Xserve routing en0 external and en1 internal network

Hi, sorry if this is a duplicate, but I've run into trouble trying to use the two NICs to route internet traffic.
I've got the Xserve seeing the internet and the internal network.
en0 (external facing) is 192.168.2.5, subnet 255.255.255.0, gateway 192.168.2.1 (which is the DSL router).
en1 (internal facing) is at 192.168.1.11, subnet 255.255.255.0, gateway ??? (what should this be? should it be en0/192.168.2.5?)
DHCP setup clients get 192.168.1.11 as default gateway.
So clients gateway to en1, en1 gateways to en0, en0 gateways to the router, router gateways to the internet?
thanks, jhb

>So if the Xserve is handing out DHCP and acting as Firewall, I thought all the traffic has to be routed through the server.
If it's acting as a DHCP server, no - it can serve DHCP to clients on en0 - just make sure you turn off the DHCP server in your router first, though.
If you want it to run as a firewall then yes - it can only filter traffic that passes through it. You're going to run into problems though if you want any incoming traffic to get to internal hosts - the double NAT setup (one NAT at the router, and other at the XServe) is going to make that trickier.
At the end of the day it's your call but most NAT routers perform adequate firewall functions for most people.

Similar Messages

  • RSRV - error - 0MATERIAL is in external and not internal forma

    Hi,
    When i do the RSRV for material in my system i get the following errors
    1) Value 0100001808  for char. 0MATERIAL is in external and not internal format
    2) Value in SID table 0109/ correct value 000000000000000109/ SID in SID table 57961
    how to resolve the errors ? any idea
    Regards,
    BWer

    Hello BWer,
    If you cannot make the change in OMSL, you will have to convert the material numbers in a transformation when loading.  As per note 555675, the settings in R/3 and BW must be identical.
    If the source is an SAP system, it is expected that the material number will have the correct format and the conversion exit will not be called.  If the settings are not the same as per note 555675, you will entounter problems.
    Best Regards,
    Vincent

  • Two iPhoto '08 Libraries, One External and One Internal...

    Hello,
    I have Two iPhoto '08 Libraries, One External and One Internal. I moved my original iPhoto library to my external HD and all was good. Now about six months later I am noticing that I have two libraries, the external one is 15.8 gigs and the internal one is 17.66 gigs. Can I merge these and how or are one of these an older version of the library that I could delete? Any assistance would be great!
    Thanks,
    Pete

    Pete
    Welcome to the Apple user discussion forums
    are one of these an older version of the library that I could delete?
    Sorry - these are user forums - not physic users forum
    my best guess is that you never directed iPhoto to use the external library and that is is a back up of your old library and that your internal library is the complete library - but that is just a guess
    To switch libraries and look at the launch iPhoto while depressing the option (alt) key and use the select library function - once you figure out what you have you can delete the old or or use iPhoto library manager - http://www.fatcatsoftware.com/iplm/ - to move photos between them
    LN

  • OMG!!! I lost all my data on my external and my internal drive has been wiped clean! Please help

    I bought a very good condition, used macbook pro 4.1. While attempting to transfer files from one of my external drives, some how I erased both the external drive and the internal drive. I didn'y get install disks with it either. I am in a huge panic as I am a 3D graphics designer and had over 5 years woth of work on the external. Can anyone help please? Hopefully something that won't cost anything as I am totally broke, and gonna be much worse if I can't retrieve my client's property

    My computer is not working, is my personal data lost?
    .Create a data recovery/undelete external boot drive
    Erase, formatting, OS X installs on Mac's

  • Using two hard drives - one external and one internal

    As my macbook pro only has 100 gig HD I keep my most recent photos on that HD and edit the photos when I have the time on travel. I then have a 500gig external firewire drive with older photos. My question is two fold
    1. Do I have to keep re-setting the preference for the startup library to switch between the two or can I see both at the same time?
    2. At this point I can only see one library at the time, how then can I move my current images into the external drive, or asked another way, how can I merge the two libraries?
    I receive version 2.0 today, but I can't think I am the only one with this issue, nevertheless, I can't find much about the topic.
    Thanks for your help

    The biggest reason I wanted to do it was that for 2007 I took all my photos and put them in a project by month - so I have 12 project folders taking up all this space. Whereas, my older years, going back to 2002, they are in folders for each month in a project for the year. I did this when I bought aperture and moved my files over from Nikon View. All my other years where on my other library and my 2007 was on my library on the computer. So essentially I'd like to collapse the 2007 projects into one main area.
    Make sense?
    Thanks for al your help. What a great resource.

  • I believe iMac is freezing because of interference between my Wifi/router combo unit and my Network Card.  What should I do?

    My mid-2010 iMac (Snow Leopard) has been freezing with a spinning wheel within 10 minutes of startup for about a week.  I can only force it to shut down by holding the power button - nothing else functions at that point.
    I've been to the Genius Bar 3 times, with no findings.  They did an overnight diagnostic, and found nothing wrong.  They reinstalled Mac OS X, and before I even restored, it was still misbehaving.  I can't recreate it at the Apple Store, but it does it without fail at home.  At length, I believe I've narrowed it down to the Wifi/router combo unit and the iMac network card.  When I turn off the router (entirely or just "turn off" the wifi), it oeprates normally.  If I turn off the ethernet (BOTH en 0 and en 1 - if either of them is on, I have problems), it operates normally.  If I have them both on, it will freeze.  What on earth?
    It doesn't matter whether the iMac is actually CONNECTED by wifi or ethernet.  Merely having them both TURNED ON is enough to cause the freezing.  Has anyone heard of this?  I can't seem to find anything on it.  My only recourse seems to be asking my DSL provider for a new router and seeing if that helps. 
    Any other suggestions?  Thanks!

    I can't recreate it at the Apple Store, but it does it without fail at home.
    That's because when troubleshooting no devices should be connected except for the keyboard.
    You seem to have narrowed it down to your router.  Suggest that you call the router manufacturer to find out what the problem is.  If the router came from your ISP, call their tech support dept.

  • WAP and VLANs (Minimal Network)

    What is she using for her firewall? I did this for a client and used the awesome features in the WatchGuard firewall I sourced for them. It has multiple interfaces and allows for simple configuration for this feature. Because it happens at the firewall, you can use any WAP.
    It also includes a captive portal, so users have to accept terms before connecting. You can add other features like a Web Proxy and Application Control to block certain types of sites and apps (like netflix, inappropriate content, etc.)

    OK, my client has a small network, just one HP switch.  I think it's an 1820, but not sure.
    Anyways, she wants a WAP that can dish out a "Guest" network which would only have Internet access, and an "Internal" network that would let users access onsite servers and still have Internet access.
    If my WAP would let me hand out DHCP and the like, I could set guest to 172.168.10.x and make the def gw the outside IP address (since internally they run a 192.168.x.x scheme).  And the Internal, I could just have the server serve up DHCP leases and everything would be good. 
    I think.
    Anyone done this, and can recommend a WAP that could do this, if not most of it?
    This topic first appeared in the Spiceworks Community

  • Routing and Remote access - internal network not accessing internet through public network!

    Hello,
    Good Evening to all.
    I got an issue in routing and remote access on windows 2003 server.  This server is already configured as File server, domain server and Application server. Also configured as router (through routing & remote access) for connecting three different
    network to each other. So This server has three NIC card installed and each NIC card represent separate network.
    three different network are - 192.42.160.0/24 , 192.42.161.0/24, 192.42.162.0/24
    Three NIC card installed on server as with following IP address -
    NIC -1 = 192.42.160.220 , Sub- 255.255.255.0 , Gateway - NO
    NIC -2 = 192.42.161.220 , Sub- 255.255.255.0 , Gateway - 192.161.220.112 (This ip for internet access so 4g router IP)
    NIC -3 = 192.42.162.220,  , Sub- 255.255.255.0 , Gateway - NO
    Now the issue is I can reach to internet & (also pinging to router ip 192.42.161.112) from only one network that is - 192.42.161.0/24 , BUT when I trying to access internet from another two network (192.42.160.0/24 & 192.42.162.0/24) I cant access
    it and moreover can't ping to internet router ip - 192.42.161.112...
    So how I can access to internet from other two network also? 
    I was already configured static routing for all three network but still I was not success. really I don't know what exactly static routing it should be done in routing & remote access so that all three network can reach to internet?
    Sorry if I am not able to explain properly. Please let me know if you need more explain on this...
    Thanks to all.

    Dear Milos,
    I am happy to hear from you....
    1.- Actually the setup was done long before by another guy and right now I don't want to change it. 
    Nice to hear from you! Thank you so much. Actually this is first time I am using technet forum upon the suggestion from one of the my friend. So any your help from you will help me a great in this issue...
    I ran the route print command and given follow are the results.
    I have only added the default route as per the below routes. Please guide me know how to add other static routes for three network.
    D:\Documents and Settings\Administrator>route print
    IPv4 Route Table
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 30 05 ad 8f 5c ...... Broadcom NetXtreme Gigabit Ethernet - Teefer2 Mi
    niport
    0x3 ...00 0e 0c a7 c4 f8 ...... Intel(R) PRO/1000 GT Desktop Adapter - Teefer2 M
    iniport
    0x4 ...00 0e 0c a7 c5 85 ...... Intel(R) PRO/1000 GT Desktop Adapter #2 - Teefer
    2 Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0   192.42.161.112   192.42.161.220      1
            127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
         192.42.160.0    255.255.255.0   192.42.160.220   192.42.160.220     20
       192.42.160.220  255.255.255.255        127.0.0.1        127.0.0.1     20
       192.42.160.255  255.255.255.255   192.42.160.220   192.42.160.220     20
         192.42.161.0    255.255.255.0   192.42.161.220   192.42.161.220     20
       192.42.161.220  255.255.255.255        127.0.0.1        127.0.0.1     20
       192.42.161.255  255.255.255.255   192.42.161.220   192.42.161.220     20
         192.42.162.0    255.255.255.0   192.42.162.220   192.42.162.220     20
       192.42.162.220  255.255.255.255        127.0.0.1        127.0.0.1     20
       192.42.162.255  255.255.255.255   192.42.162.220   192.42.162.220     20
            224.0.0.0        240.0.0.0   192.42.160.220   192.42.160.220     20
            224.0.0.0        240.0.0.0   192.42.161.220   192.42.161.220     20
            224.0.0.0        240.0.0.0   192.42.162.220   192.42.162.220     20
      255.255.255.255  255.255.255.255   192.42.160.220   192.42.160.220      1
      255.255.255.255  255.255.255.255   192.42.161.220   192.42.161.220      1
      255.255.255.255  255.255.255.255   192.42.162.220   192.42.162.220      1
    Default Gateway:    192.42.161.112
    ===========================================================================
    Persistent Routes:
      None
    Regards & Thanks
    Mahesh

  • Access to application when external and internal address of EP are differen

    I have a problem with access to application in portal. I deployed the application (ear) and it is available by address http://noss.inside.bcc.com.pl:54100/forum/index.jsp in our intranet. External address of portal is https://portal.bcc.com.pl. My application is unavailable outside the company, because in url iView there is an address of internal network. I've tried to use relative address /forum/index.jsp, but it doesn't work. Is there any kind of iView, which can solve my problem?

    Hi Julia,
    have a look at this Topic: <a href="https://forums.sdn.sap.com/thread.jspa?threadID=65920">How does portal connect a user to internal web site</a>. Basically it is the same problem. Unfortunately Jeremy had not described the solution in detail.
    Regards
    Gregor

  • WRV200 - Problems with VPN Client and Internal network access

    I have a WRV200 router and want to access the internal (Private Network) connected on the inside. I have successfully conected to the router with the Linksys VPN Client, but it does not appear to allow access to the internal network.
    How do I enable NAT Transversal or Passthru? I have already selected all of the PPTP, L2TP and IPSEC Pass Through.
    Has anyone gotten this to work?

    I have actually gotten this to work. Issues surround this include the ability to get to the VPN if the main DNS is down (it does not fail over to the next DNS in the list).
    If you unselect all of the boxes in the firewall General configuration, you can connect, but if you need to have all of this unchecked, what's the sense of having it?
    Anyway, you can use the DoS Prevention, this is not interfering.
    HTH.

  • Cisco ASA 5505 Routing between internal networks

    Hi,
    I am new to Cisco ASA and have been configuring my new firewall but one thing have been bothering. I cannot get internal networks and routing between them to work as I would like to. Goal is to set four networks and control access with ACL:s between those.
    1. Outside
    2. DMZ
    3. ServerNet1
    4. Inside
    ASA version is 9.1 and i have been reading on two different ways on handling IP routing with this. NAT Exempt and not configuring NAT at all and letting normal IP routing to handle internal networks. No matter how I configure, with or without NAT I cannot get access from inside network to DMZ or from ServerNet1 to DMZ. Strange thing is that I can access services from DMZ to Inside and ServerNet1 if access list allows it. For instance DNS server is on Inside network and DMZ works great using it.
    Here is the running conf:
    interface Ethernet0/0
    switchport access vlan 20
    interface Ethernet0/1
    switchport access vlan 20
    interface Ethernet0/2
    switchport access vlan 19
    interface Ethernet0/3
    switchport access vlan 10
    switchport trunk allowed vlan 10,19-20
    switchport trunk native vlan 1
    interface Ethernet0/4
    switchport access vlan 10
    interface Ethernet0/5
    switchport access vlan 10
    switchport trunk allowed vlan 10-11,19-20
    switchport trunk native vlan 1
    switchport mode trunk
    interface Ethernet0/6
    switchport access vlan 10
    switchport trunk allowed vlan 10-11,19-20
    switchport trunk native vlan 1
    switchport mode trunk
    interface Ethernet0/7
    switchport access vlan 10
    interface Vlan10
    nameif inside
    security-level 90
    ip address 192.168.2.1 255.255.255.0
    interface Vlan11
    nameif ServerNet1
    security-level 100
    ip address 192.168.4.1 255.255.255.0
    interface Vlan19
    nameif DMZ
    security-level 10
    ip address 192.168.3.1 255.255.255.0
    interface Vlan20
    nameif outside
    security-level 0
    ip address dhcp setroute
    ftp mode passive
    clock timezone EEST 2
    clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network obj-192.168.2.0
    subnet 192.168.2.0 255.255.255.0
    object network obj-192.168.3.0
    subnet 192.168.3.0 255.255.255.0
    object network DNS
    host 192.168.2.10
    description DNS Liikenne
    object network Srv2
    host 192.168.2.10
    description DC, DNS, DNCP
    object network obj-192.168.4.0
    subnet 192.168.4.0 255.255.255.0
    object network ServerNet1
    subnet 192.168.4.0 255.255.255.0
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    object-group network RFC1918
    object-group network InternalNetworks
    network-object 192.168.2.0 255.255.255.0
    network-object 192.168.3.0 255.255.255.0
    object-group service DM_INLINE_SERVICE_1
    service-object tcp destination eq domain
    service-object udp destination eq domain
    service-object udp destination eq nameserver
    service-object udp destination eq ntp
    object-group service DM_INLINE_TCP_1 tcp
    port-object eq www
    port-object eq https
    port-object eq ftp
    port-object eq ftp-data
    object-group service rdp tcp-udp
    description Microsoft RDP
    port-object eq 3389
    object-group service DM_INLINE_TCP_2 tcp
    port-object eq ftp
    port-object eq ftp-data
    port-object eq www
    port-object eq https
    object-group service DM_INLINE_SERVICE_2
    service-object tcp destination eq domain
    service-object udp destination eq domain
    object-group network DM_INLINE_NETWORK_1
    network-object object obj-192.168.2.0
    network-object object obj-192.168.4.0
    access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
    access-list dmz_access_in extended deny ip any object-group InternalNetworks
    access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
    access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
    access-list DMZ_access_in extended deny ip any object-group InternalNetworks
    access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
    access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
    access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
    access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
    access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
    access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
    access-list ServerNet1_access_in extended permit ip any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu ServerNet1 1500
    mtu inside 1500
    mtu DMZ 1500
    mtu outside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-711-52.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,DMZ) source static obj-192.168.2.0 obj-192.168.2.0 destination static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp
    object network obj_any
    nat (inside,outside) dynamic interface
    nat (DMZ,outside) after-auto source dynamic obj_any interface destination static obj_any obj_any
    nat (ServerNet1,outside) after-auto source dynamic obj-192.168.4.0 interface
    access-group ServerNet1_access_in in interface ServerNet1
    access-group inside_access_in in interface inside
    access-group DMZ_access_in in interface DMZ
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    http 192.168.4.0 255.255.255.0 ServerNet1
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec security-association pmtu-aging infinite
    crypto ca trustpool policy
    telnet timeout 5
    ssh 192.168.4.0 255.255.255.0 ServerNet1
    ssh 192.168.2.0 255.255.255.0 inside
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect ip-options
      inspect icmp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous

    Hi Jouni,
    Yep, Finnish would be good also =)
    In front of ASA is DSL modem, on the trunk ports is Hyper-V host that uses the trunk ports so that every VM has their VLAN ID defined in the VM level. Everything is working good on that end. Also there is WLAN Access Pois on one of the ASA ports, on the WLAN AP there is the management portal address on DMZ that i have been testing agains (192.168.3.4)
    If i configure Dynamic PAT from inside to the DMZ then the traffic starts to work from inside to all hosts on DMZ but thats not the right way to do it so no shortcuts =)
    Here is the conf now, still doesnt work:
    interface Ethernet0/0
    switchport access vlan 20
    interface Ethernet0/1
    switchport access vlan 20
    interface Ethernet0/2
    switchport access vlan 19
    interface Ethernet0/3
    switchport access vlan 10
    switchport trunk allowed vlan 10,19-20
    switchport trunk native vlan 1
    interface Ethernet0/4
    switchport access vlan 10
    interface Ethernet0/5
    switchport access vlan 10
    switchport trunk allowed vlan 10-11,19-20
    switchport trunk native vlan 1
    switchport mode trunk
    interface Ethernet0/6
    switchport access vlan 10
    switchport trunk allowed vlan 10-11,19-20
    switchport trunk native vlan 1
    switchport mode trunk
    interface Ethernet0/7
    switchport access vlan 10
    interface Vlan10
    nameif inside
    security-level 90
    ip address 192.168.2.1 255.255.255.0
    interface Vlan11
    nameif ServerNet1
    security-level 100
    ip address 192.168.4.1 255.255.255.0
    interface Vlan19
    nameif DMZ
    security-level 10
    ip address 192.168.3.1 255.255.255.0
    interface Vlan20
    nameif outside
    security-level 0
    ip address dhcp setroute
    ftp mode passive
    clock timezone EEST 2
    clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network obj-192.168.2.0
    subnet 192.168.2.0 255.255.255.0
    object network obj-192.168.3.0
    subnet 192.168.3.0 255.255.255.0
    object network DNS
    host 192.168.2.10
    description DNS Liikenne
    object network Srv2
    host 192.168.2.10
    description DC, DNS, DNCP
    object network obj-192.168.4.0
    subnet 192.168.4.0 255.255.255.0
    object network ServerNet1
    subnet 192.168.4.0 255.255.255.0
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    object-group network RFC1918
    object-group network InternalNetworks
    network-object 192.168.2.0 255.255.255.0
    network-object 192.168.3.0 255.255.255.0
    object-group service DM_INLINE_SERVICE_1
    service-object tcp destination eq domain
    service-object udp destination eq domain
    service-object udp destination eq nameserver
    service-object udp destination eq ntp
    object-group service DM_INLINE_TCP_1 tcp
    port-object eq www
    port-object eq https
    port-object eq ftp
    port-object eq ftp-data
    object-group service rdp tcp-udp
    description Microsoft RDP
    port-object eq 3389
    object-group service DM_INLINE_TCP_2 tcp
    port-object eq ftp
    port-object eq ftp-data
    port-object eq www
    port-object eq https
    object-group service DM_INLINE_SERVICE_2
    service-object tcp destination eq domain
    service-object udp destination eq domain
    object-group network DM_INLINE_NETWORK_1
    network-object object obj-192.168.2.0
    network-object object obj-192.168.4.0
    object-group network DEFAULT-PAT-SOURCE
    description Default PAT source networks
    network-object 192.168.2.0 255.255.255.0
    network-object 192.168.3.0 255.255.255.0
    network-object 192.168.4.0 255.255.255.0
    access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
    access-list dmz_access_in extended deny ip any object-group InternalNetworks
    access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
    access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
    access-list DMZ_access_in extended deny ip any object-group InternalNetworks
    access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
    access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
    access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
    access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
    access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
    access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
    access-list ServerNet1_access_in extended permit ip any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu ServerNet1 1500
    mtu inside 1500
    mtu DMZ 1500
    mtu outside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-711-52.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (any,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
    access-group ServerNet1_access_in in interface ServerNet1
    access-group inside_access_in in interface inside
    access-group DMZ_access_in in interface DMZ
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    http 192.168.4.0 255.255.255.0 ServerNet1
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec security-association pmtu-aging infinite
    crypto ca trustpool policy
    telnet timeout 5
    ssh 192.168.4.0 255.255.255.0 ServerNet1
    ssh 192.168.2.0 255.255.255.0 inside
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect ip-options
      inspect icmp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous

  • Using DNS Services on an internal network and still using an outside DNS

    I have just started using Mac OSX Server for the first time and I am trying to set up an internal DNS server so I can set up an LDAP Directory master and replica. However, I am running into some problems in setting up the DNS server on our network.
    This is where it gets a little confusing to me here and i have to explain some things. We have a shared web hosting ISP, which means that our mail services and web hosting services are not hosted on site. To access our mail services using a FQDN I would point Outlook to mail.xxx-xxx.net. However, I want to use that domain, xxx-xxx.net, as our internal network as well because it is the name of our company.
    I can get all of the DNS names to propogate to their assigned IP's on the internal network and can ping everything using fully qualified domain names, but whenever I go to use services such as mail., it cannot find the server which is hosting that service because it is obviously not on our internal network. This makes sense that I cannot ping it, but how do I set up the alias mail.xxx-xxx.net to point to the ip address of the mail servers hosted by our ISP instead of something hosted on our internal network?
    Sorry I can't clarify better, I'll try some cliff's instead;
    1) Trying to set up internal dns server so I can use LDAP Directory Master and Replica Services.
    2) The domain, xxx-xxx.net is currently being used for web hosting and mail services not hosted at our site.
    3) Want to use the domain xxx-xxx.net as our internal domain because it is the name of our company, and eventually we will be hosting our own content.
    4) Can set up internal DNS server and get all IP's to propagate just fine, but services such as mail.xxx-xxx.net cannot be used because they are not hosted on the internal network.
    5) How do I set up DNS to point certain services to point to an external DNS servers, or to the IP address of the server itself so I don't have to use the ip address i.e. mail.216.256.33.24?

    Ok I got it
    Here's my walkthrough for all the other tormented souls, that might find this thread and require help:
    Introduction:
    Internet-card: ra0 192.168.16.64
    Internet-gateway, nameserver 192.168.16.1
    local-network-card eth1 192.168.15.1
    [1] modprobe capabilty
       -> /etc/rc.conf
    [2] pacman -S
       * dhcpd (DHCP daemon)
       * bind (Berkeley Domain Name Server)
    [3] vi /etc/dhcpd.conf
    ddns-update-style ad-hoc;
    option domain-name "example.org";
    option domain-name-servers ns1.example.org, ns2.example.org;
    default-lease-time 600;
    max-lease-time 7200;
    subnet 192.168.15.0 netmask 255.255.255.0
    # --- default gateway
    option routers 192.168.15.1;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.15.255;
    option domain-name-servers 192.168.15.1;
    range 192.168.15.2 192.168.15.254;
    default-lease-time 21600;
    max-lease-time 43200;
    [4] vi /etc/named.conf
    acl micro
    192.168.15.0/24;
    options {
    directory "/var/named";
    pid-file "/var/run/named/named.pid";
    auth-nxdomain yes;
    datasize default;
    allow-query{ micro; };
    allow-recursion { micro; };
    [5]
    /etc/rc.d/dhcpd start
    /etc/rc.d/named start
        -> rc.conf
    [6] iptables
    vi /etc/sysctl.conf
    net.ipv4.ip_forward = 1
    iptables -t nat -A POSTROUTING -o ra0 -j SNAT --to 192.168.16.64
    iptables -A INPUT -j DROP -m state --state NEW,INVALID -i ippp0
    iptables -A FORWARD -j DROP -m state --state NEW,INVALID -i ippp0
    make it a script that is run in /etc/rc.local

  • E7-00 and SIP over Internal Network (WiFi)

    Hey all, maybe someone here knows something more about it.
    I want to use an Sip account in our internal Network via WiFi. Our Telephone-Central (Panasonic TDE-100) supports connections to it via Sip (internal SIP-Server).
    I can connect with my User-Account and it says connected.
    I can make calls into the internal Telephone-Network
    Now the Problem:
    I cannot be called internal. The TDE is sending an INVITE to the E7 and the E7 declines it when a call is coming in.
    I have also an external SIP Account with another Provider. That one works as it should.
    Our Technical assistance for the TDE has no idea, neither the their technical guys from Panasonic.

    Welcome to the Apple Community.
    I'm not sure whether an Apple TV can connect to a wifi hotspot, however even if it could you are going to experience extremely slow downloads and reach your devices data limits very quickly.
    This is not a practical way to use an Apple TV.

  • Router to Router VPN with Overlapping internal networks

    Hello Experts,
    One quick question. How do I configure a Router to Router VPN with overlapping internal networks???
    Both of my internal networks have ip address of 192.168.10.0 and 192.168.10.0
    Any link or config will be appreciated. I've been looking but no luck.
    Thanks,
    Randall

    Randall,
    Please refer the below URL for configuration details:
    Configuring an IPSec Tunnel Between Routers with Duplicate LAN Subnets
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml
    Let me know if it helps.
    Regards,
    Arul
    ** Please rate all helpful posts **

  • Internal Corporate wireless and guest wireless network

    I need some technical information on hwo the wireless guest network is created on the Airport Extreme. We currently do not permit personal wireless devices to connect to our internal wireless network in order to protect out data. Several times users have presented us with justifiable business requests to have access to the wireless network from their own devices. We've been looking at using the Airport Extreme in order to do this, but we are bound by PCI (Payment Card Industry) requirements to keep our customer credit card data secure. PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?
    Two or three of these on each floor would fit our need for such access and keep out customer data secure.
    Thanks

    Welcome to the discussion area!
    +PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
    I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
    This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
    FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration.

Maybe you are looking for

  • How to get the folder name of selected subitem in tree structure?

    Hi All,            I created a tree structure like below.          ->Folder1-- 1                           2                           3         ->Folder2-----1                            2                            3                 i.e i have two

  • Best practise for creating an application that connects to a SQL Server database

    I have created an application that connects to a SQL Server database and views information using a datagrid and performs several updates when a button is selected.   I have created a SQLcontrol.vb using the following code: Imports System.Data.Sql Imp

  • Linking to a page in another pdf

    Using ID, is it possible to create a pdf that will have a link to a specific page in another pdf?

  • Is there a method for adding a character to a string?

    Hello, is there a String method to add a Char to a String given the character number on the string? EXAMPLE: String text = "hello world" I'd like to add a comma after the the 'o' (4th character) so I that text reads: "hello, world" is there something

  • E-MU USB 0404, what the hell is taking so long with Windows 7 drivers?

    Windows 7 beta was out ages ago, the RC has been out for some time. WTF is taking so long? Someone want to tell the developers I have a $200 USB audio device that I can't use with my operating system and to get off their lazy asses and put at least a