Configuration of VLAN 6248 - link IP subnet to the VLAN

Similar Questions

• Need help setting up a configuration of VLAN special using WRVS4400N

  Hi guys,.

   

  I need your help on how to implement a configuration of VLAN somehow non-standard.

  The situation is the following:

  The customer wants a WLAN set up for the company and the other for guests. Now, wouldn't that be not so difficult if we'd be using the internal internet connection. But the WRVS4400N will be used to implement wireless LANs / VLAN only.

  The company uses the DHCP protocol on both of their subnets, provided by a Watchguard Firebox XTM510.

  

  Now, what we would do is set up the back door #1 for the connection to the subnet of the client and the #2 for the connection to the optional subnet for the guests. The first problem is that we were not able to configure DHCP forwards to the VLAN2. It works very well on the 1st but the 2nd doesn't allow that either ENabled or disabled, grayed out DHCP.

  To work around the problem that he would be allowed to set up DHCP WRVS4400N providing in itself for the subnet invited, but try that didn't work at all.

  Is it possible? Thanks in advance!

  Best,

  Ralph.

  
  

• RVS4000 Configuration of VLAN

  I am trying to set up a couple of VLAN on the RVS4000.  The router allows me to enter the VLAN ID without problem, but it doesn't seem to be a screen to set up the network and DHCP component for the new configuration of VLAN.  I saved the configuration of the router and printed.  There are several VIRTUAL networks in the configuration with the IP addresses starting with 192.168.2.0/24 and increasing unit (192.168.3.0, 192.168.4.0, etc.).   These networks VLAN contains the DHCP configuration also.  How can I change these addresses.  Is it possible that you can not change them and take what's there and use it?   When I configured a VLAN with ID 30, is to tie the knots got an address in the 192.168.2.0 subnet, which is not what I wanted.  The manual is no help.  He said almost nothing about the configuration of VLANS.  Is there another source for more information on the configuration of the RVS4000 with VLAN?

  Also, I downloaded and installed the new firmware for the router.

  Any help is appreciated.

  Tony

  Forget it.  I thought about it.  It is on the configuration page and you will need to use the drop-down list for the VLAN configured.

• Cisco asa active multiple interfaces on a single switch without configuration of vlan switch.

  I was wondering if there is a work around on cisco asa to have 2 interfaces vlan on a switch. The reason I ask I have a cisco asa 5505 and a dell switch that does not support the configuration of VLANs. I set up 2 interface vlan on a cisco asa and when two interfaces are active my internet drops frequently. I was wondering if there is nothing to configure the asa cisco to make this thing work. Thanks in advance...

  Assuming that Dell switch at least linking several interfaces of the ASA to the Dell should translate all media spanning tree protocols, but a bet covering the tree blocking State to avoid a tree covering loop.

  If the Dell does not support tree covering weight then you would be in very bad shape each broadcast packet would be will loop indefinitely and cause what we call a 'broadcast storm. "

  One way is not good and the other real harm.

• Need help with configuration of VLAN SF300-24

  Hello

  Let me Preface this with the fact that networking is certainly not my point hard, so here, any help is greatly appreciated.

  I'm trying to segment on a virtual desktop on its own VIRTUAL local network infrastructure using a Cisco SF300-24 Layer 3 switch. I can get the switch to connect to the network with the assigned VLAN 1 an IP address on the subnet of the network (192.168.16.X), but I can't get anything this is set up VLAN 20 (192.168.20.X subnet) to connect past the VLAN 20 (192.168.20.254) gateway IP. The ports assigned to 20 VLAN are defined to access the mode if it matters.

  Here is a diagram to illustrate what it looks like, as there is another (L2) switch involved.

  

  So I'm not really sure what I am missing here since all settings seem simple enough.

  Hi Simon, I recommend you remove any server active directory and essentially remove all safety factors. This will give the idea of where to start.

  If you take a quite basic set, 2 Windows 7 workstations without a Firewall window activated, they both work as expected.

  It must be remembered that in firewalls, even if they are able to respond to ICMP if the request is from a different subnet, they will not be because he is recognized as a network abroad. You must know the network on these computers or make sure the computer does not care.

  You may be able to do this by simply adding additional subnets on the advanced configuration of the network card (if it does not take too much address space) as an example.

  Or well, as you have discovered that you can add routes, which is a bit heavy and inconvienent, but effective.

  -Tom
  Please mark replied messages useful

• Firefox is configured as the default browser, but if I click on a link in MS Word, the link opens with MS Internet Explore. Why?

  Firefox is configured as the default browser, but if I click on a link in MS Word, the link opens with MS Internet Explore. Why?

  I have the same problem, but the difference is in the opening of the MS WORD hyperlinks to download documents (for example http://ntv.spbstu.ru/2011/hss_2011_3.pdf#page=145 ). This link wants to call MS IE.
  At the same time, all the HTML links are opened in FireFox.

• PC6224 Configuration of VLAN

  Hello

  I am desirous of VLAN my iSCSI data in two separate VLANS and think I understand what to do. I would like to just anyone for the validation test it before I go live and eventually get things horribly wrong.

  

  All i15 labeled ports must be configured as switchport access vlan 15
  All i16 labeled ports must be configured as switchport access vlan 16
  Four XG ports must be configured as vlan allowed switchport General add 15.16 tag.

  So far I think I have it but I'm not sure on how to get the traffic untagged crossing ports XG.
  It will do it automatically, or should I set switchport General pvid 1 for these ports, so all untagged traffic goes to the network vlan by default?

  I need to set the VLAN on LAG3 or will it not serious because the ports are marked? Or do I not have to label the ports if the OFFSET is the tag? Or I have to mark the two?

  Thanks for the help,

  Jim.

  Put a PVID on a LAG sets going what traffic VLAN not identified.

• Configure XP mode to link automatically USB devices?

  Is it possible to configure XP mode to link automatically USB devices?

  This is a real nuisance to have to manually set a usb scanner to scan in to an application that does not work on win7 naitively.
  And it makes it impossible to deploy the application in a transparent mode, since the scanner is not attached if you try to run transparently without initiating 'Desktop' mode xp mode and manually attach the scanner first.

  Hi all - I have a solution that works, the only problem is the cost.  USB over network Fabulatech.com, share the USB device using the server component (in the windows box 7) and install the client in the Virtual Machine XP Mode and it will automatically connect at startup of the machine.

  If you need to share the USB device between the computer and the computer/application in XP Mode Windows 7, you can install the USB on the network client on the computer Windows 7 and settled on manual, in order to launch local applications with a CMD file that starts the network client USB key first before opening the application.  This way, the USB devices are available to any devices to connect to via USB on customer network.

  http://www.USB-over-network.com/

• Configuration of VLAN Switch SF302 - 08 p

  I have the following Setup using two switches PoE SF302 - 08 p:

  1st floor

  =========

  SWITCH1 # <------->private network

  <------->public network

  2nd floor

  =========

  Switch #2 <------->private network

  ... public network (visible, but devices can't connect)

  I tried to do the config in the identical to the #1 switch #2 switch, but something still does not work.

  This is probably a configuration issue VLAN, or what?

  Thank you.

  Ken Watkins

  Hi Ken, the interfaces between switches must both vlan of the port.

  example of

  VLAN 1

  VLAN 2

  port 1 connects to port 1 of the second switch

  config t

  interface gi01

  switchport mode trunk

  switchport trunk allowed vlan add 2

  The ports between switches must be vlan unidentified native, all other VLAN Tag. In my example, 1u, 2 t.

  -Tom
  Please mark replied messages useful

• Configuration of VLAN Cisco SG 300-10

  I just got a 300-10 switch Cisco SG and I am a relative novice working with smart switches, so bear with me. I added a VLAN (VLAN 2) and assigned port 7. So now, there is the default VLAN 1 and VLAN 2. The IPv4 Interface is:

  VLAN 1

  Interface: VLAN 1

  Type of IP address: static

  IP address: 172.26.0.192

  Mask: 255.255.0.0

  Status: valid

  VLAN 2

  Interface: VLAN 2

  Type of IP address: static

  IP address: 172.27.0.1

  Mask: 255.255.0.0

  Status: valid

  The default gateway is 172.26.0.252.

  IPv4 static routes now look like this:

  

  I changed the mode of the system of layer 3 to layer 2 since I guess I have to make a VIRTUAL LAN see devices on another. I have a mute switch is connected to port 7 (VLAN 2) and a laptop connected to the mute switch with IP 172.27.0.117. On the SG 300-10 switch port 1 is connected to the default gateway (172.26.0.252), and port 2 is connected to a PC with the IP 172.26.0.136. From the Office I can access the internet through the default gateway. As expected, I can't access internet from the laptop (IP 172.27.0.117) I see the desktop because they are on separate VLANs. I want to be able to access the internet and also to be able to see my office (172.26.0.136) of the laptop, so I need the VLAN to be able to access the devices on the other. How would I go to do this? Moreover, all this is done in a test environment because I make sure I get this right before deployment. Thanks for your help on this.

  I have a few questions about the installation:

  (1) what is the default value as the value Gateway for VLAN1 on 2 ports (172.26.0.136) PC?

  (2) is your Internet on Port 1 VLAN 1 (172.26.0.252) gateway, a static route for the 172.27.0.0 pointed out what subnet VLAN 1 (172.26.0.192) as the next hop router?

  (3) is the default gateway for the laptop computer on Port 7 VLAN 2 pointed VLAN 2 (172.27.0.1)?

  If the General Directorate for the PC in the VLAN 1 is the gateway/router Internet router/gateway would require a road static to the interface VLAN 1 IP address for the subnet on the LAN VIRTUAL 2 so that the routing table in the switch can be used. By setting the static route to the Internet this router will fix the problem of connectivity Internet of VLAN 2 as well. Basically the Internet router needs to know how to do and the 172.27.0.0 subnet via the switch. Hope this helps.

• Configuration of VLAN 'Wi - Fi comments' on ASA 5512

  I'm trying to configure a new vlan on my Cisco ASA 5512 running version 8.6 (1) 2.  This vlan will give access to AP Wireless 'invited' into my network.  I have the configuration of vlan comments through my switches, I am able to devote a switch port to 40 VLANS and acquire an IP address in the network 10.40.10.0/24.  Below is an extract from what I think is relevent to the config information.  I try to carry the traffic of comments on my ' outside' interface.

  Obvious to me miss me another command here.  Any help would be appreciated to greatling. If more running-config is required please advise.  Thanks in advance!

  _________________________________________________________

  interface GigabitEthernet0/1.40

  Description comments Wireless Network

  VLAN 40

  nameif guestwireless

  security-level 50

  IP 10.40.10.5 255.255.255.0

  Route outside 0.0.0.0 0.0.0.0 X.X.X.X 1 (public IP address to X.X.X.X)

  access extensive list ip 10.40.10.0 guestwireless_access_in allow 255.255.255.0 interface outside

  guestwireless MTU 1500

  Access-group guestwireless_access_in in the guestwireless interface

  dhcpd address 10.40.10.50 - 10.40.10.250 guestwireless

  dhcpd dns 8.8.8.8 interface guestwireless

  guestwireless enable dhcpd

  ________________________________________________________

  Here is the part of the killing

  interface GigabitEthernet0/0

  ISP Interface Description

  nameif outside

  security-level 100

  To take

  interface GigabitEthernet0/0

  security level 0

  You do not want the more precarious with the higher level hehe safety interface

  Looking for a Networking Assistance?
  Contact me directly to [email protected] / * /

  I will fix your problem as soon as POSSIBLE.

  See you soon,.

  Julio Segura Carvajal
  http://laguiadelnetworking.com

• What configuration of VLAN requires a switch connectivity defined as an access port?

  What configuration of VLAN requires a switch connectivity defined as an access port?

  By external switch tagging

• Issue of V-Switch virtual network, possible configuration of VLAN

  A screenshot of doc word of my virtual network is attached. I'm trying to get my external labeled Virtual Switch (vSwitch2) talk to the VM (vSwitch0) network switch. My goal here is to be able to connect a physical PC into the switch labeled vmnic1 external physical and be able to convert a virtual PC VM via a cross over cable. I don't know that it would be in the same subnet as the network of VM vmic0. Do I have to install some kind of vlan etc... The physical box with XP on it can perhaps start with DHCP and enter an IP address on the same subnet bridged somehow of the external vmnic1 in the VM Network vmnic0. What is the easiest more quick to make this work? Please see the attachment.  Thanks in advance for your help

  Post edited by: vite@1

  You will need to open a new question, if that's what you're talking about.

  -KjB

  VMware vExpert

• Issue of configuration of VLAN

  We have ESX Server 3.5.0 110181 and VIC version 2.5.0. Each of our ESX host has 4 NICs for use in our LANs, 2 more for each Port of the Console of Service VMKernel Port. Physical network adapters to connect to a stack of 5500 Nortel ethernet Routing switches.

  I am trying configure 4 NICs in each ESX host to be able to view the two VLANS separated. I am trying to configure these VLANS on the Nortel switches. The problem is I'm new on the VLAN and can't do network cards in the ESX host to always see the two VLANS. Right now I have an ESX host with two network cards that see both VLAN and two network cards who don't see a VLAN. I'm pulling my hair out trying to figure out what I did wrong.

  First and I realize maybe this isn't the best place to ask this question, but in the Nortel VLAN config, there are four choices of marking and I have not been able to understand that it is appropriate to use for the ESX host. The choices are; Removes all brand, removes the brand only PVID, Tag all or only Tag PVID.  Can someone help me with this?

  Also should I do at VIC or on the ESX host to see systematically the VLAN? The NICs appear to periodically just drag one of VLAN, generally the VLAN the DMZ.

  Any help much appreciated. This VLAN is new to me and I could not find very clear or basic info. on the configuration of VLANS.

  Thank you.

  Hi danzbassman, the best would be to put each of the 4 corresponding ports on your Nortel 'Tag All' or "UNTAG PVID." switch only

  If you use 'UNTAG PVID Only' on the switch, this means that all executives EXCEPT those on the VLAN "primary" assigned to the port should have tags on them. Then, on the side of ESX vSwitch, you want to create your virtual machine with the many groups entered the VLAN ID field for each VLAN "secondary" on the ports of Nortel and the VLAN ID field blank for the VLAN "primary". For example, suppose that your four NICs (attributed to vSwitch1) were connected to ports 1, 2, 3 and 4 on the side of Nortel and you had three VLANS, 100, 200, and 300, with VLAN 100 defined as the PVID on each of the four ports. If you want your virtual machines to be able to properly access to all three of these VLANs, to put in place three groups of virtual computer on vSwitch1 ports, one with the VLAN ID set to nothing (for VLAN 100 traffic, because it is not marked), one with the VLAN ID value of 200 and another with the VLAN ID value 300.

  If you use 'Tag All', then you would follow the same procedure, except your first port group (one for traffic VLAN 100) should also have its VLAN ID set to 100.

  Please, help me by awarding points for a 'useful' or 'proper' response if you think it is useful!

  -Amit

• Cisco ASA 5505 site for multiple subnet of the site.

  Hello. I need help to configure my cisco asa 5505.

  I set up a VPN between two ASA 5505 tunnel

  Site 1:

  Subnet 192.168.77.0

  Site 2:

  Have multiple VLANs and now the tunnel goes to vlan400 - 192.168.1.0

  What I need help:

  Site 1, I need to be able to reach a different virtual LAN on site 2. vlan480 - 192.168.20.0

  And 1 site I have to reach 192.168.77.0 subnet of vlan480 - 192.168.20.0

  Vlan480 is used for phones. In vlan480, we have a PABX.

  Is this possible to do?

  Any help would be much appreciated!

  Config site 2:

  : Saved

  :

  ASA Version 7.2 (2)

  !

  ciscoasa hostname

  domain default.domain.invalid

  activate the password encrypted x

  names of

  name 192.168.1.250 DomeneServer

  name of 192.168.1.10 NotesServer

  name 192.168.1.90 Steadyily

  name 192.168.1.97 TerminalServer

  name 192.168.1.98 eyeshare w8

  name 192.168.50.10 w8-print

  name 192.168.1.94 w8 - app

  name 192.168.1.89 FonnaFlyMedia

  !

  interface Vlan1

  nameif Vlan1

  security-level 100

  IP 192.168.200.100 255.255.255.0

  OSPF cost 10

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address 79.x.x.226 255.255.255.224

  OSPF cost 10

  !

  interface Vlan400

  nameif vlan400

  security-level 100

  IP 192.168.1.1 255.255.255.0

  OSPF cost 10

  !

  interface Vlan450

  nameif Vlan450

  security-level 100

  IP 192.168.210.1 255.255.255.0

  OSPF cost 10

  !

  interface Vlan460

  nameif Vlan460-SuldalHotell

  security-level 100

  IP 192.168.2.1 255.255.255.0

  OSPF cost 10

  !

  interface Vlan461

  nameif Vlan461-SuldalHotellGjest

  security-level 100

  address 192.168.3.1 IP 255.255.255.0

  OSPF cost 10

  !

  interface Vlan462

  Vlan462-Suldalsposten nameif

  security-level 100

  192.168.4.1 IP address 255.255.255.0

  OSPF cost 10

  !

  interface Vlan470

  nameif vlan470-Kyrkjekontoret

  security-level 100

  IP 192.168.202.1 255.255.255.0

  OSPF cost 10

  !

  interface Vlan480

  nameif vlan480 Telefoni

  security-level 100

  address 192.168.20.1 255.255.255.0

  OSPF cost 10

  !

  interface Vlan490

  nameif Vlan490-QNapBackup

  security-level 100

  IP 192.168.10.1 255.255.255.0

  OSPF cost 10

  !

  interface Vlan500

  nameif Vlan500-HellandBadlands

  security-level 100

  192.168.30.1 IP address 255.255.255.0

  OSPF cost 10

  !

  interface Vlan510

  Vlan510-IsTak nameif

  security-level 100

  192.168.40.1 IP address 255.255.255.0

  OSPF cost 10

  !

  interface Vlan600

  nameif Vlan600-SafeQ

  security-level 100

  192.168.50.1 IP address 255.255.255.0

  OSPF cost 10

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  switchport access vlan 500

  switchport trunk allowed vlan 400,450,460-462,470,480,500,510,600,610

  switchport mode trunk

  !

  interface Ethernet0/3

  switchport access vlan 490

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  passwd encrypted x

  passive FTP mode

  clock timezone WAT 1

  DNS server-group DefaultDNS

  domain default.domain.invalid

  permit same-security-traffic inter-interface

  permit same-security-traffic intra-interface

  Lotus_Notes_Utgaaande tcp service object-group

  UT og Frim Notes Description til alle

  area of port-object eq

  port-object eq ftp

  port-object eq www

  EQ object of the https port

  port-object eq lotusnotes

  EQ Port pop3 object

  EQ pptp Port object

  EQ smtp port object

  Lotus_Notes_inn tcp service object-group

  Description of the inn og alle til Notes

  port-object eq www

  port-object eq lotusnotes

  EQ Port pop3 object

  EQ smtp port object

  object-group service Reisebyraa tcp - udp

  3702 3702 object-port Beach

  5500 5500 object-port Beach

  range of object-port 9876 9876

  object-group service Remote_Desktop tcp - udp

  Description Tilgang til Remote Desktop

  3389 3389 port-object range

  object-group service Sand_Servicenter_50000 tcp - udp

  Description program tilgang til sand service AS

  object-port range 50000 50000

  VNC_Remote_Admin tcp service object-group

  Description Fra ¥ oss til alle

  5900 5900 port-object range

  object-group service Printer_Accept tcp - udp

  9100 9100 port-object range

  port-object eq echo

  ICMP-type of object-group Echo_Ping

  echo ICMP-object

  response to echo ICMP-object

  object-group service Print tcp

  9100 9100 port-object range

  FTP_NADA tcp service object-group

  Suldalsposten NADA tilgang description

  port-object eq ftp

  port-object eq ftp - data

  Telefonsentral tcp service object-group

  Hoftun description

  port-object eq ftp

  port-object eq ftp - data

  port-object eq www

  EQ object of the https port

  port-object eq telnet

  Printer_inn_800 tcp service object-group

  Fra 800 thought-out og inn til 400 port 7777 description

  range of object-port 7777 7777

  Suldalsposten tcp service object-group

  Description send av mail hav Mac Mail at - Ã ¥ nrep smtp

  EQ Port pop3 object

  EQ smtp port object

  http2 tcp service object-group

  Beach of port-object 81 81

  object-group service DMZ_FTP_PASSIVE tcp - udp

  55536 56559 object-port Beach

  object-group service DMZ_FTP tcp - udp

  20 21 object-port Beach

  object-group service DMZ_HTTPS tcp - udp

  Beach of port-object 443 443

  object-group service DMZ_HTTP tcp - udp

  8080 8080 port-object range

  DNS_Query tcp service object-group

  of domain object from the beach

  object-group service DUETT_SQL_PORT tcp - udp

  Description for a mellom andre og duett Server nett

  54659 54659 object-port Beach

  outside_access_in of access allowed any ip an extended list

  outside_access_out of access allowed any ip an extended list

  vlan400_access_in list extended access deny ip any host 149.20.56.34

  vlan400_access_in list extended access deny ip any host 149.20.56.32

  vlan400_access_in of access allowed any ip an extended list

  Vlan450_access_in list extended access deny ip any host 149.20.56.34

  Vlan450_access_in list extended access deny ip any host 149.20.56.32

  Vlan450_access_in of access allowed any ip an extended list

  Vlan460_access_in list extended access deny ip any host 149.20.56.34

  Vlan460_access_in list extended access deny ip any host 149.20.56.32

  Vlan460_access_in of access allowed any ip an extended list

  vlan400_access_out list extended access permit icmp any any Echo_Ping object-group

  vlan400_access_out list extended access permit tcp any host NotesServer object-group Lotus_Notes_Utgaaande

  vlan400_access_out list extended access permit tcp any host DomeneServer object-group Remote_Desktop

  vlan400_access_out list extended access permit tcp any host TerminalServer object-group Remote_Desktop

  vlan400_access_out list extended access permit tcp any host http2 object-group Steadyily

  vlan400_access_out list extended access permit tcp any host NotesServer object-group Lotus_Notes_inn

  vlan400_access_out list extended access permit tcp any host NotesServer object-group Remote_Desktop

  vlan400_access_out allowed extended access list tcp any host w8-eyeshare object-group Remote_Desktop

  vlan400_access_out allowed extended access list tcp any host w8 - app object-group Remote_Desktop

  vlan400_access_out list extended access permit tcp any host FonnaFlyMedia range 8400-8600

  vlan400_access_out list extended access permit udp any host FonnaFlyMedia 9000 9001 range

  vlan400_access_out list extended access permitted tcp 192.168.4.0 255.255.255.0 host DomeneServer

  vlan400_access_out list extended access permitted tcp 192.168.4.0 255.255.255.0 host w8 - app object-group DUETT_SQL_PORT

  Vlan500_access_in list extended access deny ip any host 149.20.56.34

  Vlan500_access_in list extended access deny ip any host 149.20.56.32

  Vlan500_access_in of access allowed any ip an extended list

  vlan470_access_in list extended access deny ip any host 149.20.56.34

  vlan470_access_in list extended access deny ip any host 149.20.56.32

  vlan470_access_in of access allowed any ip an extended list

  Vlan490_access_in list extended access deny ip any host 149.20.56.34

  Vlan490_access_in list extended access deny ip any host 149.20.56.32

  Vlan490_access_in of access allowed any ip an extended list

  Vlan450_access_out list extended access permit icmp any any Echo_Ping object-group

  Vlan1_access_out of access allowed any ip an extended list

  Vlan1_access_out list extended access permit tcp any host w8-print object-group Remote_Desktop

  Vlan1_access_out deny ip extended access list a whole

  Vlan1_access_out list extended access permit icmp any any echo response

  Vlan460_access_out list extended access permit icmp any any Echo_Ping object-group

  Vlan490_access_out list extended access permit icmp any any Echo_Ping object-group

  Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_FTP

  Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_FTP_PASSIVE

  Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_HTTPS

  Vlan490_access_out list extended access permit tcp any host 192.168.10.10 object-group DMZ_HTTP

  Vlan500_access_out list extended access permit icmp any any Echo_Ping object-group

  vlan470_access_out list extended access permit icmp any any Echo_Ping object-group

  vlan470_access_out list extended access permit tcp any host 192.168.202.10 - group Remote_Desktop object

  Vlan510_access_out list extended access permit icmp any any Echo_Ping object-group

  vlan480_access_out of access allowed any ip an extended list

  Vlan510_access_in of access allowed any ip an extended list

  Vlan600_access_in of access allowed any ip an extended list

  Vlan600_access_out list extended access permit icmp any one

  Vlan600_access_out list extended access permit tcp any host w8-print object-group Remote_Desktop

  Vlan600_access_out list extended access permitted tcp 192.168.1.0 255.255.255.0 host w8-printing eq www

  Vlan600_access_out list extended access permitted tcp 192.168.202.0 255.255.255.0 host w8-printing eq www

  Vlan600_access_out list extended access permitted tcp 192.168.210.0 255.255.255.0 host w8-printing eq www

  Vlan600_access_in_1 of access allowed any ip an extended list

  Vlan461_access_in of access allowed any ip an extended list

  Vlan461_access_out list extended access permit icmp any any Echo_Ping object-group

  vlan400_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.77.0 255.255.255.0

  outside_20_cryptomap_1 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.77.0 255.255.255.0

  outside_20_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.77.0 255.255.255.0

  access-list Vlan462-Suldalsposten_access_in extended ip allowed any one

  access-list Vlan462-Suldalsposten_access_out extended permit icmp any any echo response

  access-list Vlan462-Suldalsposten_access_out_1 extended permit icmp any any echo response

  access-list Vlan462-Suldalsposten_access_in_1 extended ip allowed any one

  pager lines 24

  Enable logging

  asdm of logging of information

  MTU 1500 Vlan1

  Outside 1500 MTU

  vlan400 MTU 1500

  MTU 1500 Vlan450

  MTU 1500 Vlan460-SuldalHotell

  MTU 1500 Vlan461-SuldalHotellGjest

  vlan470-Kyrkjekontoret MTU 1500

  MTU 1500 vlan480-Telefoni

  MTU 1500 Vlan490-QNapBackup

  MTU 1500 Vlan500-HellandBadlands

  MTU 1500 Vlan510-IsTak

  MTU 1500 Vlan600-SafeQ

  MTU 1500 Vlan462-Suldalsposten

  no failover

  Monitor-interface Vlan1

  interface of the monitor to the outside

  the interface of the monitor vlan400

  the interface of the monitor Vlan450

  the interface of the Vlan460-SuldalHotell monitor

  the interface of the Vlan461-SuldalHotellGjest monitor

  the interface of the vlan470-Kyrkjekontoret monitor

  Monitor-interface vlan480-Telefoni

  the interface of the Vlan490-QNapBackup monitor

  the interface of the Vlan500-HellandBadlands monitor

  Monitor-interface Vlan510-IsTak

  Monitor-interface Vlan600-SafeQ

  the interface of the monitor Vlan462-Suldalsposten

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 522.bin

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  vlan400_nat0_outbound (vlan400) NAT 0 access list

  NAT (vlan400) 1 0.0.0.0 0.0.0.0 dns

  NAT (Vlan450) 1 0.0.0.0 0.0.0.0 dns

  NAT (Vlan460-SuldalHotell) 1 0.0.0.0 0.0.0.0

  NAT (Vlan461-SuldalHotellGjest) 1 0.0.0.0 0.0.0.0

  NAT (vlan470-Kyrkjekontoret) 1 0.0.0.0 0.0.0.0

  NAT (Vlan490-QNapBackup) 1 0.0.0.0 0.0.0.0 dns

  NAT (Vlan500-HellandBadlands) 1 0.0.0.0 0.0.0.0

  NAT (Vlan510-IsTak) 1 0.0.0.0 0.0.0.0

  NAT (Vlan600-SafeQ) 1 0.0.0.0 0.0.0.0

  NAT (Vlan462-Suldalsposten) 1 0.0.0.0 0.0.0.0

  static (vlan400, external) 79.x.x.x DomeneServer netmask 255.255.255.255

  static (vlan470-Kyrkjekontoret, external) 79.x.x.x 192.168.202.10 netmask 255.255.255.255

  static (vlan400, external) 79.x.x.x NotesServer netmask 255.255.255.255 dns

  static (vlan400, external) 79.x.x.231 netmask 255.255.255.255 TerminalServer

  static (vlan400, external) 79.x.x.234 Steadyily netmask 255.255.255.255

  static (vlan400, outside) w8-eyeshare netmask 255.255.255.255 79.x.x.232

  static (Vlan490-QNapBackup, external) 79.x.x.233 192.168.10.10 netmask 255.255.255.255 dns

  static (Vlan600-SafeQ, external) 79.x.x.235 w8 - print subnet mask 255.255.255.255

  static (vlan400, outside) w8 - app netmask 255.255.255.255 79.x.x.236

  static (Vlan450, vlan400) 192.168.210.0 192.168.210.0 netmask 255.255.255.0

  (Vlan500-HellandBadlands, vlan400) static 192.168.30.0 192.168.30.0 netmask 255.255.255.0

  (vlan400, Vlan500-HellandBadlands) static 192.168.1.0 192.168.1.0 netmask 255.255.255.0

  (vlan400, Vlan450) static 192.168.1.0 192.168.1.0 netmask 255.255.255.0

  static (vlan400, external) 79.x.x.252 FonnaFlyMedia netmask 255.255.255.255

  static (Vlan462-Suldalsposten, vlan400) 192.168.4.0 192.168.4.0 netmask 255.255.255.0

  static (vlan400, Vlan462-Suldalsposten) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

  static (vlan400, Vlan600-SafeQ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

  static (Vlan600-SafeQ, vlan400) 192.168.50.0 192.168.50.0 netmask 255.255.255.0

  static (Vlan600-SafeQ, Vlan450) 192.168.50.0 192.168.50.0 netmask 255.255.255.0

  static (Vlan600-SafeQ, vlan470-Kyrkjekontoret) 192.168.50.0 192.168.50.0 netmask 255.255.255.0

  static (Vlan450, Vlan600-SafeQ) 192.168.210.0 192.168.210.0 netmask 255.255.255.0

  static (vlan470-Kyrkjekontoret, Vlan600-SafeQ) 192.168.202.0 192.168.202.0 netmask 255.255.255.0

  Access-group interface Vlan1 Vlan1_access_out

  Access-group outside_access_in in interface outside

  Access-group outside_access_out outside interface

  Access-group vlan400_access_in in the vlan400 interface

  vlan400_access_out group access to the interface vlan400

  Access-group Vlan450_access_in in the Vlan450 interface

  Access-group interface Vlan450 Vlan450_access_out

  Access-group interface Vlan460-SuldalHotell Vlan460_access_in

  Access-group interface Vlan460-SuldalHotell Vlan460_access_out

  Access-group interface Vlan461-SuldalHotellGjest Vlan461_access_in

  Access-group interface Vlan461-SuldalHotellGjest Vlan461_access_out

  Access-group vlan470_access_in in interface vlan470-Kyrkjekontoret

  vlan470_access_out access to the interface vlan470-Kyrkjekontoret group

  access to the interface vlan480-Telefoni, vlan480_access_out group

  Access-group interface Vlan490-QNapBackup Vlan490_access_in

  Access-group interface Vlan490-QNapBackup Vlan490_access_out

  Access-group interface Vlan500-HellandBadlands Vlan500_access_in

  Access-group interface Vlan500-HellandBadlands Vlan500_access_out

  Access-group interface Vlan510-IsTak Vlan510_access_in

  Access-group interface Vlan510-IsTak Vlan510_access_out

  Access-group Vlan600_access_in_1 interface Vlan600-SafeQ

  Access-group Vlan600_access_out interface Vlan600-SafeQ

  Access-group Vlan462-Suldalsposten_access_in_1 Vlan462-Suldalsposten interface

  Access-group Vlan462-Suldalsposten_access_out_1 Vlan462-Suldalsposten interface

  Route outside 0.0.0.0 0.0.0.0 79.x.x.225 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout, uauth 0:05:00 absolute

  x x encrypted privilege 15 password username

  the ssh LOCAL console AAA authentication

  Enable http server

  http 192.168.210.0 255.255.255.0 Vlan450

  http 192.168.200.0 255.255.255.0 Vlan1

  http 192.168.1.0 255.255.255.0 vlan400

  No snmp server location

  No snmp Server contact

  SNMP-Server Community public

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  card crypto outside_map 20 match address outside_20_cryptomap_1

  card crypto outside_map 20 set pfs

  peer set card crypto outside_map 20 62.92.159.137

  outside_map crypto 20 card value transform-set ESP-3DES-SHA

  outside_map interface card crypto outside

  crypto ISAKMP allow outside

  ISAKMP crypto enable vlan400

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  tunnel-group 62.92.159.137 type ipsec-l2l

  IPSec-attributes tunnel-group 62.92.159.137

  pre-shared-key *.

  Telnet 192.168.200.0 255.255.255.0 Vlan1

  Telnet 192.168.1.0 255.255.255.0 vlan400

  Telnet timeout 5

  SSH 171.68.225.216 255.255.255.255 outside

  SSH timeout 5

  Console timeout 0

  dhcpd update dns both

  !

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan1

  !

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 outside interface

  !

  dhcpd address 192.168.1.100 - 192.168.1.225 vlan400

  dhcpd option ip 6 DomeneServer 81.167.36.11 interface vlan400

  dhcpd option 3 ip 192.168.1.1 interface vlan400

  vlan400 enable dhcpd

  !

  dhcpd address 192.168.210.100 - 192.168.210.200 Vlan450

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan450

  dhcpd ip interface 192.168.210.1 option 3 Vlan450

  enable Vlan450 dhcpd

  !

  dhcpd address 192.168.2.100 - 192.168.2.150 Vlan460-SuldalHotell

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan460-SuldalHotell

  dhcpd 192.168.2.1 ip interface option 3 Vlan460-SuldalHotell

  dhcpd enable Vlan460-SuldalHotell

  !

  dhcpd address 192.168.3.100 - 192.168.3.200 Vlan461-SuldalHotellGjest

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan461-SuldalHotellGjest

  dhcpd ip interface 192.168.3.1 option 3 Vlan461-SuldalHotellGjest

  dhcpd enable Vlan461-SuldalHotellGjest

  !

  dhcpd address 192.168.202.100 - 192.168.202.199 vlan470-Kyrkjekontoret

  interface of dhcpd option 3 ip 192.168.202.1 vlan470-Kyrkjekontoret

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan470-Kyrkjekontoret

  dhcpd enable vlan470-Kyrkjekontoret

  !

  dhcpd option 3 192.168.20.1 ip interface vlan480-Telefoni

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan480-Telefoni

  !

  dhcpd address 192.168.10.80 - 192.168.10.90 Vlan490-QNapBackup

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan490-QNapBackup

  dhcpd 192.168.10.1 ip interface option 3 Vlan490-QNapBackup

  !

  dhcpd address 192.168.30.100 - 192.168.30.199 Vlan500-HellandBadlands

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan500-HellandBadlands

  dhcpd ip interface 192.168.30.1 option 3 Vlan500-HellandBadlands

  dhcpd enable Vlan500-HellandBadlands

  !

  dhcpd address 192.168.40.100 - 192.168.40.150 Vlan510-IsTak

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan510-IsTak

  dhcpd 3 ip Vlan510-IsTak 192.168.40.1 option interface

  Vlan510-IsTak enable dhcpd

  !

  dhcpd address 192.168.50.150 - 192.168.50.199 Vlan600-SafeQ

  dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan600-SafeQ

  Vlan600-SafeQ enable dhcpd

  !

  dhcpd address 192.168.4.100 - 192.168.4.150 Vlan462-Suldalsposten

  interface option 6 ip DomeneServer 81.167.36.11 Vlan462-Suldalsposten dhcpd

  interface ip dhcpd option 3 Vlan462-Suldalsposten 192.168.4.1

  Vlan462-Suldalsposten enable dhcpd

  !

  !

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  message-length maximum 512

  !

  context of prompt hostname

  Cryptochecksum:x

  : end

  Site 1 config:

  : Saved

  :

  ASA Version 7.2 (4)

  !

  ciscoasa hostname

  domain default.domain.invalid

  activate the password encrypted x

  passwd encrypted x

  names of

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.77.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  PPPoE Telenor customer vpdn group

  IP address pppoe setroute

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  switchport access vlan 15

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  passive FTP mode

  DNS server-group DefaultDNS

  domain default.domain.invalid

  outside_access_in list extended access permit icmp any any disable log echo-reply

  access extensive list ip 192.168.77.0 outside_1_cryptomap allow 255.255.255.0 192.168.1.0 255.255.255.0

  access extensive list ip 192.168.77.0 inside_nat0_outbound allow 255.255.255.0 192.168.1.0 255.255.255.0

  pager lines 24

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 524.bin

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 1 0.0.0.0 0.0.0.0

  Access-group outside_access_in in interface outside

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  Enable http server

  http 192.168.77.0 255.255.255.0 inside

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  card crypto outside_map 1 match address outside_1_cryptomap

  card crypto outside_map 1 set pfs

  peer set card crypto outside_map 1 79.160.252.226

  card crypto outside_map 1 set of transformation-ESP-3DES-SHA

  outside_map interface card crypto outside

  crypto ISAKMP allow inside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet 192.168.77.0 255.255.255.0 inside

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  VPDN group Telenor request dialout pppoe

  VPDN group Telenor localname x

  VPDN group Telenor ppp authentication chap

  VPDN x x local store password username

  dhcpd outside auto_config

  !

  dhcpd address 192.168.77.100 - 192.168.77.130 inside

  dhcpd dns 192.168.77.1 on the inside interface

  dhcpd option 6 ip 130.67.15.198 193.213.112.4 interface inside

  dhcpd allow inside

  !

  dhcpd option 6 ip 130.67.15.198 193.213.112.4 outside interface

  !

  tunnel-group 79.160.252.226 type ipsec-l2l

  IPSec-attributes tunnel-group 79.160.252.226

  pre-shared-key *.

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  !

  global service-policy global_policy

  context of prompt hostname

  Cryptochecksum:x

  : end

  Hello

  The addition of a new network to the existing VPN L2L should be a fairly simple process.

  Essentially, you need to add the network of the Crypto present ACL configurations "crypto map" . You also need to configure the NAT0 configuration for it in the appropriate interfaces of the SAA. These configurations are all made on both ends of the VPN L2L connection.

  Looking at your configurations above it would appear that you need to the following configurations

  SITE 1

  • We add the new network at the same time the crypto ACL and ACL NAT0

  access extensive list ip 192.168.77.0 outside_1_cryptomap allow 255.255.255.0 192.168.20.0 255.255.255.0

  access extensive list ip 192.168.77.0 inside_nat0_outbound allow 255.255.255.0 192.168.20.0 255.255.255.0

  SITE 2

  • We add new ACL crypto network
  • We create a new NAT0 configuration for interface Vlan480 because there is no previous NAT0 configuration

  outside_20_cryptomap_1 to access extended list ip 192.168.20.0 allow 255.255.255.0 192.168.77.0 255.255.255.0

  Comment by VLAN480-NAT0 NAT0 for VPN access-list

  access-list VLAN480-NAT0 ip 192.168.20.0 allow 255.255.255.0 192.168.77.0 255.255.255.0

  NAT 0 access-list VLAN480-NAT0 (vlan480-Telefoni)

  These configurations should pretty much do the trick.

  Let me know if it worked

  -Jouni