WLAN internet traffic routing

Similar Messages

• How to start a loop back proxy in Windows Phone 8 and have all app and internet traffic routed via it

  I want to develop a proxy in windows phone 8 that will handle all data traffic emanating from phone(i.e. browser and Apps). The following procedures were carried out
  a) Edited the Wifi settings http proxy and port to the loop back proxy running in the phone(i.e. 127.0.0.1) and the port in which we brought up the loop back proxy
  b) We browsed pages and no request landed on the loop back proxy in the phone
  Loop back proxy in phone is built using StreamSocketListener 
  Another observation is that:
  If we edit Wifi settings http proxy and port to a http/https proxy running on server then when we browse pages from windows phone we are getting the requests to server. Why is this difference?
  Is there a limitation to run http/https proxy on mobile phone as loop back proxy.
  But there are apps in the market for windows phone that behaves as HTTP proxy like 
  http://www.windowsphone.com/en-us/store/app/smartproxy/75da629b-c0f3-4999-86a3-9559181d1299
  Any help on the same would be appreciated

  Hi,
  Thanks for your reply and we have used StreamSocketListener waiting on a port and ip is given as loopback.The same settings are done for Wifi access point but when we browse any page in IE the requests are not landing on to the loop back proxy.Any idea on
  the same would be highly appreciated

• How can I route internet traffic over IPSec point to point?

  I have a remote site that connects by IPSEC with the end points on a router and ASA. The connection is working fine and the remote site can access my other networks at the main headquarters. The problem is, currently this remote site is accessing the internet via the same link that is supposed to VPN everything back to headquarters. I need to figure out how to VPN their internet traffic to my main headquarters. There's an IPrism behind the firewall to filter web access so it seems like I need to point the remote sites default gateway to my routing device that's behind my Iprism? 
  Also, currently the outside interface on the remote site's router does not have an ACL applied, can someone suggest what that ACl should look like? Thank you for your help! Here is a sample configuration of the remote site's router:
  crypto isakmp policy 20
  (encryption parameters here)
  crypto isakmp key password address x.x.x.x (Public ASA IP) no-xauth
  crypto ipsec transform-set remotesite (encryption parameters here)
  crypto ipsec df-bit clear
  crypto map Mainsite 1 ipsec-isakmp
   set peer x.x.x.x (Public ASA IP)
   set transform-set remotesite
   match address 100
  interface FastEthernet0/0
   description $ETH-LAN$
   ip address 10.1.1.1 255.255.0.0
   ip nbar protocol-discovery
  interface FastEthernet0/1
   description ISP Interface
   ip address x.x.x.x (public IP) 255.255.255.0
   crypto map Mainsite
   crypto ipsec df-bit clear
  ip route 0.0.0.0 0.0.0.0 x.x.x.x (ISP's default gateway)
  access-list 100 remark Access list Mainsite Access
  access-list 100 permit ip 10.1.0.0 0.0.255.255 10.3.0.0 0.0.255.255
  and other various headquarter networks...

  Hi Mark, you can modify your crypto acl to permit any any on your remote site which will make all traffic goes through the tunnel. Then on ASA you need to do hairpinning on the outside interface. This will make users on remote site to access internet via HQ. But if you do it this way the internet traffic goes straight to internet without having them filtered by your iPrism. 
  What I am not sure about is if there is a way to do it if you want those traffics to be filtered by the iPrism before going out to internet. 
  HTH

• Mountain Lion Server VPN unable to route internet traffic

  Hi! I have set up a VPN server on my home network specifically so that I could connect via a VPN client remotely and tunnel all internet traffic through my home network (It is a long story but I need to be able to access services that are specific to my home IP . . . ) I have been tearing my hair out trying to get it work but can not. The VPN connection happens OK and I can set up the remote client to send all traffic via VPN but any internet traffic just times out . . . In other words I can not get the server to share my home network via the VPN connection.

  Hi and thanks for taking the time to answer.
  As I am sure you have guessed I don't have much experience or knowledge with this. So I will try to clarify what I am trying to do.
  I do not need a VPN server for the conventional reasons of being able to access a private network (i.e my home network) remotely, although this is a nice additional benefit. I need the VPN server so that I can log in remotely (when I am using my mobile broadband or when I am overseas for example) and make it look like the machine I am using is on my home network.
  The reason for this is that I have access to web services that are IP specific. That is I can ONLY log in if I am logging in from my registered home IP (which is static for this exact reason).
  I have been told on similar support sites that if I route ALL traffic through the VPN, then when I use my browser on the remote machine all web traffic will go through the VPN as well and it will look like the traffic is coming from the subnet of my home IP.
  I guess in other words I am trying to use my VPN as an "anonymous" proxy (anonymous in the sense that although the traffic is coming form somewhere else, it still looks like it is coming from my home IP).
  I know this will cripple the speed due to the narrow upstream bandwidth but I am willing to pay this price.
  Now as for your questions:
  I have the server set up on a machine on my home subnet and I have enabled VPN port forwarding on the ADSL router.
  I know the connection happens as when I connect the VPN either from my iPhone using 4G or my laptop using my mobile broadband I get the "connecting . . . authenticating . . . connected" messages and when I check in properties it shows it to be connected to my home IP as VPN server and has an IP address that looks like it is on my home subnet.
  By internet traffic timing out I meant web traffic.
  As I mentioned above, I need all web traffic to go through the VPN. So indeed not ALL traffic but definitely ALL web traffic. The only way I could find to do this is to enable the "Send all traffic" option.
  Now I guess the obvious question is why am I not using a proxy. I have tried (and spent ages setting up Squid) but could never get it to "hide" the true origin of the traffic completely.
  Now having written all this, I reinstalled mountain lion and server yesterday (out of sheer frustration rather than anything else) and it seems to work this morning. So if I log in via VPN on my mobile or laptop and use an IP checker on the web it comes up with my home IP : ))
  The only thing I have now noticed is that if the VPN server stops working (which seems to be as soon as the computer I run it on goes to sleep) web traffic reverts to using the normal channels which is potentially problematic for me.
  So my questions now are -
  Any ideas what I was doing wrong in the first place?
  Any suggestions on how I could set this up better?
  Any way to set up the remote device so that it only allows web traffic via VPN (so that if the VPN connection drops, it is unable to use it's own internet connection for continuing web traffic)?
  Thanks for any suggestions : )
  Cheers

• Understanding 5505 firewall-site to site and internet traffic

  Hi,
  My question is mutli-faceted. I apologize for the lengthy intro here but i think the info is necessary to understand where I am headed in this.
  I am new to the cisco 5505. I have had very limited exposure to a 5510 that was preset. I have managed to make modifications to it here and there, but dont completely understand how it was put together. I learn by watching, listening, and gleaning what I can from others. I have had no formal training in CLI, but I have learned some of the commands. I know enough to be dangerous, but I respect my limitations.
  That being said, I have been charged with setting up a 5505 at a remote site. I need to accomplish several things.  Our ultimate goal is to use this device as a site to site with the 5510 at the corporate office. However, I need to accomplish this in baby steps, test, test real users and then maybe convert in full. Where I could outsource this in its entirety, that would preclude me from learning so I can address this in the future on my own.
  We need to have this in place by the end of February 2013.
  Currently the remote site is connected via a very slow (by todays standards) T1 line on a MPLS. Stable. Works, but slow. All internet traffic as well as work traffic is routed through that connection. We have added a 50mb cable connection (with static ips) to the office. First we want to set up the 5505 so that it can be used as follows:
  1, Internet traffic can be routed out through this device and all other "work" traffic routed through the MPLS.
  2, Test using this connection as a route out to the internet AND use it as a site to site VPN connection to the home office. (or anyconnect vpn)
            I need to be able to have users in both environments. IE, some still using step 1 and some starting to use and test step 2.
  3, long term, use this as the main connection per number 2, but add the IP address so that if the cable connection drops, the office can access internet via the VoIP T1 line as a life line.
  In all cases, I dont want internet going through the home office as it currently is traveling.
  I have done a lot of searching but so far have come up empty with answers.
  Question 1:     (This one probalby shows my ignorance the worst) - in using the 5505 firewall, will it segregate normal internet traffic from the VPN traffic when used by the workstation? Using the Gui, I didnt see where this was necessarily happening. Do I need to use CLI language (and what) to make this happen? Or is that a basic function that happens during the setup of the firewall using the GUI. Do I need to do some sort of "split tunneling"?
  Question 2:     Do I use this device as the Default gateway for both step 1 and 2/3) for normal use and then change the gateway on the Pcs to the VoIP network during emergency use,(that would bypass the firewall though or is there a way to have it route to that router if there is no connection through the Outside port? Or as long as I have some access to the device, can I make a change remotely to help accomplish this failsafe?
  Question 3:     We have 25 Anyconnect VPN licenses. Should we use these and not the Static site to site, if so, why or why not? They dont need to be used at all.
  Question 4:     In setting up the VoIP line for backup, would using that on the "DMZ" connection help in making this viable so that the device could still ultimately control the internet traffic?
  Question 5:     In setting up the VPN connections, unless i am getting the two methods confused, I will need the 5505 to hand out IP addresses for the vpn connection. I see in using a class c schema that i can use 92.168.0.0 to 192.168.255.0. So for instance, I could use 101.1.20.0 for the inside network Vpn addresses?? I need to stay away from 192.168.0.0 networks as we use that in our normal structure.
  Reasons for setting this up:
  Slow speeds over the T1.
  increasing demand for Skype, Video conferencing etc that the T1 pipe couldnt adequately handle
  Lack of backup pathways for downed connections - ie, backhoe chopping through wire at a construction site).
  I read through the Getting started guides on both the 5510 and the 5505 and feel I can likely get the site to site setup (I have a list of all the Ip addresses i need for inside networks and outside networks etc.
  additional notes:
  I have to email ATT anytime I want a change made on the MPLS router, so doing as little to that as possible would be good.
  I will be onsite for testing at the end of February  and will have direct access to the home office via other methods to work on the asa5510 if any additional work needs to be done on it once i am onsite.
  Thanks for taking the time to read through all of this. please forgive my lack of knowledge...
  Dave

  Thanks for getting back to me and so quickly!
  1) I am not sure if I understand the “ACL” portion of your question, but this is how I want to access info via the VPN tunnel:
  192.168.D.0 inside(NJ) to outside 5505 - 12.175.X.X to outside 5510 - 12.200.X.X to inside network (HQ)192.168.X.0. Routes are needed to find subnets 192.168.A.0, 192.168.B.0 and 192.168.C.0. The default gateway to those subnets right now is: 192.168.X.XX4 inside of HQ. This would be so that the NJ office could find resources of the other offices if needed. This will change as we wean off the MPLS. Inside the ASA 5505, the IP addresses are 192.168.D.0 for data, 10.X.X.0 for the Phone system. All other traffic would be sent out through the internet. Phone system uses the XOcomm conection to route phone traffic.
  2) I did some reading on SLA. Thanks for pointing that out. For purposes of learning here, I am showing this as 12.175.XXX.XXX for Comcast and 12.200.XXX.XXX for XO comm.
  4) I guess I would use an Outside 2 as that makes sense, in description, I would label them “ComCast” for outside 1 and “XOcomm” for outside 2.
  5) I am still not sure I understand this part. Are additional IP addresses needed for the Site to site VPN to talk to the local hosts, or will it use the IP addresses assigned by the local server?
  Next Steps
  1-         Configure the ASA5510 for the 5505 connection
  2-         Configure the ASA5505 for the 5510 connection
  3-         Configure SLA for Comcast and XOcomm outside connections
  4-         For this I need help….I think this is from step 1, but I need help to configure the internet to be segregated via my question from #1. Have I given enough information to do so? Please advise on ACL entries, and route statements needed so that NJ can talk to all the offices when using this connection, not just the Headquarters.
  Thanks
  dave

• Dmvpn wtih backhauled internet traffic to central site

  using dmvpn,but backhauling internet traffic over dmvpn to central site for monitoring, etc.  This unfortunately has the side effect of breaking spoke to spoke dynamic tunnels.  Anyone know a work around?

  For this Scenario you can put your internet-link into a different VRF. The differences to a "normal" DMVPN-config are the following:
  interface GigabitEthernet 0/0
  description Connection to ISP
  ip vrf PUBLIC
  interface Tunnel1
  description Tunnel to Hub
  tunnel vrf PUBLIC
  ip route vrf PUBLIC 0.0.0.0 0.0.0.0 GigabitEthernet 0/0

• How to redirect Internet traffic from RV082 to RV042 through a VPN Tunnel??

  Fellows,
  We have offices in USA and Venezuela.
  In our USA office we have a RV042 router and in Venezuela we have a RV082 router.
  We have connected a VPN tunnel (gateway-to-gateway) between both offices.
  The point is:
  How   could we redirect the internet traffic from our Venezuela office   (RV082) to the USA Office (RV042) to navigate using USA public IP's?
  The   reason for this is that we need to use online streaming services which   are only available for IP's from USA and we can't use them from the   Venezuelan IP's.
  We  can not use the PPTP option since the  equipment which will use the  streaming services (like hulu, crackle,  etc.) in Venezuela is a Google  TV device which doesn't allow the  configuration of proxy navegation or  PPTP VPN connections itself. That's  the reason why we need to do that  through the routers.
  We will really appreciate your support on this matter.
  Daniel

  Hi Daniel, this is called ESP wildcard forwarding which the router does support.
  https://supportforums.cisco.com/docs/DOC-12534   <- This is older but applicable
  https://supportforums.cisco.com/message/3766661
  -Tom
  Please mark answered for helpful posts

• Internet Edge Router and the Firewall

  What is the best way to monitor an Internet Edge router from the Internal network behind the Firewall?
  We want to pull more information from the edge router like netflow.  We can use SNMPv3 and ACLs to keep the router secure.
  But I am looking for the best config to keep both the router and firewall as secure as possible while still allowing us to monitor performance and faults.
  I am running an ASA and a 2821.

  I'd start with locking down the router configuration if you haven't already. Cisco Configuration Professional (free) offers a nice GUI for analyzing and delivering all the necessary commands to secure the router.
  Getting Netflow from your router doesn't add much more than getting it from your ASA.
  If you're querying through the firewall to the routers using SNMPv3 (and have deleted the v1/v2 communities) that's one good step. The only other thing I might suggest is sending syslogs to your management system from the router. To do that you'll need to add an access-list and probably a NAT entry to your firewall to allow the incoming syslog traffic.
  Most important beyond all the technology is to make sure that your people follow a process to regularly analyze and act upon the information being reported and gathered. Without that all the rest isn't worth the time it take to implement it.

• Internet Traffic Even When Mail And Safari Shutdown?

  I have just noticed that my SurplusMeter is detecting slight internet traffic even with Safari and Mail shutdown.
  I have, of course, Surplus Meter open, together with ClamXav.
  The Bytes Up and Bytes Down fields jump a few hundred every 5 seconds or so and when timed, the meter moved by 0.1MB every 4 minutes.
  This would represent about 1.5MB per hour and over 20MB per working day (8am to 11pm) which I would have noticed before as I frequently use less than 10MB per day.
  In the past I have come back to my meter after hours and it hasn't moved.
  Any ideas what might be causing this slight trickle of activity?

  I have just noticed that my SurplusMeter is detecting slight internet traffic even with Safari and Mail shutdown.
  I've never used SurplusMeter, but if it's like any of the other bandwidth monitoring tools I've seen it's not watching your internet traffic, it's watching your ethernet traffic.
  There is an important difference. Even if the only device on your network is your Mac and your router there will always been some background noise.
  Amongst other things, ethernet uses ARP - Address Resolution Protocol - to map IP addresses to physical devices on the network. It does this by sending out an ARP request for any device the machine needs to talk to. For example, if your Mac has the IP address 192.168.1.2 and a default router address of 192.168.1.1 then it will send out an ARP request 'hey! where is 192.168.1.1', to which the router will reply "hey! I'm over here'. That's two packets of data, even if there is no other activity or device on the network.
  IIRC, ARP replies are cached for 5 minutes after which the OS sends out another ARP reply to update its ARP table, which ties in exactly with the interval you're seeing.
  I'd further guess that 0.1MB is the smallest unit of measurement that SurplusMeter reports, so even the 28-byte ARP request and play packets get reported as 0.1MB
  Furthermore, by definition, ARP is limited to the local network and never transmits over your ISP link, so it's not going to count towards any bandwidth usage limits.
  So this isn't likely to be anything to worry about. You can confirm this with any of the ethernet sniffers, or even just a simple tcpdump in Terminal.app

• VPN 3005 - Reroute Internet traffic out local connection

  We have a VPN 3005 concentrator that connects to our backbone switch. We have about 6 sites who have the following subnet:
  site A: 172.16.x.x
  site B: 172.17.x.x (etc)
  When a user is at home, hotel, or directly connected to the Internet and they connect with the VPN client to our network we want all Internet traffic (cnn, google, etc) to route through their local connection and not through our network through our internal Internet connection. How can I setup the VPN Concentrator to allow all internal traffic and reroute all other traffic out their local Internet connection?

  split tunneling needs to be configured on the concentrator.
  firstly, create a network list.
  go configuration>policy management>traffic management>network lists. then put the private lan ip behind concentrator on to the list.
  go configuration>user management>groups>client config
  you will see "split tunneling policy" and "split tunneling network list"
  with option "split tunneling policy", choose "only tunnel networks on the list". with option "split tunneling network list", choose the network list you just created.

• How do i connect my ipad to WLAN internet? it says its loading but never comes up with a tick

  I have recently moved to Madrid in Spain from England where i bought my iPad. neither my iPad nor iPhone will connect to the WLAN internet in the house that I am living in. When i type in the password it saying it is loading however the tick never comes up and i cannot access the internet. This is a real problem as I need to use my iPad to apply for university. Any suggestions?

  it still wont work but the same thing is happening when i try to connect on my iphone which makes me think it is something to do with apple products on the wifi

• I there a way to connect an Ipad to wlan internet?

  I there a way to connect an Ipad to wlan internet?

  Airport Express
  http://i1224.photobucket.com/albums/ee374/Diavonex/Album%201A/1f4ad14e1067b2d0eb 1e39448ff51d0b.jpg
  https://www.apple.com/airportexpress/

• How do I get the internet traffic to come to my own server?

  If I'm moving from paying a host for coldfusion to using my own license on my own server, How do I get the internet traffic to come to my own server?

  You connect the computer to a network.  This is pretty much automatically handled by the hardware and the operating system.
  You may want to read up on some of the basics of networking and the tcp/ip world.
  To have a networked computer tell you its IP address type 'ipconfig' at a dos command line.

• Loosing battery from internet traffic all the time

  4 days ago i have bought an iphone 5
  previous one was an iphone 4
  my problem is the iphone 5 all the time spending my internet traffic, but i turned off all the push notification and etc apps whiches use the inernet....
  because of that my iphone loses battery for 2-3 hours
  HELP ME PLEASE !

  I have another computer connected
  to this network in another part of the house
  If that is a Windows XP computer make sure it is not trying to do an 802.1x authentication since that will cause those interruptions:
  http://www.efelix.co.uk/tech/1010.html
  Ensure that the Enable IEEE 802.1x authentication for this network check box is not checked.
  Also, upgrading to Service Pack 2 should take care of that problem.
  Otherwise, Airports are a reliable product so perhaps you are in an area of interference? Pick a different channel - like 9?

• Out-of-control consumer Internet traffic by apple tv

  Out-of-control consumer Internet traffic by apple tv
  Greetings
  I recently bought an Apple TV, but since then I is the intensity of Internet traffic. Kindly advise me please, why does this happen? Secondly, what is the solution? I only use this machine for Airplay, and I do not want to use the Internet.

  What are you talking about?
  Please clearly explain what the issue is.