How in CISCO

I have the following configuration:

Private network <->SW <->CISCO VPN <->MODEM to ISP

I have party VPN configured and working properly. I have a computer in the private network to the static address 192.168.1.100 and an application runs on this subject on the tcp port 8100 for customers.

Now, I need to connect over the Internet to the application on 192.168.1.100 on port 8100.

How to configure the CISCO router before inbound tcp port 8100 to machine 192.168.1.100?

ISP modem will discount all traffic to CISCO device.

Thank you

Hello

Well, I said public_ip just in case you want to use a different IP address to the external interface of the router.

The extensible keyword allows the user to configure several translations static ambiguous, where an ambiguous translation is translations with the same local or global address.

Example from a position of the SCC

IP nat inside source static x.x.x.x y.y.y.y extensible

IP nat inside source static x.x.x.x z.z.z.z extensible.

When a packet comes from outside for insde with destination

It will be sent to x.x.x.x y.y.y.y or z.z.z.z address,

Kind regards

Note all useful posts

Julio

Tags: Cisco Security

Similar Questions

Control global NAT in ASA, how on Cisco ISR

How do I do this in a Cisco Integrated Services Router?

Global (outside) 2 192.168.96.48 mask 255.255.255.255 subnet
NAT (inside) 2-list of access nat_vpn

Try below

!

access-list 100 permit ip 192.168.96.48 0.0.0.0 all

!

permit LOCAL - route 1
corresponds to the IP 100
match interface xx

!

IP nat inside source route-map interface LOCAL xx

How can Cisco ucs c220 m4 I start with 12g cisco sas controller? 2012 UEFI Server installation issues

first time with cisco ucs c220 m4, check my photos

You have a VD 11TB.

Only way to start on this is by using UEFI.

You need to activate UEFI in the boot order.

Anything over 2 TB and more 4 K sector size readers require the UEFI boot option.

BIOS will not process the VDs when manages UEFI.

Kirk...

Summary for those who seek a similar question:
- Client a large VD created, 11TB
- 2 TB and more, 4K sector drives, require boot UEFI + GPT, cannot use the legacy/MBR
- To set startup to local HD option, that referenced the PCI-E Slot, the raid controller was in (HBA slot in this case)
- UEFI mode, can't score a VD as "bootable disk / startup.
- You will see not the VD/raid controller appear in the 'real' boot order during the OS install.
- Once the installation of the OS compatible UEFI is made, it will create a UEFI boot to the operating system "Windows Boot Manager" entry in our case.
- After the next reboot, if you check your boot order, you should see this UEFI OS boot manager entry.

Y at - it a video that explains, technically, how the Cisco Tel?

Looking for technical tutorial

Hi Steve,.

You can refer to this document for MX300 and EX90 link if this helps-

http://www.Cisco.com/en/us/docs/Telepresence/endpoint/ex-series/TC6/user_guide/ex60-ex90_user_guide_tc60.PDF

http://www.Cisco.com/en/us/docs/Telepresence/endpoint/MX-series/TC6/administration_guide/MX-series_administrator_guide_tc60.PDF

Configuration Cisco AP 2600 (AIR-CAP2602I-E-K9) and Cisco 2500 wireless controller?

This is the first time that I work with this type of devices (Cisco Ap 2600 (AIR-CAP2602I-E-K9) and wlc 2500)... my experience to the CCNP (router and Switch)

How configuration Cisco Ap 2600 (AIR-CAP2602I-E-K9) and wlc 2500?

Please find attachment (Cisco device map)

Hello

Here are the docs for you to configure the Basic for AP switch port configuration IE 2600 s and wlc.

WLC port must be configured as a trunk.

Port of the AP must be access.

CAP2600 series requires software 7.2.110.0 wlc minimum (make sure you have it or above release)

Upgrade if you follow it.

http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00805f381f.shtml

1. http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080665cdf.shtml (SW port configs)

2. http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml

(Another thing very importand, discovery mechanism, choose properly)

If you choose the option dhcp 43, it uses the TLV format. Type is always f1, the length is 4 * (wlc number for which you want to provide discovery for, in your case) Value = Hex conversion of the wlc management ip address.

A video for the process of

http://www.youtube.com/watch?v=oOh_Iv1CHxQ.

Thank you

Sahil

The ACE IPS Cisco and Cisco ASA AIP - SSM (IPS)

Is there a difference between the features offered by the Cisco ACE IPS and Cisco ASA AIP - SSM (IPS) devices?

Can we do without Cisco ASA AIP - SSM (IPS) of 'only' configuration/implementation Cisco ACE IPS.

Cisco AVS/ACE emphasis on commissioning and to secure web-based applications. IP addresses do not focus on just the web applications and trying to get the multiple layers of the OSI stack. Consider the IPS as a general practitioner and the ACE/AVS as an eye surgeon, or something :)

Here is the response from Cisco itself:

http://www.Cisco.com/en/us/prod/collateral/modules/ps2706/ps6906/prod_qas0900aecd8045867c_ps6492_Products_Q_and_A_Item.html

Q: how is Cisco AVS Firewall application differs from an intrusion prevention system (IPS)?

A. IPSs are solid solutions of protection against targeted attacks of known vulnerabilities in major platforms such as Windows, Solaris, Apache or Microsoft Internet Information Services (IIS). Cisco AVS excels to protect against targeted attacks Web sites or enterprise applications. These applications can be built custom internal applications or software vendor. Signatures and security patches are generally not available for these types of applications, and building these security levels in each application, it would be almost impossible.

Q: how is Cisco AVS Firewall application differs by a network firewall?

A. The Cisco AVS 3120 and Firewall network such as the Firewall of Cisco PIX® and Cisco ASA 5500 Series Adaptive Security appliances are complementary products. The application Cisco AVS Firewall secures Web applications; excellent network in the network security firewall. and the Cisco AVS provides defense in depth for Web applications.

Firewall network apply policy networks, IP addresses and ports; they have a wide range of application for many different protocols layer features. The firewall can and will be deployed in many locations, including the edge, edge of the enterprise network, branch, etc. Cisco AVS imposed the policy on data HTTP as URL, headers and parameters. Cisco AVS is deployed in the data center in front of Web applications

Concerning

Farrukh

How IPsec counterparts know remote peer is dead?

How IPsec counterparts know remote peer is dead? Now, I need config IPSec between a Cisco router and the other router in a case, but the cisco router can not know the remote peer is dead, so the IPsec conversation cannot switch to a different path when the primary path is down

How the cisco ipsec Protocol can detect the dead to implement ipsec other providers?

They do not. There is nothing in the ipsec specification to make it work. Cisco has a patented method that they added as an optional parameter for many of their devices, but given that a device not cisco into the mix, you're out of luck.

Your only option is probably declining life expectancy of the SAs, so that they are renegotiated more frequently. This will probably increase above if

IP unknown 'show interface authentication session '.

We currently use 802. 1 x with EAP - TLS based machine authenctication and each example cisco has the IP address when you place an order show authentication session interface. Our of appears as unknown for the IP address. Authenticate us through ACS 4.0 and I can't find anything on how to cisco for that switch to retrieve the IP address. Is this a configuration problem or is there a function that we do not?

Hello

try running the command switch (config) #ip - analysis of device

I assume that the user is authenticated.

hope this helps

MIMO 5 GHz outdoor deployment.

Hello..

We are interested in adding 5 GHz N MIMO to our existing 2.4 ghz wifi outdoor hotspots. We currently have 3 x 1310 ap popular with off-road MSO24014 antennas (seen in the photo attached) at the top of the towers of 19 feet...

I'm looking to either 3 x 1532E AP is paired with 8 dBi antennas AIR-ANT2588P3M-N or 3 x 2603 paired with the AIR-ANT2566P4W-R antenna 6dBi.

Here are my questions:

The 1532E has a 27dbi tx power (500mw), while the 2603 has only one power TX 23 dbi (200mw)... Both are obviously better than the 1310's 20dbi tx (100 MW) power. But how much is too much? It seems that these 1532e to complete tx paired with 2588P3M antenna 8 dbi could push the signal too far for mobile devices respond.

I'm curious to know how a cisco dbi omni antenna 5 run on these tours if it is mounted on the structure of the metal tower. The towers would not a time due to obvious reflection size would be the cause?

I thought to put the antennas around the mark of 17 feet...

My goal is to make the existing towers while leaving the 2.4gh only pure 5 GHz N MIMIO. Bringing cellular coverage in good quality coverage but not too much because he is an RV Park.
```
I'm curious how an omni 5 dbi cisco antenna would perform on these towers if mounted on the metal tower structure. Would it be a waist of time due to the obvious reflection pattern the towers would cause?
```
The antenna you will use are directional antenna. The "reflection" of the tower is very neglibable.
```
I was thinking about placing the antennas around the 17 foot mark.
```
You tilt the antenna patch up a few degrees to the ground.

The question you have is that roof of these recreational vehicles are made of metal. Unless you have an external antenna that comes out, the signal, or some of them will be bouncing off the roof.
```
But how much is too much? It seems like these 1532e's at full tx paired with the 8 dbi 2588P3M antenna might push the signal too far for mobile devices to respond
```
Your assumption is correct. Too much power does not guarantee that the antenna could pick up the response from customers. Another thing, how do you intend to deploy the AP and the antenna. More co - ax between the AP and the antenna cable more signal loss is going to be.

SGE2010P Simple question

Hello

I was wondering if the SGE2010P is supported by the COP. If not, are there plans to provide support for the COP? The last firmware update was published December 11, 2009 and was the 3.0.0.18 version. For me this bodes well for future updates of the software.

Also makes me wonder how long Cisco intends to support this line of Small Business Switches.

If some information could be provided in this regard, I would be grateful.

Thank you.

We intend to deliver a maintenance release to fix a bug for the family of switches EMS and EMS over the next two months. You can expect to see that posted on the download page of cisco.com.

While the EMS/EMS switches do not support CDP, we have a next version 1.1 for the 300 series switches that will support this capability. Additional support to deliver is a CLI and Auto Smartports issue. This firmware is also expected to be delivered over the next two months. The 300 series switches already support LLDP-MED today with IPv6 and a number of other functions.

Two points I'll make on the calendar of our outings. First of all, we do a huge amount of products and solutions of the tests with the products through several categories - switching, wireless, voice, monitoring, storage, etc. - which makes the time between versions a little longer. We take very seriously the quality of the products. Second, the capacity of the service in these products exceed similar for comparable products of competitors. See the following 3rd party the Tolly Group as independent evidence of test report:

https://supportforums.Cisco.com/docs/doc-15345

ACS Express 5.0 - "SSO" does that mean?

Hi all,

datasheet ACS Express 5.0 States: "Cisco ACS Express supports a maximum of 50 clients AAA and 350 single user connections in a 24 hour period.

It is clear, what is the meaning of max 50 clients AAA... actually, what is not clear about the authentication of 350 unique users max.

If I use 802.1 IBNS with PEAP-MSCHAP to make machine authentication authentication of each machine will be considered a single logon... huh? What happens if there is no laptop assigned to sales that has spent a lot of time in the Office?

Whenever these laptops reconnect to the network wil count as additional logging or and increase the connection of one meter or since this laptop is already authenticated on the morning t will not be counted as a single additional connection...

My question is related to the fact that I have a client who wanto to introduce IBNS-802. 1 X, but have 'only' 20-25 clients AAA and up to 200 users (where about 100 are portable)... and using ACS 5.0 redundantly will be too expensive...

Thanks for a response

Omar

The ACS Express 5.0 device is designed for a maximum of 350 users. This limit does not apply number of connections.

Cisco Secure Access Control Server Express 5.0 QA

http://www.Cisco.com/en/us/prod/collateral/netmgtsw/ps5698/ps6767/ps8543/ps8724/prod_qas0900aecd806d3a4d.html

Q: how is Cisco Secure ACS Express positioned compared to Cisco Secure ACS for windows (ACS) and Cisco Secure ACS Solution Engine (ACS SE)?

A. ... Cisco Secure ACS Express is well suited for deployments that need a solution of access control for less than 350 users and 50 aircraft. This product is intended to be used for small and medium enterprises, retail sites and branches of companies where customers need a GUI easy to use yet require an approach that is comprehensive but simple features and a lower price point to address to the needs of their specific deployment.

For a detailed feature set, please refer to the Cisco Secure ACS Express data sheet at http://www.cisco.com/go/acsexp...

Lync 2013, what is the solution

To date, Lync 2013 is compatible in some way?

If a customer makes a migration from 2010 to 2013, runs out of service?

How long Cisco solve this problem? Hello and thank you all

One step could be to say to your customers to complain to the 'provider' they always change

things for the worse, I don't see a real reason why they had to remove h.263. And if they change things why

they should not be able to support a standard way of h.264...

We tried at least with the customer of 2013 and which works with the advanced media gateway.

It will depend on what hardware you have in your network.

As it comes to the topic future ware, you couldn't get a straight answer here in the Forum.

I recommend you talk to your Cisco contact to get some information under the NDA.

ISE provisioning

Hi all

I'm currently testing the virtual appliance Cisco ISE and I have a few questions about the features and provisioning.

I already link my ISE device with a windows server 2008 Enterprise Edition to achieve the CEP. I start with this product, so I may commit some mistakes.

1. to use the portal comments, is it possible to access without url-redirect-acl? In my opinion, it is not possible because ISE does not accept the application without the good session id.

2. can we use url-redirect-acl on an autonomous access point? or only with WLC?

3. how the Cisco Network Setup (Android apps) assistant to detect my ISE?

4. There are other opportunities to provisioning except portal comments?

Any help or suggestion will be appreciated.

Answers online

Rodelanuit wrote:

Hi all

I'm currently testing the virtual appliance Cisco ISE and I have a few questions about the features and provisioning.

I already link my ISE device with a windows server 2008 Enterprise Edition to achieve the CEP. I start with this product, so I may commit some mistakes.

1. to use the portal comments, is it possible to access without url-redirect-acl? In my opinion, it is not possible because ISE does not accept the application without the good session id.

N °

2. can we use url-redirect-acl on an autonomous access point? or only with WLC?

WLC only.

3. how the Cisco Network Setup (Android apps) assistant to detect my ISE?

See the following (same page):

http://www.Cisco.com/en/us/docs/security/ISE/1.1.1/user_guide/ise_client_prov.html#wp1054662

http://www.Cisco.com/en/us/docs/security/ISE/1.1.1/user_guide/ise_client_prov.html#wp1254747

4. There are other opportunities to provisioning except portal comments?

The administration of ISE Portal can size the guests or active guests as you want. The administrator has just need greate accounts with themselves in a guest group. There are portal sponsor so (by mentioning that it is technically different than comments Portal)

Any help or suggestion will be appreciated.

I hope that you will find this answer useful, if it was satisfactory to you, please indicate the question as answer.

Please note post you consider useful.

-James

Return VPN traffic flows do not on the tunnel

Hello.

I tried to find something on the internet for this problem, but am fails miserably. I guess I don't really understand how the cisco decides on the road.

In any case, I have a Cisco 837 which I use for internet access and to which I would like to be able to complete a VPN on. When I vpn (using vpnc in a Solaris box as it happens which is connected to the cisco ethernet interface), I can establish a VPN and when I ping a host on the inside, I see this package ping happen, however, the return package, the cisco 837 is trying to send via the public internet facing interface Dialer1 without encryption. I can't work for the life of me why.

(Also note: I can also establish a tunnel to the public internet, but again, I don't can not all traffic through the tunnel.) I guess I'm having the same problem, IE back of packages are not going where it should be, but I do know that for some, on the host being ping well, I can see the ping arriving packets and the host responds with a response to ICMP echo).

Here is the version of cisco:

version ADSL #show
Cisco IOS software, software C850 (C850-ADVSECURITYK9-M), Version 12.4 (15) T5, VERSION of the SOFTWARE (fc4)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Updated Friday 1 May 08 02:07 by prod_rel_team

ROM: System Bootstrap, Version 12.3 (8r) YI4, VERSION of the SOFTWARE

ADSL availability is 1 day, 19 hours, 27 minutes
System to regain the power ROM
System restarted at 17:20:56 CEST Sunday, October 10, 2010
System image file is "flash: c850-advsecurityk9 - mz.124 - 15.T5.bin".

Cisco 857 (MPC8272) processor (revision 0 x 300) with 59392K / 6144K bytes of memory.
Card processor ID FCZ122391F5
MPC8272 CPU Rev: Part Number 0xC, mask number 0 x 10
4 interfaces FastEthernet
1 ATM interface
128 KB of non-volatile configuration memory.
20480 bytes K of on board flash system (Intel Strataflash) processor

Configuration register is 0 x 2102

And here is the cisco configuration (IP address, etc. changed of course):

Current configuration: 7782 bytes
!
! Last configuration change at 11:57:21 CEST Monday, October 11, 2010 by bautsche
! NVRAM config updated at 11:57:22 CEST Monday, October 11, 2010 by bautsche
!
version 12.4
no service button
tcp KeepAlive-component snap-in service
a tcp-KeepAlive-quick service
horodateurs service debug datetime localtime show-timezone msec
Log service timestamps datetime localtime show-timezone msec
encryption password service
sequence numbers service
!
hostname adsl
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable secret 5
!
AAA new-model
!
!
AAA authentication login local_authen local
AAA authentication login sdm_vpn_xauth_ml_1 local
AAA authorization exec local local_author
AAA authorization sdm_vpn_group_ml_1 LAN
!
!
AAA - the id of the joint session
clock timezone gmt 0
clock daylight saving time UTC recurring last Sun Mar 01:00 last Sun Oct 01:00
!
!
dot11 syslog
no ip source route
dhcp IP database dhcpinternal
No dhcp use connected vrf ip
DHCP excluded-address IP 10.10.7.1 10.10.7.99
DHCP excluded-address IP 10.10.7.151 10.10.7.255
!
IP dhcp pool dhcpinternal
import all
Network 10.10.7.0 255.255.255.0
router by default - 10.10.7.1
Server DNS 212.159.6.9 212.159.6.10 212.159.13.49 212.159.13.50
!
!
IP cef
property intellectual auth-proxy max-nodata-& 3
property intellectual admission max-nodata-& 3
no ip bootp Server
nfs1 host IP 10.10.140.207
name of the IP-server 212.159.11.150
name of the IP-server 212.159.13.150
!
!
!
username password cable 7
username password bautsche 7
vpnuser password username 7
!
!
crypto ISAKMP policy 1
BA 3des
md5 hash
preshared authentication
Group 2
!
crypto ISAKMP policy 2
BA aes 256
preshared authentication
Group 2
!
crypto ISAKMP policy 3
BA 3des
Prior authentication group part 2
the local address SDM_POOL_1 pool-crypto isakmp client configuration
!
ISAKMP crypto client configuration group groupname2
key
DNS 10.10.140.201 10.10.140.202
swangage.co.uk field
pool SDM_POOL_1
users of max - 3
netmask 255.255.255.0
!
ISAKMP crypto client configuration group groupname1
key
DNS 10.10.140.201 10.10.140.202
swangage.co.uk field
pool SDM_POOL_1
users of max - 3
netmask 255.255.255.0
ISAKMP crypto sdm-ike-profile-1 profile
groupname2 group identity match
client authentication list sdm_vpn_xauth_ml_1
ISAKMP authorization list sdm_vpn_group_ml_1
client configuration address respond
ISAKMP crypto profile sdm-ike-profile-2
groupname1 group identity match
ISAKMP authorization list sdm_vpn_group_ml_1
client configuration address respond
!
!
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set esp-3des esp-md5-hmac ESP_MD5_3DES
Crypto ipsec transform-set ESP-AES-256-SHA aes - esp esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
Set the security association idle time 3600
game of transformation-ESP-AES-256-SHA
market arriere-route
crypto dynamic-map SDM_DYNMAP_1 2
Set the security association idle time 3600
game of transformation-ESP-AES-256-SHA
market arriere-route
!
!
card crypto SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto
map SDM_CMAP_1 65535-isakmp dynamic SDM_DYNMAP_1 ipsec crypto
!
Crypto ctcp port 10000
Archives
The config log
hidekeys
!
!
synwait-time of tcp IP 10
!
!
!
Null0 interface
no ip unreachable
!
ATM0 interface
no ip address
no ip redirection
no ip unreachable
no ip proxy-arp
route IP cache flow
No atm ilmi-keepalive
PVC 0/38
aal5mux encapsulation ppp Dialer
Dialer pool-member 1
!
DSL-automatic operation mode
waiting-224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
Description $FW_INSIDE$
10.10.7.1 IP address 255.255.255.0
IP access-group 121 to
no ip redirection
no ip unreachable
no ip proxy-arp
IP nat inside
IP virtual-reassembly
route IP cache flow
map SDM_CMAP_1 crypto
Hold-queue 100 on
!
interface Dialer1
Description $FW_OUTSIDE$
the negotiated IP address
IP access-group 121 to
no ip redirection
no ip unreachable
no ip proxy-arp
NAT outside IP
IP virtual-reassembly
encapsulation ppp
route IP cache flow
No cutting of the ip horizon
Dialer pool 1
Dialer idle-timeout 0
persistent Dialer
Dialer-Group 1
No cdp enable
Authentication callin PPP chap Protocol
PPP chap hostname
PPP chap password 7
map SDM_CMAP_1 crypto
!
local IP SDM_POOL_1 10.10.148.11 pool 10.10.148.20
IP local pool public_184 123.12.12.184
IP local pool public_186 123.12.12.186
IP local pool public_187 123.12.12.187
IP local pool internal_9 10.10.7.9
IP local pool internal_8 10.10.7.8
IP local pool internal_223 10.10.7.223
IP local pool internal_47 10.10.7.47
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 Dialer1
IP route 10.10.140.0 255.255.255.0 10.10.7.2
!
no ip address of the http server
no ip http secure server
IP nat inside source overload map route SDM_RMAP_1 interface Dialer1
IP nat inside source static 10.10.7.9 123.12.12.184
IP nat inside source static tcp 10.10.7.8 22 123.12.12.185 22 Expandable
IP nat inside source static tcp 10.10.7.8 25 123.12.12.185 25 expandable
IP nat inside source static tcp 10.10.7.8 80 123.12.12.185 80 extensible
IP nat inside source static tcp 10.10.7.8 443 123.12.12.185 443 extensible
IP nat inside source static tcp 10.10.7.8 993 123.12.12.185 993 extensible
IP nat inside source static tcp 10.10.7.8 123.12.12.185 1587 1587 extensible
IP nat inside source static tcp 10.10.7.8 8443 123.12.12.185 8443 extensible
IP nat inside source static 10.10.7.223 123.12.12.186
IP nat inside source static 10.10.7.47 123.12.12.187
!
record 10.10.140.213
access-list 18 allow one
access-list 23 permit 10.10.140.0 0.0.0.255
access-list 23 permit 10.10.7.0 0.0.0.255
Access-list 100 category SDM_ACL = 2 Note
access-list 100 deny ip any 10.10.148.0 0.0.0.255
access ip-list 100 permit a whole
Note access-list 121 SDM_ACL category = 17
access-list 121 deny udp any eq netbios-dgm all
access-list 121 deny udp any eq netbios-ns everything
access-list 121 deny udp any eq netbios-ss all
access-list 121 tcp refuse any eq 137 everything
access-list 121 tcp refuse any eq 138 everything
access-list 121 tcp refuse any eq 139 all
access ip-list 121 allow a whole
access-list 125 permit tcp any any eq www
access-list 125 permit udp any eq isakmp everything
access-list 125 permit udp any any eq isakmp
access-list 194 deny udp any eq isakmp everything
access-list 194 deny udp any any eq isakmp
access-list 194 allow the host ip 123.12.12.184 all
IP access-list 194 allow any host 123.12.12.184
access-list 194 allow the host ip 10.10.7.9 all
IP access-list 194 allow any host 10.10.7.9
access-list 195 deny udp any eq isakmp everything
access-list 195 deny udp any any eq isakmp
access-list 195 allow the host ip 123.12.12.185 all
IP access-list 195 allow any host 123.12.12.185
access-list 195 allow the host ip 10.10.7.8 all
IP access-list 195 allow any host 10.10.7.8
not run cdp
public_185 allowed 10 route map
corresponds to the IP 195
!
public_184 allowed 10 route map
corresponds to the IP 194
!
allowed SDM_RMAP_1 1 route map
corresponds to the IP 100
!
!
control plan
!
!
Line con 0
connection of authentication local_authen
no activation of the modem
preferred no transport
telnet output transport
StopBits 1
line to 0
connection of authentication local_authen
telnet output transport
StopBits 1
line vty 0 4
access-class 23 in
privilege level 15
authorization exec local_author
connection of authentication local_authen
length 0
preferred no transport
transport input telnet ssh
!
max-task-time 5000 Planner
Scheduler allocate 4000 1000
Scheduler interval 500
130.88.202.49 SNTP server
130.88.200.98 SNTP server
130.88.200.6 SNTP server
130.88.203.64 SNTP server
end

Any help would be appreciated.

Thank you very much.

Ciao,.

Eric

Hi Eric,.

(Sorry for the late reply - needed some holidays)

So I see that you have a few steps away now. I think that there are 2 things we can try:

1)

I guess you have provided that:

IP nat inside source overload map route SDM_RMAP_1 interface Dialer1

Since the routemap refers to ACL 100 to define the traffic to be translated, we can exclude traffic that initiates the router:

Access-list 100 category SDM_ACL = 2 Note

access-list 100 deny ip 123.12.12.185 host everything
access-list 100 deny ip any 10.10.148.0 0.0.0.255
access ip-list 100 permit a whole

Which should prevent the source udp 4500 to 1029 changing port

OR

2)

If you prefer to use a different ip address for VPN,

Then, you can use a loop like this:

loopback interface 0

123.12.12.187 the IP 255.255.255.255

No tap

map SDM_CMAP_1 crypto local-address loopback 0

I don't think you should apply card encryption to the loopback interface, but it's been a while since I have configured something like that, so if you have problems first try and if still does not get the crypto debugs new (isakmp + ipsec on the vpn, nat router on the router of the client package).

HTH

Herbert

WCS come with the WLC 5508?

Forum

I provided a quote to a customer for a wireless installation. I have two 5508 boxes and about 40 AP on the quote, so that related SmartNet.

I was reading how the Cisco Unified Wireless network is composed of:

Controllers of

Access points

Wireless Cisco (WCS) control system

Cisco Mobility Services engine

My questions are:

1 WCS are installed on the controller? Is this something that the customer receives just by the fact that they buy the controller? Or is it another piece of software with a cost?

2. What is the Cisco Mobility Services engine? Feel that the controller will not? How I would sell one to a customer?

Thank you

Kevin

WCS is a Windows 2003 application (so no "on the controller") which is completely separate and must be purchased separately with different levels of licensing for the different feature sets.

WCS is very useful when given several WLCs to manage and is offered when you buy a bunch of stuff I think.

Only WCS brings better considered features (graphics, pdf reports,...) and maps to visualize everything.

MSE is a kind of "calculating machine" that you bind to your WCS to locate all customers and thieves in real time on the map. Only this. But it's a pretty cool feature :-) You can only display one customer at a time without MSE (when entering its mac address in the search field) on maps of WCS.

Nicolas

How in CISCO

Similar Questions

Maybe you are looking for