Best practice: Forwarding or Port Address Translation
I have a RV320 of delivery and some of the services I want to expose to the internet.
When you configure the router, I found 2 features allowing me to expose services, and both work as expected.
Transmission: Transmit a range of ports to an internal host (for example, 80-80).
Port Address Translation: Pass a port outside to another port (e.g. 80-> 80) inside
The question is this: is it better to use the transfer, specifying several slices 1 port each (e.g., 80, 443, 25, 22), or is it better to use PAT, specify the same port on both outside and inside?
Both have the same purpose, it would be easier to follow if you just use transfer. Port Address Translation is really used if you want to specify individual ports or multiple ports to a single port (e.g. 123-> 80)
Tags: Cisco Support
Similar Questions
-
RV-320 Port Address Translation does not
Hi all
I have a really weird question that drives me crazy. I have a somewhat complex configuration that goes something like: access provider Internet by Modem cable ==> internal ==> ASA5505 ==> LAN router. Have a few servers on the internal network, I want to be able to access from the outside.
Everything worked fine until I decided to trade in my old router 1841 for this RV router, because it has faster WAN interfaces and uses less energy. Initial Setup was extremely easy. Port Address Translation is enabled by default, my internal clients can get out of the 'net without problem. But no matter what I try, I can't access internal servers.
I contacted the support of Cisco. They spent about 2 hours on my machine and ultimately told me that the problem is with my ASA (it is no longer under warranty). But still I can disconnect the RV and reconnect the 1841 (or a former 1605, I still have) and all begin to operate.
To prove or disprove the ASA being the culprit, I decided to test trying to open an SSH session to the SAA itself. Should not be double-nat, as the ASA didn't need to pass this traffic to another internal peripheral.
Once I try a connection (and it fails), I check the log "inbound" on the RV he gets 3 hits, indicating 'successful connection '.
Details of the journal are strange. It shows the port as Eth1 and port out Eth0. Seems to me this should be reversed, as I use as my ISP port WAN1 and WAN2 for my network internal.
The IP Source address matches the external IP I use; lists correctly inside the ASA
Most confusing are the MAC addresses. The MAC Source does not belong to everything that I have, I would say. I checked all the interfaces on the RV, the ASA and my switches. The MAC (00:12:d9:54:a7:63) shows that belonging to Cisco. My cable modem is a Cisco device. But it shows a completely different Mac. It is a mystery. Then address MAC of Destination solved the WAN1 on the RV is interface * that * correct?
Please tell me where I can go from here. I can't believe that this device cannot successfully perform a translation of port address / redirect.
Thank you!
Brian
Brian,
Sorry about the way it had to go on the creation of personalized services, I didn't it would fail to ports known. I'll see if I can find someone here who can give advice on the installation of the ASA, although this would be a good idea to post your questions and config in these forums.
-Marty
-
ATA187 Port unused 2 - best practices?
Hello
I am deploying some ATA187s connection to CUCM 9.1.
I only need to use a port so the second port is not used, but I noticed from the ATA web page that it is trying to register with CUCM.
What is the best practice for port 2? -is it ok to leave set to CUCM or is it recommended to create a phone ATA187 in CUCM with DN is fake?
Or is it possible to disable the port 2?
Thank you
Hi James,
Life expectancy is to treat you well buddy!
For my 2 cents$ I prefer just to add a dummy DN to port 2 to keep
sending of the zillions of record attempts. There is a way to disable the port
(I'm sure) but I like just the path of least resistance especially when
You can use the port next week
See you soon!
Rob
"Why don't the best things always go away."
-The band
-
Dell MD3620i connect to vmware - best practices
Hello community,
I bought a Dell MD3620i with 2 x ports Ethernet 10Gbase-T on each controller (2 x controllers).
My vmware environment consists of 2 x ESXi hosts (each with 2ports x 1Gbase-T) and a HP Lefthand (also 1Gbase-T) storage. The switches I have are the Cisco3750 who have only 1Gbase-T Ethernet.
I'll replace this HP storage with DELL storage.
As I have never worked with stores of DELL, I need your help in answering my questions:1. What is the best practices to connect to vmware at the Dell MD3620i hosts?
2. What is the process to create a LUN?
3. can I create more LUNS on a single disk group? or is the best practice to create a LUN on a group?
4. how to configure iSCSI 10GBase-T working on the 1 Gbit/s switch ports?
5 is the best practice to connect the Dell MD3620i directly to vmware without switch hosts?
6. the old iscsi on HP storage is in another network, I can do vmotion to move all the VMS in an iSCSI network to another, and then change the IP addresses iSCSI on vmware virtual machines uninterrupted hosts?
7. can I combine the two iSCSI ports to an interface of 2 Gbps to conenct to the switch? I use two switches, so I want to connect each controller to each switch limit their interfaces to 2 Gbps. My Question is, would be controller switched to another controller if the Ethernet link is located on the switch? (in which case a single reboot switch)Tahnks in advanse!
Basics of TCP/IP: a computer cannot connect to 2 different networks (isolated) (e.g. 2 directly attached the cables between the server and an iSCSI port SAN) who share the same subnet.
The corruption of data is very likely if you share the same vlan for iSCSI, however, performance and overall reliability would be affected.
With a MD3620i, here are some configuration scenarios using the factory default subnets (and for DAS configurations I have added 4 additional subnets):
Single switch (not recommended because the switch becomes your single point of failure):
Controller 0:
iSCSI port 0: 192.168.130.101
iSCSI port 1: 192.168.131.101
iSCSI port 2: 192.168.132.101
iSCSI port 4: 192.168.133.101
Controller 1:
iSCSI port 0: 192.168.130.102
iSCSI port 1: 192.168.131.102
iSCSI port 2: 192.168.132.102
iSCSI port 4: 192.168.133.102
Server 1:
iSCSI NIC 0: 192.168.130.110
iSCSI NIC 1: 192.168.131.110
iSCSI NIC 2: 192.168.132.110
iSCSI NIC 3: 192.168.133.110
Server 2:
All ports plug 1 switch (obviously).
If you only want to use the 2 NICs for iSCSI, have new server 1 Server subnet 130 and 131 and the use of the server 2 132 and 133, 3 then uses 130 and 131. This distributes the load of the e/s between the ports of iSCSI on the SAN.
Two switches (a VLAN for all iSCSI ports on this switch if):
NOTE: Do NOT link switches together. This avoids problems that occur on a switch does not affect the other switch.
Controller 0:
iSCSI port 0: 192.168.130.101-> for switch 1
iSCSI port 1: 192.168.131.101-> to switch 2
iSCSI port 2: 192.168.132.101-> for switch 1
iSCSI port 4: 192.168.133.101-> to switch 2
Controller 1:
iSCSI port 0: 192.168.130.102-> for switch 1
iSCSI port 1: 192.168.131.102-> to switch 2
iSCSI port 2: 192.168.132.102-> for switch 1
iSCSI port 4: 192.168.133.102-> to switch 2
Server 1:
iSCSI NIC 0: 192.168.130.110-> for switch 1
iSCSI NIC 1: 192.168.131.110-> to switch 2
iSCSI NIC 2: 192.168.132.110-> for switch 1
iSCSI NIC 3: 192.168.133.110-> to switch 2
Server 2:
Same note on the use of only 2 cards per server for iSCSI. In this configuration each server will always use two switches so that a failure of the switch should not take down your server iSCSI connectivity.
Quad switches (or 2 VLAN on each of the 2 switches above):
iSCSI port 0: 192.168.130.101-> for switch 1
iSCSI port 1: 192.168.131.101-> to switch 2
iSCSI port 2: 192.168.132.101-> switch 3
iSCSI port 4: 192.168.133.101-> at 4 switch
Controller 1:
iSCSI port 0: 192.168.130.102-> for switch 1
iSCSI port 1: 192.168.131.102-> to switch 2
iSCSI port 2: 192.168.132.102-> switch 3
iSCSI port 4: 192.168.133.102-> at 4 switch
Server 1:
iSCSI NIC 0: 192.168.130.110-> for switch 1
iSCSI NIC 1: 192.168.131.110-> to switch 2
iSCSI NIC 2: 192.168.132.110-> switch 3
iSCSI NIC 3: 192.168.133.110-> at 4 switch
Server 2:
In this case using 2 NICs per server is the first server uses the first 2 switches and the second server uses the second series of switches.
Join directly:
iSCSI port 0: 192.168.130.101-> server iSCSI NIC 1 (on an example of 192.168.130.110 IP)
iSCSI port 1: 192.168.131.101-> server iSCSI NIC 2 (on an example of 192.168.131.110 IP)
iSCSI port 2: 192.168.132.101-> server iSCSI NIC 3 (on an example of 192.168.132.110 IP)
iSCSI port 4: 192.168.133.101-> server iSCSI NIC 4 (on an example of 192.168.133.110 IP)
Controller 1:
iSCSI port 0: 192.168.134.102-> server iSCSI NIC 5 (on an example of 192.168.134.110 IP)
iSCSI port 1: 192.168.135.102-> server iSCSI NIC 6 (on an example of 192.168.135.110 IP)
iSCSI port 2: 192.168.136.102-> server iSCSI NIC 7 (on an example of 192.168.136.110 IP)
iSCSI port 4: 192.168.137.102-> server iSCSI NIC 8 (on an example of 192.168.137.110 IP)
I left just 4 subnets controller 1 on the '102' IPs for more easy changing future.
-
Best practices for vsphere 5.1
where can I find the doc more up-to-date about berries EQL configuration / best practices with vmware vsphere 5.1
Hello
Here is a link to a PDF file that covers best practices for ESXi and EQL.
Best EqualLogic practices ESX
en.Community.Dell.com/.../20434601.aspx
This doc mentions specifically that the storage Heartbeat VMKernel port is no longer necessary with ESXi v5.1. VMware has corrected the problem that made it necessary.
If you add it to a 5.1 system it will not hurt. It will take an IP address for each node.
If you upgrade 5.0 to 5.1, you can delete it later.
Here is a link to VMware which addresses this issue and has links to other Dell documents which confirm also that it is fixed in 5.1.
Kind regards
-
Best practices with streams WCCP of WAAS
Hello
I have a module WAAS SRE 910 in 2911 router that intercepts packets this router with WCCP.
All packets are received by the external interface (gi 0/2, connected to a switch with port configured in vlan WCCP) and are sent back to the router via the internal interface (IG 1/0 connected directly to the router):
WAAS # sh interface IG 1/0
Internet address: 10.0.1.1
Subnet mask: 255.255.255.0
State of the admin: to the top
Operating status: running
Maximum transfer unit size: 1500
Entry errors: 0
Entry packets dropped: 0
Packets received: 20631
Output errors: 0
Output packets dropped: 0
Load interval: 30
Input rate: 239 bps, 0 packets/s
Output: 3270892 bps, 592 packets/s
Packets sent: 110062
Auto-negotiation: on
Full Duplex: Yes
Speed: 1000 Mbit/s
WAAS # sh interface 2/0 gi
Internet address: 10.0.2.1
Subnet mask: 255.255.255.0
State of the admin: to the top
Operating status: running
Maximum transfer unit size: 1500
Entry errors: 0
Entry packets dropped: 0
Packets received: 86558
Output errors: 0
Output packets dropped: 0
Load interval: 30
Input rate: 2519130 bps, 579 packets/s
Output rate: 3431 bps, 2 packets/sec
Packets sent: 1580
Auto-negotiation: on
Full Duplex: Yes
Speed: 100 Mbps
The default route configured in module WAAS is 0.0.0.0/0 to 10.0.1.254 (interface of the router).
It would be better that the packets leave module WAAS of the external interface (instead of the internal interface)?
Is there a best practice recommended by Cisco on this?
Thank you.
Stéphane
Hi Stephane,
That's right, internal interface means SM1/0.
The best way is to have traffic at the start of the internal interface module so that we are sure, it hits the redirect exclude statement and that we do not have the crest of the loops because WCCP.
Kind regards
Nicolas
-
Best practices for network configuration of vSphere with two subnets?
Well, then I'll set up 3 ESXi hosts connected to storage shared with two different subnets. I configured the iSCSI initiator and the iSCSI with his own default gateway - 192.168.1.1 - targets through a Cisco router and did the same with the hosts configured with its own default gateway - 192.168.2.2. I don't know if I should have a router in the middle to route traffic between two subnets since I use iSCSI ports linking and grouping of NETWORK cards. If I shouldn't use a physical router, how do I route the traffic between different subnets and use iSCSI ports binding at the same time. What are the best practices for the implementation of a network with two subnets vSphere (ESX host network: iSCSI network)? Thank you in advance.
Install the most common iSCSI would be traffic between hosts and
the storage is not being routed, because a router it could reduce performance.
If you have VLAN 10(192.168.1.0/24) iSCSI, VLAN 20 (192.168.2.0/24) ESX
MGMT and VLAN 30 (192.168.3.0/24) comments VMs and VLAN 40 (192.168.4.0/24)
vMotion a deployment scenario might be something like:
NIC1 - vSwitch 0 - active VMK (192.168.1.10) MGMT, vMotion VMK (192.168.4.10)
standby
NIC2 - vSwitch 1 - current (VLAN30) guest virtual machine port group
NIC3 - vSwitch 2 - active VMK1 (192.168.1.10) iSCSI
NIC4 - vSwitch 2 - active VMK2 (192.168.1.11) iSCSI
NIC5 - vSwitch 1 - current (VLAN30) guest virtual machine port group
NIC6 - vSwitch 0 - MGMT VMK (192.168.2.10) standby, vMotion
VMK (192.168.4.10) active
You would place you on VLAN 10 storage with an IP address of something like target
192.168.1.8 and iSCSI traffic would remain on this VLAN. The default value
gateway configured in ESXi would be the router the VLAN 20 with an ip address of
something like 192.168.2.1. I hope that scenario help set some options.
Tuesday, June 24, 2014 19:16, vctl [email protected]>
-
Best practices for a NFS data store
I need to create a data store on a NAS and connect to some servers ESXi 5.0 as a NFS datastore.
It will be used to host virtual machines less used.
What are the best practices to create and connect a datastore NFS or networking and storage view bridges in order to get the best possible performance and decrease is not the overall performance of the network?
Concerning
Marius
Create a new subnet of layer 2 for your NFS data warehouses and set it up on his own vSwitch with two uplinks in an active configuration / eve of reunification. Uplink should be variously patches in two distinct physical switches and the subnet must have the disabled bridge so that NFS traffic is not routable in other parts of your network. NFS export can be restricted to the IP address of storage host IP (address of the VM kernel port you created for NFS in the first step), or any address on that subnet. This configuration isolates traffic NFS for performance, ensures the security and redundancy. You should also consult your whitepapers of storage vendors for any specific recommendation of the seller.
Data warehouses can be made available for the guests you wish and you can use Iometer to compare PAHO are / s and flow rate to see if it meets your expectations and requirements.
-
Best practices for managing strategies of path
Hello
I get conflicting advice on best practices for managed paths.
We are on version 4.0 of ESXi connection to a HP EVA8000. Best practices guide HP recommends setting the strategy of railways handle on Round Robin.
This seems to give two active paths to the optimized controller. See: http://h20195.www2.hp.com/v2/GetPDF.aspx/4AA1-2185ENW.pdf
We used certain consultants and they say that the best practices of Vmware for this solution is to use the MRU policy which translates a single path to the optimized controller.
So, any idea what good practice is best practice? Does make a difference?
TIA
Rob.
Always go with the recommendation of the storage provider. VMware recommendation is based on the characteristics of the generic array (controller, capable ALUA failover methods, etc.). The storage provider's recommendation is based on their performance and compatibility testing. You may want to review their recommendations carefully, however, to ensure that each point is what you want.
With the 8000, I ran with Round-Robin. This is the option of creating more robust paths available to you from a failover and performance point of view and can provide performance more even through the ports on the storage controller.
While I did of the specific tests/validation, the last time that I looked at the docs, the configuration of HP recommends that you configure each IO to the ports in the switch configuration. This adds the charge to the ESX host, the switch to other ports, but HP claims that their tests showed that it is the optimal configuration. It was the only parameter I wondered in their recommendation.
If you haven't done so already, be sure to download the HP doc on configuring ESX and EVA bays. There are several parameters that you must configure the policy path, as well as a few scripts to help make the changes.
Virtualization of happy!
JP
Please consider awarding points to useful or appropriate responses.
-
I help the family members and others with their Apple products. Probably the problem number one revolves around Apple ID I saw users follow these steps:
(1) share IDs among the members of the family, but then wonder why messages/contacts/calendar entries etc are all shared.
(2) have several Apple IDs willy-nilly associated with seemingly random devices. The Apple ID is not used for anything.
(3) forget passwords. They always forget passwords.
(4) is that I don't really understand. They use an e-mail from another system (gmail.com, hotmail.com, etc) as their Apple ID. Invariably, they will use a different password for their Apple ID than the one they used for other email, so that they are constantly confused about which account to connect to.
I have looked around for an article on best practices for creating and using Apple ID, but could not find such a position. So I thought I would throw a few suggestions. If anyone knows of a list or wants to suggest changes/additions please feel free. Here are the best practices for normal circumstances, i.e. not cooperate accounts etc.
1. every person has exactly 1 Apple ID.
2. do not share Apple ID - share content.
3. do not use an email address of another counts as your Apple ID.
4. When you create a new Apple ID, don't forget to complete the secondary information to https://appleid.apple.com/account/manage. It is EXTREMELY important questions your email of relief and security.
5. the last step is to collect the information that you entered in a document and save to your computer AND print and store it somewhere safe.
Suggestions?
I agree with no. 3, it is no problem with using a addressed no iCloud as the primary ID, indeed, depending on where you set up your ID, you may have no choice but to.
-
Material LV real-time Ethernet com best practices
Hello
I just started to learn the LV in real-time, and until I get a new cRIO I just played with a former PSC-2220.
Everything works, I am reading the tutorals nice about RT and deployment/running example to this target applications.
However, I don't know what is the best practice, the IP address of this device handling. For easy installation, after a device reset (and install the new RT runtimes, etc) I put just the HW to obtain the dynamic IP address of my router (DHCP). My laptop connects to the same router via wifi.
However, since after a few resets the target Gets a new IP (192.168.0.102, previous IP was... (104), I have to manually change the IP address in my project. Is it possible that the LV auto detects the target in my project? In addition, it seems that MAX retains the old information and creates a new line for the same target... so I guess that if the problem persists, MAX is going to fill?
See screenshots below.As a solution, I'll try to use static IP for the target, so it must always use the same IP address.
What is the common procedure to avoid this kind of problems? Just using static IP? Or miss me him too something else here?
Thank you!
I just always use static IP addresses. It avoids just all kinds of questions, especially if you have several systems on the same network.
-
NAT/PAT - best practices for LRT214?
Hello
I've always used routers/firewalls (like a Fortigate 50 a or an ASUS SL1200) with the possibility to transmit and translate different addresses public IP/Ports to different IP/port addresses in my local network, for example
external IP xx.xx.xx. 42 port 25659 to xx.xx.xx internal. 100 port 3389
While at the same time
external IP xx.xx.xx. 43 port 80 has been translated and mapped to internal xx.xx.xx. 105 port 80
and so on...
Now with my LRT214 (I received yesterday, the firmware is updated) this seems to be more difficult (impossible?), since I can only translate to one specific IP address Ports, or am I missing something?
Any help would be appreciated,
Thank you very much!
Walther
Hi, wurli. About One to One NAT on the router LRT214, we can simply map a private IP address or a range to a public IP address and a range of length equal. However, we do not have the ability to specify ports.
Jay-15354
Linksys technical support
-
Hello.
I know the best practice to use the power supply to charge the battery? I heard that keep charging your battery while using Notepad deteriorate autonomy. I don't know if that's true, but I do not charge my spectrum X 360 at 20% power level.
Kindly need some expert advice. Thank you.
Hello:
My recommendation is to follow the instructions provided in this document from HP to address... paying particular attention to the info listed according to the recommended battery care practices.
http://h20564.www2.HP.com/hpsc/doc/public/display?docid=c00596784
-
Connecting two 6224 separate batteries best practices LAG?
Hello
I wonder how I should configure LAG between two powerconnect 6224 batteries (2 x powerconnect 6224 by battery) for iSCSI against 4 members EQL traffic, I intend to use the 4 ports of each stack (stack cross-possible LAG on 6224?) and equallogic documentation leaves me in two minds when it wants to run LACP or not?
I wonder what reviewed best practices in this scenario?
Cross-stack, LACP and no PLEASE or am I better of without LACP?
Thanks in advance
Cree
The ports connecting the two piles together will be configured differently than the ports of connection of the battery to the EQL appliance. During the connection of the control unit switch EQL is when you might want to disable STP on that specific port.
«Do not use of Spanning Tree (STP) on switch ports that connect to the terminal nodes (iSCSI initiators or storage array network interfaces).» However, if you want to use STP or Rapid STP (preferable to STP), you must enable port settings available on some switches that allow the port immediately transition to PLEASE State reference to link up. This feature can reduce network interruptions that occur when devices to restart, and should only be enabled on switch ports that connect the nodes. "
With the network cards on the EQL devices according to me, there is only one active port, and the other is pending. So on the switch ports that are plug on the EQL will be in access mode for your iSCSI VLANS. Maybe someone more about EQL can chime to confirm.
Here are some good white pages.
www.dell.com/.../Dell_EqualLogic_%20iSCSI_Optimization_for_Dell_Power_onnect_%20Switches.pdf
-
Best practice? Storage of large data sets.
I'm programming a Client to access the customer address information. The data are delivered on a MSSQL Server by a Web service.
What is the best practice to link these data namely ListFields? String tables? Or an XML file with is analyzed?
Any ideas?
Thank you, hhessel
These debates come from time to time. The big question is how normally geet she on the phone after
someone asks why BB does not support databases. It is there no magic here - it depends on what you do with
the data. Regarding the General considerations, see j2me on sun.com or jvm issues more generally. We are all
should get a reference of material BB too LOL...
If you really have a lot of data, there are libraries of zip and I often use my own patterns of "compression".
I personally go with simple types in the store persistent and built my own b-tree indexing system
which is also j2se virtue persistable and even testable. For strings, we'll store me repeated prefixes
that only once even though I finally gave up their storage as only Aspire. So if I have hundreds of channels that start "http://www.pinkcat-REC".
I don't store this time. Before you think of overload by chaining these, who gets picked up
the indexes that you use to find the channel anyway (so of course you have to time to concatenate pieces)
back together, but the index needs particular airspace is low).
Maybe you are looking for
-
How can I add a CC to outbound emails
as strange as it may seem, I can't find the process of adding a cc of TBird on MAC
-
suggestd: Terminal app due to an untrapped exception "NSInvalidArgumentException.
Hello My iMac 27 "takes three days, there are three ugly days, painfully slow. This error pops up in the Console, creating a huge and repeated error list which I reproduce partially below: Process: suggestd [3298] Path: /System/Library/PrivateFramewo
-
How to use system recovery after OS change to the g4 pavilion 1305 to the
Hello My name is SUNIL GUPTA I have laptop model g4 1305-UA Pavilion, preinstalled OS Win7 Home Basic 64 Bit. I was changed for Win 7 Ultimate 64 Bit with clean install. And now I want to reinstall Windows 7 64 Basic Home Edition. Am that I reinstall
-
How do I install the driver wifi for my knees pavilion g6
-
Hi allI get a liner under exception in my sites.log: -.COM.FutureTense.Common.ContentServerException: ContentServerException: (error of the Client: java.lang.IllegalArgumentException: application of RHN Satellite Server for page cannot continue: (nam