We are currently running ASA9 at a location with redundant ip connectivity. We’d love to configure ip sla so that internet access survives a single carrier outage. I’m aware of the ip sla commands, however when I’ve tried to prepopulate the required NAT rules, the addition of the second rule will overwrite the first. Here is an example: object network NYHQ_GUESTWIRELESS_10.110.6.0_24 nat (NYHQ-GUESTWIRELESS,NYHQ-OUTSIDE_FIOS) dynamic interface When I attempt to add an additional nat rule, perhaps [...]

I’m a total newbie to Cisco and I have a cisco router on which I have to do some experiments. How can I access this router? Ports available are Ethernet 0/1, Ethernet 0/0, Console, Aux. I guess if I plug an ethernet cable from my laptop into console I can have access to it, but then what should I do? Which ones between 0/1 and 0/0 are for incoming and outgoing traffic? I realize this [...]

Cisco ASA 5510 I currently have a NAT for SMTP on one outside IP to an internal IP. I need to setup 2 external IPs to NAT to the same IP internally. How can I do that? ex: 10.10.10.1 25 –> 192.168.0.200 25 10.10.10.3 25 –> 192.168.0.200 25 Asked by Keith You won’t be able to use static PAT for this as you would break the 1:1 mapping rule. Firewall has to know what mapping [...]

How to change mac from static to dynamic in mac-address-table (switch)?I find this official source but still not understand what options I must choose. Something like this: switch(config)# mac-address-table static 12ab.47dd.ff89 vlan 3 interface fastethernet 2/1 auto-learn Asked by Anton Putov You can’t change a static entry to dynamic. Just delete the static entry and the switch will add its own dynamic entry when that host sends a frame. Use the “no” syntax to delete [...]

This is our company’s internet gateway router. This is what I want to accomplish on our Cisco 2691 router: All employees need to be able to have unrestricted access to the internet (I’ve blocked facebook with an ACL, but other than that, full access) There is an internal webserver that should be accessible from any internal IP address, but only a select few external IP addresses. Basically, I want to whitelist access from outside the [...]

I’ve configured my internal VLAN using the most basic settings where ports 1-7 are assigned from a pool of addresses in the range 192.168.15.5 -> 192.168.15.36. These hosts are given access to the internet and it works great. What I’m trying to set up now is allowing users who are connected to the device and specify their IP (say I connect and request 192.168.15.45) are given internet access and can still work alongside DHCP hosts. [...]

I enabled Port Security on the switch. > conf t > int fa 0/3 > switchport mode access > switchport port-security maximum 1 > switchport port-security mac sticky And to test if this works, i connected a cable to this port and pinged, then the port got blocked as expected. Now i reconnected the original desktop (the one which was connected before- the one which is suppose to work with this port). and I am [...]

This probably very simple. This was setup before I arrived, and has been working to block facebook. I recently eliminated some static port forwarding on this 2691 (as in, I don’t think anything else has changed), and now facebook is once again accessible. Why is this list not doing what it seems like it should be doing (and was doing)? Would an extended outbound ACL be more appropriate (I think that would have been my [...]

We send mail with unicode asian characters to our mail server on the other side of our WAN… immediately after upgrading from a FWSM running 2.3(2) to an ASA5550 running 8.2(5), we saw failures on mail jobs that contained unicode. The symptoms are pretty clear… using the ASA’s packet capture utility, we snagged the traffic before and after it left the ASA… access-list PCAP line 1 extended permit tcp any host 192.0.2.25 eq 25 capture [...]

I am trying to configure a cisco switch as a ntp client, however I cannot get past the show ntp status of Clock is unsynchronized, stratum 16, no reference clock. I’ve tried setting the clock close to the UTC time, but i still don’t show time synced. First I thought it was due to a bug I was reading about regarding Win32Timeservice, or something like that, however I confirmed that this is a NTPD server [...]