Search Results

Search found 4141 results on 166 pages for 'router'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 67/166 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >

  • VPN into multiple LAN Subnets

    - by Rain
    I need to figure out a way to allow access to two LAN subnets on a SonicWall NSA 220 through the built-in SonicWall GlobalVPN server. I've Googled and tried everything I can think of, but nothing has worked. The SonicWall NSA management web interface is also very unorganized; I'm probably missing something simple/obvious. There are two networks, called Network A and Network B for simplicity, with two different subnets. A SonicWall NSA 220 is the router/firewall/DHCP Server for Network A, which is plugged into the X2 port. Some other router is the router/firewall/DHCP server for Network B. Both of these networks need to be managed through a VPN connection. I setup the X3 interface on the SonicWall to have a static IP in the Network B subnet and plugged it in. Network A and Network B should not be able to access each other, which appears the be the default configuration. I then configured and enabled VPN. The SonicWall currently has the X1 interface setup with a subnet of 192.168.1.0/24 with a DHCP Server enabled, although it is not plugged in. When I VPN into the SonicWall, I get an IP address supplied by the DHCP Server on the X1 interface and I can access Network A remotely although I do not have access to Network B. How can I allow access to both Network A and Network B to VPN clients although keep devices on Network B from accessing Network A and vice-versa. Is there some way to create a VPN-only subnet (something like 10.100.0.0/24) on the SonicWall that can access Network A and Network B without changing the current network configuration or allowing devices on both netorks "see" each other? How would I go about setting this up? Diagram of the network: (Hopefully this kind of helps) WAN1 WAN2 | | [ SonicWall NSA 220 ]-(X3)-----------------[ Router 2 ] | | (X2) 192.168.2.0/24 10.1.1.0/24 Any help would be greatly appriciated!

    Read the article

  • openVPN as a way to connect to a LAN by another client, different from server

    - by Einar
    Setup: one LAN handled by a router without a publicly available IP address but without any outbound connection restrictions ("target LAN"); a separate server publicly reachable from the Internet ("gateway"). I am trying to set up openVPN so that a third client can connect to the "gateway" and access the "target LAN". As the router of "target LAN" is not reachable from the Internet directly, it connects to the gateway itself via openVPN as well. The problem is how to handle routing. The LAN router has two network interfaces (for the outside network and the LAN itself). In openVPN (the server on the gateway) I set client-to-client and push "route 192.168.10.0 255.255.255.0" but I assume this would be horribly wrong (it actually messed up the routing on the LAN router until I killed openVPN). openVPN is not using bridging, is configured via tun. Other config details from the server server 10.8.0.0 255.255.255.0 client-config-dir ccd route 192.168.10.0 255.255.255.0 And the client file in ccd is iroute 192.168.10.0 255.255.255.0 What can be adjusted to ensure that a third client can connect through openVPN and access the LAN mentioned earlier?

    Read the article

  • Configure linux machine as bridge/switch and end device

    - by leemes
    At my home, I have two desktop PCs in two rooms. The router / DSL modem is in one of these rooms. Now I want to configure a home server (having 2 LAN ports, running 24/7) in the corridor between the two rooms, using only one LAN cable at each door. This gives me the following physical configuration: (door) (door) .----/-/----. .-----/-/----------._ FritzBox | | | .----´´ DSL Router PC1 Server | PC2 As just said, the server has 2 network interfaces and is running Ubuntu. What I need now is a network configuration which enables both the server and PC1 to connect to the router. I think the server needs to serve as a bridge or switch. Currently, all computers are configured having static IP addresses. If I'm understanding it correctly, a bridge / switch doesn't have its own IP address, but as the server needs to be configured as an own end device, it needs to have one. My first question is, do I have to configure both interfaces separately, giving both the same static IP address? My next question is, how do I bridge the two physical networks into one? I have basic understanding (but am always confused again and again) of bridges and switches, but I don't know how to configure it in software. I only know that it's possible to do so :) The third question is: Is it possible to configure this in a way that network packets from/to PC1 to/from the router only go through hardware or only consume low CPU in the server? Can you help me? Thanks in advance!

    Read the article

  • Internet setup for my office

    - by prakash
    We have two internet connections to our office and our current setup is like this.. The internet connections require pppoe log in so i take each cable and plug it into a wifi router and configure the router to log in to the pppoe and then plug in a cable from the router to a switch and distribute the internet throughout my office. The problem with this setup is it is really hard to monitor and im not able to monitor who is hogging internet usage and what he or she is actually using it for. apart from this we also have a nas setup which is routed through another switch . Could someone please throw a little light on how i can restructure this setup for easy monitoring and better transparency... ? each wan router is connected to a different switch and is distributed to users accordingly.. we have around 40 users in the office.. we want to setup a single linux box to which i want to connect the two wan connections and from there distribute it to all our users.... im looking for a solution where we do not have to invest more that buying a single pc and a couple of nics

    Read the article

  • Games consoles won't connect through the TP-Link TL-WA500G Access Point

    - by Manfred Wolff
    I hope that someone can help me. I have several Laptops and other devices, all using my Wireless Router (Sky Digital Netgear) To extend the range to the back of the house, I purchased a TP-Link TL-WA500G Range extender. configured just as a pure repeater, it picks up the signal from the Netgear Router. The Netgear Router does the DHCP, handing out the IP addresses. This all works a treat with several different laptops and my iPone4S, but when my son tries to use his XBox360, Sony Playstation3 or the Nintendo Wii those devices fail to acquire an IP address. They just sit their waiting for the IP config. This also happens with my wife's HTC desire ONE Android phone. My son says that, when his HTC Desire C won't get an IP address, he just unplugs the AP briefly - the phone will connect and he puts the AP back on. Once he is connected to the Router, the AP won't disturb function. The Games Consoles don't seem to work like that. They stop working, when the AP is reconnected. I had my son try to configure permanent IP addresses, and he said that did not work either, though I have to confirm that, as I did not see that for myself. Has anybody seen this before? I have searched the Net and have not found any similar problems anywhere. I wonder if there is setting somewhere that would fix this. Many thanks for anyone reading this and trying to help. M

    Read the article

  • Open ports broken from internal network

    - by ksvi
    Quick summary: Forwarded port works from the outside world, but from the internal network using the external IP the connection is refused. This is a simplified situation to make the explanation easier: I have a computer that is running a service on port 12345. This computer has an internal IP 192.168.1.100 and is connected directly to a modem/router which has internal IP 192.168.1.1 and external (public, static) IP 1.2.3.4. (The router is TP-LINK TD-w8960N) I have set up port forwarding (virtual server) at port 12345 to go to port 12345 at 192.168.1.100. If I run telnet 192.168.1.100 12345 from the same computer everything works. But running telnet 1.2.3.4 12345 says connection refused. If I do this on another computer (on the same internal network, connected to the router) the same thing happens. This would seem like the port forwarding is not working. However... If I run a online port checking service on my external IP and the service port it says the port is open and I can see the remote server connecting and immediately closing connection. And using another computer that is connected to the internet using a mobile connection I can also use telnet 1.2.3.4 12345 and I get a working connection. So the port forwarding seems to be working, however using external IP from the internal network doesn't. I have no idea what can be causing this, since another setup very much like this (different router) works for me. I can access a service running on a server from inside the network both through the internal and external IP.

    Read the article

  • How do I fully share a Hard Drive on my Local Network?

    - by GingerLee
    I have 4 computers connected to a router (DD-WRT) My main PC is Windows 7 (Home Premium). This machine has 2 Hard Disks: HD1 is used for my OS and the other (HD2) is used to store files. My 3 other machines are 1. Ubuntu Destop that I use to learn about linux, 2. A Mac OSX laptop, and 3. A netbook running windows 7. How do I easily share HD2 with my other machines? I would like all my machines to have full access & permissions to HD2 however I would like to RESTRICT access to only PCs that are connected to my router (either via LAN and WiFi) --- btw, I know this is not very secure due to WiFi vulnerability , however, I currently MAC address restrict WiFi connections my router. Extra Info: I have already tried to use the Windows Folder Sharing feature: i.e. I right click over the icon of HD2, and click on the Sharing Tab, but in sub-window labeled "Network File and Folder Sharing", the "Share" button is grayed out. I can click on "Advanced Shared" but that just takes me to a screen in which I have to set certain permissions. What is not clear to me is: How do I set a criteria that shares HD2 with all computer connected to my router?

    Read the article

  • Route all traffic of home network through VPN

    - by user436118
    I have a typical semi advanced home network scenario: A cable modem - eth A wireless router (netgear n600) eth and wlan A home server (Running ubuntu 12.04 LTS, connected over wlan) A bunch of wireless clients (wlan) Lying around I have anoher cheaper wlan router, and two different USB wlan NIC's that are known to work with Linux. ACTA struck. I want to route ALL of my WAN traffic through a remote server through a VPN. For sake of completition, lets say there is a remote server running debian sqeeze where a VPN server is to be installed. The network is then to behave so that if the VPN is not operative, it is separated from the outside world. I am familiar with general system/network practices, but lack the specific detailed knowledge to accomplish this. Please suggest the right approach, packages and configurations you'd use to reach said solution. I've also envisioned the following network configuration, please improve it if you see fit: ==LAN== Client ip:10.1.1.x nm:255.0.0.0 gw:10.1.1.1 reached via WLAN Wlan router 1: ip: 10.1.1.1 nm:255.0.0.0 gw: 10.10.10.1 reached via ETH Homeserver: <<< VPN is initiated here, and the other endpoint is somewhere on the internet. eth0: ip:10.10.10.1 nm: 0.0.0.0 gw:192.168.0.1 reached via WLAN Homeserver: wlan0: ip: 192.168.0.2 nm: 255.255.255.0 gw: 192.168.0.1 reached via WLAN ==WAN== Wlan router 2: ip: 192.168.0.1 nm: 0.0.0.0 gw: set via dhcp uplink connector: cable modem Cable Modem: Remote DHCP. Has on-board DHCP server for ethernet device that connects to it, and only works this way. All this WLAN fussery is because my home server is located in a part of the house where a cable link isnt possible unfortunately.

    Read the article

  • Troubleshoot port forwarding. Could it be ISP blocking incoming connections?

    - by Gravy
    Had a new Axis IP camera delivered yesterday. Plugged into Cisco E2400 Wireless Router but having problems. Example topology: WAN IP: 10.10.10.10 (example) Cisco Router: 192.168.1.1 Axis Camera: 192.168.1.10:80 Port forwarding rules set up on router External Port: 999 Internal Port: 80 Protocol: TCP & UDP Device IP: 192.168.1.10:80 Enabled: True Trying to connect from within the lan to 192.168.1.1:80 from within browser - Works properly. Trying to connect from within the lan to 10:10:10:10:999 from within browser - Works properly. Trying to connect from outside the LAN (e.g. via 3g or another isp) to 10:10:10:10:999 from within browser - Doesnt work. I get the following errors from different machines / browsers: Safari could not open the page because the server stopped responding (IOS) The server at xx.xx.xx.xx is taking too long to respond. (firefox) This problem is not just for the Axis camera. I am also having similar problems connecting to my NAS drive. After using a web based port scanning tool, it appears as though port 999 is closed. Not certain why when I have set up port forwarding within the router. Any troubleshooting suggestions to help me determine whether the problem is with my Cisco settings / firewall or whether it could be my ISP blocking incoming connection requests? Many thanks

    Read the article

  • Route all traffic of home network through VPN [migrated]

    - by user436118
    I have a typical semi advanced home network scenario: A cable modem - eth A wireless router (netgear n600) eth and wlan A home server (Running ubuntu 12.04 LTS, connected over wlan) A bunch of wireless clients (wlan) Lying around I have anoher cheaper wlan router, and two different USB wlan NIC's that are known to work with Linux. ACTA struck. I want to route ALL of my WAN traffic through a remote server through a VPN. For sake of completition, lets say there is a remote server running debian sqeeze where a VPN server is to be installed. The network is then to behave so that if the VPN is not operative, it is separated from the outside world. I am familiar with general system/network practices, but lack the specific detailed knowledge to accomplish this. Please suggest the right approach, packages and configurations you'd use to reach said solution. I've also envisioned the following network configuration, please improve it if you see fit: Client ip:10.1.1.x nm:255.0.0.0 gw:10.1.1.1 reached via WLAN Wlan router 1: ip: 10.1.1.1 nm:255.0.0.0 gw: 10.10.10.1 reached via ETH Homeserver: <<< VPN is initiated here, and the other endpoint is somewhere on the internet. eth0: ip:10.10.10.1 nm: 0.0.0.0 gw:192.168.0.1 reached via WLAN Homeserver: wlan0: ip: 192.168.0.2 nm: 255.255.255.0 gw: 192.168.0.1 reached via WLAN Wlan router 2: ip: 192.168.0.1 nm: 0.0.0.0 gw: set via dhcp uplink connector: cable modem Cable Modem: Remote DHCP. Has on-board DHCP server for ethernet device that connects to it, and only works this way. All this WLAN fussery is because my home server is located in a part of the house where a cable link isnt possible unfortunately.

    Read the article

  • Combine multiple network interfaces to connect to a dedicated server

    - by Dženis Macanovic
    this is an underpaid employee writing, who's apparently responsible for all the IT stuff in a very small (non-IT) company. Today said company got a bunch of PCs/workstations, a switch, a computer that's supposed to be used as a router, two DSL connections (each 16 MBit/s downstream and 1 MBit/s upstream) and a dedicated server which is hosted and managed professionally by a larger local company with some decent connection speed (1 GBit/s both directions if I'm not mistaken). This is what I've set up (note I'm not making use of the second DSL connection at all)... ETH0 ETH1 [ SWITCH ]---[LINUX DEBIAN ROUTER]---[DSL MODEM 1]---[INTERNET] | | | PC1 | | PC2 | ... ... when my boss asked me, if it was somehow possible to get 32 MBit/s downstream and 2 MBit/s upstream. At that time I replied "no" without thinking too much about it. Now I've just had the following idea... ETH1 ETH0 ETH0 ,---[DSL MODEM 1 (NON-STATIC IP)]---, ,---, ETH0 [ SWITCH ]---[LINUX DEBIAN ROUTER] [INTERNET] [LINUX DEBIAN SERVER]---[INTERNET] | | | '---[ DSL MODEM 2 (STATIC IP) ]---' '---' PC1 | | ETH2 ETH0 PC2 | ... ... but I have absolutely no clue how to implement that. Would that even be possible? What would the masquerading rules look like on the router? What about the server? I didn't find anything on the internet, mainly because I couldn't come up with any good keywords to search for to begin with. English obviously isn't my first language. Thanks in advance for your time!

    Read the article

  • Configuring two subnets with two NICS. Access from a NAS to the internet

    - by archipestre
    I am having trouble configuring my NAS. I have a DSL router with WIFI (192.168.1.1) in my flatmates room. In my room I have a server with two NICS: 1) wlan0 (192.168.1.2) that connects to the DSL router via wireless 2) em1 (192.168.0.1) that connects to the NAS (192.168.0.20) with a crossover cable. I have Fedora 17 and I have enable packet forwarding. My IP configuration is as follows: WLAN0 inet 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 EM1 inet 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255 My routing table looks like: Destination Gateway G enmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 em1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 I have enable a static route in the DSL server: Status Network Destination Subnet Mask Interface Gateway Remove Edit Active 192.168.0.0 255.255.255.0 LAN 192.168.1.2 From my server I can ping the DSL router and the NAS. From the NAS I can ping both NICS of the server. However the NAS is unable to ping the DSL router or any address in the Internet. Any idea of what is wrong. Thank you in advance

    Read the article

  • Setting up a server that routes local traffic through vpn, while still being able to access internet directly

    - by Kazuo
    The goal is to setup a local server that routes local traffic through an uncontrolled remote vpn service while still being able to access the internet directly (not tunneled via vpn) and provide services through that direct connection. It is supposed to look like this: http://i.stack.imgur.com/74dGC.png Note: There is another router with modem between the local server and the internet. What is the easiest (best?) way to get this network setup working? I'm planning to setup the connection between the local router and the local server with simple ip forwarding. The problem now is that all the server's traffic is routed through the vpn tunnel as soon as I connect the server's openvpn client to the remote service so there is no direct internet connection available. My first idea was to setup a virtual machine (lxc container or something) and run the vpn client and local networking stuff in the vm. So that the vm receives all the incoming traffic from the local router and tunnels it through the vpn. This, as far as I understand, should not affect the physical server's network connection and should allow it to provide services to the internet. Before I start trying to set this up (I don't have much experience in networking), is there any easier or better way to do this? I would be thankful for every suggestion. Edit: Let's say the interface connected to the internet is eth0 and the interface connected to the local router is eth1. Another idea would be to create a virtual interface eth0:0 and specifiy it as openvpn's local endpoint and then force any traffic coming from eth1 through eth0:0. I'm not sure how I would force the traffic through eth0:0, though (possibly by adding routes).

    Read the article

  • Lubuntu 13.10 unable to connect to cups localhost:631

    - by user142139
    I am using Lubuntu 13.10 (recently upgraded) and am trying to print to a network printer (HP photosmart 7960) through my router (US Robotics 5461). My printer is connected to the router via USB cable. Normally, I would use the cups configuration interface to set up the wireless connection to the printer. I was able to use the printer through the router wirelessly, using Ubuntu 12.04. Now, with my recently upgraded Lubuntu 13.10, I am unable to get the Cups config webpage (http://localhost:631) to come up. In Chromium, I get: This web page is not available. In Firefox, I get: Unable to connect. Firefox can't establish a connection to the server at localhost:631. The CUPS config file details are below. I have this website to help with the router connections for Linux: http://www.usr.com/support/5461/5461-files/printer_installation_linux/index.html My printer's address through the router is: http://192.168.2.1:1631/printers/My_Printer Can you tell me how to fix this? Or, what to add to the cups configuration file to make this work? Please help. Thanks psychicnut CUPS CONFIG FILE DETAILS: # Show general information in error_log. LogLevel warn MaxLogSize 0 SystemGroup lpadmin Listen /var/run/cups/cups.sock Listen /var/run/cups/cups.sock Listen 192.168.2.1:1631 Browsing Off BrowseLocalProtocols dnssd DefaultAuthType Basic WebInterface Yes <Location /> Order allow,deny </Location> <Location /admin> Order allow,deny </Location> <Location /admin/conf> AuthType Default Require user @SYSTEM Order allow,deny </Location> <Policy default> JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default <Limit Create-Job Print-Job Print-URI Validate-Job> Order deny,allow </Limit> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices> AuthType Default Require user @SYSTEM Order deny,allow </Limit> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @SYSTEM Order deny,allow </Limit> <Limit Cancel-Job CUPS-Authenticate-Job> Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit All> Order deny,allow </Limit> </Policy> <Policy authenticated> JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default <Limit Create-Job Print-Job Print-URI Validate-Job> AuthType Default Order deny,allow </Limit> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> AuthType Default Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> AuthType Default Require user @SYSTEM Order deny,allow </Limit> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @SYSTEM Order deny,allow </Limit> <Limit Cancel-Job CUPS-Authenticate-Job> AuthType Default Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit All> Order deny,allow </Limit> </Policy> JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default

    Read the article

  • Cisco 881 losing NAT NVI translation config after reload

    - by MasterRoot24
    This is a weird one, so I'll try to explain in as much detail as I can so I'm giving the whole picture. As I've mentioned in my other questions, I'm in the process of setting up a new Cisco 881 as my WAN router and NAT firewall. I'm facing an issue where NAT NVI rules that I have configured are not enabled after a reload of the router, regardless of the fact that they are present in the startup-config. In order to clarify this a little, here's the relevant section of my current running-config: Router1#show running-config | include nat source ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.x 1723 interface FastEthernet4 1723 ip nat source static tcp 192.168.1.x 80 interface FastEthernet4 80 ip nat source static tcp 192.168.1.x 443 interface FastEthernet4 443 ip nat source static tcp 192.168.1.x 25 interface FastEthernet4 25 ip nat source static tcp 192.168.1.x 587 interface FastEthernet4 587 ip nat source static tcp 192.168.1.x 143 interface FastEthernet4 143 ip nat source static tcp 192.168.1.x 993 interface FastEthernet4 993 ...and here's the mappings 'in action': Router1#show ip nat nvi translations | include --- tcp <WAN IP>:25 192.168.1.x:25 --- --- tcp <WAN IP>:80 192.168.1.x:80 --- --- tcp <WAN IP>:143 192.168.1.x:143 --- --- tcp <WAN IP>:443 192.168.1.x:443 --- --- tcp <WAN IP>:587 192.168.1.x:587 --- --- tcp <WAN IP>:993 192.168.1.x:993 --- --- tcp <WAN IP>:1723 192.168.1.x:1723 --- --- ...and here's proof that the mappings are saved to startup-config: Router1#show startup-config | include nat source ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.x 1723 interface FastEthernet4 1723 ip nat source static tcp 192.168.1.x 80 interface FastEthernet4 80 ip nat source static tcp 192.168.1.x 443 interface FastEthernet4 443 ip nat source static tcp 192.168.1.x 25 interface FastEthernet4 25 ip nat source static tcp 192.168.1.x 587 interface FastEthernet4 587 ip nat source static tcp 192.168.1.x 143 interface FastEthernet4 143 ip nat source static tcp 192.168.1.x 993 interface FastEthernet4 993 However, look what happens after a reload of the router: Router1#reload Proceed with reload? [confirm]Connection to router closed by remote host. Connection to router closed. $ ssh joe@router Password: Authorized Access only Router1>en Password: Router1#show ip nat nvi translations | include --- Router1# Router1#show ip nat translations | include --- tcp 188.222.181.173:25 192.168.1.2:25 --- --- tcp 188.222.181.173:80 192.168.1.2:80 --- --- tcp 188.222.181.173:143 192.168.1.2:143 --- --- tcp 188.222.181.173:443 192.168.1.2:443 --- --- tcp 188.222.181.173:587 192.168.1.2:587 --- --- tcp 188.222.181.173:993 192.168.1.2:993 --- --- tcp 188.222.181.173:1723 192.168.1.2:1723 --- --- Router1# Here's proof that the running config should have the mappings setup as NVI: Router1#show running-config | include nat source ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.2 1723 interface FastEthernet4 1723 ip nat source static tcp 192.168.1.2 80 interface FastEthernet4 80 ip nat source static tcp 192.168.1.2 443 interface FastEthernet4 443 ip nat source static tcp 192.168.1.2 25 interface FastEthernet4 25 ip nat source static tcp 192.168.1.2 587 interface FastEthernet4 587 ip nat source static tcp 192.168.1.2 143 interface FastEthernet4 143 ip nat source static tcp 192.168.1.2 993 interface FastEthernet4 993 At this point, the mappings are not working (inbound connections from WAN on the HTTP/IMAP fail). I presume that this is because my interfaces are using ip nat enable for use with NVI mappings, instead of ip nat inside/outside. So, I re-apply the mappings: Router1#configure ter Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip nat source static tcp 192.168.1.2 1723 interface FastEthernet4 1723 Router1(config)#ip nat source static tcp 192.168.1.2 80 interface FastEthernet4 80 Router1(config)#ip nat source static tcp 192.168.1.2 443 interface FastEthernet4 443 Router1(config)#ip nat source static tcp 192.168.1.2 25 interface FastEthernet4 25 Router1(config)#ip nat source static tcp 192.168.1.2 587 interface FastEthernet4 587 Router1(config)#ip nat source static tcp 192.168.1.2 143 interface FastEthernet4 143 Router1(config)#ip nat source static tcp 192.168.1.2 993 interface FastEthernet4 993 Router1(config)#end ... then they show up correctly: Router1#show ip nat nvi translations | include --- tcp 188.222.181.173:25 192.168.1.2:25 --- --- tcp 188.222.181.173:80 192.168.1.2:80 --- --- tcp 188.222.181.173:143 192.168.1.2:143 --- --- tcp 188.222.181.173:443 192.168.1.2:443 --- --- tcp 188.222.181.173:587 192.168.1.2:587 --- --- tcp 188.222.181.173:993 192.168.1.2:993 --- --- tcp 188.222.181.173:1723 192.168.1.2:1723 --- --- Router1# Router1#show ip nat translations | include --- Router1# ... furthermore, now from both WAN and LAN, the services mapped above now work until the next reload. All of the above is required every time I have to reload the router (which is all too often at the moment :-( ). Here's my full current config: ! ! Last configuration change at 20:20:15 UTC Tue Dec 11 2012 by xxx version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname xxx ! boot-start-marker boot-end-marker ! ! enable secret 4 xxxx ! aaa new-model ! ! aaa authentication login local_auth local ! ! ! ! ! aaa session-id common ! memory-size iomem 10 ! crypto pki trustpoint TP-self-signed-xxx enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-xxx revocation-check none rsakeypair TP-self-signed-xxx ! ! crypto pki certificate chain TP-self-signed-xxx certificate self-signed 01 xxx quit ip gratuitous-arps ip auth-proxy max-login-attempts 5 ip admission max-login-attempts 5 ! ! ! ! ! ip domain list dmz.xxx.local ip domain list xxx.local ip domain name dmz.xxx.local ip name-server 192.168.1.x ip cef login block-for 3 attempts 3 within 3 no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO881-SEC-K9 sn xxx ! ! username admin privilege 15 secret 4 xxx username joe secret 4 xxx ! ! ! ! ! ip ssh time-out 60 ! ! ! ! ! ! ! ! ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 switchport access vlan 2 no ip address ! interface FastEthernet4 ip address dhcp ip access-group 101 in ip nat enable duplex auto speed auto ! interface Vlan1 ip address 192.168.1.x 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat enable ! interface Vlan2 ip address 192.168.0.x 255.255.255.0 ! ip forward-protocol nd ip http server ip http access-class 1 ip http authentication local ip http secure-server ! ! ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.x 1723 interface FastEthernet4 1723 ! ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 2 permit 192.168.1.0 0.0.0.255 access-list 101 permit udp 193.x.x.0 0.0.0.255 any eq 5060 access-list 101 deny udp any any eq 5060 access-list 101 permit ip any any ! ! ! ! control-plane ! ! banner motd Authorized Access only ! line con 0 exec-timeout 15 0 login authentication local_auth line aux 0 exec-timeout 15 0 login authentication local_auth line vty 0 4 access-class 2 in login authentication local_auth length 0 transport input all ! ! end I'd appreciate it greatly if anyone can help me find out why these mappings are not setup correctly using the saved config after a reload.

    Read the article

  • Cisco ASA 5505 - L2TP over IPsec

    - by xraminx
    I have followed this document on cisco site to set up the L2TP over IPsec connection. When I try to establish a VPN to ASA 5505 from my Windows XP, after I click on "connect" button, the "Connecting ...." dialog box appears and after a while I get this error message: Error 800: Unable to establish VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection. ASA version 7.2(4) ASDM version 5.2(4) Windows XP SP3 Windows XP and ASA 5505 are on the same LAN for test purposes. Edit 1: There are two VLANs defined on the cisco device (the standard setup on cisco ASA5505). - port 0 is on VLAN2, outside; - and ports 1 to 7 on VLAN1, inside. I run a cable from my linksys home router (10.50.10.1) to the cisco ASA5505 router on port 0 (outside). Port 0 have IP 192.168.1.1 used internally by cisco and I have also assigned the external IP 10.50.10.206 to port 0 (outside). I run a cable from Windows XP to Cisco router on port 1 (inside). Port 1 is assigned an IP from Cisco router 192.168.1.2. The Windows XP is also connected to my linksys home router via wireless (10.50.10.141). Edit 2: When I try to establish vpn, the Cisco device real time Log viewer shows 7 entries like this: Severity:5 Date:Sep 15 2009 Time: 14:51:29 SyslogID: 713904 Destination IP = 10.50.10.141, Decription: No crypto map bound to interface... dropping pkt Edit 3: This is the setup on the router right now. Result of the command: "show run" : Saved : ASA Version 7.2(4) ! hostname ciscoasa domain-name default.domain.invalid enable password HGFHGFGHFHGHGFHGF encrypted passwd NMMNMNMNMNMNMN encrypted names name 192.168.1.200 WebServer1 name 10.50.10.206 external-ip-address ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address external-ip-address 255.0.0.0 ! interface Vlan3 no nameif security-level 50 no ip address ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive dns server-group DefaultDNS domain-name default.domain.invalid object-group service l2tp udp port-object eq 1701 access-list outside_access_in remark Allow incoming tcp/http access-list outside_access_in extended permit tcp any host WebServer1 eq www access-list outside_access_in extended permit udp any any eq 1701 access-list inside_nat0_outbound extended permit ip any 192.168.1.208 255.255.255.240 access-list inside_cryptomap_1 extended permit ip interface outside interface inside pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 ip local pool PPTP-VPN 192.168.1.210-192.168.1.220 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface www WebServer1 www netmask 255.255.255.255 access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport crypto map outside_map 1 match address inside_cryptomap_1 crypto map outside_map 1 set transform-set TRANS_ESP_3DES_MD5 crypto map outside_map interface inside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.2-192.168.1.33 inside dhcpd enable inside ! group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes dns-server value 192.168.1.1 vpn-tunnel-protocol IPSec l2tp-ipsec username myusername password FGHFGHFHGFHGFGFHF nt-encrypted tunnel-group DefaultRAGroup general-attributes address-pool PPTP-VPN default-group-policy DefaultRAGroup tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key * tunnel-group DefaultRAGroup ppp-attributes no authentication chap authentication ms-chap-v2 ! ! prompt hostname context Cryptochecksum:a9331e84064f27e6220a8667bf5076c1 : end

    Read the article

  • Setting up a VPN connection to Amazon VPC - routing

    - by Keeno
    I am having some real issues setting up a VPN between out office and AWS VPC. The "tunnels" appear to be up, however I don't know if they are configured correctly. The device I am using is a Netgear VPN Firewall - FVS336GV2 If you see in the attached config downloaded from VPC (#3 Tunnel Interface Configuration), it gives me some "inside" addresses for the tunnel. When setting up the IPsec tunnels do I use the inside tunnel IP's (e.g. 169.254.254.2/30) or do I use my internal network subnet (10.1.1.0/24) I have tried both, when I tried the local network (10.1.1.x) the tracert stops at the router. When I tried with the "inside" ips, the tracert to the amazon VPC (10.0.0.x) goes out over the internet. this all leads me to the next question, for this router, how do I set up stage #4, the static next hop? What are these seemingly random "inside" addresses and where did amazon generate them from? 169.254.254.x seems odd? With a device like this, is the VPN behind the firewall? I have tweaked any IP addresses below so that they are not "real". I am fully aware, this is probably badly worded. Please if there is any further info/screenshots that will help, let me know. Amazon Web Services Virtual Private Cloud IPSec Tunnel #1 ================================================================================ #1: Internet Key Exchange Configuration Configure the IKE SA as follows - Authentication Method : Pre-Shared Key - Pre-Shared Key : --- - Authentication Algorithm : sha1 - Encryption Algorithm : aes-128-cbc - Lifetime : 28800 seconds - Phase 1 Negotiation Mode : main - Perfect Forward Secrecy : Diffie-Hellman Group 2 #2: IPSec Configuration Configure the IPSec SA as follows: - Protocol : esp - Authentication Algorithm : hmac-sha1-96 - Encryption Algorithm : aes-128-cbc - Lifetime : 3600 seconds - Mode : tunnel - Perfect Forward Secrecy : Diffie-Hellman Group 2 IPSec Dead Peer Detection (DPD) will be enabled on the AWS Endpoint. We recommend configuring DPD on your endpoint as follows: - DPD Interval : 10 - DPD Retries : 3 IPSec ESP (Encapsulating Security Payload) inserts additional headers to transmit packets. These headers require additional space, which reduces the amount of space available to transmit application data. To limit the impact of this behavior, we recommend the following configuration on your Customer Gateway: - TCP MSS Adjustment : 1387 bytes - Clear Don't Fragment Bit : enabled - Fragmentation : Before encryption #3: Tunnel Interface Configuration Your Customer Gateway must be configured with a tunnel interface that is associated with the IPSec tunnel. All traffic transmitted to the tunnel interface is encrypted and transmitted to the Virtual Private Gateway. The Customer Gateway and Virtual Private Gateway each have two addresses that relate to this IPSec tunnel. Each contains an outside address, upon which encrypted traffic is exchanged. Each also contain an inside address associated with the tunnel interface. The Customer Gateway outside IP address was provided when the Customer Gateway was created. Changing the IP address requires the creation of a new Customer Gateway. The Customer Gateway inside IP address should be configured on your tunnel interface. Outside IP Addresses: - Customer Gateway : 217.33.22.33 - Virtual Private Gateway : 87.222.33.42 Inside IP Addresses - Customer Gateway : 169.254.254.2/30 - Virtual Private Gateway : 169.254.254.1/30 Configure your tunnel to fragment at the optimal size: - Tunnel interface MTU : 1436 bytes #4: Static Routing Configuration: To route traffic between your internal network and your VPC, you will need a static route added to your router. Static Route Configuration Options: - Next hop : 169.254.254.1 You should add static routes towards your internal network on the VGW. The VGW will then send traffic towards your internal network over the tunnels. IPSec Tunnel #2 ================================================================================ #1: Internet Key Exchange Configuration Configure the IKE SA as follows - Authentication Method : Pre-Shared Key - Pre-Shared Key : --- - Authentication Algorithm : sha1 - Encryption Algorithm : aes-128-cbc - Lifetime : 28800 seconds - Phase 1 Negotiation Mode : main - Perfect Forward Secrecy : Diffie-Hellman Group 2 #2: IPSec Configuration Configure the IPSec SA as follows: - Protocol : esp - Authentication Algorithm : hmac-sha1-96 - Encryption Algorithm : aes-128-cbc - Lifetime : 3600 seconds - Mode : tunnel - Perfect Forward Secrecy : Diffie-Hellman Group 2 IPSec Dead Peer Detection (DPD) will be enabled on the AWS Endpoint. We recommend configuring DPD on your endpoint as follows: - DPD Interval : 10 - DPD Retries : 3 IPSec ESP (Encapsulating Security Payload) inserts additional headers to transmit packets. These headers require additional space, which reduces the amount of space available to transmit application data. To limit the impact of this behavior, we recommend the following configuration on your Customer Gateway: - TCP MSS Adjustment : 1387 bytes - Clear Don't Fragment Bit : enabled - Fragmentation : Before encryption #3: Tunnel Interface Configuration Outside IP Addresses: - Customer Gateway : 217.33.22.33 - Virtual Private Gateway : 87.222.33.46 Inside IP Addresses - Customer Gateway : 169.254.254.6/30 - Virtual Private Gateway : 169.254.254.5/30 Configure your tunnel to fragment at the optimal size: - Tunnel interface MTU : 1436 bytes #4: Static Routing Configuration: Static Route Configuration Options: - Next hop : 169.254.254.5 You should add static routes towards your internal network on the VGW. The VGW will then send traffic towards your internal network over the tunnels. EDIT #1 After writing this post, I continued to fiddle and something started to work, just not very reliably. The local IPs to use when setting up the tunnels where indeed my network subnets. Which further confuses me over what these "inside" IP addresses are for. The problem is, results are not consistent what so ever. I can "sometimes" ping, I can "sometimes" RDP using the VPN. Sometimes, Tunnel 1 or Tunnel 2 can be up or down. When I came back into work today, Tunnel 1 was down, so I deleted it and re-created it from scratch. Now I cant ping anything, but Amazon AND the router are telling me tunnel 1/2 are fine. I guess the router/vpn hardware I have just isnt up to the job..... EDIT #2 Now Tunnel 1 is up, Tunnel 2 is down (I didn't change any settings) and I can ping/rdp again. EDIT #3 Screenshot of route table that the router has built up. Current state (tunnel 1 still up and going string, 2 is still down and wont re-connect)

    Read the article

  • Setting up Lan within a Lan

    - by nageeb
    How unreasonable would it be to setup a small LAN within an existing LAN? I'm setting up a series of video surveillance servers and a number of IP cameras in a client's location and cannot have my equipment on the same network as their local machines. My network is essentially self-contained and the only device that anyone needs to access is a web-app on one of the machines. Basically I'm thinking of installing a SOHO router which would uplink to their LAN, and then set up some NAT rules on both their router and my router, to allow outside access to the webserver. Is there anything fundamental that i'm missing which would prevent this from working?

    Read the article

  • Can't Remote into Windows Server

    - by Brian
    Hello, I have a Dell server wired into the router. I was able to connect to it with my laptop (laptop is wireless) before my router died. My verizon router went kaput, and I got everything else back up and running on the wireless network other than the remoting in feature, even though I can access the server through windows explorer just fine. Any ideas why? What do I need to check? UPDATE: Interesting scenario, Network Discovery is off; I turn it on and save, but for some reason, even after that, network discovery is turning itself off... no idea why that is happening? Thanks.

    Read the article

  • Proxy arp and 1:1 NAT

    - by daniel4er
    I have a Linux router with 2 NICs doing masquerade from network 192.168.0.0/24 to an ADSL router. users <----> NIC A [router] NIC B <----> INTERNET Now I'm experimenting with proxy arp on the NIC A to intercept all the IP requests in the network. I have a pool of addresses in the 192.168.0.0/24 network for this users. How can I translate, saythe IP10.0.0.64to192.168.0.64` in order to grant it internet access? I have already tried SNAT - DNAT, even I have written a NFQUEUE app to spoof the IP address with no luck.

    Read the article

  • Network issues with DNS not being found

    - by Anriëtte Combrink
    Hi there This is exactly like how our network looks like: Single server with a network router Everything is setup, but I cannot connect our Macs under the Login Options - Join... to this server. Our server's name is Toolbox and I have tried Toolbox.local, Toolbox.private, prepended the afp:// protocol to the name, but nothing, our Macs just don't want to connect this way. Our router has DHCP and gives out all the IP addresses naturally, would I have to add Toolbox.local to the DNS on the router and like it via static internal IP to the server? Our Macs keep giving the following error while trying to join the Network Account Server: Unable to add server Could not resolve the address (2200) What am I doing wrong?

    Read the article

  • Switch smarthosts in Exchange when using dual WAN

    - by mat0ng
    Hi everybody, I'd like to know if it's possible to setup Exchange 2003/2007 to switch between smarthosts, based on the WAN connection currently in use. Example scenario: I have two WAN connections with different ISP's. Exchange is running behind a dual WAN router. The router is setup to fall back to secondary WAN when primary WAN fails. The smarthost set in Exchange is the SMTP server of the primary ISP. Because the smarthost set in Exchange only allows relaying from IP's of the primary WAN sending mail won't work when the router falls back to the secondary WAN. Sending mail directly through DNS MX lookup is an option but the ISP's have dynamic IP's that get blacklisted a lot. Thanks in advance!

    Read the article

  • PPTP VPN on OS X and iOS failed to connect Facebook and Youtube

    - by bGiraffe
    Thnaks for reading. I setup a VPN server on my Buffalo WHR-HP-G300N router at Macau, and use it for access website over China Firewall when i travel in China. On Android and Windows, everything work fine, however on my Macbook Air and iPad, it is not working. I can access blocked site like badoo.com but not facebook and youtube. If i ping it at terminal, it said "ping: cannot resolve facebook.com: Unknown host". After i read this http://cp.hidemynet.com/knowledgebase.php?action=displayarticle&id=26, i find i can restart my router and reboot my Macbook, and connect to VPN before any request to any blocked site so that i can successfully connect to facebook and youtube. However it works sometime but not always. It is really annoying because i need to work on VPN and my Mac, would anyone can help me to solve it? Rather than restarting my router and my Mac every time. Please HELP!!! regards

    Read the article

  • Should I use 802.11n with a 15 Mbps ISP (Comcast Cable)?

    - by stackoverflowuser2010
    I currently own a LinkSys-WRT54GL 802.11a/b/g wireless router, and my ISP is Comcast Cable providing me with 15 Mbps (that's bits per second, I believe) download speed. I am wondering if there is any benefit with using an 802.11n wireless router to access the Internet? The maximum theoretical speed of the WRT54GL router is 54 Mbps (802.11g), which is faster than the 15 Mbps provided by my ISP. I know that 802.11n has a max bandwidth of 300 Mbps, and it would help for intra-house transfers, such as streaming video from one computer to another. But is there any benefit to 802.11n for Internet activity, such as web browswing, gaming, and streaming video from Netflix?

    Read the article

  • Understanding how Tracert works

    - by iridescent
    From what I gathered so far, Tracert works by sending 3 ICMP echo messages. Starting with a TTL value of 1. For each router the packet encounters, the TTL value will be decremented. For the 1st router, 1-1 = 0, so an ICMP "time exceeded" message will be sent back to the sender machine. Next, the TTL value will be incremented to 2 by the sender machine and the cycle repeats for the 2nd router (2--1--0) and so on. Please correct me if my undestanding is flawed. I am curious as to why the ICMP "time exceeded" message isn't displayed by Tracert in Command Prompt since it is in fact an error message ? The cycle simply proceeds on. Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >