Add an additional public IP address to the RAC

Hello
We have cluster RAC 10 g 2 with two nodes (Linux x 64). There is a public (NIC1), a virtual (NIC1) and an ip address private (NIC2) on each node.
We also have free NIC on each server.
For some reason, we need access to CARS from another public network and question is that is it possible to put another public IP of another free network NIC and it'll work?

Hello

This feature is not available in point 10.2.
If you upgrade to 11.2, then you have a solution:

How to configure a listener of the Second on a separate network infrastructure Grid 11.2 (Doc ID 1063571.1)

PS: upgrade is anyway advisable, since 10.2 is close to EOL.

Concerning
Sebastian

Tags: Database

Similar Questions

  • ASA 5510 VPN - using a public IP address for the local network

    Hello, I have a problem which is probably very simple, but I can't seem to understand.

    I set up a site IPsec connection to another with a company, something I've done many times before without a problem. I use ASDM to configure this, because it is quick and painless, usually.

    We have one number of other site-to-site currently configured connections and works very well on this ASA, these are configured with the "Protected network - LAN" configured with the IP private of hosts within our network, we want to make available through the separate tunnels. This includes the configuration setting on our ASA for each connection to "guests aside ASA exempt from NAT.

    With this new link, however, the company asked us to use a public IP address for the host that we want to achieve through the tunnel. I don't know why, but they demand it. So I added a NAT rule for inside the host and set up the connection with the public IP address under "Local network". During the test to try to reach a host to their side, the tunnel didn't even try to open.

    What is the method here? I don't see where I'm wrong. I'm guessing that the 'host side ASA exempt from NAT' does not require for this, how if the ASA would know which internal host is the public IP address.

    Any ideas?

    Hi Leo,

    The steps are:

    1. Add the policy rule NAT for the specific host.

    2 - define the IP NAT as your LOCAL NETWORK address in the encryption settings.

    3 make sure that there is no rule NAT exempt for this host to the specific destination.

    What happens if you run a package tracer?

    Thank you.

  • Is it posible to the public ip address of the default locking?

    Is it posible to block the public IP address by default on multiWAN routers?

    I have several RV016 with up to 4 30Mbps Internet VDSL lines each and using the latest firmware to load 50-200 customer balance.

    When it is used for navigation, some sites will have to lock public source IP of the customer (especially sites that requires a user authentication).

    From a server point of view, public IP address will be between public IPs provided by ISP, automatic suite 4 round robin load balancing strategy.

    As public IP, read by the server changed server reduced session, users will need to enter username and password again to connect.

    Is it posible to lock this public IP for awhile to idle? (he has been featured on my old router BeWAN LX400H as "timer LockSource IP")

    ebarriera,

    The RV016 has no functionality like timer LockSource IP unfortunately. It's a common problem with load in the Cisco Small Business routers and key balancing mainly "secure them" traffic like HTTPS and RDP. I would test balance HTTP traffic and link HTTPS traffic to a WAN port and see if you get decent results.

    -Marty

  • Too many IP addresses on the RAC cluster node

    I have 2 Virtual Box computers running a 11.2.0.3 RAC cluster using Oracle Linux 6.3.

    It is / etc/hosts on the first node:

    [root@vmoe1 etc] # cat/etc/hosts

    127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

    : 1 localhost localhost.localdomain localhost6 localhost6.localdomain6

    #

    # Public

    192.168.56.51 vmoe1.localdomain vmoe1

    192.168.56.52 vmoe2.localdomain vmoe2

    # Private

    192.168.43.51 vmoe1 - priv.localdomain vmoe1-priv

    192.168.43.52 vmoe2 - priv.localdomain vmoe2-priv

    # Virtual

    192.168.56.61 vmoe1 - vip.localdomain vmoe1-vip

    192.168.56.62 vmoe2 - vip.localdomain vmoe2-vip

    #

    192.168.56.74 ol6elsa0

    #

    192.168.56.251 c11.localdomain c11

    [root@vmoe1 etc] #

    IP configuration scripts are:

    [root@vmoe1 network-scripts] # cat ifcfg-eth0

    DEVICE = 'eth0 '.

    IPADDR = 10.0.2.15

    HWADDR = "08:00:27:D5:E5:93."

    TYPE = "Ethernet".

    [root@vmoe1 network-scripts] # cat ifcfg-eth1

    DEVICE = 'eth1 '.

    IPADDR = 192.168.56.51

    HWADDR = "" 08:00:27:7 C: 08:7F ""

    TYPE = "Ethernet".

    [root@vmoe1 network-scripts] # cat ifcfg-eth2

    DEVICE = "eth2".

    IPADDR = 192.168.43.51

    HWADDR = "08:00:27:E9:E8:99."

    TYPE = "Ethernet".

    [root@vmoe1 network-scripts] #.

    But if I run ifconfig, I see that too many IP addresses are assigned:

    [root@vmoe1 network-scripts] # ifconfig

    eth0 Link encap HWaddr 08:00:27:D5:E5:93

    INET addr:10.0.2.15 Bcast:10.255.255.255 mask: 255.0.0.0

    ADR inet6: fe80::a00:27ff:fed5:e593 / 64 Scope: link

    RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

    Fall of RX packets: 146 errors: 0:0 overruns: 0 frame: 0

    Dropped packets: 219 TX errors: 0:0 overruns: 0 carrier: 0

    collisions: 0 txqueuelen:1000

    RX bytes: 11370 (11,1 KiB) TX bytes: 22754 (22.2 KiB)

    eth1 Link encap HWaddr 08:00:27:7 C: 08:7F

    INET addr:192.168.56.51 Bcast:192.168.56.255 mask: 255.255.255.0

    ADR inet6: fe80::a00:27ff:fe7c:87f / 64 Scope: link

    RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

    Fall of RX packets: 2982 errors: 0:0 overruns: 0 frame: 0

    Dropped packets: 2063 TX errors: 0:0 overruns: 0 carrier: 0

    collisions: 0 txqueuelen:1000

    RX bytes: 355353 (347,0 KiB) TX bytes: 478295 (467.0 KiB)

    eth1:1 Link encap HWaddr 08:00:27:7 C: 08:7F

    INET addr:192.168.56.61 Bcast:192.168.56.255 mask: 255.255.255.0

    RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

    eth1:2 Link encap HWaddr 08:00:27:7 C: 08:7F

    INET addr:192.168.56.65 Bcast:192.168.56.255 mask: 255.255.255.0

    RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

    eth2 Link encap HWaddr 08:00:27:E9:E8:99

    INET addr:192.168.43.51 Bcast:192.168.43.255 mask: 255.255.255.0

    ADR inet6: fe80::a00:27ff:fee9:e899 / 64 Scope: link

    RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

    Dropped packets: 197896 RX errors: 0:0 overruns: 0 frame: 0

    Dropped packets: 128717 TX errors: 0:0 overruns: 0 carrier: 0

    collisions: 0 txqueuelen:1000

    RX bytes: 160437548 (153,0 MiB) TX bytes: 62783891 (59.8 MiB)

    eth2:1 Link encap HWaddr 08:00:27:E9:E8:99

    INET addr:169.254.237.102 Bcast:169.254.255.255 mask: 255.255.0.0

    RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

    Lo encap:Local Loopback link

    INET addr:127.0.0.1 mask: 255.0.0.0

    ADR inet6:: 1/128 Scope: host

    RACE of LOOPING 16436 Metric: 1

    Fall of RX packets: 32960 errors: 0:0 overruns: 0 frame: 0

    Dropped packets: 32960 TX errors: 0:0 overruns: 0 carrier: 0

    collisions: 0 txqueuelen:0

    RX bytes: 19428995 (18.5 MiB) TX bytes: 19428995 (18.5 MiB)

    [root@vmoe1 network-scripts] #.

    According to syslog, it seems that NTP uses IP addresses a lot for example 192.168.56.65:

    [root@vmoe1 network-scripts] # grep "56.65" var

    Mar 19 14:35 vmoe1 ntpd [1545]: listening on the interface #11 eth1:1, 192.168.56.65 #123 Enabled

    Mar 19 14:43:23 vmoe1 ntpd [1735]: listening on the interface #12 eth1:2, 192.168.56.65 #123 Enabled

    [root@vmoe1 network-scripts] #.


    Can someone explain why 192.168.56.65 this IP address is used by eth1:2?

    I found the reason why: IP addresses ending with 64, 65 and 66 are used by the listener to SCAN:

    [root@vmoe2 ~]# srvctl config scan
SCAN name: vmoe-scan.localdomain, Network: 1/192.168.56.0/255.255.255.0/eth1
SCAN VIP name: scan1, IP: /vmoe-scan.localdomain/192.168.56.65
SCAN VIP name: scan2, IP: /vmoe-scan.localdomain/192.168.56.66
SCAN VIP name: scan3, IP: /vmoe-scan.localdomain/192.168.56.64

  • A Site to remote access VPN behind the same public IP address

    Got a problem quite stupid.  We have a VPN from Site to Site configured for a new data center, which will be responsible for general traffic management.  In addition, some users need to use use a VPN client to access certain areas.  The firewall at the Office only has a public IP address, so the two will come to the Site to Site VPN for remote access from the same source.

    This seems a problem with legacy Cisco VPN clients because encryption card matches the entry VPN site-to-site, even if they use VPN clients.  A good/simple solution to solve this problem?

    Some newspapers (198.18.85.23) is the address public IP for the office and the tom.jones is the user.  192.168.1.0/24 is the pool of the VPN client.

    January 7, 2014 19:12:52 ASA5515: % 713130-5-ASA: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, transaction mode attribute unhandled received: 5

    January 7, 2014 19:12:52 ASA5515: % 737003-5-ASA: PISG: DHCP not configured, no viable servers found for tunnel-group "Corp-VPN.

    January 7, 2014 19:12:52 ASA5515: % 713119-5-ASA: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, PHASE 1 COMPLETED

    January 7, 2014 19:12:52 ASA5515: % ASA-3-713061: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, IPSec tunnel rejecting: no entry for crypto for proxy card remote proxy 192.168.1.4/255.255.255.255/0/0 local 0.0.0.0/0.0.0.0/0/0 on the interface outside

    January 7, 2014 19:12:52 ASA5515: % ASA-3-713902: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, error QM WSF (P2 struct & 0x00007fff28dab560, mess id 0x37575f3c).

    January 7, 2014 19:12:52 ASA5515: % ASA-3-713902: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, peer table correlator Removing failed, no match!

    January 7, 2014 19:12:52 ASA5515: % 713259-5-ASA: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, Session is be demolished. Reason: political crypto card not found

    January 7, 2014 19:12:52 ASA5515: % ASA-4-113019: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, disconnected Session. Session type: IKEv1, duration: 0 h: 00 m: 02s, xmt bytes: 0, RRs bytes: 0, right: not found card crypto policy

    January 7, 2014 19:12:53 ASA5515: % 713904-5-ASA: IP = 198.18.85.23, encrypted packet received with any HIS correspondent, drop

    Hello

    Don't know if this will work, but you can try the following configuration (with the rest of the VPN configuration)

    list-access CLIENT VPN ip enable any 192.168.1.0 255.255.255.0

    card crypto OUTSIDE_map 4 is the VPN CLIENT address

    card crypto OUTSIDE_map 4 set peer 198.18.85.23

    card crypto OUTSIDE_map 4 set ikev1 transform-set ESP-AES-128-SHA ESP-3DES-SHA

    The idea would be to have the ACL matches the VPN full Tunnel that the Client attempts to establish. (destination "any" from the point of view of the customer, the ASAs view source)

    I tested briefly on my own SAA by connecting from an IP address to which the ASA offers free VPN in L2L. But as I don't have the operational L2L VPN, I can't really verify the VPN L2L at the moment. Thus, certain risks may be involved if you can afford it.

    -Jouni

  • L2l VPN between ASA with the IP address public and CISCO2911 behind the ISP router with port forwarding

    Hi all

    My apologies if this is a trivial question, but I spent considerable time trying to search and had no luck.

    I encountered a problem trying to set up a temporary L2L VPN from a Subscriber with CISCO2911 sitting behind the router of the ISP of an ASA. ISP has informed that I can't ignore their device and complete the circuit Internet on the Cisco for a reason, so I'm stuck with it. The Setup is:

    company 10.1.17.1 - y.y.y.y - router Internet - z.z.z.z - ISP - LAN - 10.x.x.2 - XXX1 - ASA - 10.1.17.2 - CISCO2911 - 10.1.15.1 LAN

    where 10.x.x.x is a corporate LAN Beach private network, y.y.y.y is a public ip address assigned to the external interface of the ASA and the z.z.z.z is the public IP address of the ISP router.

    I have forwarded ports 500, 4500 and ESP on the ISP router for 10.1.17.2. The 2911 config attached below, what I can't understand is what peer IP address to configure on the SAA, because if I use z.z.z.z it will be a cause of incompatibility of identity 2911 identifies himself as 10.1.17.2...

    ! ^ ^ ^ ISAKMP (Phase 1) ^ ^ ^!
    crypto ISAKMP policy 5
    BA 3des
    md5 hash
    preshared authentication
    Group 2
    lifetime 28800
    isakmp encryption key * address no.-xauth y.y.y.y

    ! ^ ^ ^ IPSEC (Phase 2) ^ ^ ^!
    crymap extended IP access list
    IP 10.1.15.0 allow 0.0.0.255 10.0.0.0 0.255.255.255
    Crypto ipsec transform-set ESP-3DES-SHA 3rd-esp esp-sha-hmac
    card crypto 1 TUNNEL VPN ipsec-isakmp
    defined peer y.y.y.y
    game of transformation-ESP-3DES-SHA
    match the address crymap

    Gi0/2 interface
    card crypto VPN TUNNEL

    Hello

    debug output, it seems he's going on IPSEC States at the tunnel of final bud QM_IDLE's.

    What I noticed in your configuration of ASA box, it's that you're usig PFS but not on 2911 router.

    So I suggest:

    no card crypto OUTSIDE_map 4 don't set pfs <-- this="" will="" disable="" pfs="" on="" asa="">

    Then try tunnel initiate.

    Kind regards

    Jan

  • ASA 5520: SSL VPN by using a different IP address that the ASA public IP address

    Hi guys,.

    I'm trying to configure an SSL VPN on a Cisco ASA5520.

    Unfortunately port 443 interface OUTSIDE of the SAA is already used by Microsoft Outlook Web Access and I can not change the configuration of Outlook. This configuration already in place allows me to use the public IP address of the ASA as IP Cisco VPN for the Web page.

    I don't not want to use a different port so to keep life easy for users.

    I have a few available public IPs that I can use so I wanted to use one of them instead of the OUTSIDE of the ASA interface. Any idea how I could do?

    Thank you

    Dario

    Unfortunately you can not use any other public ip address, except the ASA outside IP interface to complete the SSL VPN.

    The only options that you have is to change the Outlook to use another port or the SSL VPN to use a different port.

  • Problem adding email address to the site 'Manage your Apple ID'

    I want to add my XYZ e-mail address in the section "reachable to the ' site ' manage your Apple ID. However, I get the following message: "this e-mail address is already in use with another apple ID".

    Note that I have my email set up as my 'rescue email' XYZ on my site ' manage your Apple ID ".

    Could it be the cause of the problem? In other words, the rescue email CAN NOT be used in the section "can be reached to the?

    If it's NOT a problem, then why am I allowed to use my e-mail XYZ as my 'rescue email' address for my Apple ID site, even if he uses another apple ID!

    How can I know what another apple what ID?

    Very confusing to say the least...

    Furthermore, I tried to find a community called 'Apple ID' or 'Messages' of this post "help message" but couldn't find it. "FaceTime" is the closest to what I'm looking for. Please redirect me to the appropriate site if necessary. Thank you!

    Hello Michael,

    Thank you for using communities of Apple support.

    I see you are trying to add an additional email address to your Apple ID. If you already have an address assigned as your email of relief, that is probably why you can't add it as an additional e-mail address. See this support article for more information about Apple ID addresses: on your Apple ID email addresses

    If you want to change the emails, you can replace the recovery email address and use it as an additional e-mail address.

    Best regards.

  • public ip address for asa

    Hello...

    We have router Cisco No. 2851 and asa firewall. We have configured on the connected he for phones IP and ISP router. The ISP directly plugged into the router and asa firewall connected to the router. We want to configure VPN on the router. We have the available public ip address. If I configure VPN on the firewall to configure the local ip address of firewall to the public ip address. SO how do you configure the firewall local ip to public ip? Where we can set up, average on the router or firewall. Please see the configuration of my router and firewall...

    Help, please...

    The ASA would generally when configure you your public IP address. The firewall must normally have a public IP address on the external interface for this work. Once it does, you can perform the dynamic NAT for outbound connections ("global (outside) 1 xxx.xxx.xxx.185 netmask 255.255.255.255" does this).

    But on the config you plugged your external interface address private (RFC 1918):

    interface Ethernet0/3

    Speed 100

    full duplex

    nameif outside

    security-level 0

    IP 192.168.255.2 255.255.255.252

    In addition, it is that a 30 only gives you two addresses - one for the ASA and the other for Gi0/0 of the router (by this config you have also attached). It is a weird Setup, but it seems to have been hacked together to work using the statement of routing on the router "ip route xxx.xxx.xxx.184 255.255.255.248 192.168.255.2.

    It's really a bit of a mess and extending further may be possible but will make it even more complicated. I advise you to have someone to sit down and rework the way public IP addresses are routed to make it look like a more typical configuration.

  • How simulate correctly a VM with public IP address

    Hi I need simulate a computer virtual which is connected to the public Internet with public IP addresses in VMware Workstation but don't know if I'm using appropriate measures.  I did something like this:

    1. Start the virtual network Editor, click Add Network.
    2. When the new network is created (IE VMnet2), I select "Host-only (connect VMs internally in a private network).
    3. Check the box "connect a virtual network adapter.
    4. Assign the corresponding Internet public IP subnet to subnet IP subnet mask fields and.
      Note for some reason I'm not able to use anything that does not begin with x.x.x.0.  For example, I am able to use 109.122.105.0 and 255.255.255.0, but not 109.122.105.90 and 255.255.255.248.  If anyone knows why please help us with that as well.
    5. On the virtual machine, I will then edit the hardware settings and assign the network device to VMnet2.

    Issues related to the:

    1. Is - what the right way to say simulating virtual machine running in my PC with public IP addresses?  The goal is to preserve the settings of the virtual machine without changing anything.
    2. Is traffic from my PC targeting this public IP address will be only referred to this VM and not on the Internet?  It seems that it is indeed the case, even when I'm connected to the Internet, but I just want to check if it comes to the way it was designed to work.
    3. Why would network editor virtual allows us only to 109.122.105.0/24 (IE with 255.255.255.0) rather than 109.122.105.90/29 (that is to say with 255.255.255.248)?
    4. Is it possible to visualize the vSwitches and VMnets that are running on my PC?  With vSphere client connected to ESXi, I am able to see how they are visually connected when I click on Configuration of the host and then network.

    1.) unless you need to access the virtual machine on the host virtual network adapter, you must create a separate vmnet.

    2.) on a single host network traffic will not stay internally. However, creating such vmnet with a virtual map of the host can prevent host access this specific Internet subnet, because traffic is routed internally.

    (3.) the appropriate subnet ID in this case is 109.122.105. 29 88(see, for example, http://www.subnet-calculator.com/)

    4.) No, nothing that I would like to know of.

    André

  • How to share an IP address between the host and the VM?

    I'm a newbie on VMWare, and I hope that this question has a simple answer... I have a physical machine, I have turned into a VM today and am now running as VM on Workstation 6.5. This physical machine had a static IP address which must remain public, but I can't get a second IP address on the same subnet of the host. How can I get static IP even stay on the virtual machine without attributing an IP address of NIC1 host?

    Or is it possible to assign static IP address to the host NIC1 use somehow fill? That seems still, however, require an IP address on the host and the guest of virtual computer.

    I also looked in NAT, but I do not know how to assign the NAT specifically to NIC1 on the host. I have NIC2 and NIC3 with different IPs on different subnets.

    Thanks in advance.

    drmuzik wrote:

    So with the bridge, the NIC host does not have an IP address?

    Well the exact answer depends on those needs specific and explicit, but assuming that the physical machine will be connected directly to the Internet and the virtual machine uses a static public IP address then the physical machine may not have a public IP address if the only one you have is assigned to the virtual machine.  This is why I said delete everything except Protocolto Bridged from VMware on the physical target network adapter.

    Yet once if you had included the host and Guest OS operating system information it helps us to be more specific with answers to questions and given that you do not I will generalize and do not take the time to explain all the scenarios possible use cases.  In a case like this one containing explicit and specific local network topology details and that it connects to the Internet may also be useful to provide more explicit and specific answers.

    In addition if you have not already read chapters 14 & 15, covering networking, workstation users manual you should as it will help provide toys better understand virtual network infrastructure.

  • Flex publish / subscribe does not public IP address

    I installed the last Flex Express LCD on top of ColdFusion 8 enterprise demo installed as JRUN/multiserver and got it all to work when you run directly from the server using the "' http://127.0.0.1:8300 / samples". " However, when I run outside with public IP address of the server, then everything works except for samples of publsh/membership push. They just hang and impossible to subscribe. Any ideas? What is a restriction on the LSCDS Express or the CF8 demo version? Or maybe a port problem? We have all ports closed except for those needed. There is an additional port that is to be opened in addition to 8300? Thanks for any help.

    I think I found the problem. It seems you must have port 2037 open for RTMP to work e-mail with sample apps. This port is closed on our firewall and I suspect that's why I'm having a problem. I'll get my network guy to make the change on Monday and then I'll try it again. Probably that it will solve.

  • How Internet IP address with the Linksys BEFSX41 router pings?

    Hello.

    Does anyone know how to let my Internet IP address responding to pings from the outside with this model of router? I can't seem to find the option to set (the configurations of way more than my old Netgear RT311). I couldn't find it via Google search (all internal pings). I use the 1.52.15 firmware version.

    Thank you in advance.

    See the demo of the UI here. Change the option "Block anonymous Internet requests" for people with reduced mobility. Then the router will respond to the pings on the ip address. If this does not work once you change it, check that the BEF was really a public IP address on the internet port. Check the status page it shows what IP address the router uses on the internet port.

  • Site to Site VPN between ISR4331(Data Center) and 25 branches with RV042 and dynamic public IP address

    Hi, we just got router ISR4331. We will use this router to our datacenter as pummel hub. Not to mention that it will be the static IP address. Our goal is to connect 30 small offices to the Datacenter by VPN site-to-site. All of our offices a RV042 router and DSL connection, so dynamic public IP. How to accomplish this task. Before the VPN connection is stable and the need not to configure tunnels frequently.

    Thank you

    GM

    Hello

    Please check the config below:

    HUBS:

    crypto ISAKMP policy 1

     BA 3des
    md5 hash
    preshared authentication
    Group 2
    life 86400
    crypto isakmp secretkey key address 0.0.0.0 0.0.0.0 (Having said that the dynamic router HUB remote routers have public ip address)
    Describe your valuable traffic. Note that I have sepcified for both tunnels, but basically, it will be the same for the rest out for the destination. For example, I used 192.168.1.0/24 and 192.168.2.0/24. You will need to replace it with your existing installation.
    TUN1 extended IP access list
    ip permit 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    TUN2 extended IP access list
    ip permit 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
    Create your strategy to Phase 2
    Crypto ipsec transform-set esp-3des esp-md5-hmac TS
    card crypto S2STUN 1-isakmp dynamic ipsec HUB_TUN
    crypto dynamic-map HUB_TUN 10

    86400 seconds, life of security association set
    game of transformation-TS
    match address TUN1
    !
    crypto dynamic-map HUB_TUN 11
    86400 seconds, life of security association set
    game of transformation-TS
    match address TUN2
    Now apply the card encryption to your WAN interface
    gi0/1 interface
    card crypto S2STUN
    Now configure on your remote routers
    Remote router 1
    crypto ISAKMP policy 1
    BA 3des

    md5 hash
    preshared authentication
    Group 2
    life 86400
    !
    ISAKMP crypto secretkey key address x.x.x.x (replace with your public ip address of the HUB)
    !
    TUNNEL TRAFFIC extended IP access list
    permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
    !
    Crypto ipsec transform-set esp-3des esp-md5-hmac TS
    !
    crypto card TUN_TO_HUB 10 ipsec-isakmp
    defined peer x.x.x.x (replace with your public ip address of the hub)
    game of transformation-TS
    match address TRAFFIC TUNNEL
    !
    gi0/1 interface
    card crypto TUN_TO_HUB
    Remote router 2
    crypto ISAKMP policy 1

    BA 3des

    md5 hash
    preshared authentication
    Group 2
    life 86400
    !
    ISAKMP crypto secretkey key address x.x.x.x (replace with your public ip address of the HUB)
    !
    TUNNEL TRAFFIC extended IP access list
    ip licensing 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
    !
    Crypto ipsec transform-set esp-3des esp-md5-hmac TS
    !
    crypto card TUN_TO_HUB 10 ipsec-isakmp
    defined peer x.x.x.x (replace with your public ip address of the hub)
    game of transformation-TS
    match address TRAFFIC TUNNEL
    !
    gi0/1 interface
    card crypto TUN_TO_HUB

    HTH.
    Evaluate the useful ticket.
    Kind regards
    Terence

  • Change the IP address of the external Interface

    I need to change the IP address of the external interface remotely.  I have SSH in to the ASA plan and make a change.  I can't be there to make this change, since the site is out of State.  There will be problems?  The current configuration is

    interface Ethernet0/0
    nameif outside
    security-level 0
    IP 66.102.7.22 255.255.255.248

    The new IP address will be 66.102.7.18 255.255.255.248.  Also, is this the right syntax?

    interface Ethernet 0/0

    no address ip 66.102.7.22 255.255.255.248

    IP 66.102.7.18 255.255.255.248

    Thank you.

    Diane

    Diane,

    If you access the ASA via its public IP address on the external interface, and if you change this IP address, you will lose communication with the ASA.

    It's better if you can make the change from the inside.

    If you need to change remotely, you can change the IP address, and then try the SSH connection to the new IP address.

    However if a problem occurs, you cannot access the ASA.

    The syntax is correct.

    Federico.

Maybe you are looking for