WRT160N Router and DMZ
I have 2 wired computers to this router (version 8 firmware), and I have one with the ports forwarded for an online game. I want to put the other one in the DMZ to use it as a host for the game. I have it set up that way, but it won't allow the second computer to host (it doesn't seem to be in the DMZ). I have tried putting it in the DMZ with the IP address and the MAC address. It doesn't seem to work either way.
Ideally it should work, if it does not work then you must reset and then re-configure the router...
To reset the router press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...
Similar Messages
-
Will a WRE54G repeater work with a WRT160N router?
I'm using a WRT160N router and only getting 2 bars out of 5; fair signal. A friend has offered to sell me a WRE54G range expander. Will a G repeater work with an N router?
Yes,the WRE54G should work with WRT160N...You need to match all the wireless settings of the router to the range expander and it should work then.
-
Port forwarding and DMZ refuses to work properly on WRT54G wireless router.
I have a network setup on the wireless WRT54G version 8 (with latest firmware) router and port forwarding and DMZ refuse to work correctly. I'm trying to use bittorrent and connect my xbox360 to my computer and neither work properly even after setting up port forwarding in the "Applications and Gaming" tab.
here's a screenshot of my port forwarding page:
http://img205.imageshack.us/img205/1497/linksysbg2.jpg
here's a screenshot of the DMZ page (my computer's IP ends in 102 obviously):
http://img510.imageshack.us/img510/2131/linksys1rf5.jpg
now, I've experienced this type of problem before. On a different linksys router a year or 2 back I remember the DMZ never working on that one either and I eventually had to buy a d-link router which worked perfectly. I'm only using this wireless router because it's my roommates and he brought it up. Somebody please explain to me why this isn't working correctly. I am becoming more and more frustrated as I lose faith in linksys routers. ThanksDid you tired upgrade of the firmware on the router??
Also after upgrade reset & reconfigure the router for few seconds ... so that the firmware works properly for longer time .... -
Configuring WRT160n router to maximize range and speed
I have just bought and installed a WRTn160 router. I used the default configuration settings. Unfortunately, I realized that on my second floor, one computer (g) did not pick up the signal and the other computer (n) was extremely slow. On the contrary my old LinkSys (b) router worked just fine with both machines. I then changed the 'Wide' channel to 20MHz and used channel 6 (the default was 'Auto'). This improved the speed on the second floor considerably. My questions are:
1- How do I know if the computer supporting 802.11n is actually using it? The manual indicates that 20MHz is for b/g only.
2- If this configuration is supporting b/g only, how can I configure the router to support (n) computer while still supporting the (g) computer and maintaining range and speed?
3- How can I test for bandwidth between my desktop and the two other wireless computers? Currently, I only test bandwidth using my ISP. Needless to say, this is limited to bandwidth for Internet connectivity.
4- Advertisement for n routers indicate increased speed and range. This has not been my experience, in fact to the contrary, range dramatically shrunk. Is this limited range a configuration issue? a WRT160n router issue? or a limitation with the technology (802.11n)?I would suggest you to readjust the wireless settings of the router...
On the setup page,click on the Wireless tab,Change the channel to 11 and click on save settings..Under Wireless tab,click on Advance Wireless Settings tab and Change N document.write("Transmission Rate")Transmission Rate to 15-130Mbps, Change the Beacon Interval to 75, Fragmentation Threshold to 2304,RTS Threshold to 2304 and Click on save settings... Under Security tab,uncheck " document.write("Filter Anonymous Internet Requests")Filter Anonymous Internet Requests"...Power cycle the network and check the result. -
Cisco asa 5505 issues ( ROUTING AND PAT)
I have some issues with my cisco asa 5505 config. Please see details below:
NETWORK SETUP:
gateway( 192.168.223.191) - cisco asa 5505 ( outside - 192.168.223.200 , inside - 192.168.2.253, DMZ - 172.16.3.253 ) -
ISSUES:
1)
no route from DMZ to outside
example:
ping from 172.16.3201 to the gateway
6 Jan 27 2014 11:15:33 172.16.3.201 39728 Failed to locate egress interface for ICMP from outside:172.16.3.201/39728 to 172.16.3.253/0
2)
not working access from external to DMZ AT ALL
ASA DETAILS:
cisco asa5505
Device license Base
Maximum Physical Interfaces 8 perpetual
VLANs 3 DMZ Restricted
Inside Hosts Unlimited perpetual
configuration:
firewall200(config)# show run
: Saved
ASA Version 9.1(3)
hostname firewall200
domain-name test1.com
enable password xxxxxxxxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd XXXXXXXXXXX encrypted
names
interface Ethernet0/0
switchport access vlan 100
interface Ethernet0/1
switchport access vlan 200
interface Ethernet0/2
switchport access vlan 200
interface Ethernet0/3
switchport access vlan 200
interface Ethernet0/4
switchport access vlan 300
interface Ethernet0/5
switchport access vlan 300
interface Ethernet0/6
switchport access vlan 300
interface Ethernet0/7
switchport access vlan 300
interface Vlan100
nameif outside
security-level 0
ip address 192.168.223.200 255.255.255.0
interface Vlan200
mac-address 001b.539c.597e
nameif inside
security-level 100
ip address 172.16.2.253 255.255.255.0
interface Vlan300
no forward interface Vlan200
nameif DMZ
security-level 50
ip address 172.16.3.253 255.255.255.0
boot system disk0:/asa913-k8.bin
boot config disk0:/startup-config.cfg
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name test1.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network office1-int
host 172.16.2.1
object network firewall-dmz-gateway
host 172.16.3.253
object network firewall-internal-gateway
host 172.16.2.253
object network com1
host 192.168.223.227
object network web2-ext
host 192.168.223.201
object network web2-int
host 172.16.3.201
object network gateway
host 192.168.223.191
object network office1-int
host 172.16.2.1
object-group network DMZ_SUBNET
network-object 172.16.3.0 255.255.255.0
object-group service www tcp
port-object eq www
port-object eq https
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any object web2-ext eq www
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-714.bin
no asdm history enable
arp DMZ 172.16.4.199 001b.539c.597e alias
arp DMZ 172.16.3.199 001b.539c.597e alias
arp timeout 14400
no arp permit-nonconnected
object network web2-int
nat (DMZ,outside) static web2-ext service tcp www www
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
route inside 172.168.2.0 255.255.255.0 192.168.223.191 1
route inside 172.168.3.0 255.255.255.0 192.168.223.191 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.223.227 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.223.227 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 inside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 172.16.2.10-172.16.2.10 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 176.58.109.199 source outside prefer
ntp server 81.150.197.169 source outside
ntp server 82.113.154.206
username xxxx password xxxxxxxxx encrypted
class-map DMZ-class
match any
policy-map global_policy
policy-map DMZ-policy
class DMZ-class
inspect icmp
service-policy DMZ-policy interface DMZ
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:9c73fa27927822d24c75c49f09c67c24
: endThank you one more time for everthing. It is workingin indeed
Reason why maybe sometimes I had some 'weird' results was because I had all devices connected to the same switch.Separtated all networks to a different switches helped.Anyway if you could take a look one last time to my configuration and let me know if it's good enough to deploy it on live ( only www for all , ssh restricted from outside, lan to dmz) .Thanks one more time.
show run
: Saved
ASA Version 9.1(3)
hostname firewall200
domain-name test1.com
enable password xxxxxxxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd xxxxxxxxxxxx encrypted
names
interface Ethernet0/0
switchport access vlan 100
interface Ethernet0/1
switchport access vlan 200
interface Ethernet0/2
switchport access vlan 200
interface Ethernet0/3
switchport access vlan 200
interface Ethernet0/4
switchport access vlan 300
interface Ethernet0/5
switchport access vlan 300
interface Ethernet0/6
switchport access vlan 300
interface Ethernet0/7
switchport access vlan 300
interface Vlan100
nameif outside
security-level 0
ip address 192.168.223.200 255.255.255.0
interface Vlan200
mac-address 001b.539c.597e
nameif inside
security-level 100
ip address 172.16.2.253 255.255.255.0
interface Vlan300
no forward interface Vlan200
nameif DMZ
security-level 50
ip address 172.16.3.253 255.255.255.0
boot system disk0:/asa913-k8.bin
boot config disk0:/startup-config.cfg
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup inside
dns domain-lookup DMZ
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
domain-name test1.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network firewall-dmz-gateway
host 172.16.3.253
object network firewall-internal-gateway
host 172.16.2.253
object network com1
host 192.168.223.227
object network web2-ext
host 192.168.223.201
object network web2-int
host 172.16.3.201
object network gateway
host 192.168.223.191
object network office1-int
host 172.16.2.1
object-group network DMZ_SUBNET
network-object 172.16.3.0 255.255.255.0
object-group service www tcp
port-object eq www
port-object eq https
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in extended permit ip any any
access-list DMZ_access_in extended permit tcp 172.16.3.0 255.255.255.0 interface outside eq ssh
access-list outside_access_in extended permit tcp any object web2-int eq www
access-list outside_access_in extended permit tcp any object web2-int eq ssh
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any DMZ
asdm image disk0:/asdm-714.bin
no asdm history enable
arp DMZ 172.16.4.199 001b.539c.597e alias
arp DMZ 172.16.3.199 001b.539c.597e alias
arp timeout 14400
no arp permit-nonconnected
object network web2-int
nat (DMZ,outside) static web2-ext net-to-net
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
route outside 0.0.0.0 0.0.0.0 192.168.223.191 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.223.227 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.223.227 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 outside
ssh 172.16.3.253 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 inside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 176.58.109.199 source outside prefer
ntp server 81.150.197.169 source outside
ntp server 82.113.154.206
username xxxxx password xxxxxxxxx encrypted
class-map DMZ-class
match any
policy-map global_policy
policy-map DMZ-policy
class DMZ-class
inspect icmp
service-policy DMZ-policy interface DMZ
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f264c94bb8c0dd206385a6b72afe9e5b
: end -
How to connect my Mac Book Pro to Linksys WRT160N router
HI,
I just bought a Linksys WRT160N router. I pop the installation disk in my mac book pro and walk thru the installation procedure successfully.
But I can't connect wirelessly from my MacBook Pro (running mac os x 10.5).
It sees the router and I did type in the password correctly (i copy from the text file generated by the installation procedure), but I keep getting 'coonnection timeout'.
Anyone has similar problem and know how to fix it?
Thank you.I experienced this behavior today. My client had a WRT160N version 3 running on firmware 3.0.02. I upgraded it to the current version, 3.0.03, because checking for upgrades is part of the service I provide to my clients. After that point, I could not connect wirelessly -- I got the "connection timeout" message every time I provided the password. Reviewing the firmware release notes, I saw a mention of "Fixed wireless channel 11 being unstable." My client was operating on channel 11. When I moved the router to channel 1, bingo -- the wireless connected perfectly. And no, no one in the vicinity was running another network on 11 -- there was only one other, and he was on 6, which is non-overlapping.
The best part was when I called Cisco for help and got told there would be a charge for assistance to solve the problem their own firmware obviously caused, that (unlike every other manufacturer in the business) they don't recommend people upgrading their firmware unless something is clearly broken (where is that on the website or in the upgrade instructions, please?), and that they don't keep copies of the older firmware. -
I own a WRT160n V3 router, and it's set up to be the host of a wired LAN setup. To detail the layout, one computer is directly connected to the router. A cable then feed from the router and into an ethernet port which leads to the back of the house. At the back, a D-Link DSS-5 switch connects to the port that feeds to the router at the front. From this switch, my brother connects his PC, along with another ethernet cable that leads back to my room. This cable then connects to yet another DSS-5 switch that I connect my PC and Xbox 360 to. As of late, there have been frequent disconnections for my brother's PC, my own PC, and the Xbox 360, all of which occurring at the same exact time. It will lag out for a few seconds, then reconnect, but only after whatever we were doing online is terminated from signal loss. The {C at the front that is connected to the router has a stable connection, however. I've made sure the router has the latest firmware and even went so far to switch out ethernet cables for newer ones, but to no avail. Any help would be appreciated, because I've just about had it.
If the computer connected directly to your linksys is behaving normally and not losing connection then your problem is likely downstream of the router.
Would it be possible to simulate your setup with short 6 foot ethernet cables between the switches in the same room instead of the current custom cable runs? Could your custom home cabling be the problem? Runs too long maybe? What happens if you swap the two switches, does the problem persist the same -
WRE54G is already connected to WRT160N Router, but can not get access to internet?
Hello,,,
I have seven of rung expanders WRE54G and all settings i set as this link
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=4104&p_created=11611...
* same wireless SSID name
* same Channle ( What is the difference between the channel number 6 & number 11 for example?)
* security ( i used WPA2 mixed, that is not in WRE54G, so what i should use)
* Each Expander has own IP address as 192.168.1.2 up to 192.168.1.8
Is the gateway mean the main IP of router 192.168.1.1 ?
all those expanders connected with WRT160N ( the Link gets Blue light)
but my laptop can not get the IP address near of any of those expanders, to get the access to the internet!!!!
What is the reason please?
Message Edited by Almowdmer on 11-10-2008 12:42 AMI am very happy to communicate with you ( I sure i can learn some thing from you my brother )
Your words are true seven the number of expanders is not easy option
or the cause of the success of the wireless network coverage May succeed strengthened,
with one or two, but more than that needs to be a better distributor.
I think I will use RangePlus WRT110 as repeater in some floor where the wireless signal
is not can work, after connecting through the wire with the main router,
and then I can get half the reference from the repeater when i useing the WRE54G expander
What do you think?!!
I put on my experience on this link
http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&thread.id=115808
Message Edited by Almowdmer on 11-16-2008 10:21 PM -
Problem logging onto WRT160N router.
I installed the WRT160N router successfully, setting the type of connection (B/G/N/) to mixed. My laptop and wireless printer see the network just fine, but when I try to logon with the laptop, I get the following error message: "The network password needs to be 40 bits or 104 bits depending on your network configuration. This can be entered as 5 or 13 ASCII characters or 10 or 26 hexadecimal digits." I can't figure out when I go back to the setup of the router which settings need to be changed and to what. The wireless printer can't log on to the router either. Thanks...
Make sure that you are using correct network key (for Ex: 10hex or 26hex digit) ..... Check the key from the setup page of wireless router .....
-
WRT160N Router drops connection
I have a couple laptops connected to a brand new WRT160N. Previous to putting in the new router, I never had any problems. Now that I have the new router, one of my laptops keeps dropping the connection. I have to open the wireless settings and disconnect/reconnect to get it to work. Oddly, sometimes when I do that there is no password in the connection information, but if I close it and start it again it generally works. I am using WPA2 encryption and windows XP machines.
Any thoughts?I have the WRT160N router, running a mixed g/n standard (though both computers connect through g) with WPA2 security. Both laptops are Windows XP, though on the one that loses connection I did upgrade from SP2 to SP3 to see if it made a difference (none). I have a NAS drive attached, but I just put that on last night. Also have an iPod docking station attached (internet radio to my stereo), but have not used it and unplugging did not seem to impact. Other than that, I think its pretty vanilla.
I am not a real tech guy, so if I missed anything important (and I assume I did) let me know.
Any help is appreciated. -
Cisco 877W router and external ADSL modem
Cisco 877W router and external ADSL modem
In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname xxxxxxxxxxxxxxxxxxxxx
boot-start-marker
boot-end-marker
logging buffered 4096 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server radius sdm-vpn-server-group-2
aaa group server radius rad_eap
server 192.168.253.1 auth-port 1812 acct-port 1813
server 192.168.253.1 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa authorization network sdm_vpn_group_ml_2 local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2834265337
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834265337
revocation-check none
rsakeypair TP-self-signed-2834265337
crypto pki certificate chain TP-self-signed-2834265337
certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
dot11 syslog
dot11 ssid GuestAP
vlan 101
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 113B162712001F4A2D2B25
dot11 ssid LanAP
vlan 100
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
mbssid guest-mode
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.252.1 192.168.252.8
ip dhcp excluded-address 192.168.252.15 192.168.252.254
ip dhcp pool sdm-pool1
import all
network 192.168.252.0 255.255.255.0
domain-name XXX.Local
dns-server xxx.xxx.xxx.xxx
default-router 192.168.252.254
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name XXX.Local
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip reflexive-list timeout 120
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
username administrator privilege 15 secret 5 £££££££££££££££££££££
class-map type inspect match-any IN_to_OUT_CLASS
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any OUT_to_IN_CLASS
match protocol https
match protocol smtp extended
class-map type inspect match-any DMZ_to_IN_CLASS
match protocol http
match protocol https
match protocol smtp extended
policy-map type inspect DMZ_to_IN_POL
class type inspect DMZ_to_IN_CLASS
inspect
class class-default
drop log
policy-map type inspect IN_to_OUT_POL
class type inspect IN_to_OUT_CLASS
inspect
class class-default
drop log
policy-map type inspect OUT_to_IN_POL
class type inspect OUT_to_IN_CLASS
inspect
class class-default
drop log
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
service-policy type inspect OUT_to_IN_POL
zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_IN source DMZ destination INSIDE
service-policy type inspect DMZ_to_IN_POL
bridge irb
interface Loopback0
no ip address
interface Null0
no ip unreachables
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet0
description Outside Interface (PPPoE)
interface FastEthernet1
description Inside Interface
switchport access vlan 10
interface FastEthernet2
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface FastEthernet3
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
encryption vlan 100 mode ciphers aes-ccm tkip
encryption vlan 101 mode ciphers aes-ccm tkip
ssid GuestAP
ssid LanAP
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
interface Dot11Radio0.100
description LanAP
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!interface Dot11Radio0.101
! description GuestAP
! encapsulation dot1Q 101
! no ip route-cache
! no cdp enable
! bridge-group 1
! bridge-group 1 subscriber-loop-control
! bridge-group 1 spanning-disabled
! bridge-group 1 block-unknown-source
! no bridge-group 1 source-learning
! no bridge-group 1 unicast-flooding
interface Vlan1
description $ES_LAN$
no ip address
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 1
bridge-group 1
interface Vlan10
no ip address
ip virtual-reassembly
bridge-group 10
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security OUTSIDE
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXX
ppp chap password 7 xxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
interface Dialer0
no ip address
interface BVI10
description Inside Interface
ip address 192.168.253.254 255.255.255.0
ip access-group 101 in
ip helper-address 192.168.253.1
ip nat inside
ip virtual-reassembly
zone-member security INSIDE
interface BVI1
description DMZ Interface
ip address 192.168.252.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security DMZ
ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
ip access-list extended DMZ_to_IN_POL
remark SDM_ACL Category=128
permit ip any any
ip access-list extended Inside_Clients_NAT
remark SDM_ACL Category=2
permit ip 192.168.253.0 0.0.0.255 any
logging 192.168.253.10
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.253.0 0.0.0.255
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.253.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
access-list 101 deny tcp any host 192.168.253.254 eq telnet
access-list 101 deny tcp any host 192.168.253.254 eq 22
access-list 101 deny tcp any host 192.168.253.254 eq www
access-list 101 deny tcp any host 192.168.253.254 eq 443
access-list 101 deny tcp any host 192.168.253.254 eq cmd
access-list 101 deny udp any host 192.168.253.254 eq snmp
access-list 101 permit ip any any
access-list 199 permit ip any host 10.1.1.1
dialer-list 1 protocol ip permit
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
banner login C Border Router
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
privilege level 15
length 0
transport input telnet ssh
scheduler max-task-time 5000
scheduler interval 500
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
sntp server xxx.xxx.xxx.xxx
endHi Jody,
Apologies delay in replying. I have done the following:
Made two of the FE ports vlan1,BVI1 (for LAN traffic)
Left one port as VLAN10 as the pppoe client conected to the externalmodem
Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
I have DHCP configured to serve the DMZ addresses.
This all works for LAN clients and also works for a client attachedto that physical DMZ port.
When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
I cannot add another VLAN due to the 2 vlan limit in this image.
Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
Think I am about to give upon this.
Regards, -
Try to do the web hosting. The Web Server will host about 10 web applications for the public access (from several hundreds to a couple of thousands people to concurrently access). This server will be located in a Server-Hosting-Company which will use T1/T3 line to connect with the Internet. My web server will be placed in the hosting company's server room (This means that the hosting company will take care of the internet connection, while my server in turn will connect to the company's LAN system). . Now my questions are:
1) I would like to have a router to act as a firewall, switch, VPN, and to support the DMZ. There is only the data pass though (no sound and vedio is required)
Of course, the faster, the better. But I would also take the budget into the consideration, so the router should resasonably get the job down, but not be over spended on. Which Cisco routers fits better: 1801 or 2801, or else?
2) This router will not connect to a DSL or T1 or T3, instead, it will directly plug into the server room's LAN system, can I hook it up using the router's Ethernet port?
3) To place a web cache machine in the DMZ, can I connect the Web Cache machine to the router's Ethernet port? Or, is there a port SPECIALLY for the DMZ to make the connection?
Many thanks.
Scott1800s are fixed configs with only wic slots, and you dont need wic slots in your app.
Get a 2811 for a min, it will have two fastE interfaces or you can get a 2821 or 2851 which have 2 GigE ports onboard. You can use IOS firewal feature on the router and also can do VPN. You need to get the Advanced security or higher feature set and an AIM card if you plan to terminate a lot of VPN connections.
To support a DMZ switch on the router itself you can buy a module such as NM-16ESW - 16 port switch and put your servers there. You can use ACLS and CBAC to permit specific traffic going to these web servers.
IOS firewall wont be truly the same as using a dedicated firewall such as PIX or ASA. So I would recommend using a PIX firewall for this purpose. -
Router and Wireless Ps3 Problems. Please help.
well ok i had a previous router, wireless, and it work well with my ps3. Then i found out hey wait, my NAT type 3 is preventing me from playing with my friends. So i tried to fix it. Well something went wrong and my router just completely failed on me. So i went and bought a Linksys WRT160N. Bam it was amazing. My internet work on my ps3 and computer. But yet i still had a NAT type3. The only positive thing was i now had uPnP avaliable. So i went to try and fix my NAT type....then something went wrong again. Today i was opening the ports b/c someone said open your ports to change NAT 3 to NAT 2. Then all of a sudden i try my connection on my ps3 and it says Error 8013013E, cannot reach the access point. It wouldnt even get the Ip Adress. Everything is typed in right and the WPA security, but still cant connect to the access point. Plus if this helps, when i try to do the Wi-Fi Protective Setup, it says failed. I was thinking about just returning the router to its manufactured state but i dont know how. Any suggestions??
I think the ports on your router are not opened properly, that's the reason the NAT type on your PS3 is set to NAT3.
To make your PS3 work with your Router, follow the steps bellow.
Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter... Leave username blank & in password use admin in lower case...
On the set-up tab change the MTU Size to 1452 and click Save Settings...
Once you return to the set up page click on the Security tab and uncheck Block Anonymous Internet Requests and click on Save Settings...
Click on "Applications and Gaming" tab and then click on "Port Range Forwarding" subtab...
1) On the first line in Application box type in ABC, in the start box type in 80 and End box type in 80, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
2) On the second line in Application box type in DEF, in the start box type in 443 and End box type in 443, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
3) On the third line in Application box type in GHI, in the start box type in 5223 and End box type in 5223, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
4) On the fourth line in Application box type in JKL, in the start box type in 3478 and End box type in 3479, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
5) On the fifth line in Application box type in MNO, in the start box type in 3658 and End box type in 3658, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
6) On the sixth line in Application box type in PQR, in the start box type in 10070 and End box type in 10080, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box and click on Save Settings
7) Now assign the given ip address on your PlayStation ip address :- 192.168.1.20, subnet mask :- 255.255.255.0, default gateway :- 192.168.1.1...
8) Also assign the dns addresses on the PlayStation Primary dns :- 4.2.2.2...Secondary dns :- 192.168.1.1
9) Turn off your modem, router, and PlayStation...Wait for a minute...
10) Plug the modem power first, wait for another minute and plug the router power cable, wait another minute and turn on the PlayStation and test it... -
WRT54GS Router and NAT 3 PS3 Problems
Ok. I need a lot of help. And yes. I used the search option prior to posting this topic and none of it answered my questions. I did try a few tips I saw firsthand at these topics but it still didn't solve my Nat 3 Problem. Heres my ps3s setup basically. Set the MTU to 1365, in the firewall settings unchecked Block Anonymous Internet Requests, In the Applications and Gaming tab I put my PS3s IP address in the DMZ. Tested my connection on my PS3 and the same NAT 3. I want to **bleep** a brick now because I have been frustrated by this. Googling didn't help. So I am hoping you guys can help me figure this out. FYI: I am changing this setting through the LAN connected from my PC to the router and I have my PS3 wired to the router also. With this NAT 3 problem my downloads are slow as hell and although I haven't tested online gaming yet this will be a huge factor in the lag.
Try forwarding ports TCP: 80, 443, 5223 UDP: 3478, 3479, 3658 on the rotuer setup page ... See if it works ...
-
N Ultra Range Pluse WRT160n router
I can't connect my N Ultra Range Pluse WRT160n router wirelessly to my laptop.It showing undefined network only & it IP address taking is starting with 169 and it is not asking the network share key also . But I can connect to another laptop & my laptop can connect another wireless connection .kindly reply me what is the problem?
one more problem i have when i try to connect wirelessly to another laptop it is asking pin only not asking the key
kindly reply me
Solved!
Go to Solution.I think you need to make some wireless changes on your Router. I think this will solve the problem.
Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter...Leave username blank & in password use admin in lower case...
For Wireless Settings, please do the following : -
Click on the Wireless tab
-Here select manual configuration...Wireless Network mode should be mixed...
-Provide a unique name in the Wireless Network Name (SSID) box in order to differentiate your network from your neighbours network...
- Set the Radio Band to Standard-20MHz and change the Standard channel to 11-2.462GHz...Wireless SSID broadcast should be Enabled and then click on Save Settings...
Please make a note of Wireless Network Name (SSID) as this is the Network Identifier...
For Wireless Security : -
Click on the Sub tab under Wireless > Wireless Security...
Change the Wireless security mode to WPA, For Encryption, select AES...For Passphrase input your desired WPA Key. For example , MySecretKey , This will serve as your network key whenever you connect to your wireless network. Do NOT give this key to anyone.
NOTE : Passphrase should be more that 8 characters...
Click on Advanced Wireless Settings
Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304, Change the RTS Threshold to 2304 >>Click on "Save Settings"...
Now see if you can locate your Wireless Network and attempt to connect...
OR.
While connecting to your Wireless Network, If it ask you for the Pin number, Flip your Router upside down, and you will find the 8 digit Pin number, note down the pin number and when prompted type and Pin number and click on Connect and you should be able to go online wirelessly from your Computer.
Maybe you are looking for
-
Signing: Empty list in "Field Selection" when picking fields to mark as read-only on signing
I have a PDF form with some signature fields. I am attempting to mark some of the fields in the document as read-only when the document is signed. This is what I did: 1. Modify the "Signed" properties of the signature field. 2. Choose "Mark as read-o
-
Compilation error in creating shared library via JNI
Hi ALL, I amin serious trouble with a problem. I am developing a Simulator, a function of which is to decode MPEG-2 Video files in real time and play it as well.I have got a MPEG-2 Decoder implemented in C from an open source and need to integrate wi
-
Need assistance locating where my catalog is stored
I'm having an issue locating where my catalog is stored on my C: drive. A couple of months ago my hard drive crashed on my laptop. Thankfully, I had everything ( or so I thought) backed up. All my precious pictures and files were saved. What I di
-
Hi, this may be a simple question, but I haven't been able to find an answer. Is it possible to show the query and the output in the output pane? I'd like to be able to export the results and the query for evidence reasons. The auditors require evide
-
Hi we use a central SLD (system landscape directory) in our XI landscape. the disadvantage is, that the XI system is not running well, when patching the central sld system. is there a guideline from sap, to minimize downtime of the XI system, when pa