Tunnel of sIte establishing btn two routers cisco 1721
Hello
I need to establish IPSec site to site tunnel between cisco 1721 (version supports for IPSec). U can help me to set up the basic configuration.
The network diagram is standard. The objective of the implementation is to establsih a communication between two end counterparts.
IE LAN---> router---> Internet--->---> LAN router
Thanks in advance
Concerning
RAMU
Of course, here is an example configuration for VPN Site to Site tunnel between 2 IOS routers:
http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a0080194650.shtml
Hope that helps.
Tags: Cisco Security
Similar Questions
-
Public static IPsec tunnel between two routers cisco [VRF aware]
Hi all
I am trying to configure static IPsec tunnel between two routers. Router R1 has [no VRF] only global routing table.
Router R2 has two routing tables:
* vrf INET - used for internet connectivity
* global routing table - used for VPN connections
Here are the basic configs:
R1
crypto ISAKMP policy 1
BA 3des
md5 hash
preshared authentication
Group 2
ISAKMP crypto key 7V7u841k2D3Q7v98d6Y4z0zF address 203.0.0.3
invalid-spi-recovery crypto ISAKMP
!
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac TRSET_AES-256_SHA
transport mode
!
Crypto ipsec TUNNEL-IPSEC-PROTECTION profile
game of transformation-TRSET_AES-256_SHA
!
interface Loopback0
10.0.1.1 IP address 255.255.255.255
IP ospf 1 zone 0
!
interface Tunnel0
IP 192.168.255.34 255.255.255.252
IP ospf 1 zone 0
source of tunnel FastEthernet0/0
tunnel destination 203.0.0.3
ipv4 ipsec tunnel mode
Ipsec TUNNEL-IPSEC-PROTEC protection tunnel profile
!
interface FastEthernet0/0
IP 102.0.0.1 255.255.255.0!
IP route 203.0.0.3 255.255.255.255 FastEthernet0/0 102.0.0.2
#######################################################
R2
IP vrf INET
RD 1:1
!
Keyring cryptographic test vrf INET
address of pre-shared-key 102.0.0.1 key 7V7u841k2D3Q7v98d6Y4z0zF
!
crypto ISAKMP policy 1
BA 3des
md5 hash
preshared authentication
Group 2
invalid-spi-recovery crypto ISAKMP
crypto isakmp profile test
door-key test
function identity address 102.0.0.1 255.255.255.255
!
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac TRSET_AES-256_SHA
transport mode
!
Crypto ipsec TUNNEL-IPSEC-PROTECTION profile
game of transformation-TRSET_AES-256_SHA
Test Set isakmp-profile
!
interface Loopback0
IP 10.0.2.2 255.255.255.255
IP ospf 1 zone 0
!
interface Tunnel0
IP 192.168.255.33 255.255.255.252
IP ospf 1 zone 0
source of tunnel FastEthernet0/0
tunnel destination 102.0.0.1
ipv4 ipsec tunnel mode
tunnel vrf INET
Ipsec TUNNEL-IPSEC-PROTEC protection tunnel profile
!
interface FastEthernet0/0
IP vrf forwarding INET
IP 203.0.0.3 255.255.255.0!
IP route 102.0.0.1 255.255.255.255 FastEthernet0/0 203.0.0.2
#######################################################
There is a router between R1 and R2, it is used only for connectivity:
interface FastEthernet0/0
IP 102.0.0.2 255.255.255.0
!
interface FastEthernet0/1
IP 203.0.0.2 255.255.255.0The problem that the tunnel is not coming, I can't pass through phase I.
The IPsec VPN are not my strength. So if someone could show me what mistake I make, I'd appreciate it really.
I joined ouptup #debug R2 crypto isakmp
Source and destination Tunnel0 is belong to VRF INET, the static route need to be updated.
IP route vrf INET 102.0.0.1 255.255.255.255 FastEthernet0/0 203.0.0.2
crypto isakmp profile test
VRF INET
door-key test
function identity address 102.0.0.1 255.255.255.255 -
Question about encryption for a VPN established between two of our sites
We have two routers Cisco 2951, one at our main location and one at a branch. An engineer for a local company came and worked all the parameters, including the VPN between the two men.
For an upcoming exam, the firm wanted to know what kind of security/encryption has been implemented between the two routers. The engineer is no longer available, so I've went over our configuration files for each of the routers and will have questions about what to tell them (I'll be the first to admit that some of this stuff is over my head).
I enclose the portions of the configs with "crypto" information he put in place. If you see something wrong, or need something extra, let me know.
Thanks in advance!
That's what you use:
Phase 1: 3DES, SHA1, PSK, Group2 DH (1024 bits), life time 86400 s
Phase2: 3DES, SHA1
Which is today considered legacy crypto, but probably nothing to worry. The crypto-config has always considered that there is "room for improvement"...
-
Tunnel VPN site to Site with 2 routers Cisco 1921
Hi all
So OK, I'm stumped. I create much s2s vpn tunnels before, but this one I just can't go there. It's just a tunnel VPN Site to Site simple using pre-shared keys. I would appreciate it if someone could take a look at our configs for both routers running and provide a comment. This is the configuration for both routers running. Thank you!
Router 1
=======
Current configuration: 4009 bytes
!
! Last configuration change at 19:01:31 UTC Wednesday, February 22, 2012 by asiuser
!
version 15.0
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
SJWHS-RTRSJ host name
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
!
!
!
!
No ipv6 cef
IP source-route
IP cef
!
!
DHCP excluded-address 192.168.200.1 IP 192.168.200.110
DHCP excluded-address IP 192.168.200.200 192.168.200.255
!
IP dhcp POOL SJWHS pool
network 192.168.200.0 255.255.255.0
default router 192.168.200.1
10.10.2.1 DNS server 10.10.2.2
!
!
no ip domain search
IP-name 10.10.2.1 Server
IP-name 10.10.2.2 Server
!
Authenticated MultiLink bundle-name Panel
!
!
Crypto pki trustpoint TP-self-signed-236038042
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 236038042
revocation checking no
rsakeypair TP-self-signed-236038042
!
!
TP-self-signed-236038042 crypto pki certificate chain
certificate self-signed 01
30820241 308201AA A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
8B1E638A EC
quit smoking
license udi pid xxxxxxxxxx sn CISCO1921/K9
!
!
!
redundancy
!
!
!
!
crypto ISAKMP policy 10
md5 hash
preshared authentication
ISAKMP crypto key presharedkey address 112.221.44.18
!
!
Crypto ipsec transform-set esp-3des esp-md5-hmac IPSecTransformSet1
!
map CryptoMap1 10 ipsec-isakmp crypto
defined by peer 112.221.44.18
game of transformation-IPSecTransformSet1
match address 100
!
!
!
!
!
interface GigabitEthernet0/0
192.168.200.1 IP address 255.255.255.0
automatic duplex
automatic speed
!
!
interface GigabitEthernet0/1
Description wireless bridge
IP 172.17.1.2 255.255.255.0
automatic duplex
automatic speed
!
!
interface FastEthernet0/0/0
Verizon DSL description for failover of VPN
IP 171.108.63.159 255.255.255.0
automatic duplex
automatic speed
card crypto CryptoMap1
!
!
!
Router eigrp 88
network 172.17.1.0 0.0.0.255
network 192.168.200.0
redistribute static
passive-interface GigabitEthernet0/0
passive-interface FastEthernet0/0/0
!
IP forward-Protocol ND
!
no ip address of the http server
local IP http authentication
IP http secure server
!
IP route 0.0.0.0 0.0.0.0 172.17.1.1
IP route 112.221.44.18 255.255.255.255 171.108.63.1
!
access-list 100 permit ip 192.168.200.0 0.0.0.255 10.10.0.0 0.0.255.255
!
!
!
!
!
!
control plan
!
!
!
Line con 0
Synchronous recording
local connection
line to 0
line vty 0 4
exec-timeout 30 0
Synchronous recording
local connection
transport input telnet ssh
!
Scheduler allocate 20000 1000
end
=======
Router 2
=======
Current configuration: 3719 bytes
!
! Last configuration change at 18:52:54 UTC Wednesday, February 22, 2012 by asiuser
!
version 15.0
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
SJWHS-RTRHQ host name
!
boot-start-marker
boot-end-marker
!
logging buffered 1000000
!
No aaa new-model
!
!
!
!
No ipv6 cef
IP source-route
IP cef
!
!
!
!
no ip domain search
!
Authenticated MultiLink bundle-name Panel
!
!
Crypto pki trustpoint TP-self-signed-3490164941
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 3490164941
revocation checking no
rsakeypair TP-self-signed-3490164941
!
!
TP-self-signed-3490164941 crypto pki certificate chain
certificate self-signed 01
30820243 308201AC A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
EA1455E2 F061AA
quit smoking
license udi pid xxxxxxxxxx sn CISCO1921/K9
!
!
!
redundancy
!
!
!
!
crypto ISAKMP policy 10
md5 hash
preshared authentication
ISAKMP crypto key presharedkey address 171.108.63.159
!
86400 seconds, duration of life crypto ipsec security association
!
Crypto ipsec transform-set esp-3des esp-md5-hmac IPSecTransformSet1
!
map CryptoMap1 10 ipsec-isakmp crypto
defined by peer 171.108.63.159
game of transformation-IPSecTransformSet1
match address 100
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
automatic duplex
automatic speed
!
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
IP 10.10.1.6 255.255.0.0
!
interface GigabitEthernet0/1
IP 172.17.1.1 255.255.255.0
automatic duplex
automatic speed
!
!
interface FastEthernet0/0/0
IP 112.221.44.18 255.255.255.248
automatic duplex
automatic speed
card crypto CryptoMap1
!
!
!
Router eigrp 88
Network 10.10.0.0 0.0.255.255
network 172.17.1.0 0.0.0.255
redistribute static
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/0.1
!
IP forward-Protocol ND
!
no ip address of the http server
local IP http authentication
IP http secure server
!
IP route 0.0.0.0 0.0.0.0 112.221.44.17
!
access-list 100 permit ip 10.10.0.0 0.0.255.255 192.168.200.0 0.0.0.255
!
!
!
!
!
!
control plan
!
!
!
Line con 0
Synchronous recording
local connection
line to 0
line vty 0 4
exec-timeout 30 0
Synchronous recording
local connection
transport input telnet ssh
!
Scheduler allocate 20000 1000
end
When the GRE tunnel carries your traffic to private ip range, your ACL must contain address of the host of point to point the IPSec tunnel.
Since then, both routers are running EIGRP in the corporate network, let the EIGRP Exchange routes via GRE tunnel, which is a good practice, rather than push the ip ranges private individual through the IPSec tunnel.
Let me know, if that's what you want.
Thank you
-
ASA 5505 and ASA 5510 Site to Site VPN Tunnel cannot be established
Hi all experts
We are now plan to form an IPSec VPN tunnel from site to site between ASA 5505 (ASA Version 8.4) and ASA 5510 (ASA Version 8.0) but failed, would you please show me how to establish? A reference guide?
I got error syslog 713902 and 713903, how to fix?
I got the following, when I type "sh crypto isakmp his."
Type: user role: initiator
Generate a new key: no State: MM_WAIT_MSG2
Hugo
Hello
This State is reached when the policies of the phase 1 do not correspond to the two ends.
Please confirm that you have the same settings of phase 1 on both sides with the following commands:
See the isakmp crypto race
See the race ikev1 crypto
Also make sure that port UDP 500 and 4500 are open for communication between your device and the remote peer.
Finally, make sure you have a route suitable for the remote VPN endpoint device.
Hope that helps.
Kind regards
Dinesh Moudgil
-
How to install the VPN Client and the tunnel from site to site on Cisco 831
How can I configure a Cisco 831 router (Branch Office) so that it will accept incoming VPN Client connections and initiate tunneling IPSec site to site on our hub site that uses a VPN 3005 concentrator? I could get the tunnel to work by configuring it in a dynamic encryption card, but interesting traffic side Cisco 831 would not bring the tunnel upward. I could only put on the side of the hub. If I use a static encryption card and apply it to the external interface of the 831 I can get this working but then I couldn't get the VPN Client to work.
Thank you.
The dynamic map is called clientmap
The static map is called mymapYou should have:
no card crypto not outmap 10-isakmp ipsec dynamic dynmap
map mymap 10-isakmp ipsec crypto dynamic clientmapinterface Ethernet1
crypto mymap mapFederico.
-
No Ping response from Site to Site connection between 876 of Cisco and CheckPoint Firewall
Hello!
We try to create a Site-to-Site - connection IPSec between a Cisco 876 (local site) and a control-firewall station (remote site). Cisco 876 is not directly connected to the internet, but it is behind a router ADSL with port-forwarding, redirection of ports 500 and 4500. The configuration of the Cisco 876 running is attached to this thread. Unfortunately, I get no results when debugging the connection with the command "debug crypto isakmp" and "debug crypto ipsec".
From the point of view of Checkpoint firewall the connection seems to be implemented, but there is no response from ping.
The server in the local site to be achieved since the network behind the firewall Checkpoint has a routing entry "PEI route add [inside the ip-net Remote] 255.255.255.0 [inside the premises of intellectual property]" (see also annex current config name ip addresses).
Establishing a VPN Cisco Client connection to the same router Cisco 876 works very well.
Any help would be much appreciated!
Jakob J. Blaette
Hi Jakob,
Add my two cents here.
You should always verify that the following ports and Protocol are open:
1 - UDP port 500--> ISAKMP
2 - UDP port 4500--> NAT - T
3-protocol 50---> ESP
A LAN-to-LAN tunnel will never establish a TCP session, but it could use NAT - T (if behind a NAT). Remember that a single translation isn't a port forwarding, a LAN-to-LAN tunnel is not good unless you have a one-to-one translation of the NATted device, which I think, in your case the router is working.
HTH.
Portu.
Please note all useful messages and mark this message as a response.
-
VPN between 2 routers Cisco 1841 (LAN to LAN)
Hello
I need to connect two offices (two different LAN) using routers cisco 1841 at both ends.
Currently the two cisco router are in working condition and refer the internet LAN clients. (making the NAT).
Can someone please tell us what is the easiest way to set up a VPN between two sites, so that LAN users to an office to access mail servers electronic/request to the office LAN.
I understand that I need IPSec Site to Site VPN (I think).
Anyonce can you please advise.
Kind regards.
s.nasheet wrote:
Hi ,
I need to connect two offices ( two different LAN's) together using cisco 1841 routers at both end.
Currently both cisco router are in working order and acting as a internet gateway to the LAN clients. ( doing NAT).
Can anybody please advise what is the easiest method to configure VPN between two sites so that LAN users at one office be able to access the email/application servers at the other LAN office.
I understand I need IPSec Site to Site VPN ( i think).
Can anyonce please advise.
Regards.
Yes, you need a VPN site-to site. Start with this link which gives a number of examples to set up a VPN S2S between 2 routers Cisco.
http://www.Cisco.com/en/us/Tech/tk583/TK372/tech_configuration_examples_list.html#anchor16
Jon
-
VoIP QoS for Tunnel from Site to Site
Hi all
I need help to configure QoS for VoIP between two Cisco ASA 5505 with VPN Site to Site.
There is no need for bandwidth reservation, only 46 (EF) DSCP should be higher and DSCP 26 second queue higher and rules apply only to a site to site VPN.
Usually, I try to configure the ASAs via ASDM and discovered in the documentation Cisco how configure QoS DSCP bits with a Service policy and how to configure QoS for a VPN from Site to Site (rule Service-> Match traffic strategy). But how to configure QoS for a bit DSCP applies to Tunnel from Site to Site? And how configure different priorities for both DSCP bits, this is defined by the order of political Service?
The quality of service must be activated on the two ASAs to inside interface?
Thanks in advance
Tobias
Like most-
class-map voice_traffic
match dscp ef
match dscp 26 -
Difficult to complete phase 1 of the tunnel from site to site.
I have a 1921 Cisco (config) and between an ASA 5505 (config) that I am trying to establish a tunnel from site to site.
I think I should be able to see the tunnel when I type isakmp crypto to show its, but it is not at all.
Cisco 1921 outside intellectual property:
ASA 5505 outside intellectual property:I tried to ping from the inside network to the ASA, inside network on 1921. It is not bring up the tunnel.
How is the tunnel is not complete the phase 1?
Can you please send the information about the configuration? Crypto maps, ACL, etc.
-
Problem setting up Port Forwarding with two routers.
I can't set up by Linksys RT31P2 and routers port forwarding WRT160Nv3.
My setup is Webstar Modem = RT31P2 = WRT160N = Mac OS 10.6.5. (No configurable modem and ISP do not prevent port forwarding. It comes with two Linksys routers).
I had a Monty Python-going around with the support of Cisco cat; and follow up with telephone assistance in which the agent knew nothing about port forwarding and his supervisor expressed the view that it was not possible with two routers. Sigh.
If anyone can help me with step by step specific and simple instructions to configure routers. I know that the basic procedures. I'm not clear, what exactly changes on routers.
I read that portforward.com has to say and it does not work so I must be misunderstanding something.
The ip address of my computer is 192.168.1.103. Are the last three digits of this speech concluded the two routers in the area on the port forwarding page? What other changes should be done what router?
I know the port numbers that I use are OK because I can implement successfully if I connect to one or other of the routers (but not both), and my software of p2p shows port are open.
Any help and suggestions most welcome.
If you set up as I have suggested that you have only a single LAN that will be using in your addresses * 192.168.15 case. So in your case:
1. change the address LAN IP of 192.168.1.1 to 192.168.15.2 WRT.
2 disable the DHCP server.
3. connect the LAN of the WRT port to port LAN of the RT.That's all. Disable the DHCP server will not affect whatever it is that you're connected LAN - LAN and DHCP server on the RT is still operational.
After the change, previously the WRT computers may require a reboot to get a new address 192.168.15. *.
Your computer to which you are transferring must have an IP static and not dynamic (or variable). Check the current IP information on this computer. It must have an IP address like 192.168.15.103, mask 255.255.255.0, gateway 192.168.15.1 subnet and DNS 192.168.15.1 server or maybe two other IP addresses instead. Note DNS servers if you do not 192.168.15.1.
Then configure a static IP address on the computer. Use something like 192.168.15.10, 255.255.255.0 gateway 192.168.15.1 and the DNS servers you found before.
After this implement 192.168.15.10 port forwarding.
-
Hello!
Is it possible to have two routers (including one with RSR-WAAS and the other without) on a remote site router without ISR-WAAS to use the ISR-WAAS of the other router? (I have only finddual router with dual WAAS SRI in the CVD).
Concerning
Michael
Hi Michael,
Yes it is possible.
However, the Redirect method depends on what type of router without ISR-WAAS is:
another report of research international-4000:
You can use AppNav (the two routers in the same groups of Application Controller & the SRI-WAAS as the sole member af of the AV/Waas node group).
almost any other router:
You can use WCCP on both routers redirecting to the SRI-WAAS.
Best regards
Finn
-
Hello. I am trying to solve a practical problem and I can't seem to deliver the VLAN. The presentation is as follows:
You have two two routers connected to each other. Each router has a switch and each switch has four related generic PC. Each PC on this switch belongs on its own VIRTUAL local network. Thus,.
Switch 1 Switch 2 - PC A - VLAN 10
- PC E - VLAN 10
- PC B - VLAN 20
- PC F - VLAN 20
- PC C - VLAN 30
- PC G - VLAN 30
- PC D - VLAN 40
- PC H - VLAN 40
So A PC on the router/switch 1 1 can ping ROUTER2/switch 2 E PC and it cannot ping all the others. So on and so forth.
So I tried to adjust the C VLAN 10 PC to check if the configuration of my work, and it does. But then I tie my router and sub interfaces, set the fa0/1 interface on my switch such as trunk and permit VLAN 10, 20, 30 and 40. Now, all PC on the router can ping each other! That should not happen. Now I don't know what the problem is. Can someone help me?
I have attached the docx and the tracer file package.
Sorry that I just realized you don't want connectivity between all computers.
Which is a relief, because watching your Setup, I didn't see why they wouldn't be able to :-)
You must use the ACLs on your subinterfaces to allow only the traffic you want.
If you want to allow any PC from any other PC on the same site to ping but only the PC in the same vlan on the other site, then use an outbound acl on the router serial interfaces.
If you only want to allow ping between the PC in the same vlan ACL use traffic entering on the subinterfaces.
Jon
-
Hi all
Is there anyway that I can balance workloads on both routers.
I have an ASA with two attached routers each router has two instances of HSRP runs on each with its own IP address, each router is the main for one of the instances of HSRP. If there was no ASA in the way that I would set DHCP to browse through all of the functions of server through another hey presto (of sort) load balancing. However, I can't do what the ASA has only a single internal IP address. Routers treat natting because they are on different IP ranges on different Internet service providers.
I can't use GLBP as the external IP evolution would break VPN RDP and SMTP connections.
Is it possible that I can make the road ASA based on the source IP address, or any other means to separate the traffic between two routers?
Thanks in advance,
Scott
You cannot route based on ip source with only firewall with router possiable by ACB
You can give each of them point to router deffrent with metric deffrent from the static routes
in this case, it will make the topology as active standby, which is not good in your case
but you can use sub interfaces on your case make the ASA NRTIs each subinterface in deffrent subnet and deffrent security level
and let each subinterface use deffrent hsrp instance
or there is another way
IF you are not using VPN on your ASA you can reach in the context of multiple
in the context of several you're going to separate your firewall virtually
so if you have two VLAN in your network (two subnets deffrent)
then each subnet use almost deffrent firewall
goona u divide the internal interface to two subinterfaces
and you can use a shred of interface between the context outside or separate for two subinterfaces
and assign these interface for each context
If you go to each context as firewall deffrent
and you can use the HSRP deffrent on each context instance
but the multiple context, you can use VPN on the firewall
Use the following method *.
The OTHER WAY THAT ALSO I have SUGIST YOU to TRY, this IS THE Transparent firewall
in the case your firewall works in L2 mode
so you can use routers in HSRP IPS AS there is no firewall in the path
which i thnk useful for you case also
in transperant mode the way to defaultgate for your customer will be the hsrp IP because the firewall will not have everything except IPs management
the useres will also be in the same IP subnet as the gateway in your case HSRP VIP
and also, you can control the security of the network through the firewall normally
try this way and let me know
See the following link for the configuration
Please, note useful
-
Remote VPN users cannot access tunnel from site to site
Cisco ASA5505.
I have a tunnel of site-to-site set up from our office to our Amazon AWS VPC. I'm not a network engineer and have spent way too much time just to get to this point.
It works very well since within the office, but users remote VPN can not access the tunnel from site to site. All other remote access looks very good.
The current configuration is here: https://gist.github.com/pmac72/f483ea8c7c8c8c254626
Any help or advice would be greatly appreciated. It is probably super simple for someone who knows what they're doing to see the question.
Hi Paul.
Looking at your configuration:
Remote access:
internal RA_GROUP group policy
RA_GROUP group policy attributes
value of server DNS 8.8.8.8 8.8.4.4
Protocol-tunnel-VPN IPSec
value of Split-tunnel-network-list Split_Tunnel_Listpermit same-security-traffic intra-interface
type tunnel-group RA_GROUP remote access
attributes global-tunnel-group RA_GROUP
address RA_VPN_POOL pool
Group Policy - by default-RA_GROUP
IPSec-attributes tunnel-group RA_GROUP
pre-shared key *.
local pool RA_VPN_POOL 10.0.0.10 - 255.255.255.0 IP 10.0.0.50 maskSite to site:
card crypto outside_map 1 match address acl-amzncard crypto outside_map 1 set pfspeer set card crypto outside_map 1 AWS_TUNNEL_1_IP AWS_TUNNEL_2_IPcard crypto outside_map 1 set of transformation transformation-amznI recommend you to use a local IP address pool with a different IP address that deals with the inside interface uses, now you are missing NAT are removed from the IP local pool to the destination of the site to site:NAT_EXEMPT list of ip 10.0.0.0 access allow 255.255.255.0 172.17.0.0 255.255.0.0NAT (outside) 0-list of access NAT_EXEMPTNow, there's a dynamically a NAT exempt allowing traffic to go out and are not translated.I would like to know how it works!Please don't forget to rate and score as correct the helpful post!Kind regardsDavid Castro,
Maybe you are looking for
-
lost the recent history button
How to recover recent history button located next to the right arrow or the back button?
-
XD - bit (CPU function) disabled/not available for Satellite A100-PSAA9
Last week, I bought the laptop Toshiba Satellite A100-847 (Satellite A100-SPAA9) which has an Intel Core 2 Duo, model T7200. Specifications Intel, this processor (as all Core and Core 2 processors) has the particularity of XD - bit, known in Windows
-
Stock browser and Chrome issues
I have two problems with browsers in my A1000-F. 1. in the stock browser, sites like MSN.com do not make completely and lead to rinsed text and photos. 2. Chrome, all sites are fragile when scrolling. I know these are problems of fragmentation are at
-
Windows 7 full screen mouse Bug?
Hello. I got Windows Media Center to open full screen mode and the mouse is invisible no matter what I do. Same Minecraft, so this may be a problem for Windows. Do you know how to fix this? Everything I do in windowed mode.
-
SMART virtual TabletPC shows the duplicate entries in the Device Manager on Windows 7
I realize, this is an old thread, but I hope someone is still reading. We have the same problems since everyone upgrade to Windows 7. However, when we disable or uninstall SMART virtual TabletPC and restart the computer, the device returns. Not on