WRE54G Cannot route traffic

Hi all,
My WRE54G version 2 cannot route the WIFI traffic to my Belkin router after setup. The setup was made by connecting the WRE54G directly to Belkin router with the following configurations with the Web configuration tool in WRE54G.
WRE54G
Name: Linksys WRE54G
IP address: 192.168.1.150
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1
Mode: Mixed
Channel: 10
SSID: 54Home
Wireless Security: Enable
Belkin Router
IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0
DHCP Address range: 192.168.1.2 - 192.168.1.100
Mode: Mixed
SSID: 54Home
WEP setting of both Belkin router and WRE54G are the same.
Both the link and activity LED on the WRE54G are Lighted in blue.
When connecting WRE54G with UTP wire, I can ping the WRE54G with my notebook with wired connection with Belkin, and I can use the web interface configure the WRE54G. When removing the wire to WRE54G, the notebook cannot ping the WRE54G.
When I test the WRE54G with wireless connection, my notebook cannot get an IP address and it needs to manually assign one. After using the manual IP, the notebook can reach the WRE54G, but not the Belkin Router, nor any connection to the internet.
However, if I disable the wireless network of the notebook and connect it directly to the router with UTP wire, the router is working fine. I switch off the WRE54G, change the notebook to DHCP, it connect back to the Belkin router and internet contivity is also fine.
It seems that the WRE54G did not talk to Belkin on the WIFI traffic. Are there anyone encountered the same problem, and have the solutions?
Thanks in advance
Davis

Make sure that wireless settings are same as in wireless router also check the Ip settings in the range extender ... it should be in the range of the router .... If all settings working fine .... & still you are not able to ping the Range Extender when wireless .... Disable the firewall on the laptop for few seconds .... try to ping the Range Extender .... if not ... in such case ... upgrade the firmware of the range Extender ...after upgrade ... reset & reconfigure the router ...

Similar Messages

  • WLSM - cannot route traffic to it

    I have cat6513, sup720 (ver 12.2(18)SXF3) and wlsm (ver 2.1(1)). I have L2 and L3 vlan 11 interface (ip in same subnet as wlsm admin vlan) configured on sup720 and "wlan module 2 allowed vlan 11"
    I can ping the wlsm from the sup720 (and vice versa) but not from anywhere else on the network (even though all other routers have a route to the vlan 11 subnet).
    Without this basic ip connectivity, 1231ap will not be able to register with wlsm and wlsm will not be able to talk to acs server.
    any ideas - I think it may be 802.1q related but cannot change native vlan on this backplane connection.
    sup720 partial config
    =====================
    wlan module 2 allowed-vlan 11
    VLAN Name Status Ports
    11 wds active
    interface Vlan11
    description wlsm management
    ip address 192.168.11.1 255.255.255.0
    end
    wlsm partial config
    ===================
    wlan vlan 11
    ipaddr 192.168.11.2 255.255.255.0
    gateway 192.168.11.1
    admin
    interface Ethernet0/0
    mac-address 0014.1c5b.f19d
    no ip address
    no cdp enable
    hold-queue 2048 in
    interface Ethernet0/0.11
    encapsulation dot1Q 11
    ip address 192.168.11.2 255.255.255.0
    no cdp enable
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.11.1

    try this link
    http://www.cisco.com/univercd/cc/td/doc/product/wireless/wlsmdig.htm#wp36932

  • Possible to Route Traffic Based on AVC?

    Is it possible to route traffic, based on the Application Visibility Control functions that specific Cisco routers are capable of?  Here's my issue:  I have two ISP's.  One is at about 120% utilization.  The other isn't doing anything.  I can specify ip routes based on IP addresses.  For instance, I can ip route 173.252.110.27 255.255.255.255 10.x.x.x to point to our ISP2 firewall, which is our non-utilized provider, for Facebook traffic.  The problem is that sites like this have massive public subnets, so I won't be able to capture all of the traffic destined to Facebook.  Is there a way to route traffic based on application?  I know that Palo Alto firewalls have a way to do Policy Based Forwarding, based on application.  I was wondering if the same was possible with AVC.  Thanks for any help.

    Hello.
    Yes, it's possible and, actually, you have 2 ways.
    1. use manual load-balanace between links.
    2. use PfR to load-balance traffic automatically.
    PS: you also will need NAT with route-map.

  • ERROR: cannot route the nets within the site IOB_X1Y227

    Hi,
    I'm trying to generate a bitfile for virtex-7 XCV2000T-FLG1925 using synplify to synthesis and 2014.4 vivado to PR.  During the PR process i received the below error.
    ERROR: [Constraints 18-608] We cannot route the nets within the site IOB_X1Y227. Reason: Could not route the logical net: u_sys_pub/emwen on site IOB_X1Y227 to the load pin OUTBUF_DCIEN.OUT. Please check your design to see if the pin has a legal route to its driver or loads.
    emwen is set output , and
    define_attribute {emwen} {xc_loc} {AV28}, at meanwhile, the below constrain is set in .xdc:
    create_pblock pblock_u_sys_pub
    add_cells_to_pblock [get_pblocks pblock_u_sys_pub] [get_cells -quiet [list u_sys_pub]]
    resize_pblock [get_pblocks pblock_u_sys_pub] -add {CLOCKREGION_X0Y3:CLOCKREGION_X1Y5}
    please help me to fix this error
    thanks.

    Hi 
    The reason for the error message is "IOB blocks should be in static region". See the page no. 54 in the following user guide: http://www.xilinx.com/support/documentation/sw_manuals/xilinx2014_4/ug909-vivado-partial-reconfiguration.pdf for more information.
    Thanks,
    Vinay

  • Cannot route to second network

    All pc's and servers use PIX as default gateway (10.133.6.10)
    We have a second network/IP line and provider (10.1.0.0)that some pc's will need access to.
    I've tried setting a static route to this network on the PIX and can ping it from the PIX but not pc's/servers, unless I change default gw (10.133.1.1) on pc's.
    PIX config attached

    classic problem.
    you are pointing the pc's to the pix as their default gateway right? Pix will not route traffic back through an interface from which it receievd the packet.
    You might be able to do a couple of things here.
    Depending on the software and hw version, you could run dot1q trunk on the pix to cerate a vlan for other network and that may solve the issue or just point the machines to the other default gateway and have that router have a default route pointing to the pix.
    HTH
    Chris

  • Route Traffic to down a specfic link

    I need to route traffic that is sourced from 10.1.50.0 network down link 1. Currently all traffic goes down Link 2. I want all traffic except 10.1.50.0 network to still use Link 2 as primary. What would be the best approach a static route for the 10.1.50.0 network or some type of policy map or something else? Thanks for the help

    Thanks for the reply. I created the access list and policy map from above but can not put the policy map on the VLAN interface. The commands are there but when I verify by looking at the interface it is not there. It is a 3750 G with IPSERVICES IOS. Any ideas? Thanks
    Standard IP access list 50
    10 permit 10.2.50.0, wildcard bits 0.0.0.255 log
    sh route-map
    route-map **VLAN250**, permit, sequence 10
      Match clauses:
        ip address (access-lists): 50
      Set clauses:
        interface GigabitEthernet2/0/1
      Policy routing matches: 0 packets, 0 bytes

  • NM-16ESW - adding a switch into a 3725 router slot - can i route traffic out of the switch ?

    Hi all,
    I have added the above module (16 switch port) into my router.
    R16#show ip int br
    Interface IP-Address OK? Method Status Protocol
    FastEthernet0/0 unassigned YES unset administratively down down
    FastEthernet0/1 unassigned YES unset administratively down down
    FastEthernet1/0 unassigned YES unset administratively down down
    FastEthernet1/1 unassigned YES unset administratively down down
    FastEthernet1/2 unassigned YES unset administratively down down
    FastEthernet1/3 unassigned YES unset administratively down down
    FastEthernet1/4 unassigned YES unset administratively down down
    FastEthernet1/5 unassigned YES unset administratively down down
    FastEthernet1/6 unassigned YES unset administratively down down
    FastEthernet1/7 unassigned YES unset administratively down down
    FastEthernet1/8 unassigned YES unset administratively down down
    FastEthernet1/9 unassigned YES unset administratively down down
    FastEthernet1/10 unassigned YES unset administratively down down
    FastEthernet1/11 unassigned YES unset administratively down down
    FastEthernet1/12 unassigned YES unset administratively down down
    FastEthernet1/13 unassigned YES unset administratively down down
    FastEthernet1/14 unassigned YES unset administratively down down
    FastEthernet1/15 unassigned YES unset administratively down down
    Vlan1 unassigned YES unset up down
    R16(config-if)#int fa1/0
    R16(config-if)#ip address 192.168.10.1 255.255.255.0
    % IP addresses may not be configured on L2 links.
    R16(config-if)#
    q1) Not being able to set IP to the interface as shown above, I would believe it is really a switch port.  Is there anyway I can see what kind of port a interface is or can be ? (switch port, routed port etc ?)   or whether is it a L2 or L3 switch ?
    q2) in that case, since the switch is already inside the router, how do i route L3 traffic out of the switch ? 
    Assuming fe0/1 on the router is the interface connected to external network.
    and 2 workstations attached to the switch ports fe1/1 and and fe1/2, how can i set their gateway to point to fe0/1's IP ? Can fe0/1 to be connected to fe1/0 internally ?
    Regards,
    Noob

    Hi KOE SIZE JIE, 
    q1) I tried the no switchport command on the 16switch port module and it works. I can set an IP on the switch port. But according to Liam, it is a L2 switch, how come we can assign no switchport command ?
    As Bilal pointed out, I was mistaken you can issue the "no switchport" for a L3 routed port on that specific module. 
    q2) it is said that on a L2 switch only 1 SVI can be connected (for management purpose only) and L2 switch is not able to do routing. With the L2 switch module inserted into the router, will the SVI be able to do routing then ?
    I believe this goes back to what Bilal was saying about limited functionality on the EtherSwitch. I will have to play with one in GNS3 to give you a solid answer. 
    But I think what it is trying to say is... You cannot use SVI's for inter-vlan routing. You can only have a single SVI for management purposes. 
    q3)Liam, you mention earlier fa0/0 is pointing to some network. is fa0/0 in the same router as the 16 switchport module ?
    ip route 10.10.10.0 255.255.255.0 192.168.1.254 -- this command seems to be saying to access the 10.10.10.0 network, please go to the next hop IP 192.168.1.254 (but again, you are setting this next hop IP on the current router interface itself) - did i get anything wrong ?
    I have read back my post and this reads wrong. 
    When i showed you the code snippet, 192.168.1.254 would be the interface on the next hop router. Not the router you are issuing the ip route command on. You would also need an IP address on the router interface directly connected to the next hop router. I.E 192.168.1.253
    You will not then receive that error. Sorry about that, my sloppy config without a diagram!
    HTHs,
    Liam

  • ASA appears to randomly stop forwarding/routing traffic

    Hi guys, got a curly one -
    Our ASA appears to randomly stop forwarding traffic between interfaces. Traffic does not forward for several minutes, then it starts again. After a while the traffic stops again for a few minutes, and the cycle repeats.
    If you are on a directly connected network you can still ping the ASAs local interface (I have ICMP turned on for testing). However you cannot ping the ASA from any remote network. I can ping or trace all the way up to the last hop without an issue. You also cannot ping across the ASA to servers on the other side, even from the immediate next hop (which as I mentioned above, still works) .
    This would appear to point to a routing problem? Strangely, routing still functions for the management network - I have had no problems reaching the command line from elsewhere in the network.
    Has anyone encountered something similar to this before?
    Relevent ASA configuration commands below:
    interface GigabitEthernet0/1
    description DMZ Trunk interface
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet0/1.220
    description F5 DMZ Internal
    vlan 220
    nameif DMZInternal
    security-level 50
    ip address 172.17.20.1 255.255.255.0 standby 172.17.20.2
    interface GigabitEthernet0/2
    nameif Internal
    security-level 100
    ip address 172.17.99.254 255.255.255.0 standby 172.17.99.253
    icmp permit any DMZInternal
    icmp permit any Internal
    route management 0.0.0.0 0.0.0.0 172.17.42.1 1
    route Internal 172.16.0.0 255.240.0.0 172.17.99.1 1
    EDIT: sorry forgot to post -
    #sh ver
    Cisco Adaptive Security Appliance Software Version 8.3(2)
    Device Manager Version 6.4(1)
    Compiled on Fri 30-Jul-10 17:49 by builders
    System image file is "disk0:/asa832-k8.bin"
    Config file at boot was "startup-config"

    Hi Dan - I suggest you ask this in the forum.
    hth
    Herbert

  • I cannot route to remote subnets from cisco vpn client and pptp client

    Hi guys,
    I've a big problem, I configured a 877 cisco router as a cisco vpn server (the customer use it to connect to his network from pc) and a pptp vpn server (he use it to connet to the network from a smartphone).
    In this router I created 2 vlan, one for wired network (192.168.10.0/24) and the second one (10.0.0.0/24) for wireless clients and I use fastethernet 3 port to connect these to the router.
    this is the issue, when the customer try to connect to a wireless network from both of vpn clients he cannot do this, but if he try to connect to a wired network client all working fine.
    following the addresses taken from the router.
    - encrypted vpn client -
    ip address. 192.168.10.20
    netmask 255.255.255.0
    Default Gateway. none (blank)
    - pptp vpn client -
    ip address. 192.168.10.21
    netmask. 255.255.255.255
    Default Gateway. 192.168.10.21
    Is possible that I cannot reach the remote subnet because the clients doesn't receive a gateway (in the first case) or receive the wrong subnet/gateway (in the second one)..?
    There is anyone can help me..?
    Thank you very much.
    Many Kisses and Kindly Regards..
    Ilaria

    The default gateway on your PC is not the problem, it will always show as the same IP address (this is no different when you dial up to an ISP, your DG will again be set to your negotiated IP address).
    The issue will be routing within the campus network and more importantly on the PIX itself. The campus network needs a route to the VPN pool of addresses that eventually points back to the PIX.
    The issue here is that the PIX will have a default gateway pointing back out towards your laptop. When you establish a VPN and try and go to an Internet address, the PIX is going to route this packet according to its routing table and send it back out the interface it came in on. The PIX won't do this, and the packet will be dropped. Unless you can set the PIX's routing table to forward Internet packets to the campus network, there's no way around this. Of course if you do that then you'll break connectivity thru the PIX for all the internal users.
    The only way to do this is to configure split tunnelling on the PIX, so that packets destined for the Internet are sent directly from your laptop in the clear just like normal, and any packet destined for the campus network is encrypted and sent over the tunnel.
    Here's the format of the command:
    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524

  • How to route traffic across subnets when one NIC is a hyper-V virtual switch?

    Having a bit of a problem with a hyper-V environment which does not seem to route network traffic on two different subnets between each other.
    If it were a purely physical server with two NICs and a gateway set traffic would automatically be forwarded between the two different subnets.
    However when one of those NICs is a hyper-V virtual switch this simple routing no-longer seems to work and no traffic gets forwarded between subnets?
    Situation is:
    Hyper-V server with two NICs
    NIC 1 = 192.168.0/24 - main Internal company network.
    NIC 2 (hyper-V virtual switch.) = 192.168.1/24 - connects to ADSL internet router
    Virtualized Domain Controller.
    One or two virtualiszed NICs as necessary
    How then does traffic get routed between these two subnets?  If RRAS has to be configured to do this where is the best place to do it, on the hyper-V host or on the virtualized domain controller?
    Thanks,

    Hi ,
    You can create an internal virtual switch and configure an IP for it (I assume it is 192.168.1.2/24) .
    After you enable RRAS in hyper-v host  there will be two gateways for different subnets  .
    " NIC 2 (hyper-V virtual switch.) = 192.168.1/24 - connects to ADSL internet router "
    The problem is here ,if  these VMs need to access internet .
    So , these VMs can not configure their gateway same as the IP of internal virtual switch , you may set VM's gateway as the ADSL internet router's IP meanwhile add a static route entry for every VM .
    Please refer to the Syntax :
    route add -p 192.168.0.0 mask 255.255.255.0 192.168.1.2
    Hope this helps
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • ASA 5510 Not able to route traffic between 2 LAN interfaces

    Hi everybody,
    I need help to enable traffic between two physical ports on my Cisco ASA 5510. I created access rules and NAT but traffic doe not go from accounting interface to Inside. I am able to access internet from both interfaces. Can someone pin point me in the right direction since I am not an expert in Cisco but has to finish this by the end of the week.
    Thank you,
    Sigor
    Here is my configuration:
    ASA Version 8.2(2)
    hostname Cisco
    domain-name xxx.com
    names
    interface Ethernet0/0
     description Outside
     nameif Outside
     security-level 0
     ip address 101.101.101.101 255.255.240.0
    interface Ethernet0/1
     description Inside Network
     nameif Inside
     security-level 90
     ip address 192.168.10.1 255.255.255.0
    interface Ethernet0/2
     description Accounting
     nameif Accounting
     security-level 100
     ip address 20.0.1.1 255.255.255.0
    interface Ethernet0/3
     shutdown
     no nameif
     no security-level
     no ip address
    interface Management0/0
     nameif management
     security-level 100
     ip address 192.168.1.1 255.255.255.0
     management-only
    ftp mode passive
    clock timezone EST -5
    dns domain-lookup Outside
    dns server-group DefaultDNS
     name-server 8.8.8.8
     domain-name xxx.com
    same-security-traffic permit inter-interface
    object-group service Port-10000 tcp
     port-object eq 10000
    object-group service Port-8080 tcp
     port-object eq 8080
    object-group service Port-8011 tcp
     port-object eq 8011
    object-group service DM_INLINE_TCP_1 tcp
     group-object Port-8080
     port-object eq www
     group-object Port-8011
    object-group service DM_INLINE_TCP_2 tcp
     group-object Port-10000
     port-object eq https
     port-object eq www
    object-group service rdp tcp
     port-object eq 3389
    object-group service DM_INLINE_TCP_3 tcp
     group-object rdp
     port-object eq ftp
    object-group service DM_INLINE_TCP_4 tcp
     group-object Port-10000
     port-object eq www
     port-object eq https
     port-object eq ssh
    object-group service DM_INLINE_TCP_5 tcp
     group-object Port-8011
     group-object Port-8080
     port-object eq www
    object-group service DM_INLINE_TCP_6 tcp
     group-object Port-10000
     port-object eq www
     port-object eq https
    object-group service DM_INLINE_TCP_7 tcp
     group-object rdp
     port-object eq ftp
    access-list Outside_access_in extended permit tcp any host 101.101.101.104 object-group DM_INLINE_TCP_5
    access-list Outside_access_in extended permit tcp any host 101.101.101.102 object-group DM_INLINE_TCP_6
    access-list Outside_access_in extended permit tcp any host 101.101.101.103 object-group DM_INLINE_TCP_7
    access-list Outside_access_in extended permit tcp any host 101.101.101.106 eq smtp                                                              
    access-list Outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0
    access-list Inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0
    access-list Inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.80.0 255.255.255.0
    access-list CiscoIPsec_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0                                                                
    access-list Accounting extended permit ip 20.0.1.0 255.255.255.0 192.168.10.0 255.255.255.0
    access-list Accounting extended permit ip 20.0.1.0 255.255.255.0 any
    pager lines 24
    logging asdm informational
    mtu Outside 1500
    mtu Inside 1500
    mtu Accounting 1500
    mtu management 1500
    ip local pool IPSecDHCP 192.168.80.100-192.168.80.200 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (Outside) 1 interface
    nat (Inside) 0 access-list Inside_nat0_outbound
    nat (Inside) 1 0.0.0.0 0.0.0.0
    nat (Accounting) 1 0.0.0.0 0.0.0.0
    static (Inside,Outside) tcp 101.101.101.104 www 192.168.10.14 www netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.104 8011 192.168.10.14 8011 netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.104 8080 192.168.10.14 8080 netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.102 10000 192.168.10.3 10000 netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.102 https 192.168.10.3 https netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.102 www 192.168.10.3 www netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.103 ftp 192.168.10.17 ftp netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.103 3389 192.168.10.32 3389 netmask 255.255.255.255
    static (Inside,Outside) tcp 101.101.101.106 smtp 192.168.10.23 smtp netmask 255.255.255.255
    static (Inside,Accounting) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
    access-group Outside_access_in in interface Outside
    access-group Accounting in interface Accounting
    route Outside 0.0.0.0 0.0.0.0 101.101.101.101 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 management
    http 192.168.10.0 255.255.255.0 Inside
    http 20.0.1.0 255.255.255.0 Accounting
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 32608000
    crypto ipsec security-association replay disable
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256
    -SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
    crypto map Outside_map 1 match address Outside_1_cryptomap
    crypto map Outside_map 1 set pfs group1
    crypto map Outside_map 1 set peer 89.216.17.35
    crypto map Outside_map 1 set transform-set ESP-3DES-SHA
    crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map Outside_map interface Outside
    crypto isakmp enable Outside
    crypto isakmp policy 10
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    telnet timeout 5
    ssh 192.168.10.0 255.255.255.0 Inside
    ssh timeout 5
    console timeout 0
    dhcpd address 20.0.1.100-20.0.1.200 Accounting
    dhcpd dns 192.168.10.19 8.8.8.8 interface Accounting
    dhcpd lease 306800 interface Accounting
    dhcpd domain abtscs.com interface Accounting
    dhcpd enable Accounting
    dhcpd address 192.168.1.2-192.168.1.254 management
    dhcpd enable management
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy CiscoIPsec internal
    group-policy CiscoIPsec attributes
     dns-server value 192.168.10.30 192.168.10.19
     vpn-tunnel-protocol IPSec
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value CiscoIPsec_splitTunnelAcl
     default-domain value xxx.com
     vpn-group-policy CiscoIPsec
    tunnel-group 198.226.20.35 type ipsec-l2l
    tunnel-group 198.226.20.35 ipsec-attributes
     pre-shared-key *****
    tunnel-group CiscoIPsec type remote-access
    tunnel-group CiscoIPsec general-attributes
     address-pool IPSecDHCP
     default-group-policy CiscoIPsec
    tunnel-group CiscoIPsec ipsec-attributes
     pre-shared-key *****
    class-map inspection_default
     match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
     parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:2a7c97a7a22397908ef83ca6f0065919
    : end

    Without diving too deep into your config, I noticed a couple of things:
    interface Ethernet0/1
     description Inside Network
     nameif Inside
     security-level 90
     ip address 192.168.10.1 255.255.255.0
    interface Ethernet0/2
     description Accounting
     nameif Accounting
     security-level 100
     ip address 20.0.1.1 255.255.255.0
    On an ASA, higher security level interfaces are always allowed, by default, to lower security levels, but not the other way around. So, if you want to keep this config, you would need an acl on the Inside interface to allow traffic to go from level 90 to 100:
    access-list Inside permit ip any any
    access-group Inside in interface Inside
    The acl will permit the traffic into either interface (outside or Accounting). As long as you have your other rules set up correctly, this should resolve your issue...
    HTH,
    John

  • Need to route traffic based on destination to 2 different routers

    I have a 4451X that has a default route of 10.10.48.1. I have 2 other internet routers at 10.10.48.15, and 172.31.1.3.
    The router at 172.31.1.3 is a VPN firewall and has a VPN to 3 specific IP networks. 172.31.252.0/24, 192.168.252.0/24, and 192.168.163.0/24.
    I need the traffic headed to the 3 VPN'd networks to route to 172.31.1.3, and the remaining traffic to route to 10.10.48.15.
    The source network is 172.31.0.0/23 and the gateway of the machines is 172.31.0.1.
    I tried creating a PBR but the internet traffic seems to go outbound through the router's default route of 10.10.48.1 and not 10.10.48.15.
    I am sure I am just missing something silly.
    Here are the relevant portions of the config:
    interface GigabitEthernet0/0/1
     ip address 172.31.0.20 255.255.254.0
     ip nat inside
     ip policy route-map Test
     negotiation auto
     vrrp 1 ip 172.31.0.1
     vrrp 1 priority 105
    interface GigabitEthernet0/0/1.2
     encapsulation dot1Q 2
     ip address 10.10.48.12 255.255.255.224
     ip nat inside
     ip access-group 199 in
     vrrp 1 ip 10.10.48.3
     vrrp 1 priority 105
     vrrp 2 priority 105
     no cdp enable
    ip route 0.0.0.0 0.0.0.0 10.10.48.1
    ip route 0.0.0.0 0.0.0.0 172.31.1.3 2
    access-list 116 permit ip 172.31.0.0 0.0.1.255 172.31.254.0 0.0.0.255
    access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.252.0 0.0.0.255
    access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.163.0 0.0.0.255
    route-map Test permit 19
     match ip address 116
     continue 20
     set ip next-hop 172.31.1.3
    route-map Test1 permit 20
     set ip next-hop 10.10.48.15
    Thanks in advance.
    Burton Hallman

    Firstly I'm not sure why you have two default routes if everything is meant go via 10.10.48.1 ?
    That aside in terms of your PBR -
    1) remove the continue statement. I don't know what it is meant to be doing but as far as i know it has no effect with PBR
    2) more importantly your second statement is using a different route map name ie Test1 which makes it a completely different route map so the one applied to the interface only has the first statement in it which is the one for VPN traffic.
    Jon

  • Unknown network traffic / router traffic monitoring

    So I got a new PC with windows 7 on it, and I installed this gadget that monitors network traffic, and it shows a lot of traffic that my local PC isn't showing, so I am thinking there is something running on the LAN that I can't see. I was looking to find a live, better program to monitor the actiontec router, for traffic. anyone know of anything that can maybe show me who is using all the bandwidth on my network?
    i have found software for Linksys, but nothing for the Actiontec.
    Thanks,
    Quasimodem
    Fios in Florida
    Solved!
    Go to Solution.

    Keep in mind that when looking at Wireshark (sniffer) software there are different types of traffic:
    Unicast
    Broadcast
    Multicast
    Unicast is traffic between two devices.  You will see the traffic between the PC with wireshark and another device on your local network such as a printer, another PC or the Router.  You should not see traffic between another PC and the Internet for example.  Using a phone as an example some calls you and the conversation is between you and the person on the other end of the phone.  This is unicast traffic.  Using defaults of the actiontec, IP address seen will be 192.168.1.1 for the router and 192.168.1.2-99 for devices on your network.  If you have the TV service, 192.168.1.100-1xx is used for the cable boxes.
    Broadcast traffic is traffic sent to all devices.  Its not directed toward a particular PC but rather usually looking for information.  In a sniffer trace you will see broadcast traffic. Going back to the phone example, someone makes an announcement on an overhead intercom system that is broadcast traffic.  Broadcast traffic will be seen as 192.168.255.255
    Multicast traffic is traffic from one device for many devices.  Usually used in video feeds.   Using the phone system as an example someone wishes to tell a group of people something so instead of calling each person up and telling them each person who wants the information joins a conference bridge.  Anyone is allowed to listen but only those that wish to get the information receive it.  Generally how multicast works.  Multicast traffic will be seen as IP address 224.x.x.x or something of the sorts where the address will be 2xx.x.x.x.  
    I hope this makes sense.  Probably more information than you needed but at least it will help you understand what wireshark is telling you.

  • 1 server, 2 networks how to route traffic to both

    Hi i have NW65SP7
    what i'm trying to do is
    1. to have users come in thru the data network (192.168.0.0) and the traffic
    go back out thru the default gateway (192.168.0.1) and
    2. i want LDAP traffic to go in thru the other network (10.1.0.0) and
    backout thru the same networks gateway (10.1.0.1).
    1. works fine and all seems to go up and down the right network, however 2.
    comes down 10.1.0.0 and backout thru the default gateway on 192.168.0.1. I
    don't\can't have this as the firewall rejects the packet as the source and
    destination networks are different ie. the fw sees the packet come in thru
    10.1.0.0 but when the server sends it back out thru 192.168.0.0 the firewall
    rightly drops it
    How do i get 2. to work as i want, can this even be done on NW.
    What i've done so far is
    a. enabled Static Routing
    b. created a default route (192.168.0.1) with a metric of 2
    c. created a network route for 10.1.0.0 (10.1.0.1) with a metric of 1

    "Thorsten Kampe" <[email protected]> wrote in message
    news:[email protected]
    >* Steven Lim (Mon, 08 Dec 2008 01:57:27 GMT)>
    >> ok i'll try again but i thought that i did expalin it so i'm not sure how
    >> my
    >> second attempt will go ;)
    >
    > Is the NetWare server the router? Which addresses do the server's
    > interfaces have? Which default gateway do the hosts in the network have?
    > Any static routes?
    No the netware server is not the router
    The server has 1 interface but two vlans trunked to the one interface, each
    vlan has a separate IP. I can ping each IP on each of the trunked vlans
    fine. I'm using Broadcom Q57 NICS and the QASP\BASP advanced driver to
    support the trunked vlans. Don't let that confuse the issue though..it's
    basically the same as having two nic interfaces connected to two seperate
    networks in this case lets say 192.168.0.10 and 10.0.0.10
    Just so we're on the same page, we have a very large routed network with
    over 250 subnetworks with 4 10G interconnected core routers each with a 10G
    distribution routers, buildings\user\server networks hang of the
    distribution routers . Client machines are distributed accross the network
    and are not on the same vlan\subnet as the servers.
    A server on 192.168.0.0 will have a default gateway of 192.168.0.1 and
    servers on 10.0.0.0 will have a default gateway of 10.0.0.1 there are no
    clients machines on these subnets....btw we don't really have a 192.168.0.0
    network..i'm just using this as an example.
    The NW server has 1 static route configured as the default gateway on
    192.168.0.1...and i've been trying to work out how to configure another
    static route to make sure that all incoming and outgoing traffic for
    10.0.0.0 stays on 10.0.0.0 or whatever else i need to do to get it working
    >> i have two networks 192.168.0.0 and 10.0.0.0
    >>
    >> 1. I want all traffic that originates from 192.168.0.0 to go back thru
    >> the
    >> 192.168.0.0 gateway on 192.168.0.1 (currently the default gateway
    >> configured
    >> in inetcfg static routing table).
    >
    > In case the NetWare server is the router you only have to enable routing
    > - the server's default gateway is completely irrelevant for that. Of
    > course the hosts in the networks have to have the router as the default
    > gateway (or a static route).
    Clients are fine, lets say that they are on 192.168.1.0 to 192.168.255.0 and
    they have default gateways on their subnets the go thru x.x.x.1 (eg.a
    192.168.1.0 machine will have a default gateway of 192.168.1.1 and a
    192.168.2.0 machine will have a default gateway of 192.168.2.1 etc)
    >> 2. I want all ldap traffic, in my case this will be ldap port 389 and
    >> 636,
    >> that originates from network 10.0.0.0 to go back thru the gateway
    >> 10.0.0.1.
    >
    > Routing is not (application) protocol specific. You can either route all
    > IP packets or none a certain route. Please have a look at the routing
    > table of your computer to see what I mean.
    Yes i understand that routing is not application\protocol specific
    When you say "have a look at the routing table" i assume you mean the
    netware server....i've done that using TCPCON..i can see the issue..just not
    sure how to get it to do what i want
    > Also what you might want is called source routing[1] and this is mostly
    > blocked because it opens a huuuuge security hole.
    >
    >> This is required because the firewall requires that if a response is
    > to go
    >> out to a client then then it must go out over the same network that it
    >> originated from. This is the part that's not currently working. At the
    >> moment the query comes in from 10.0.0.0 and the response tries to goes
    >> out
    >> via the deafult gateway on 192.168.0.1 the firewall blocks the outgoing
    >> traffic....basic stuff!!!
    >
    > I wonder where and how you put that firewall if you have only two
    > subnets and one router. Is this Bordermanager on the NetWare server?
    See above re. the network...the firewall\s are blades within the core
    routers and support virtual firewalls that can be applied to any part of the
    distribution\access layer of the network.
    Does that make any more sense???
    > Thorsten
    > [1] http://en.wikipedia.org/wiki/Source_routing

  • Policy based routing on VRF interfaces to route traffic through TE Tunnel

    Hi All,
    Is there a method to do policy based routing on VRF interfaces and route data traffic through one TE tunnel and non-data traffic through another TE tunnel.
    The tunnel is already build up with these below config
    interface Tunnel25
    ip unnumbered Loopback0
    tunnel destination 10.250.16.250
    tunnel mode mpls traffic-eng
    tunnel mpls traffic-eng path-option 10 explicit name test
    ip explicit-path name test enable
    next-address x.x.x.x
    next-address y.y.y.y
    router ospf 1
    mpls traffic-eng router-id Loopback0
    mpls traffic-eng area 0
    mpls traffic-eng tunnels
    nterface GigabitEthernet5/2
    mpls traffic-eng tunnels
    mpls ip
    Is there additional config needed to work ,also in the destination end for the return traffic,we want to use the normal PATH --I mean non TE tunnel.
    We tested with the above scenario,but couldn't able to reach the destination.Meantime we had a question,when the packet uses the policy map while ingress,it may not know the associatuion with VRF(Is that right? --If so ,how to make it happen)
    Any help would be really appreciated
    Thanks
    Regards
    Anantha Subramanian Natarajan

    hi Anantha!
    I might not be the right person to comment on your first question. I have not configured MVPNs yet and not very confertable with the topic.
    But I am sure that if you read through the CBTS doc thoroughly, you might be able to derive the answer yourself. One thing I notice is that " a Tunnel will be selected regularly according to the routing process (even isf it is cbts enabled). From the tunnels selected using the regular best path selection, the traffic is mapped to a perticular tunnel in the group if specific class is mapped to that tunnel.
    So a master tunnel can be the only tunnel between the 2 devices over which the routing (bgp next hops) are exchanged and all other tunnels can be members of this tunnel. So your RPF might not fail.
    You might have to explore on this a bit more and read about the co-existance of multicast and TE. This will be the same as that.
    For your second question, the answer would be easy :
    If you want a specific eompls cust to take a particular tunnel/path, just create a seperate pair of loopbacks on the PEs. Make the loopback learnt on the remote PE through the tunnel/path that you want the eompls to take. Then establish the xconnect with this loopback. I am assuming that your question is that a particular eompls session should take a particular path.
    If you meant that certain traffic from the same eompls session take a different path/tunnel, then CBTS will work.
    Regards,
    Niranjan

Maybe you are looking for

  • SOAP Asynch Message Giving HTTP 401 Unauthorized error

    Hi experts, <Br> We are sending ORDERS IDOC Asynchronously from ECC To XI and XI is sending it to Vendor using SOAP. This interface was working OK and now we had HTTP 401 error. Checked URL,Username and password to the Vendor. It looks OK. It is work

  • Making Acrobat the Default .pdf Viewer

    Can someone tell me where to find the switch that makes Acrobat 9 my default .pdf program?  Right now it's Foxit and I want to go back to Acrobat 9.  The default switch in Foxit says I have to make the change in Acrobat. Thanks.

  • Problem with AS3

    Hello, I'm still learning Flash and Action Script 3, however i decided to try and create a game for a class. I have run into a problem, which I'm not sure how to fix. When I navigate to the second frame of the movie and use the buttons I recieve "Typ

  • Autonomous transaction in Tuxedo

    Our development team is using Bea Tuxedo as a middle tier in our transactions...we encountered a problem in using PRAGMA AUTONOMOUS_TRANSACTION in one of our services, 'ORA-00164: autonomous transaction disallowed within distributed transaction...' o

  • Can a Tuxedo service send a message to itself?

    Hello, is it possible for a Tuxedo service to send a request to itself? The scenario is this: - The same Tuxedo service is provided by multiple processes (for scalability). The processes are single-threaded. - While handling a request in a transactio