By specifying a source interface
Does anyone know if there is a way to force a packet from a router to the source of a specified interface? I'm running into a situation where my service provider may not necessarily know all the subnets that are hosted by a router and I want to force the management of network traffic came from a rear interface located in the address space of the carrier. Thanks for your help!
source-interface IP Ganymede
IP tftp source-interface
IP source-interface telnet
property intellectual ssh source-interface
source-interface IP radius
Tags: Cisco Network
Similar Questions
-
Hello world
We have an IPSec tunnel to the headquarters. Our local address pool is 10.0.0.0/24. In the router, when I ping a remote server (ping 192.168.1.1) it does not work. But when I ping with source (bvi1 = 10.0.0.1/24) interface, it works: ping 192.168.1.1 source bvi1.
Could you please tell me the difference between the two commands? And why I can't ping in the normal way? If a computer is in the 10.0.0.0/24 subnet, can it ping the remote server?
Thank you
Triet
It all depends on what is in your crypto access list. So, if your crypto access list reads something like
access-list 101 permit ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255 (router version)
or
vpntraffic list access ip 10.0.0.0 allow 255.255.255.0 192.168.1.0 255.255.255.0 (Pix version)
You can generate with a source IP address ping in the 10.0.0.x range. When you ping the router without specifying the source interface used by the router, it is outside the interface. If the IP address of the external interface is not in your crypto map access-list, then it will not work.
Jon
-
equivalent command to 'Ganymede-source interface ip' on SAA
Y at - it equivalent command to 'Ganymede-source interface ip' on ASA? We have an L2L VPN between 2 ASAs and AAA server is through the VPN tunnel and I want ASA to go to ACS with source interface indoors, not outdoors. AAA server command is the external interface-oriented and management-access to the Interior is set up but always packets are routed using outside interface as a source. No work around outside NAT?
Yes, you can configure the interface within the command in aaa-server when you set the ip address of the server.
For example:
mytacacs AAA-server (inside) host 10.1.1.1
Here is the command for your reference:
http://www.Cisco.com/en/us/docs/security/ASA/asa84/command/reference/A1.html#wp1596947
Hope that helps.
-
command 'Ganymede source interface ip' works not
I have a C-3750 L3 switch that is part of a project to get authentication based on the configured ACS, and while I'm able to get most of the devices working, this switch will not take control of Ganymede source ip interface . Can someone confirm if this is a problem of IOS? :
-C-3750-a (config) #ip Ganymede source-interface loopback0
^
Invalid entry % detected at ' ^' marker.
Current IOS on the device:
SW Version SW Image model switch ports
------ ----- ----- ---------- ----------
* WS-C3750G-28 1 24PS 12.2 (44) SE C3750-ADVIPSERVICESK9-M
2 28 WS-C3750G-24PS 12.2 (44) SE C3750-ADVIPSERVICESK9-M
--
Thank you!
Its a bug: -.
command 'Ganymede source interface ip' missing in 12.2.44SE.
Please move to other IOS.
-
could not ping via source interface
Hi all
Can someone help me solve my problem.below sh travels from the router all in what router R1, R2, R3, R4 communicate its ok but when I try to ping to router R1 f0/0 interface of R4 source then is not to get ping but if I normal ping from R1 to R4 can it ping.
Similarly for R3 also, but here I mention sh run of the R1 R2 R4 only.
even I add static route on R1 to R4 but I can't.
R4 #ping 10.1.1.1
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes of 10.1.1.1, time-out is 2 seconds:
!!!!!
Success rate is 100 per cent (5/5), round-trip min/avg/max = 16/33/84 msR4 #ping 10.1.1.1 source f0/0
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes of 10.1.1.1, time-out is 2 seconds:
Packet sent with a source address of 172.41.1.1
.....
Success rate is 0% (0/5)---------------------------------------------------------------------------------------------------------------------
R1 #sh run
----------------------------------------------------------------------------------------------
Building configuration...* 1 sep 11:20:11.163: % SYS-5-CONFIG_I: configured from console by console
Current configuration: 2048 bytes
!
! Last configuration change at 11:20:11 UTC Thu Sep 1 2016
!
version 12.2
horodateurs service debug datetime msec
Log service timestamps datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
IP source-route
no ip icmp rate-limit unreachable
!
!
!
!
no ip domain search
IP cef
No ipv6 cef
!
!
Authenticated MultiLink bundle-name Panel
!
!
!
!
synwait-time of tcp IP 5
!
!
!
!
!
!
interface Loopback4
10.1.1.1 IP address 255.255.255.0
!
interface Loopback5
10.1.2.1 IP address 255.255.255.0
!
interface Loopback6
10.1.3.1 IP address 255.255.255.0
!
interface Loopback7
10.1.4.1 IP address 255.255.255.0
!
interface Loopback8
10.1.5.1 IP address 255.255.255.0
!
interface Loopback9
10.1.6.1 IP address 255.255.255.0
!
interface Loopback10
IP 10.1.7.1 255.255.255.0
!
interface Serial2/0
IP 172.12.1.2 255.255.255.0
series 0 restart delay
!
router RIP
version 2
10.0.0.0 network
network 172.12.0.0
No Auto-resume
!
!
!
no ip address of the http server
no ip http secure server
IP route 172.41.0.0 255.255.255.0 Serial2/0
!
!
!
!
control plan
!
!
Line con 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line to 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line vty 0 4
opening of session
!
endR2
------------------------------------------------------------------------------------------------------------
R2 #sh run
Building configuration...Current configuration: 2163 bytes
!
version 12.2
horodateurs service debug datetime msec
Log service timestamps datetime msec
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
IP source-route
no ip icmp rate-limit unreachable
!
!
no ip domain search
IP cef
No ipv6 cef
!
!
Authenticated MultiLink bundle-name Panel
!
synwait-time of tcp IP 5
!interface FastEthernet0/0
no ip address
Shutdown
!
interface Serial2/0
IP 172.12.1.1 255.255.255.0
series 0 restart delay
!
interface Serial2/1
IP 172.23.1.1 255.255.255.0
series 0 restart delay
!
interface Serial2/2
IP 172.24.1.1 255.255.255.0
series 0 restart delay!
router ospf 1
Log-adjacency-changes
redistribute rip metric 1000 subnets rahul route map
network 172.0.0.0 0.255.255.255 area 0
!
router RIP
version 2
redistribute ospf 1 metric 12-card route pooja
network 172.12.0.0
No Auto-resume
!
no ip address of the http server
no ip http secure server
!
access-list 5 permit 10.1.1.0 0.0.0.255
access-list 5 permit 10.1.2.0 0.0.0.255
access-list 5 permit 10.1.3.0 0.0.0.255
access-list 10 permit 172.30.1.0 0.0.0.255
access-list 10 permit 172.30.2.0 0.0.0.255
access-list 10 permit 172.30.3.0 0.0.0.255
!
route allowed rahul 10 map
corresponds to the ip address 5
the metric value 2000
!
route allowed rahul 20 map
!
route allowed pooja 10 map
corresponds to the IP 10
the metric value 15
!
route allowed pooja 20 map
!
control plan
!
!
Line con 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line to 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line vty 0 4
opening of session
!
endR4
-----------------------------------------------------------------------------------
R4 #sh run
Building configuration...Current configuration: 1512 bytes
!
version 12.2
horodateurs service debug datetime msec
Log service timestamps datetime msec
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
IP source-route
no ip icmp rate-limit unreachable
!
no ip domain search
IP cef
No ipv6 cef
!
!
Authenticated MultiLink bundle-name Panel
!
synwait-time of tcp IP 5
!
interface FastEthernet0/0
IP 172.41.1.1 255.255.255.0
half duplex
!
interface Ethernet1/0
no ip address
Shutdown
half duplex
!
interface Serial2/0
IP 172.24.1.2 255.255.255.0
series 0 restart delay
!
no ip address of the http server
no ip http secure server
IP route 0.0.0.0 0.0.0.0 172.24.1.1
!
control plan
!
Line con 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line to 0
exec-timeout 0 0
privilege level 15
Synchronous recording
StopBits 1
line vty 0 4
opening of session
!
end
Itinerary for R4 F0/0 is 172.41.1.1 do not have R1
Add below the route on R1 and R2
R1
IP route 172.41.1.0 255.255.255.0 Serial2/0R2
IP route 172.41.1.0 255.255.255.0 Serial2/2 -
Clientless SSL VPN - Source interface when traffic leaves firewall
Hi all
I'm trying to implement rules in my perimeter firewall WAN for all traffic coming from the Internet Firewall VPN.
If the internet firewall is also the VPN endpoint. The user connects to the internet firewall through WebVPN clientless and undergoes several bookmarks that are the WAN customer servers.
Now, I have a network firewall that must act as a second layer to filter traffic. I have to so allow rules for all the bookmarks that users access through to the WAN. The question here is what would be the source IP address of the traffic coming from the ASA of the Internet and going to the bookmark/Wan Server? Wouldn't be outside (internet access) interface or the interface inside?
Thank you!
Kind regards
Riou
Hey riri,.
Referring to this document , he stated-
"In a connection WebVPN, the security apparatus is as a proxy between the end user's web browser and web server target."
This implies that ASA will act in proxy on the request of the WebVPN user to the destination. This proxy request will depend on the accessibility of the destination server. If the resources are available that inside the interface, then the source will be inside interface and same DMZ if the resources are accessed through the DMZ.
I tested, but for your confirmation, you can run a capture wireshark on the LAN interfaces and you can see HTTP requests being mandated by the ASA LAN interfaces.
Kind regards
Dinesh MoudgilPS Please rate helpful messages.
-
GRE over IPSec - choose a source interface
I have a 3660 with two T1 from different suppliers running BGP. Our ASN space is on f0/0, with the two serial interfaces T1 with an address of series on the networks of their respective providers.
I am trying to configure an IPSec tunnel and made on the part of the interfaces series (as I normally do in smaller offices with a single T1). I have then reconfigure the card encryption to be on f0/0 and any other relevant changes on both sides at the source of this traffic of f0/0. IPSec negotiates and makes its way thorugh on the 3660, I see even a peer EIGRP come with the remote. This peer eventually falls, and the review of the wristwatch that sends him away and the 3660 receives, but no package never leave the 3660 (on the its).
Any suggestions on where start looking for it, or is there a best/recommended/example configuration of a similar setup, I could look at?
Thanks in advance,
Daryl
To bind the cryptographic card for an interface use the command:
card crypto 'name card' - address "interface."
FOR EXAMPLE:
Crypto map crypt-map1-address Loopback2
-Brett
-
All,
Due to the CSCsg69672 , it now seems possible to change the address of the source of an outgoing SMTP session. Default behavior is using the output interface, which allows to get to the smtp server.
I have someone aware of the command needed to change this behavior to a fixed source interface?
Thank you very much!
If you're referring to the cmdlets, the command is 'source-interface"as an argument for action by mail:
"mail of action X to"[email protected] / * /'from'[email protected] / * /"object server 10.1.1.1"Test' body 'this is a test"source Gi0/0 interface"
-
Is it possible to change the source of e-mail alerts interface created by the ASA?
Hello
We have configured our ASA to send alerts by e-mail of events such as the connection, it works very well between our ASA and the mail server that is contacted through the 'inside' interface, however we tried to configure it to an another ASA on a remote site that is connected via a VPN from site to site , the problem is when the ASA remote attempts to send an email to our email server, it uses the source IP address of the external interface, we need to use the source IP address of the inside of the interface so that it is sent over the VPN. Is there a way to configure that?
Now when the ASA attempts by e-mail to our mail server, it uses the source interface IP from outside because he see this interface, as the output of the interface accordingly of the email does not get sent over the VPN.
Thank you
If the remote mail server is available on the VPN site-to site, I don't think that you can configure the ASA for him come traffic one interface other than the one with a route to the remote server. And it will only encrypt in VPN tunnel packets that arrive on the interface where the card encryption is applied (i.e. inside of an interface).
You could mail proxy or set up a redirection on your local mail server rule.
-
Hello...
Is there a way to configure an IPSEC VPN with a source interface as in a router? This is a site to site VPN. I want to use a loopback interface.
When I set up a VPN, the only option is the IP address of the interface where the traffic is going out.
Thank you.
Which interface you enable ipsec on is the source interface.
MyMap [interface name] crypto map interface
ASA does not support the telesignalisations it is not possible.
-
Is a database table that is required for the temporary interfaces with the data flat file source?
People, this is the situation I ODI 11.1.1.7
- I have an interface temporary (yellow), called MJ_TEMP_INT, which uses data from TWO sets of data from the source in a temporary target (TEMP_TARG). Wrestling is a shot of a data set from a table while the other set of data extracted from a flat file. A union is made on data sets.
- I then create another interface, called MJ_INT, which uses the MJ_TEMP_INT as the source and the target is a real database. table called "REAL_TARGET".
Two questions:
- When I run my second interface (MJ_INT), I get a message "ORA-00942: table or view does not exist" because it is looking for a real TEMP_TARG db table. Why I have to have one? because I am pulling a flat file?
- On my second interface (MJ_INT) when I look at the interface of my source MJ_TEMP_INT (yellow) property sheet, the box 'Use the temporary interface as a Derived table' is DISABLED. Why? Is also because my temporary interface is pulling from a flat file?
I am attaching a file that shows a screenshot of my studio ODI.
Furthermore, IF my temporary source interface has only a single set of data by pulling from a database. Table to table in a temporary target, called MJ_TEMP2_TARG, and then when I use this temporary interface as a source to the other another real db. target table (REAL2_TARGET), THEN everything works. ODI requires me to have a real database. Table MJ_TEMP2_TARG and the checkbox for "interface temporary use as a Derived table" is NOT DISABLED and my REAL2_TARGET table gets filled.
Thank you in advance.
Mr. Jamal.
You quite rightly assume the reasons that you have questions is because you try to attach a file. A file I always have to be materialized in the transit zone, as a temporary table and then have the data loaded in it.
-
EPMA 11.1.2.3 Interface Data Source
When you configure the EPMA, I don't have the option to "Set up the Data Source Interface" in my 11.1.2.3 new facility.
I installed 'PFMA Java Web Application' and PFMA data Synchronizer Java Web Application"on my server of Foundation. And I installed 'PFMA Dimension Server Service' on my 02 server.
I missed something. Or things have changed for 11.1.2.3?
Any help is appreciated.
11.1.2.3 configuration data source must be available in the workspace, have a read of the Configuration of Interface Data Sources
See you soon
John
-
MRM - 'monitor source address is not configured "?
Greetings,
I try to use MRM, but the "manager" doesn't seem to know its source, despite the research address as it does.
I tried several source interfaces.
Mrm - ip TEST Manager
Serial0/0.1 225.0.0.1 Workgroup Manager
senders 1
2 receptors
-----------------------------------------
R3 #sh ip mrm manager TEST
Manager:test/1.0.0.1 is not running
Beacon interval/holdtime / ttl:60/86400/32
Group: 225.0.0.1, UDP port test-package/status-report: 16384 / 65535
Test mailers:
5.5.5.5
Receivers of tests:
1.1.1.1
-----------------------------------------
R3 #mrm TEST start
Source monitor address is not configured
-----------------------------------------
???!!!! Another interface (loopback)
-----------------------------------------
R3 #sh ip mrm manager TEST
Manager:test/3.3.3.3 is not running
Beacon interval/holdtime / ttl:5/86400/32
Group: 239.0.0.1, UDP port test-package/status-report: 50000 / 50001
Test mailers:
5.5.5.5
Receivers of tests:
1.1.1.1
R3 #mrm TEST start
Source monitor address is not configured
-----------------------------------------
I tried this on various 3640 s running enterprise 12.3 and a 12.2 (32) running of 2500. All have the same result.
You missed this command, I think.
"R1(config-mrm-manager) # 2 sender-list of recipients 1.
While the Cisco IOS CLI parser accepts the command entered without the pair of keywords-argument access-list-list of senders, this pair of keyword-argument is not optional. For a test MRM work, you must specify the sources that the Test receiver should monitor using the sender-list of keyword argument and access list.
This should solve the problem.
HTH-Cheers,
Swaroop
========================================
]
R1 #sh ip mrm in
R1 #sh ip interface of mrm
State of the address of the interface Mode
FastEthernet0/0 10.1.1.1 - receiver to Test upward
R1 #mrm TEST1?
start the start IP MRM test
stop the test to stop IP MRM
R1 #mrm TEST1 beginning
R1 #mrm TEST1 beginning
R1 #.
R1 #.
R1 #sh
00:06:23: test of IP MRM 'TEST1' begins...
% Of type 'show?' for a list of subcommands
R1 #.
R1 #.
R1 #.
R1 #sh ip Manager mrm
Manager:Test1/10.1.2.1 is running, expiration: 1d00h
Beacon interval/holdtime / ttl:60/86400/32
Group: 239.1.1.1, UDP port test-package/status-report: 16384 / 65535
Test mailers:
10.1.1.2 n - Ack
Receivers of tests:
10.1.2.2 n - Ack
R1 #sh ip Manager mrm
Manager:Test1/10.1.2.1 is running, expiration: 1d00h
Beacon interval/holdtime / ttl:60/86400/32
Group: 239.1.1.1, UDP port test-package/status-report: 16384 / 65535
Test mailers:
10.1.1.2 n - Ack
Receivers of tests:
10.1.2.2 n - Ack
R1 #.
!
Manager of mrm IP TEST1
Manager group 239.1.1.1 FastEthernet1/0
senders 1
receivers 2-list 1
!
access-list 1 permit 10.1.1.2
access-list 2 allow 10.1.2.2
!
!
R1 #sh cdp nei
Ability code: R - router, T - bridge Trans, B - road Source bridge
S - switch, H - host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Port platform capability ID
R2 Fas 0/0 135 R 3620 Fas 0/0
R3 Fas 1/0 172 R 3620 Fas 0/0
R1 #.
R1 #.
R1 #sh ip int brie
Interface IP-Address OK? Method status Prot
Commissioner of official languages
10.1.1.1 FastEthernet0/0 YES manual up up
10.1.2.1 FastEthernet1/0 YES manual up up
Loopback0 1.1.1.1 YES manual up up
R1 #.
----------------------------
-
I had hoped that the following HTML code would FORCE the browser responds to the anchor when dealing with content in plain text: < a href = "file:path" type = "text/plain" > anchor text < /a >. Similarly: < a href = "file:path" type = "text/html" >... < /a > should FORCE the browser to treat the reference that responded to the questionnaire in the HTML code. Firefox does this (good for you!). However, Google Chrome and Internet Explorer seem to ignore the given content type and process the response according to but they feel (which seems to be based on the file extension). I was hoping to find a standard that describes how a browser handles content specified by source type. I looked at the W3C html and http standards and have not yet find no applicable description or condition. Obviously, I'm looking for a way to encode the source file so that when the anchors are observed, they appear as I want them to be. I can not change the content of the file destination (or name) - which is already determined by its own needs.
Hi asicchecker, about what is 'necessary', did you follow the links in the gingerbread man?
This is the most direct:
HTML 4.01: http://www.w3.org/TR/html401/struct/links.html#h-12.2
HTML5: http://www.w3.org/TR/html5/links.html#attr-hyperlink-type (ditto)
DND: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#attr-type
-
NOR-XNET - invalid CAN interface
Hello
Main problem:
I have problem to get CAN interface in my PXI rack up to-and-operational. The interface name is not valid
Material:
SMU-1078, with SMU-8820 and CAN controller module NI PXI 8512
Software:
LabVIEW 2015
Driver OR XNET 15.5 (both portable and PXI)
Description of the problem:
When we look in MAX, OR XNET interface says I have two interfaces CAN named 'CAN1' and 'CAN2.
It is also possible to use the funtion "blink port" successfully, CAN1 and CAN2.
BUT, when you use the bus monitor feature, I got error saying that "given the Interface name does not specify a valid interface and existign"
See pictures attached below.
Also, when you try to use the code example, CAN Test.vi of closure, the same error occurs.
Someone knows how to fix this?
Other ulfjon
Hello
Thanks for the support.
I found the problem
When you use MAX first, to set up a session n xnet, MAX does close properly the session.
So, when using the BOX of the labviewcode channel, will result in this error code.
No, an explanation of very good code, but I would say.
It is perhaps difficult for labview to know if the channel is busy or does not exist.
Maybe you are looking for
-
Why my download window opens with each download?
My job requires me to do a lot of downloading of images and other files. But these days, whenever I download something, a download window will appear. I don't mean download on a window (as before), but rather of several windows. So if I were to downl
-
HP psc 1400: impressions of Test Page after document
Still, my hp psc 1400 prints a test page after the document. How to disable?
-
How default search instead of Windows Search Assistant?
Using XP. Windows Search has been installed with a recent update of the Windows desktop. I use other software for indexing as most of my documents files, binary no text or word. I disabled indexing, but "Windows Search" is always the default when I s
-
Hi - I have a T400 with integrated graphics card and I'm looking into getting a mini dock advanced to run an external monitor. What output resolution has done with success through the advanced mini dock VGA port? -This will help me understand which m
-
Hi all When I access a Web page, that I created in the browser or Widget that uses an ASP.NET Ajax Control Toolkit Tabs the action of switching between tabs works well but the tab header does not reflect the change to display the active tab. In a sta