This allows traffic between two interfaces ethernet on a PIX

I have a PIX with interface inside, IP 10.198.16.1. It also has an interface called WTS, IP 10.12.60.1. I'm having difficulty to allow traffic from the 10.198.16.0 network to cross the PIX in 10.12.60.0. I'm trying specifically to allow access to a server with an IP address of 10.12.60.2.

I enclose my config. Any help would be greatly appreciated!

OK, so the inside interface has a security level of 100, WTS has a security level of 75, so traffic from inside to WTS is considered outbound traffic, which is allowed by default. All you need is a pair of nat/global (or static) between both interfaces so that the PIX knows how NAT traffic between two interfaces (remember, the PIX do NAT).

You have this in your config file:

NAT (inside) 1 10.0.0.0 255.0.0.0 0 0

who says all traffic inside, interface with the IP 10.x.x.x address will be NAT would have, but you must then a global for the interface WTS define what those IPS will be NAT would.

Adding:

Global (WTS) 1 interface

will be PAT all inside resolves the IP address of the interface WTS and allow traffic to flow between the interfaces. If you prefer the hosts inside the interface to appear as their own IP address on the WTS network, then you can use a static command and NAT addresses themselves, actually doing NAT, but not actually change addresses:

static (inside, WTS) 10.198.16.1 10.198.16.1 netmask 255.255.240.0

Hope that helps.

Tags: Cisco Security

Similar Questions

  • Routing of traffic between two VPN Site-to-Site Tunnels

    Hi people,

    I am trying to establish routing between two vpn Site-to-Site tunnels which are destined for the same outside the interface of my Cisco ASA.

    Please find attached flowchart for the same thing. All used firewalls are Cisco ASA 5520.

    Two VPN tunnels between Point A and Point B, Point B and Point C is too much upward. I activated same command to permit security level interface also intra.

    How can I activate the LAN subnets traffic behind Point to join LAN subnets behind C Point without having to create a tunnel separated between Point A and Point C

    Thank you very much.

    Hello

    Basically, you will need to NAT0 and VPN rules on each site to allow this traffic.

    I think that the configurations should look something like below. Naturally you will already probably a NAT0 configuration and certainly the L2L VPN configuration

    Site has

    access-list NAT0 note NAT0 rule for SiteA SiteC traffic

    access-list allowed NAT0 ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

    NAT (inside) 0 access-list NAT0

    Note L2L-VPN-CRYPTO-SITEB access-list interesting traffic for SiteA to SiteC

    access-list L2L-VPN-CRYPTO-SITEB permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

    Where

    • NAT0 = is the ACL to be used in the NAT0 rules that will exempt SiteA SiteC NAT traffic
    • NAT = is the line of configuration NAT0
    • L2l-VPN-CRYPTO-SITEB = LCA in configurations VPN L2L that defines the SiteA LAN to LAN SiteC traffic must use the VPN L2L existing SiteB

    Site B

    access list OUTSIDE-NAT0 note NAT0 rule for SiteA SiteC traffic

    OUTSIDE-NAT0 allowed 192.168.1.0 ip access list 255.255.255.0 192.168.3.0 255.255.255.0

    NAT (outside) 0-list of access OUTSIDE-NAT0

    Note L2L-VPN-CRYPTO-SITEA access-list traffic for SiteA to SiteC through a Tunnel between A - B

    access-list L2L-VPN-CRYPTO-SITEA ip 192.168.3.0 allow 255.255.255.0 192.168.1.0 255.255.255.0

    Note L2L-VPN-CRYPTO-SITEC access-list traffic for SiteA to SiteC through a Tunnel between B - C

    access-list L2L-VPN-CRYPTO-SITEC permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

    Where

    • OUTSIDE-NAT0 = is the ACL to be used in the NAT0 rules that will exempt SiteA SiteC NAT traffic. It is this time tied to the 'outer' interface, as traffic will be coming in and out through this interface to SiteB
    • NAT = is the line of configuration NAT0
    • L2l-VPN-CRYPTO-SITEA (and SITEC) = are the ACL in the configurations of VPN L2L that defines the SiteA LAN to LAN SiteC traffic should use existing VPN L2L connections.

    Site C

    access-list NAT0 note NAT0 rule for SiteC SiteA traffic

    NAT0 192.168.3.0 ip access list allow 255.255.255.0 192.168.1.0 255.255.255.0

    NAT (inside) 0 access-list NAT0

    Note list-access-L2L-VPN-CRYPTO-SITEB SiteC to SiteA interesting traffic

    L2L-VPN-CRYPTO-SITEB 192.168.3.0 ip access list allow 255.255.255.0 192.168.1.0 255.255.255.0

    Where

    • NAT0 = is the ACL to be used in the NAT0 rules that will exempt SiteC to SiteA NAT traffic
    • NAT = is the line of configuration NAT0
    • L2l-VPN-CRYPTO-SITEB = LCA in configurations VPN L2L that defines the SiteC LAN to LAN SiteA traffic must use the VPN L2L existing SiteB

    To my knowledge, the foregoing must manage the selection NAT0 and traffic for VPN L2L connections. Naturally, the Interface/ACL names may be different depending on your current configuration.

    Hope this helps

    -Jouni

  • Hub and spoke VPN network traffic between two points talked

    Hi, I have a star VPN network topology, and all traffic is remote office to the data center,

    I have a request to build a tunnel between two remote sites to access some servers between two remote sites,

    Can I just change the ACL of valuable traffic to to include say a Cabinet to Office B in rule Cabinet a Datacenter and Office B tunnel to tunnel data center.

    In doing so, I can avoide the tunnel between two offices (and B)

    See you soon

    Hello

    You can make the traffic between the two rays go through the hub or build a new tunnel between the rays.

    If the hub is an ASA you must authorize same-security-traffic intra-interface permits

    If the hub and the spokes are routers, you can also use DMVPN to dynamically create a tunnel between the spokes when necessary.

    Federico.

  • Interface Ethernet redundancy

    Hello

    Is it possible to use HSRP/VRRP internal router if you want to have redundancy between two interfaces?

    Our client has a router with two Ethernet interfaces.

    This two interfaces are connected to two switches, there is also a cable between switches.

    On the other side of the switch, there are two other connected routers.

    The client will not use routing protocols to get the redundancy between the stand-alone router and two separate routers.

    Need some ideas how we can solve this.

    Niklas

    Hi Niklas,

    You can use IRB integrated Routing and bridging: HSRP won't work as well explained by Jon.

    Bridge Protocol ieee 1

    1 channel ip bridge

    Bridge 1 ip

    int eth0

    no ip addr

    Bridge-Group 1

    int eth1

    no ip addr

    Bridge-Group 1

    bv1 int

    IP x.x.x.x

    ! This Layer 3 interface

    Be aware that STP will block a link but it will be ready to be used if the first fails

    You can use the static routes IP hops then the ip addresses of the VIP of the HSRP on the other two routers (on them you can they are two different boxes)

    the other two routers will have static routes to the BVI IP as the next hop

    Be aware that until a router has an ARP entry for the next stretch of the ip and its own interface is up to the static route is considered valid

    Hope to help

    Giuseppe

  • Unable to pass traffic between ASA Site to Site VPN Tunnel

    Hello

    I have problems passing traffic between two ASA firewall. The VPN tunnel is up with a dynamic IP and static IP address. I have attached a diagram of the VPN connection. I'm not sure where the problem lies and what to check next. I think I have all the roads and in the access lists are needed.

    I've also attached the ASA5505 config and the ASA5510.

    This is the first time that I've set up a VPN connection any guidance would be greatly appreciated.

    Thank you

    Adam

    Hello

    Regarding your opinion of configuration Remote Site ASA that you have not added the internal networks of the Central Site VPN L2L configurations at all so the traffic does not pass through the VPN.

     access-list outside_1_cryptomap extended permit ip 10.1.1.0 255.255.255.128 10.182.226.0 255.255.*.* access-list exempt extended permit ip 10.1.1.0 255.255.255.128 10.182.226.0 255.255.*.* access-list exempt extended permit ip 10.1.1.0 255.255.255.128 10.182.0.0 255.255.*.* access-list exempt extended permit ip 10.1.1.0 255.255.255.128 192.168.170.0 255.255.*.* access-list exempt extended permit ip 10.1.1.0 255.255.255.128 192.168.172.0 255.255.*.* access-list exempt extended permit ip 10.1.1.0 255.255.255.128 140.15.0.0 255.255.*.*

    Take a look at ACL configurations above. The 'exempt' ACL is used in configurations NAT0 and tells the ASA what traffic of exempting from NAT. "outside_1_cryptomap" ACL is used to tell the traffic between the subnets should be using the L2L VPN connection.

    So in short on the Remote Site ASA these ACLs should be identical. Make additions to the LIST of VPN L2L, then try again.

    I would also like to point out that to ensure that the Central ASAs L2L VPN ACL Site contains the same networks. The ACL on the Central Site will, of course, its internal subnets as the source and the site LAN remote destination.

    THW out of ' crypto ipsec to show his " shows you that only the SA between binding Site Central network and the Remote Site LAN was established. Others have not formed as the configuration is lacking at LEAST on the Remote Site ASA. Can also be the Central Site.

    -Jouni

  • Traffic is failed on plain IPSec tunnel between two 892 s

    Have a weird case and you are looking for some suggestions/thougs where to dig because I have exhausted the options.

    Note: I replaced the Networkid real to a mentined below.

    Topology: a classic IPSec VPN tunnel between two 892 s of Cisco, with pre-shared key and no GRE. A 892 (branch_892) has access to the Internet using PPPoE and has three network / VLAN behind it. A VLAN is coordinated to the PPPoE internet access. Access to the other two VLAN - VL92 (100.100.200.0/24) and VL93 (100.100.100.0/24) is performed via the VPN tunnel.

    Second 892 (892_DC) has just one interface - WAN on Gigabit enabled/connected and a static route to the default GW. It doesn't have any defined interal network. If the router is strictly used to send traffic to VL92/VL93 to the domestic 892 via IPSec tunnel.

    Here's the problem: access to VL93 (100.100.100.0/24) works, however for VL92 (100.100.100.0/24) - does not work.

    Devices in VL92 I ping IP address of 892_DC through the VPN tunnel. The 892_DC router I can ping devices in VL92. However, I can't VL92 ping any device beyond the 892_DC and at the same time the packets arriving on 892_DC for VL92 are not sent through the VPN tunnel.

    I took the package trace on 892_DC using capture point/buffer to nathalie caron to VL92 packages and saw that the traffic coming to the 892_DC. I run the nathalie caron even on Branch_892, and there was not a single package.

    So... What's the problem? More interesting, I modified the way left on VL92 access list and still - no packets are sent through the tunnel.

    Any idea? Two routers config are below

    -------

    892_DC #show ru

    !

    crypto ISAKMP policy 10

    BA aes 256

    hash sha256

    preshared authentication

    Group 2

    isakmp encryption key * address 1.2.3.4

    ISAKMP crypto keepalive 10 periodicals

    !

    address of 1.2.3.4 crypto isakmp peers

    Description of-COIL-892

    !

    !

    Crypto ipsec transform-set IT-IPSec-Transform-Set esp - aes 256 sha256-esp-hmac

    Crypto ipsec df - bit clear

    !

    map IT ipsec - IPSec crypto - Crypto - map 10-isakmp

    defined peer 1.2.3.4

    disable the kilobytes of life together - the security association

    86400 seconds, life of security association set

    the transform-set IT-IPSec-Transform-Set value

    match a lists 101

    market arriere-route

    QoS before filing

    !

    interface GigabitEthernet0

    IP 10,20,30,40 255.255.255.240

    IP 1400 MTU

    IP tcp adjust-mss 1360

    automatic duplex

    automatic speed

    card crypto IT-IPSec-Crypto-map

    !

    IP route 0.0.0.0 0.0.0.0 10.20.30.41

    !

    access list 101 ip allow any 100.100.100.0 0.0.0.255 connect

    access list 101 ip allow any 100.100.200.0 0.0.0.255 connect

    -------------------------------------------------------------------------------------

    Branch_892 #sh run

    !

    crypto ISAKMP policy 10

    BA aes 256

    hash sha256

    preshared authentication

    Group 2

    isakmp encryption key * address 10,20,30,40

    ISAKMP crypto keepalive 10 periodicals

    !

    address peer isakmp crypto 10,20,30,40

    !

    !

    Crypto ipsec transform-set IT-IPSec-Transform-Set esp - aes 256 sha256-esp-hmac

    Crypto ipsec df - bit clear

    !

    map IT ipsec - IPSec crypto - Crypto - map 10-isakmp

    defined peer 10,20,30,40

    disable the kilobytes of life together - the security association

    86400 seconds, life of security association set

    the transform-set IT-IPSec-Transform-Set value

    match address 101

    market arriere-route

    QoS before filing

    !

    FastEthernet6 interface

    Description VL92

    switchport access vlan 92

    !

    interface FastEthernet7

    Description VL93

    switchport access vlan 93

    !

    interface GigabitEthernet0

    Description # to WAN #.

    no ip address

    automatic duplex

    automatic speed

    PPPoE-client dial-pool-number 1

    !

    interface Vlan1

    Description # local to #.

    IP 192.168.1.254 255.255.255.0

    IP nat inside

    IP virtual-reassembly in

    !

    interface Vlan92

    Description fa6-nexus e100/0/40

    IP 100.100.200.1 255.255.255.0

    !

    interface Vlan93

    Description fa7-nexus e100/0/38

    IP 100.100.100.1 255.255.255.0

    !

    interface Dialer0

    no ip address

    No cdp enable

    !

    interface Dialer1

    IP 1.2.3.4 255.255.255.248

    IP mtu 1454

    NAT outside IP

    IP virtual-reassembly in max-pumping 256

    encapsulation ppp

    IP tcp adjust-mss 1414

    Dialer pool 1

    Dialer-Group 1

    Authentication callin PPP chap Protocol

    PPP chap hostname ~ ~ ~

    PPP chap password =.

    No cdp enable

    card crypto IT-IPSec-Crypto-map

    !

    Dialer-list 1 ip protocol allow

    !

    access-list 101 permit ip 100.100.100.0 0.0.0.255 any

    access-list 101 permit ip 100.100.200.0 0.0.0.255 any

    !

    IP route 0.0.0.0 0.0.0.0 Dialer1

    Yes correct sounds - so another possible problem is the routing is routing 100% correct on both sides? Can you put the two sides config for review?

  • Netem VM between two virtual machines? Is this possible?

    Hello

    I would use netem on a linux VM between two other virtual machines to simulate latency. Between Netem needs a machine with two network cards that he can fill. I've set up a VM on vSwitch0, a virtual machine on vSwitch1 and then an another VM with two network cards, one on each vSwitch. I thought that I create this box for use Netem and imitate and then between the two.

    Has anyone ever done something like this? I ran into a ton of problems and want to know if people have tried.

    I got it working by following these steps:

    1. create the computer virtual one with a NETWORK card on vSwitch0

    2. create a VM with a NETWORK card on vSwitch1 b

    3. create a VM n with a NETWORK card on vSwitch0 and vSwitch1

    4. set the port groups to vSwitch0 and 1 for the "Promiscuous" mode accept (from the default of rejection)

    5. set the n, a centOS VM VM for a networking interface using two network cards

    Note: maps network of VM's and b VM were located in the same subnet.

    Once step 5 start working and traffic exchange VM has and through VM n. b I have experienced a strong delay 5ms ping where there was a<1 ms="" delay="" on="" ping="" when="" vm="" a="" and="" b="" were="" on="" the="" same="" vswitch.="" i="" came="" in="" the="" next="" day="" and="" the="" delay="" was="" gone.="" no="" idea="">

    All the tricks to bypass and netem being by default in the installation of CentOS 6.4, I was able to establish conditions as the loss of delay and the package on the transport between the VM and VM n and b degraded as desired.

    The reason that I wanted this to be complicated as it is I can take a virtual machine of vSwitch 0 and pop in vSwitch1 and all of a sudden traffic to and since it undergoes degradation due to the conditions imposed by the bridge n Netem the VM configuration.

  • M6-1105DX: M6 Envy laptop allows you to quickly switch between classic interface and metro

    My phone starting son suddenly quickly switch between desktops classics and metro when you log on his user account.  When I booted in safe mode it is moved, and I was able to move normally between two desktop computers using the touch pad and start of the windows key.

    I then tried selective startup, disabling each item displayed in the Manager of tasks (one at a time) and reboot.  These changes had no effect.  Startup items listed are:

    HP Coolsense

    HP Messenger service

    hpww ECS application

    IDT Audio of PC

    Power DVD RC Service

    Scan the Activation App toPC

    Synaptics touchpad enhancements

    I don't know what to try at this point.  Any suggestions would be greatly appreciated.  Thank you

    Bill

    Hi there @Bill38,

    You should be able to run a virus scan and use the Microsoft Fix tool, check the drivers etc without failure or Mode in Mode safe mode with networking.

    Let me know how it goes.

    Thank you.

  • E/s Ethernet between two computers

    I have two computers running labview. I'm trying to generate a signal on one and read it on the other. Connection between two computers is ethernet. The problem is that NEITHER MAX cannot detect a network device. I have ping successfully the signal sent to the computer via the command prompt. Any ideas on why MAX can't detect the signalling computer?

    Try running the examples on the same machine. If you can't find the example works between two instances of the application of different on the same computer, then you certainly won't operate on two different machines. Once it works, try using the IP address instead of the host name of the computer. If still no luck, try disconnecting all other networks on both machines.

  • Difference between the series &amp; ethernet interface.

    Hello world

    I have some doubts in basic foods.

    Q1: What are the differences between the interface series and interfaces ethernet.

    Q2: Can we use ethernet interfaces to put an end to a WAN connectivity like series. Why always we use interfaces series to connect the Wan.

    Please help me by answering these questions.

    !!!! THANKS IN ADVANCE!

    Hello

    Fast Ethernet card is one of the option for a higher speed T1/E1, other TDM options that can be offered are DS-3 and STM1 that can be offered on infra nominal basis as well. For example, you can subscribe for 10 MB BW on 45 MB access.

    The answer to your second question, is that there could be a possibility that you have subscribed for VPN (EVPL or VPLS) L2 or L3 VPN (MPLS).

    Woks of L2 VPN on labels VLAN and L3 VPN termiantes on a device of L3.

    concerning

    Navin Parwal

  • What is the difference between the following two interfaces?

    What is the difference between the following two interfaces?
    com.tangosol.coherence.jpa.JpaCacheStore
    com.tangosol.net.cache.CacheStore

    Hello

    JpaCacheStore is not an interface, but a class that implements the dumps.

    Best regards

    Robert

  • VLAN between two hosts ESXi

    Hello

    I have two virtual machines based on VMware and some configuration of VLAN

    VM1 - VLAN 130 on ESXi01

    VM2 - VLAN 135 on ESXi02

    For example, a machine of vlan ESX1 130 cannot ping a VM one another in the vlan ESX2 130. But if I move the ESX1 second VM, it works.

    VM1 im going through vSwitch 130 VLAN via the ESXi01, what's happening than ESXi via vmnic11 port Vethernet910 on FABRIC

    FABRIC-001-B # connect nxos
    Operating system (NX - OS) Cisco Nexus software
    TAC support: http://www.cisco.com/tac
    Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
    The copyright in certain works contained in this software are
    owned by others and used and distributed under
    license. Some components of this software are licensed
    the GNU Public License (GPL) version 2.0 or GNU
    Lesser General Public License (LGPL) Version 2.1. A copy of each
    This license is available at
    http://www.opensource.org/licenses/GPL-2.0.php and
    http://www.opensource.org/licenses/LGPL-2.1.php
    Fabric-001-B (nxos) # sh ver

    Operating system (NX - OS) Cisco Nexus software
    TAC support: http://www.cisco.com/tac
    Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_h...
    Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
    The copyright in certain works contained in this document are the property of
    other third parties and are used and distributed under license.
    Portions of this software are covered by the GNU Public
    License. A copy of the license is available at
    http://www.gnu.org/licenses/gpl.html.

    Software
    BIOS: version 3.6.0
    Charger: version N/A
    Kickstart: version 5.2 (3) N2(2.21c)
    system: version 5.2 (3) N2(2.21c)
    power-seq: Module 1: version v2.0
    Module 2: version v1.0
    Module 3: version v2.0
    uC: version v1.2.0.1
    SFP UC: Module 1: v1.1.0.0
    Compile of the BIOS time: 09/05/2012
    kickstart image file is: bootflash:///installables/switch/ucs-6100-k9-kickstart.5.2.3.N2.2.21c.bin
    Kickstart compile time: 05/02/2014 11:00 [05/02/2014 19:47:41]
    filesystem image is: bootflash:///installables/switch/ucs-6100-k9-system.5.2.3.N2.2.21c.bin
    compile time: 05/02/2014 11:00 [05/02/2014 21:42:39]

    Material
    Cisco UCS 6248 series fabric of interconnection ("O2 32X10GE/Modular universal platform supervisor")
    Intel Xeon CPU with 16553964 k of memory.
    Processor Board ID

    Device name: FABRIC-001-B
    bootflash: 31266648 kB

    The availability of the core is 147 day (s), 15 hour (s), 15 minute (s), 46 second (s)

    Last reset
    Reason: unknown
    The system version: 5.2 (3) N2(2.21c)
    Service:

    plugin
    Core Plugin Ethernet, Fc Plugin, Plugin, Plugin of virtualization
    Fabric-001-B (nxos) #.

    on NXOS, I see

    See the fabric-001-B (nxos) # run interface vethernet 910

    interface Vethernet910
    Description 1/3 Server, VNIC VNIC9
    switchport mode trunk
    switchport trunk allowed vlan 1 108-109 115-119 150 - 151
    pinning Server sticking border-interface port-channel13
    pinning of pinning-down server drop down link
    queues of default entry - type service-policy policy
    bind the interface port-channel1282 910 road
    no downtime

    and information portchannel

    Fabric-001-B (nxos) # sh port-channel summary
    Flags: D - low P - Up in the port-channel (members)
    I - individual H - standby (LACP only)
    s suspended r - Module-removal
    S - Dial R - routed
    U - up (port-channel)
    M not in use. Min-links not met
    --------------------------------------------------------------------------------
    Group-Type Port Protocol Ports members
    Channel
    --------------------------------------------------------------------------------
    11 Po11 (SU) Eth LACP Eth1/15 (P) Eth1/16 (P) Eth1/31 (P) Eth1/32 (P)
    13 Po13 (SU) Eth LACP Eth1/14 (P) Eth1/30 (P)
    1280 Po1280 (SU) Eth NO Eth1/1/13 (P) 1/Eth1/14 (P) 1/Eth1/15 (P) 1/Eth1/16 (P)
    1281 Po1281 (SU) Eth NO Eth1/1/1 (P) Eth1/1/3 (P)
    1282 Po1282 (SU) Eth NO Eth1/1/9 (P) Eth1/1/11 (P)
    1283 Po1283 (SU) Eth NO Eth1/1/5 (P) Eth1/1/7 (P)
    1284 Po1284 (SU) Eth NO Eth2/1/1 (P) Eth2/1/3 (P)
    1285 Po1285 (SU) Eth NO Eth3/1/1 (P) Eth3/1/3 (P)
    1286 Po1286 (SU) Eth NO Eth3/1/5 (P) Eth3/1/7 (P)
    1287 Po1287 (SU) Eth NO Eth3: 1/9 (P) Eth3/1/11 (P)
    1288 Po1288 (SU) Eth NO Eth3/1/13 (P) Eth3/1/14 (P) Eth3/1/15 (P) Eth3/1/16 (P)
    1289 Po1289 (SU) Eth NO Eth4/1/1 (P) Eth4/1/3 (P)
    1300 Po1300 (SU) Eth NO Eth1/1/17 (P) Eth1/1/19 (P)

    I have lack of VLAN, how can I edit and update the information of vlan?

    Of UCS Manager? I don't have 1000v.

    Hello

    To add VLANs, you must go to the LAN tab, create them and after that, add them to the vNIC of blades you want to pass traffic for that/those support VLAN.

    You have configured a VLAN in UCSM native?

    The two, ESXi01 ESXi02 & use the same fabric for interconnection to pass traffic?  If a host goes through A traffic and the other through B, traffic will need to visit the switch upstream as cause of tissue switches do not switch traffic between them.

    Try the commands below and paste it here:

    * show circuit of service X Server profile / Y< chassis/server="" in="">

    * Connect nxos one | b< first="" try="" "a"="" then="" "b"="" and="" the="" output="" of="" the="" below="" command="" for="">

    * sh pinning border-interfaces

    * See the platform flexible NHS inter vlandb of info id #.< "#"meaning="" the="" vlan="">

    -Kenny

  • "Limited connection" when you configure the network between two computers XP.

    Original title: Configuration of the network connection

    Trying to establish a network connection between two home PCs., both running Windows XP Pro. Have been through the network on both PC Setup Wizard but, they still say limited, in fact no connection. I use an Ethernet cable between the two Crusader. If it is true what I'm doing wrong?

    Thanx Terry

    Old but good, networking tips from MVP Malke, MS:

    The best and simplest is to buy a wireless router. This way you get Internet connectivity both machines and the added benefit of security more between you and the Internet. Then you configure your network wireless safely, and then you configure file/printer sharing. Here is information on the implementation of a router and also in networking. It seems long, but don't be intimidated. Setting up a router and the LAN of sharing between two computers takes about 15 minutes.

    The router configuration

    Setting up a router is simple enough. Normally, you run the CD that came with the router and follow the instructions. If you're running Vista, maybe the CD that came with the router does not work; I do not know this. But you can set up the router without the CD. Note that if you have Internet cable for the connection you have just set up the router to DHCP (or there may even be a choice of cable to choose). If you have DSL Internet, you select TRP usually and enter the username and password you selected when you initially set the DSL connection. So:

    1. turn off the power to your cable modem.

    2. attach a cable (usually supplied with the router) course Ethernet cat5e Internet/WAN port of the router to the Ethernet port on the cable modem.

    3. connect the ethernet cable cat5e from the network card in your computer to one of the ports on the router. If you do not have an ethernet cable (because you were using USB), you will need to go to the store and buy a.

    4. turn on the cable modem. After that all the lights are on, turn on the router.

    To configure the router:

     

    Have a computer connected to the router with an ethernet cable. Examples given are for a Linksys router. See the manual of your router or the router mftr's Web site. for the parameters by default if you don't have a Linksys. Open a browser such as Internet Explorer or Firefox and in the address bar type:

    http://192.168.1.1 [Enter] (it is default IP address of the router, which varies from router to router then check your manual)

    This will bring you to the login screen of the router. The default username is blank and the Linksys default password is "admin" without the quotes. Enter this information. You are now in the configuration of the router utility. Your configuration utility may be slightly different from mine.

    Click the Administration link at the top of the page. Enter your new password. MAKE A NOTE SOMEWHERE THAT YOU WILL NOT LOSE. Re-enter the password to confirm it, and then click Save settings at the bottom of the page. The router will reboot and show you the box of connection again. Do not fill in the user name and put it in your new password to enter the configuration utility.

    Now, click on the link wireless at the top of the page. Change the network name (SSID) wireless by default to something, you'll recognize. I suggest that my clients not use their surname as the SSID. For example, you might want to name your network wireless network "CastleAnthrax" or similar.

    Click on save settings and when you get the prompt that your changes were successful, click the wireless security link which is just beside the Basic Wireless Settings link (where you changed your SSID). If you have a newish computer, you will be able to affect security WPA2-Personal Mode. Do this and enter a password. The password is what you enter on all computers that are allowed to connect to the wireless network. MAKE A NOTE SOMEWHERE THAT YOU WILL NOT LOSE.

    At this point, your router is set up and if the computer that you use to configure the router will normally connect wireless, disconnect the Ethernet cable and wireless of the computer should see your new network. Enter the password you created to join the network and start surfing.

    *****

    B. file/printer sharing of

    Excellent, comprehensive, but easy to understand article on sharing files/printer under Vista. Contains information about sharing printers and files, and the folders:

    http://TechNet.Microsoft.com/en-us/library/bb727037.aspx

    For XP, start by running the Network Setup Wizard the on all machines (see warning in section A below).

    Problems sharing files between computers on a network are usually caused by 1) a misconfigured firewall or a firewall neglected (including a dynamic firewall in a virtual private network); or (2) inadvertently run two firewalls such as the firewall of Windows and a third-party firewall. and/or (3) do not have accounts to the same users and passwords on all computers in the workgroup. (4) tries to create actions where the operating system does not.

    A. configure the firewall on all machines to allow traffic to local area network (LAN) as being approved. With the Windows Firewall, it means which allows file sharing / print on the Exceptions tab normally run the XP Network Setup Wizard will take care of this for these machines. The only "witch hunt", it will turn on the XPSP2 Windows Firewall. If you are not running a third-party firewall or you have an antivirus with "Internet Worm Protection" (like Norton 2006/07) which acts as a firewall, you're fine.  With a third-party firewall, I usually set up the allocation of LAN with an IP address range. E.g. would be 192.168.1.0 - 192.168.1.254. Obviously you would substitute your correct subnet. Do not run more than one firewall. DON'T STOP FIREWALLS; CONFIGURE THEM CORRECTLY.

    (B) to facilitate the Organization, put all computers in the same workgroup. This is done from the System applet in Control Panel, the computer name tab.

    C. create the counterpart of the user accounts and passwords on all machines. You do not need to be logged into the same account on all machines and assigned to each user account passwords can be different; accounts/passwords just need to exist and to match on all machines. DO NOT NEGLECT TO CREATE PASSWORDS, EVEN IF ONLY OF SIMPLE. If you want a machine to boot directly to the desktop (a particular user account) for convenience, you can do this. The instructions on this link work for XP and Vista:

    Set up Windows to automatically connect (MVP Ramesh) - http://windowsxp.mvps.org/Autologon.htm

    D. Si one or more of the computers is XP Pro or Media Center, turn off Simple file sharing (Folder Options > view tab).

    E. create share as you wish. XP Home does not share the users directory or the Program Files, but you can share folders inside those directories. A better choice is to simply use the Shared Documents folder. See the first link above for more information on Vista sharing.

    F. you have the job of file sharing (and tested by exchanging a file between machines), if you want to share a printer connected locally to one of your computers, share of this machine. Then go to the printer mftr Web site. and download the latest drivers for the correct system. Install them on the target machines. The printer must be collected during the installation procedure. If this isn't the case, install the drivers and then use the Add Printer Wizard. In some cases, printers must be installed as local printers, but it is outside this response.

  • VLAN between two routers

    Hello. I am trying to solve a practical problem and I can't seem to deliver the VLAN. The presentation is as follows:

    You have two two routers connected to each other. Each router has a switch and each switch has four related generic PC. Each PC on this switch belongs on its own VIRTUAL local network. Thus,.

    Switch 1 Switch 2
    • PC A - VLAN 10
    • PC E - VLAN 10
    • PC B - VLAN 20
    • PC F - VLAN 20
    • PC C - VLAN 30
    • PC G - VLAN 30
    • PC D - VLAN 40
    • PC H - VLAN 40

    So A PC on the router/switch 1 1 can ping ROUTER2/switch 2 E PC and it cannot ping all the others. So on and so forth.

    So I tried to adjust the C VLAN 10 PC to check if the configuration of my work, and it does. But then I tie my router and sub interfaces, set the fa0/1 interface on my switch such as trunk and permit VLAN 10, 20, 30 and 40. Now, all PC on the router can ping each other! That should not happen. Now I don't know what the problem is. Can someone help me?

    I have attached the docx and the tracer file package.

    Sorry that I just realized you don't want connectivity between all computers.

    Which is a relief, because watching your Setup, I didn't see why they wouldn't be able to :-)

    You must use the ACLs on your subinterfaces to allow only the traffic you want.

    If you want to allow any PC from any other PC on the same site to ping but only the PC in the same vlan on the other site, then use an outbound acl on the router serial interfaces.

    If you only want to allow ping between the PC in the same vlan ACL use traffic entering on the subinterfaces.

    Jon

  • Catalyst 3560 liaison network between two servers ubuntu 12.04

    Hello world

    I'm trying to transfer data with more than 1 Gbit/s between two servers, but I just get a card (approximately 1 Gbps) NETWORK performance. Here is my configuration:

    srvnettest1 and srvnettest2 are two 12.04 servers ubuntu with three network cards in each. management eth0, eth1 and eth2 are network cards that should work as a team. ;-) Here are the relevant parts of fit it:

    [email protected]/* */:~# less /etc/network/interfaces
    

    ...
    

    auto bond0
    

    iface bond0 inet static
    

    address 172.16.200.100
    

    netmask 255.255.255.0
    

    bond-mode 4
    

    bond-miimon 100
    

    bond-slaves none
    

    bond-lacp-rate 1
    

    bond-primary eth1 eth2
    

    auto eth1
    

    allow-bond0 eth1
    

    iface eth1 inet manual
    

    bond-master bond0
    

    auto eth2
    

    allow-bond0 eth2
    

    iface eth2 inet manual
    

    bond-master bond0
    

    ...
    

    

    [email protected]/* */:~# less /etc/network/interfaces
    

    ...
    

    auto bond0
    

    iface bond0 inet static
    

    address 172.16.200.200
    

    netmask 255.255.255.0
    

    bond-mode 4
    

    bond-miimon 100
    

    bond-slaves none
    

    bond-lacp-rate 1
    

    bond-primary eth1 eth2
    

    auto eth1
    

    allow-bond0 eth1
    

    iface eth1 inet manual
    

    bond-master bond0
    

    auto eth2
    

    allow-bond0 eth2
    

    iface eth2 inet manual
    

    bond-master bond0
    

    ...

    It's the switch configuration (btw, this is a version of IOS in course WS-C3560G-48TS 12.2 (55) SE)

    Switch#show running-config
    

    ...
    

    interface Port-channel10
    

    switchport access vlan 200
    

    switchport mode access
    

    !
    

    interface Port-channel20
    

    switchport access vlan 200
    

    switchport mode access
    

    !
    

    interface GigabitEthernet0/1
    

    switchport access vlan 200
    

    switchport mode access
    

    channel-group 10 mode active
    

    !
    

    interface GigabitEthernet0/2
    

    switchport access vlan 200
    

    switchport mode access
    

    channel-group 10 mode active
    

    !
    

    interface GigabitEthernet0/3
    

    switchport access vlan 200
    

    switchport mode access
    

    channel-group 20 mode active
    

    !
    

    interface GigabitEthernet0/4
    

    switchport access vlan 200
    

    switchport mode access
    

    channel-group 20 mode active
    

    ...

    This is my summary etherchannel:

    Switch#show etherchannel summary
    

    Flags:  D - down        P - bundled in port-channel
    

    I - stand-alone s - suspended
    

    H - Hot-standby (LACP only)
    

    R - Layer3      S - Layer2
    

    U - in use      f - failed to allocate aggregator
    

    M - not in use, minimum links not met
    

    u - unsuitable for bundling
    

    w - waiting to be aggregated
    

    d - default port
    

    Number of channel-groups in use: 2
    

    Number of aggregators:           2
    

    Group  Port-channel  Protocol    Ports
    

    ------+-------------+-----------+-----------------------------------------------
    

    10     Po10(SU)        LACP      Gi0/1(P)    Gi0/2(P)
    

    20     Po20(SU)        LACP      Gi0/3(P)    Gi0/4(P)

    My test tools are nuttcp (by transfer) and bmon (to watch what is happening during the transfer). Unfortunately, I am not able to transfer more than 1 Gbps:

    [email protected]/* */:~# nuttcp -i1 172.16.200.100
    

    97.1875 MB /   1.00 sec =  815.2409 Mbps     0 retrans
    

    98.0625 MB /   1.00 sec =  822.4763 Mbps     0 retrans
    

    98.0625 MB /   1.00 sec =  822.7321 Mbps     0 retrans
    

    98.1250 MB /   1.00 sec =  823.1001 Mbps     0 retrans
    

    98.0625 MB /   1.00 sec =  822.5306 Mbps     0 retrans
    

    98.0625 MB /   1.00 sec =  822.7560 Mbps     0 retrans
    

    98.1250 MB /   1.00 sec =  822.9890 Mbps     0 retrans
    

    98.0625 MB /   1.00 sec =  822.6753 Mbps     0 retrans
    

    98.0625 MB /   1.00 sec =  822.5528 Mbps     0 retrans
    

    98.0625 MB /   1.00 sec =  822.7058 Mbps     0 retrans
    

    982.5000 MB /  10.03 sec =  821.9606 Mbps 21 %TX 37 %RX 0 retrans 0.32 msRTT

    In bmon, I see that a NIC (eth1) of bond0 the uplink and the other a (eth2) made the downlink:

    #   Interface                RX Rate         RX #     TX Rate         TX #
    

    qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
    

    srvnettest2 (source: local)
    

    0   lo                         0.00B            0       0.00B            0
    

    1   eth2                     269.26KiB       4175       0.00B            0
    

    2   eth1                     123.00B            0     102.56MiB      71030
    

    3   eth0                     179.00B            2     491.00B            1
    

    4   bond0                    269.38KiB       4176     102.56MiB      71030

    I tried a lot of things, but now I have no idea what to do or what to try next. It is true that I have no deep understanding of Cisco etherchannels yet, so I guess that my mistake is somewhere in the IOS configuration.

    Thanks a lot for your support and welcome to Germany

    Stephan

    Hello Stephan,

    With EtherChannels, a single flow (the flow of images/packages with the same source and destination) is always carried by a single link only. Implementation of Cisco implements not balancing on connections in an EtherChannel load by package, and it avoids a reason: executives could get reorganized, something this plain Ethernet never should do. This means that you will not see an improvement in bandwidth on the speed of a single link to your EtherChannel for a single stream. It is only the overall bandwidth for several stream which increases. The advantage of EtherChannel becomes therefore obvious that if your server starts many conversations and several stream handling.

    Best regards

    Peter

Maybe you are looking for