Destination hub NATing 3000
Hello
I want NAT address of destination (with a "real" remote device) on my Cisco VPN 3000 Concentrator.
Reason for this is the network administrator remote does not wish to make any NATing to an end, and we can't have private IP 10.x.x.x addresses in our network 172.16.x.x, so I need NAT IP address of the server to one of our internal addresses on the VPN concentrator.
NATing my outbound address is fine (standard procedure) I just to need to do the 'destination' from.
Thanks for your help
I do not think that this is supported on the VPN concentrator
Tags: Cisco Security
Similar Questions
-
Unable to connect hub ASA5505 3000
Hello world
I followed the document
but I am still unable to get my ASA to connect. I think it's because of the ISP DSL router, but I'm not sure. I even enabled NAT - T, but that did nothing. Here is my layout:
ASA-> router DSL-> Internet-> hub
ASA inside: 10.103.0.1
ASA outdoors: 192.168.1.250
DSL with LAN router: 192.168.1.254
DSL with WAN router: 148.X.X.X
Hub: 24.X.X.X
Concentrator LAN: 172.16.0.1
Here's my config too with some debugs. Can someone enlighten us please? Thank you.
Newspapers don't help sorry
Debug crypto isakmp 127
Debug crypto ipsec 127
encryption of debugging engine
show the details of its crypto isakmp
view in detail its crypto ipsec
It might be the Phase 1 identity also. ASA agrees and moves on the Phast 1, but reject VPNC.
Also if possible IKE, IPSECDBG IKEDBG, IPSEC, VPNC logs.
Concerning
Farrukh
-
Hi all
I need to change my actual lan-to-LAN vpn configuration in host-to-lan, and I have a few questions. Maybe someone here can help me.
Current configuration:
SITE A:
-cisco 892
-subnet: 192.168.1.0/24
SITE B:
-hub cisco 3000
-subnet 192.168.2.0/24
I have access to only the site router.
Currently, all clients in the site one can reached site B and vice versa.
Here are my ACLs of the SITE a router:
ip permit 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
Now, I need to change the vpn config in:
-vpn ipsec must be configured between 192.168.2.0/24 (SITE B) and 10.1.1.1/32 (ip protocol used for the nat all clients from SITE A to SITE B)
SITE A router ACL shoul become:
permit host 10.1.1.1 ip 192.168.2.0 0.0.0.255.
All SITE A clients who want to join the SITE B are nat - ed by 10.1.1.1. SITE B cannot reach subnet A SITE, only 10.1.1.1
Now the questions:
IP address 10.1.1.1 shoul be configured on a loopback interface?
How the nat configuration?
Thank you very much.
Hello Richard,.
10.1.1.1 will be configured on loopback interaface. Here's the basic config->
interface Loopback0
10.1.1.1 IP address 255.255.255.255
NAT outside IP
!
interface FastEthernet0/0
IP 192.168.1.1 255.255.255.0
IP nat inside
!
interface FastEthernet0/1
IP 23.0.0.2 255.255.255.0
NAT outside IP
card crypto WCPA
!
overload of IP nat inside source list VPN_NAT_ACL interface Loopback0
!
VPN_NAT_ACL extended IP access list
ip permit 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
VPN_TRAFFIC_ENCRYPT extended IP access list
permit host 10.1.1.1 ip 192.168.2.0 0.0.0.255
Best regards
Please note all useful messages and close issues resolved
-
Hello
Why do I buy a double as Dear customer Hardware 3002 instead of a router 800?
Kind regards
Rutgrt
No reason really to get a.
What you can do with a 3002 hardware client is basically push the BONE for her to the central site, if your central site is running a hub of 3000.
Manage the centralized configuration is better on a 3002.
And these two "advantages" are really useful if you use a concentrator 3000 series on your central site.
The 3002 is also certain amount of firewalls on its WAN. You can make IOS Firewall on 800 routers too using an IOS image.
So, if you have no particular reason to just get the 800 router.
-
Series 3000 VPN hub with SSL problem
I use the http access to the vpn concentrator and install SSL on the page using IE 6. I open the file and installed successfully with the certificate in IE can I view the contents of the certificate through IE.
I allow cookies and java script of the security for IE tab. Why can I still access using https? Any other configuration that I left out? I use https to access the private interface have private ip address.
Kind regards
Sam
If you have been set up the certificate in a test environment, it may have the wrong IP address. Check under Administration | Management certificate that the IP address of your SSL certificate has the IP address of your interface. If you have changed the IP address since the generation of the certificate, it will no longer work. I'm assuming that you have configured everything properly under Configuration. System | Management protocols. SSL.
It will be useful,
Mark
-
Drivers (Asio?) Center Audio/USB multimedia Hub
Hello
I'm looking for drivers for Multimedia Center Audio/USB Hub and for the Asio drivers for it. I can't find! Can you help me?
Hector.
Hello
Well, I'm not 100% sure what you are looking for but maybe this information I found on these sites will help you:
http://Downloads-ZDNet.com.com/USB-audio-ASIO-driver/3000-2120_2-10108225.html
http://www.asio4all.com/ -
How can I sync the keyboard wireless with the hub?
I have a 1 ms wireless keyboard. 0 has and can not find the right button to synchronize with the hub.
Can you help me?
JoAnne
I have a 1 ms wireless keyboard. 0 has and can not find the right button to synchronize with the hub.
Can you help me?
JoAnne
The designation "1. 0a"seems to be a version number, and not a model number. As a general rule, MS wireless keyboards have the numbers of models such as 1000, 3000, 6000, etc.. See, for example, http://www.microsoft.com/hardware/mouseandkeyboard/ProductList.aspx?type=Keyboard&additionalType=Sets&techId=WirelessTechnology
I think Microsoft "Documentation" for the products of its keyboard and mouse to be pretty pathetic, so even if you had provided the model number, chances are that the documentation would not help a lot.
Some of the products of Microsoft wireless keyboard and mouse have sync buttons and some do not. See http://support.microsoft.com/kb/838398 for some pictures and tips on the sync'ing of these products.
If your keyboard has a button, it will be small and should be ironed with something like a ball point pen. See this video: http://www.microsoft.com/showcase/en/us/details/c0b359ba-ead6-4298-aa46-6b943ffb8e2e
-
I use microsoft picture it, version 2000. This software has been a recurring problem, first of all just slow down my computer when saving a photo, now not even open. I have over 3000 photos saved in this version. What should I do, Ken
FWIW... MS Picture It! 2000 is an obsolete program and will continue to cause problems, even if you manage to find a way to run it. If you have the original install CD... It may be interesting to try to uninstall/reinstall the program, but there may be problems if you are running Internet Explorer 7 or 8. You can also try running them in Compatibility Mode for Windows 2000.
I would certainly create a system restore point before uninstall/install any software.
I can only imagine that you have saved your pictures to .mix format which is not compatible with other image editing software.
IMHO... your best bet for the future would be to convert the .mix in .jpg or .png format files so they would be compatible with current image editing software.
There is always a trial of 60 days of MS, Digital Image Suite 2006 download. This software will be compatible with your .mix files and using the MiniLab you can batch convert them in .jpg format. (the number of files that you can convert at any given time will depend on your system resources I'm guessing 50 might be a place to start)
(FWIW... it's always a good idea to create a system)
Restore point before installing software or updates)Microsoft Digital Image Starter Edition 2006
http://www.Microsoft.com/downloads/details.aspx?FamilyId=7C3B3DED-A15F-48C5-B724-7796FE8C151E&displaylang=enAnother option...
If they are single image files created in
MS Picture It! and aren't projects in layers...
(pages album, greeting cards, collages, etc.)
the following information should be helpful to you:The evaluation version of PolyView may allow
lot to reformat your bigger .mix files
quantities.You can download an evaluation copy to the
following link:(FWIW... it's always a good idea to create a system)
Restore point before installing software or updates)PolyView
www.Polybytes.com
(Go to...) Downloads / PolyView 4.43 Setup
Program)When you open PolyView... go to...
File / Format Conversions...Navigate to the folder that your .mix files
recorded in and open the drop window and
Choose "All Files".On the left, click on the button "add all".
On the left, click on the button "continue"...
Choose your JPEG Format 'Destination '.
Choose your JPEG quality... 100
Choose a 'Destination folder '...
Left click on the button 'start '.
Good luck...
-
Microsoft wireless mobile mouse 3000 will not connect
I had a mobile wireless 3000 microsoft mouse when I put my mouse usb pen in the computer it flashes green but then it turns green, but my connector on my mouse is, nt connect to my pointer on the computer could please tell me the convenience store ive tired to put it in different usb ports & he even doe work of the sww.
Hello
You need get the latest mouse drivers and make them ready to re - install (perhaps several times).
Download - SAVE - go to where you put them - when ready Right Click on - RUN as admin.
Tips for solving problems of USB devices - and a Mr Fixit
http://windowshelp.Microsoft.com/Windows/en-us/help/c39bd203-f729-47a4-8351-83291e13c8a81033.mspx#EGBPanel configuration-Device Manager - click in the empty box - then DISPLAY - view hidden now devices look everywhere EXCEPT the USB controllers for your device (cannot be found) and if find you it do a RIGHT CLICK and UNINSTALL all. The device is your mouse or similar. Now go to the USB and UNINSTALL ALL controllers in the category, but the category itself. APPLY/OK - REBOOT
Try to install your mouse like new.
Software MS - is of latest version 8.x, which just came out
http://www.Microsoft.com/hardware/download/download.aspx?category=MKThis refresh battery USB and hopefully it will allow the unit to install. (Possibly a hub powered).
Here is the similar procedure under XP, Vista is the same, except that we need to clear the specific device if present.
http://support.Microsoft.com/kb/310575This is a utility to help you, but do 1 above.
USBDeview is a small utility that lists all USB devices currently connected to your computer, as well as all USB devices that you previously used. Run Options and check the 1st three choices to see if one is there. Try to remove all instances and restart then plug in the mouse.
http://www.NirSoft.NET/utils/usb_devices_view.htmlAgain try to install your mouse like new.
===============================
If nothing works:
Wireless 3000 has a 3 year warranty
http://www.Microsoft.com/hardware/mouseandkeyboard/ProductDetails.aspx?pid=005&active_tab=systemRequirementsWarranty
http://www.Microsoft.com/hardware/warranties.mspxI hope this helps.
--------------------------------------------------------------------------------------------
Rob Brown - Microsoft MVP<- profile="" -="" windows="" experience :="" bicycle="" -="" mark="" twain="" said="" it=""> -
My Notebook Optical Mouse 3000 is not recognized.
My mouse worked properly today, but later is no longer is recognized. I have tried all usb ports, reinstalled the software, download the new drivers from microsoft... None of the time worked. The lights are flashing, but it doesn´t work.
Someone has an idea?
PS: Footstool of Windows 7.
Hello
You did some of them however here is just in case troubleshooting tool.
-------------
You need get the latest mouse drivers and make them ready to re - install (perhaps several times).
Download - SAVE - go to where you put them - when ready Right Click on - RUN as admin.
Tips for solving problems of USB devices - and a Mr Fixit
http://windowshelp.Microsoft.com/Windows/en-us/help/c39bd203-f729-47a4-8351-83291e13c8a81033.mspx#EGBControl Panel - Device Manager - click in the empty area - VIEW - show hidden devices
Now look everywhere EXCEPT the USB controllers for your device (cannot be found) and if you
he find the RIGHT CLICK and uninstall them all. The device is your mouse or similar.now go to the USB and UNINSTALL ALL controllers in the category, but the category itself.
APPLY/OK
RESET
Try to install your mouse like new.
Software MS - is of latest version 8.x, which just came out
http://www.Microsoft.com/hardware/download/download.aspx?category=MKThis refresh battery USB and hopefully it will allow the unit to install. (You may need a)
powered hub)Here is the similar procedure in XP, Vista is the same, except that we need to clear the specific
device if present.
http://support.Microsoft.com/kb/310575This is a utility to help you, but do 1 above.
USBDeview is a small utility that lists all USB devices currently connected to your
computer, as well as all USB devices that you previously used. Run Options and check
the 1st three choices to see if there are here. Try to remove all instances and restart
then plug in the mouse.
http://www.NirSoft.NET/utils/usb_devices_view.htmlAgain try to install your mouse like new.
===============================
If nothing works:
Notebook Optical 3000 has a 3 year warranty
http://www.Microsoft.com/hardware/mouseandkeyboard/ProductDetails.aspx?pid=064Warranty
http://www.Microsoft.com/hardware/warranties.mspxClaims of Microsoft Hardware
Supported MS material and warranty claims & Tech Support 1-800-936-5700 for MS
Material. They will replace the mouse if it cannot be implemented properly if it is still
under the guarantee. Mouse has 90 days tech support from the date of the 1st incident which should
say that it will cost you nothing (except if you called the mouse in the past).I hope this helps.
Rob Brown - MS MVP - Windows Desktop Experience: Bike - Mark Twain said it right.
-
Is it possible to use hub dual double cloud in Phase 1 DMVPN?
Hello, I'm studying DMVPN in Phase 1. I'm doing a lab where I have 2 hubs and 2 spokes connected through 2 providers. In DMVPN phase 1, what I understand, destined for the tunnel must be configured manually (gre tunnel mode is point to point). But for each ray, I have 2 hubs. How can I specify addresses NBMA the two poles of the same tunnel interface IP spoke? I can only specify a single destination tunnel, then a hub.
Hubs do not need four interfaces in this case, one by ISP is enough. You end up with the following connections by talk:
Tun1-isps1 <->Tun1-isps1-Hub1
Tun2-isps1 <->Tun1-isps1-Hub2
Tun3-ISP2 <->Tun2-ISP2-Hub1
Tun4-ISP2 <->Tun2-ISP2-Hub2 -
DMVPN hub & spokes multiple w / same subnet
I have several (about 70) sites, but each site has the exact same LAN (192.168.2.0/24) each site has an ISR800.
To my home office, I have a configured (ISR4331) DMVPN hub. To my home office, I have a network that each of the customers on my shelves need to access (192.168.10.0/24).
Any other access to the customers talk should go directly to the internet through this connection wan routers. Rays will never talk to each other.
My tunnels are all in the 172.16.0.0/23, with \172.16.0.1 being the hub network.
What is the best way to do it? I feel like some sort of NAT would be the solution, but do not know what direction to look in. I found that other positions on duplicate networks, but only for duplication of unique network... not 70 x.
I think I'd be considered for use instead of DMVPN EasyVPN server. He can do NAT for you automatically.
Otherwise if you use DMVPN, then Yes, you will need to NAT each LAN to address IP Tunnel. Just treat the external interface of Tunnel like any other IP address. You will need to use a road map to match the traffic destined for the Internet interface and another for traffic going to the Tunnel interface.
Something like:
ip nat inside source route-map NAT-TUNNEL interface Tunnel0 overloadip nat inside source route-map NAT-INTERNET interface Dialer0 overload access-list 105 permit ip 192.168.2.0 0.0.0.255 any route-map NAT-TUNNEL permit 10 match ip address 105 match interface Tunnel0!route-map NAT-INTERNET permit 10 match ip address 105 match interface Dialer0
-
Hi guys,.
I'm working on the creation of a vpn between a vpn 3000 and a
point of control, the problem I have on the vpn3000 is that if I do not have
Select "reverse road injection" it won't establish the vpn.
I thought she might have because the roads of local lan did not exist
on the vpn 3000, so I added static to match the list of the network, but it
still wouldn't go out, as soon as I activate the reverse road injection it
works very well.
any ideas?
Thank you
Adam Baxter.
Adam,
Take out the static routes and also injection Road opposite say-able.
Activate the logs on the hub of gravity 1-13 for IPSEC & IPSECDBG, IKE, AUTH, IKEDBG, AUTHDBG.
Try to send a ping to the interesting traffic. Capture logs and send them to this post, let me take a look and see if there is a question that jumps.
See you soon
Gilbert
-
Console Cable - Cisco VPN 3000 Concentrator
Where can I get a cable from the console to the Cisco VPN 3000 Concentrator? The place I bought the hub of not sent me one with it.
Thank you
JP
JP,
Console port for the concentrator vpn being complient rs-232, you can buy two female DB9 to RJ45 / adapters, one for the concetrator and one for the PC to use in the COM1 port, then use a regular straight through CAT5 cable, that's the way I do and it is convenient as suppose to use the straight through serial rs-232 cable.
http://www.sealevel.com/product_detail.asp?product_id=787
With regard to the regular cable this hub comes with you can use it.
http://www.stonewallcable.com/product.asp?Dept%5Fid=35&PF%5Fid=SC%2DS9%2DFF
Adidtional information for your initial hub seup -.
http://www.Cisco.com/univercd/CC/TD/doc/product/VPN/vpn3000/3_6/getting/gs2inst.htm#1050260
Concerning
PLS rate useful posts
-
L2l IPSec VPN 3000 and PIX 501
Hello
I have a remote site that has a broadband internet connection and uses a PIX 501. We wanted to connect them with our main office using our VPN 3000 via VPN site-to-site.
I followed the following documentation:
However the L2L session does not appear on the hub when I check the active sessions.
The network diagram, as well as the PIX config and the screenshots of the VPN configuration for the IPSec-L2L tunnel is attached.
Any help or advice are appreciated.
I just noticed that the PIX firewall, the phase 1 paramateres are not configured. You must configure the same PASE 1 and phase 2 settings on both ends of the tunnel.
For example, on CVPN 3000, you have configured settings Phase 1 as 3DES, pre-shared key etc... We have the same configuration on the PIX firewall too.
Here is an example of sample config
I hope this helps!
Maybe you are looking for
-
A lot of cookies since the upgrade to El Capitan
With the Mountain Lion, I'd end up usually with 15 to 20 cookies. Since the upgrade to El Capitan, and using the same sites, I find myself with cookies from 80-90. The cookie setting is "allow Web sites I visit." I was wondering if I need to chang
-
IDE #1 ERROR at the start of Satellite Pro 2100 Series
Hello... I'm an IDE #1 ERROR displayed at startup of the computer. My CD/DVD player does not seem to be recognized (in the Device Manager the drive is not displayed) and certainly does not at all. I have installed a new CD/player player, this is the
-
When I connect to this web site, it opens the game screen. When I then go to a different location in the game. It resets back to log in to the new screen.but it works fine on all other sites. URL of affected sites http://S3.travian.co.UK/dorf1.php
-
Hi all I have a very general question regarding the order of byte to a dll. I have a dll that was compiled on a little endian machine. I want to use this dll in my application and my machine is big endian. So, in my application, before sending the da
-
Blue Screen of Death: Driver IRQL not less or equal (Windows 8.1)
My computer has started planting after that some time ago, I downloaded batch of Windows updates. It became unbearable now and try to find the source. I guess it is somewhere a driver that generated the error. -J' found leaving delivers makes it inac