is possible using NAT before spending too much time on it.  If its not possible I may go back to VMware-server which seemed to get broken after the last kernel upgrade. 
    Thanks

    Although you have allowed open access to all users to save files in that directory, it's a pointless excersise as you have no system in place to allow one user to overwrite another users files. There's more to multiuser file access than simply making a place where you can all save files. Files created by each user have a unique user ID attached, and without a Group system in place for your users, OSX will (correctly) deny overwrites. You're going to need to learn about the unix filesystem and the chgrp function, and establish your users as being members of a Group before they can all overwrite each others files. It's much too large a topic to get into here, but a spot of research will sort you out. A word of caution though - filelocking is not a trivial subject and you probably want to consider other options - what happens if someone screws up a project and overwrites it 'behind the back' of another user?

  • "the feature you are trying to use is on a network resource that is unavailable", SQL Server 2008

    when I try to install SQL Server enterprise 2008, during the installation processing, an error information occurs, it said that 'the feature you are trying to use is on a network
    resource that is unavailable', it is missing this file "sql_engine_core_shared.msi".
    Even I locate an available file with the same version for the installation, it still alert this error information. But actually  the file exists in the directory that belong to the whole installation directory. 
    Because of this problem, I can`t complete the whole SQL Server installation. My computer OS is windows 7 Enterprise SP1, 32-bit, with .Net Framework 4.0. And I has installed Visual Stdio 2008, could this program impact the installation of SQL Server 2008?
    Any good ideas, Thanks.

    Hi,
    SQL Server 2008 Enterprise dose not support Windows
    7. You can try SQL Server Standard, or SQL
    Server Developer, or SQL Server Express. Please
    check this link:
    http://msdn.microsoft.com/en-us/library/ms143506.aspx
    [Personal Site] [Blog] [Facebook]

  • RE: 1) Changing name and IP address of an AIX 4.2 Server 2)Using NAT

    Daniel,
    you (normaly) just have to :
    1) edit the $FORTE_ROOT/fortedef.sh fileand change the value of variable
    FORTE_NS_ADDRESS
    2) shutdown and restart forte environment
    3) put the new values in the control panel of the client and run !
    It worked on our site with the same configuration (Aix 4.2)
    Good luck
    De : Daniel[SMTP:[email protected]]
    R&eacute;pondre &agrave; : Daniel
    Date : vendredi 18 juin 1999 13:08
    A : [email protected]
    Cc : Jose Ignacio
    Objet : 1) Changing name and IP address of an AIX 4.2 Server 2)
    Using NAT to reach forte
    Hello Forte Users :
        I have 2 questions to make:
        1)
        I've installed a Forte Server Central Node (Release 3.0.F.2) in an
    IBM RS/6000  with OS AIX 4.2
        (The name of the server is Name_1 and the IP address is
    125.125.50.50 with mask 255.255.255.0)
        Nowadays we had to change the name and IP address of this server
    lets say to Name_2 and 125.125.60.60 with mask 255.255.255.0.
        After that we try to find any reference to old name and IP address
    in the forte directory and all of its subdirectories changing them to
    the new ones.
        After these changes we found than forte could'nt start the nodemgr
    server.
        We have too many reasons to avoid installing FORTE again.
        Does anybody know if I have to change anything more to make
    nodemgr server work.
        2)
        The second question is about NAT (Network Address Translation).
        To reach a Forte Server Central Node from a Forte Client we have
    to pass through a Firewall and NAT.
        We are researching and at this moment we can not reach the server
    from the client, has anybody any suggestion to correctly configure
    Forte (Client and Server) to use NAT between them.
        If anyone could help me I would be very pleased.
        Thank you very much in advance,
        Daniel Gonz&aacute;Lucas (EAM Sistemas Inform&aacute;ticos SL, Spain,
    e-mail: [email protected])
    To unsubscribe, email '[email protected]' with
    'unsubscribe forte-users' as the body of the message.
    Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

    >> 15 Mins is not enough for completely the replication.
    >> use repadmin /syncall /aEpd   - for force replication.
    >> Wait 3 hrs minimum.
    Regards,
    Biswajit
    MCTS, MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, Enterprise Admin, ITIL F 2011
    Blog:
      Script Gallary:
      LinkedIn:
    Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights..

  • NAT and Routed Network with Two ISP's on one router

    I'm sure this has been done covered many times, but I am not finding it.
    I have two ISP connections.
    With ISP-A I have a /30 between us and 200.100.100.0/24 is routed to me via the /30 for thsi example we will say the /30 is 1.1.1.1 on isp end and 1.1.1.2 on my end
    With ISP-B I have a 100.0.0.0/29 subnet. and the ISP gateway is on that subnet at 100.0.0.1
    On the inside of my network I have devices using both 200.100.100.x addresses and devices on 192.168.100.x that need to use NAT.
    I would like all of the devices on 200.100.100.x addresses to continue using ISP-A as their gateway.
    Everything on 192.168.100.x should use NAT and go out ISP-B
    I have tried
    ip nat inside source route-map ISP-A interface GigabitEthernet0/1 overload
    route-map ISP-B permit 10
     match ip address 101
     match interface GigabitEthernet0/1
     set ip next-hop 100.0.0.1
    route-map ISP-A permit 10
     match ip address 111
     match interface Multilink1
     set ip next-hop 1.1.1.1
    The problem comes when I have default routes to ISP-A in the router than none of the ISP-B traffic works, and vice versa.

    I think for this to work correctly and be able to split traffic between the 2 ISPs, you would need to use BGP, because default is going to use one ISP or the other.
    If you can use BGP, this link will help you in load shearing between multiple ISPs when you have one router.
    http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html#conf4
    HTH

  • VPN tunnel between 2 RRAS servers, both performing NAT with 2 network connections

    I have a need to configure an IPSEC policy between 2 networks.  Both servers are located at separate offices, are virtual, are 2008 R2 standard,  and only perform the function of NAT between a public IP and the LAN.  They each have 1 network
    adapter with a public address and 1 adapter with an internal LAN address.  I would like to setup an IPSEC policy between these 2 RRAS so that both LAN's can communicate.
    My question's; would this be the best method to get this accomplished?  If not, what are best practices?  Does anyone have documentation for this type of setup?
    I can create a policy between 2 servers, each behind each RRAS vm, but I'd like to keep domain controllers, AD, etc. out of this and not exposed - just have RRAS handle it.

    What you need to do is look for a guide to site to site VPN which you can follow. There are plenty out there of varying degrees of clarity and accuracy.
      The situation briefly is that each site operates normally using its router as a NAT device to provide Internet access for the LAN. In addition, each router is configured to provide a router to router VPN link. Each router has a static route to forward
    traffic for the subnet of the other site through the VPN tunnel.
    The net result is that a client wanting Internet access uses NAT to give it an Internet connection. If instead the client wants to access the other site, the request is sent through the VPN tunnel. There is no confusion because Internet addresses must be
    public and the site addresses are private. This is all transparent to the client because it is all handled by the routers. The client simply sends the packet to the default gateway. 
      The private traffic between sites is encrypted and encapsulated while it is crossing the Internet. The Internet routers see only the public address on the wrapper. The other site sees only the private IP of the packet after it has been unencapsulated
    and decrypted. The two sites behave as if they were linked by an IP router, but the operation is slow because of the delay in getting the packets from site to site.  
    Sorry about the link. http://www.youtube.com/watch?v=m-sakEbVDQ4
    Bill

  • Cascaded routers: no internet access when second router not use NAT

    Cascaded routers: no internet access when second router not use NAT
    Here is my setup:
    [pre]
    WAN
    |
    | 74.96.170.x (WAN IP)         |
    | Router1(Verizon FiOS Router) |
    | Model: MI424WR-GEN2 (Rev F)  |
    | Firmware: 20.21.0.2          |
    | Def router: 74.96.170.1      |
    | 192.168.1.1 (Local IP)       |
    |
    |  192.168.1.22 (WAN IP)   |
    |  Router2(Linksys)        |
    |  Model: WRT54GL v1.1     |
    |  Firmware: v4.30.16      |
    |  Def Router: 192.168.1.1 |
    |  192.168.2.1 (Local IP)  |
    |
    | Computer 192.168.2.160   |
    | Def Router: 192.168.2.1  |
    "q.route" 120L, 4441C written
    [m.wang@m-wang-ltm2:/Users/m.wang/m/Network]
    $ more q.route 
    Cascaded routers: no internet access when second router not use NAT
    Here is my setup:
    [pre]
    WAN 

    | 74.96.170.x (WAN IP)         | 
    | Router1(Verizon FiOS Router) | 
    | Model: MI424WR-GEN2 (Rev F)  | 
    | Firmware: 20.21.0.2          |
    | Def router: 74.96.170.1      |
    | 192.168.1.1 (Local IP)       | 
    |
    |  192.168.1.22 (WAN IP)   | 
    |  Router2(Linksys)        | 
    |  Model: WRT54GL v1.1     |
    |  Firmware: v4.30.16      |
    |  Def Router: 192.168.1.1 |
    |  192.168.2.1 (Local IP)  |
    |
    | Computer 192.168.2.160   | 
    | Def Router: 192.168.2.1  | 
    | NO iptables, basic setup |
    [/pre]
    On computer, I have:
    [pre]
    # route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    default         192.168.2.1     0.0.0.0         UG    2      0        0 enp2s0
    loopback        localhost       255.0.0.0       UG    0      0        0 lo
    192.168.2.0     *               255.255.255.0   U     0      0        0 enp2s0
    [/pre]
    On Router2, I have:
    [pre]
    Routing Table Entry List
    Destination LAN IP | Subnet Mask   | Gateway   | Hop Count | Interface
    192.168.2.0          255.255.255.0   0.0.0.0     1           LAN & Wireless
    192.168.1.0          255.255.255.0   0.0.0.0     1           WAN (Internet)
    0.0.0.0              0.0.0.0         192.168.1.1 1           WAN (Internet)
    [/pre]
    Router2's Operating Mode is Gateway. On Router1, I have: 
    [pre]
    [Router1] Routing Table
    Name                  Destination Gateway      Netmask       Metric   Status
    Network (Home/Office) 192.168.2.0 192.168.1.22 255.255.255.0 0        Applied 
    Network (Home/Office) 192.168.1.0 192.168.1.1  255.255.255.0 0        Applied 
    Routing Protocol: Internet Group Management Protocol (IGMP)
    Default Gateway: 74.96.170.1
    [/pre]
    On computer, I can run tcptraceroute to yahoo.com OK:
    [pre]
    # tcptraceroute yahoo.com
    Selected device enp2s0, address 192.168.2.160, port 46596 for outgoing packets
    Tracing the path to yahoo.com (206.190.36.45) on TCP port 80 (http), 30 hops max
     1  192.168.2.1  0.610 ms  0.729 ms  0.735 ms
     2  192.168.1.1  1.843 ms  1.378 ms  1.363 ms
     3  l100.washdc-vfttp-107.verizon-gni.net (96.241.146.1)  13.620 ms * *
    ... /* It reached the destination. */
    [/pre]
    I want to change Router2's Operating Mode from "Gateway" to "Router" because I
    want to turn off NAT on Router2 so that I can access all computers attached to
    Router2 by their individual IP instead of using port forwarding at Router2.
    The problem is after the mode change from "Gateway" to "Router", and regardless
    whether I disable RIP or enable RIP, and on what interfaces it is enabled, computer
    192.168.2.160 does not have internet connection. 
    Observations:
    [0] INTRAnet works as I can reach computer 192.168.2.160 from computer behind Router1
    192.168.1.x and vice versa.
    [1] ping and traceroute *work* on Router2 itself using the built-in dianostic tool.
    [2] nslookup on computer 192.168.2.160 always works on new lookup. It uses
    192.168.2.1 as the resolver.
    [3] tcptraceroute stops after step 2:
    [pre]
    # tcptraceroute yahoo.com
    Selected device enp2s0, address 192.168.2.160, port 45999 for outgoing packets
    Tracing the path to yahoo.com (98.139.183.24) on TCP port 80 (http), 30 hops max
     1  192.168.2.1  2.553 ms  0.534 ms  0.638 ms
     2  192.168.1.1  1.342 ms  0.964 ms  0.867 ms
     3  * * *
    [/pre]
    [4] tcpdump shows that computer 192.168.2.160 tries to reach out and nothing is returned:
    [pre]
    13:34:03.172828 IP 192.168.2.160.45999 > 98.139.183.24.http: Flags [S], seq 1122548929, win 0, length 0
    13:34:06.175786 IP 192.168.2.160.45999 > 98.139.183.24.http: Flags [S], seq 1122548929, win 0, length 0
    13:34:09.178804 IP 192.168.2.160.45999 > 98.139.183.24.http: Flags [S], seq 1122548929, win 0, length 0
    [/pre]
    This is not expected because NAT to internet should still be done by Router1, no? Computer
    behind Router1 with IP 192.168.1.x has internet connection.
    [5] It looks like I cannot change the Routing Table Entry on Router2. I do not think I need to change anything,
    just an observation.
    [6] If I use LAN to LAN connection, then both intranet and internet works. [The internet IP of Router2 can be
    anything not in the same subnet of the Router1, and DHCP on the local side should be disabled to avoid conflict
    with the the DHCP on Router1].

    I have a question. Unfortunately in order to ask my question, I have to have a lengthy description of my setup. Basically, I have a second Linksys router in "router" operating mode with NAT disabled connected to the Verizon router, and I have a computer which is in a different subnet (192.168.2.x) behind the Linksys router. This computer can communicate with computers behind Verizon router in subnet (192.168.1.x), but cannot reach internet. This is a simplified version of my question, full details are in the original post.
    If I setup the Linksys router in "gateway" operating mode, which means with NAT enabled, then both intranet and internet works, but there is no easy way to setup port forwarding for 10 compueters in 192.168.2.x network to communicate with 10 computers in 192.168.1.x network.
    If I setup the Linksys router in a LAN to LAN configuration with Verizon routers, but this way all computers are in the same subnet, I want them to be in different subnet for access control and things like that.
    I hope this makes things a little clear.
    Thanks.

  • NAT of overlapping network through IPSEC tunnel

    I am having a NAT problem constructing a router to PIX tunnel (12.4-15T3 to 7.2). I need to both NAT overload through the outside interface for all internet traffic and NAT to a private network for traffic that will flow through an IPSEC tunnel.
    Because there is network overlap between sites I have added a NAT on the router as follows:
    1) A NAT pool of 254 172.17.20.x addresses.
    2) An access list permiting traffic to the hosts on the other side of the tunnel.
    3) A NAT source statement using the above ACL and pool.
    The IPSEC configuration then includes the 172.17.20.x addresses in the tunnel specification. The tunnel pegs up correctly under this config, traffic originating behind the router is NATd to 172.17.20.x if and only if the traffic matches the access list.
    However, once a host has created a 172.17.20.x NAT translation, the normal overload NAT out to the internet no longer works. Even if the second traffic destination does not match the access-list created for the 172.17.20.x NAT statement, the existing translation slot is used. Since 172.17.20.x is not valid on the internet, this has a negative effect on the staff in this location :-/
    Both NATing to the internet (using overload PAT on the outside IP address) and NATing for the tunnel (using the list of 172.17.20.x address) are necessary. What am I missing?

    Refer to PIX/ASA 7.x and later: Site to Site (L2L) IPsec VPN with Policy NAT (Overlapping Private Networks) Configuration Example
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

  • The feature you are trying to use is on a network resource that is unavaibl

    When ever i try to upgrade to the itunes my comp starts the download but then a window pops up that says, "the feature you are trying to use is on a network resource that is unavaible." Under that is says use source and i can click on browse to look through all my folders but i have tryed clicking around on random ones and none work. What do i do???

    good oh. If it's happening during the iTunes part of the install, let's go for the following procedure.
    First, head into your Add/Remove programs and uninstall your QuickTime. If it goes, good. If it doesn't, we'll just attend to it when we attend to iTunes.
    Next, download and install the Windows Installer CleanUp utility:
    Description of the Windows Installer CleanUp Utility
    Now launch Windows Installer CleanUp ("Start > All Programs > Windows Install Clean Up"), find any iTunes and/or QuickTime entries in the list of programs in CleanUp, select those entries, and click “remove”.
    Next, we'll manually remove any leftover iTunes or QuickTime program files:
    (1) Open Local Disk (C:) in Computer or whichever disk programs are installed on.
    (2) Open the Program Files folder.
    (3) Right-click the iTunes folder and select Delete and choose Yes when asked to confirm the deletion.
    (4) Right-click the QuickTime folder and select Delete and choose Yes when asked to confirm the deletion. (Note: This folder may have already been deleted if QuickTime was successfully removed using Add/Remove Programs earlier.)
    (5) Delete the QuickTime and QuicktimeVR files located in the C:\Windows\system32\ folder. Click Continue if Windows needs confirmation or permission to continue. (Note: These files may have already been deleted if QuickTime was successfully removed using Add/Remove Programs earlier.)
    (6) Right-click on the Recycle Bin and on the shortcut menu, click Empty Recycle Bin.
    (7) Restart your computer.
    Now try another iTunes install. Does it go through properly now?

  • Bought Iphone 4s with O2-UK, Going to India next week. How can I get it unlocked for using it with Indian networks?

    Hi,
    I bought ipone 4s frm O2-UK a month ago, and I tried to unlock my phone with O2. But they told me they cant'
    they told me " To make sure our iPhone 4 8GB and iPhone 4S stock is reserved exclusively for genuine O2 customers during launch, we aren't unlocking these phones at this time "
    I am gong to india and want to to use witht the Indian networks, Can anyone please help me.
    Cheers
    Vinay

    garethfrommanchester wrote:
    ... have confirmed its a hardware problem but they can not honour the warrenty. ...
    The warranty is only good in the country of original purchase...
    Apple Warranty
    http://www.apple.com/legal/warranty/
    Contacting Apple World Wide for Support and Service
    http://support.apple.com/kb/HE57

  • HT1925 I get a message saying The feature I am trying to use is on a network resource that is unavalable when I try to open iTunes.

    When I try to open iTunes a widow appears called Windows Installer.  It tells me that the feature you are trying to use is on a network resource that is unavalable.  It tell me to Click OK or try again or enter an alternative path to a folder containing the intallation package iTunes.msi.  I suggests I should find this in a drop down box in the window.  There is a box but no folder iTunes.msi.  If I click the cancel button iTunes will open and work. I wish to uninstall iTunes and then reinstall it.  I am finding that I can play music on iTunes OK through my sound card but if I try to play streamed music from the web in YouTube and fom My Space the music is a poor quality with crackles and distortion. Other forums suggest uninstalling iTunes and then re-installing it.  I ahve tried to uninstall iTunes but it comes up with the Window noted above and then stops.  I need to stop the crackle when streaming music. Please help.

    (1) Download the Windows Installer CleanUp utility installer file (msicuu2.exe) from the following Major Geeks page (use one of the links under the "DOWNLOAD LOCATIONS" thingy on the Major Geeks page):
    http://majorgeeks.com/download.php?det=4459
    (2) Doubleclick the msicuu2.exe file and follow the prompts to install the Windows Installer CleanUp utility. (If you're on a Windows Vista or Windows 7 system and you get a Code 800A0046 error message when doubleclicking the msicuu2.exe file, try instead right-clicking on the msicuu2.exe file and selecting "Run as administrator".)
    (3) In your Start menu click All Programs and then click Windows Install Clean Up. The Windows Installer CleanUp utility window appears, listing software that is currently installed on your computer.
    (4) In the list of programs that appears in CleanUp, select any iTunes entries and click "Remove", as per the following screenshot:
    (5) Quit out of CleanUp, restart the PC and try another iTunes install. Does it go through properly this time?

  • SmartWebPrinting.msi feature I am trying to use is on a network that is unavailable how do i fix it?

    I have bee having problems with SmartWebPrinting.msi it keeps loading up everytime i try to get on the internet or open one of my programs on my computer these are the mesges I am recieving from it: 1. the feature you are trying to use is on a network resource that is unavailable. 2. Enter an alternate path to a folder containing the instalation package 'SmartWebPrinting.msi in the box below. 3. An installation package for the product SmartWebPrinting.msi cannot be found try the installation again using a valid copy of the installation package SmartWebPrinting. msi. I am unable to load a web page correct and pages are missing and I cannot view web pages. and it wont go away and i put in the cd and it still keeps saying the same thing What do I do?
    Thank you

    Hi there,
    Try uninstalling Smart Web Printing using the instructions in this document:
    http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01812475&cc=us&dlc=en&lc=en
    1.  Expand the + sign next to:  How do I upgrade from HP Smart Web Printing to HP Smart Print
    2.  Follow the steps under:  Step one: Uninstall HP Smart Web Printing software (and then expand the + sign next to the operating system you are using)
    You can then install HP Smart Print (which has the same features as Smart Web Printing) if you have a need for this software (following the instructions in this document).
    Thanks!
    Tara
    **Although I am an HP employee, I am speaking for myself and not for HP.

  • I'm trying to download itunes 10 but I get to a point in the download and it tells me, "The feature you are trying to use is on a network resource that is unavailable" but I haven't had itunes on my computer for a year now so how can I get around this?

    I'm trying to download itunes 10 but I get to a point in the download and it tells me, "The feature you are trying to use is on a network resource that is unavailable" but I haven't had itunes on my computer for a year now so how can I get around this?

    iTunes.msi
    Perfect, thanks.
    Download the Windows Installer CleanUp utility from the following page (use one of the links under the "DOWNLOAD LOCATIONS" thingy on the Major Geeks page):
    http://majorgeeks.com/download.php?det=4459
    To install the utility, doubleclick the msicuu2.exe file you downloaded.
    Now run the utility ("Start > All Programs > Windows Install Clean Up"). In the list of programs that appears in CleanUp, select any iTunes entries and click "Remove", as per the following screenshot:
    Quit out of CleanUp, restart the PC and try another iTunes install. Does it go through properly this time?

Maybe you are looking for

  • How do you transfer voice memos to your pc?  I have synced my phone a number of times and everything updates with the exception of voice memos?

    How do you transfer voice memos to your pc?  I have synced my phone a number of times and everything updates with the exception of voice memos? Also, my voice memos are checked to be synced everytime my phone is synced. 

  • Photoshop Elements (4.0) - opening iPhoto photos

    I'm using both iPhoto '08 (v 7.1.3) and Photoshop Elements 4.0. While in Elements, I do a file - open and browse to my Photos folder but the 'iPhoto Library' is grayed out. How can I easily edit my photos that I've imported into iPhoto with Elements?

  • Can anyone help me with a problem with Photoshop 7.0?

    I have the old Adobee Photoshop 7.0.1 and I recently ran into a problem with my Type tool that I can't figure out. Suddenly the type tool won't type. When I hit the type tool a LARGE cursor appears that's almost the full length of the picture I'm typ

  • Reg:- function.

    hi friends, my problem is i have one store function like example below. Function Func1 (Empid in varchar2) RETURN VARCHAR2 As SELECT DEPTNAME,DESIGNATION FROM EMPLOYEE WHERE EMPLOYEEID=EMPID; END; ABOVE FUNCTION RETURN ME DEPTNAME AND DESIGNATION OF

  • Want to downgrade to 6.0.2

    After updating my FCP 6.0.2 to 6.0.3 I am not able to open my project. FC always failed when trying to update this project. So I want to reinstall my FC and update only to 6.0.2. But on the apple sites is only Pro Applications Update 2008 available.