Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
7
Replies

Help!! configuration

omer_babiker
Level 1
Level 1

‎10-09-2012 11:28 PM - edited ‎03-11-2019 05:06 PM

Hi All,

my current network layout is attached.

The service provider will be preparing an MPLS-VPN network as per our request.

The required scenario is:

Only one PC from the 10.50.10.0/24 subnet is required to connect to mpls network directly. Other PCs should remain the same.

Is that possible? if yes, what configuration that can be done?

Note: PCs of the 10.50.10.0/24 subnet got the ip addresses from dhcp server which managed by other department (same building), and they can cooperate.

Please advise.

Labels:
Preview file
68 KB
0 Helpful
7 Replies 7

Harish Balakrishnan
Spotlight
Spotlight

‎10-09-2012 11:38 PM

Hello Omer,

You meant to say only 1 PC at a time or a specific defined PC but the IP address may change since it is DHCP

regards

Harish.

0 Helpful

omer_babiker
Level 1
Level 1
In response to Harish Balakrishnan

‎10-09-2012 11:42 PM

Hi Harish,

It is specific defined PC but ip address may change.

Regards,

0 Helpful

Harish Balakrishnan
Spotlight
Spotlight
In response to omer_babiker

‎10-09-2012 11:44 PM

Hello Omer,

thanks for the info.. What type of firewall are you using and the OS version if it is Cisco

regards

Harish

0 Helpful

omer_babiker
Level 1
Level 1
In response to Harish Balakrishnan

‎10-09-2012 11:48 PM

Hi Harish,

It's ASA5510, and the version is 8.0 (4).

Thanks,

0 Helpful

Harish Balakrishnan
Spotlight
Spotlight
In response to omer_babiker

‎10-10-2012 12:05 AM

Hello Omer,

In Normal routed mode ASA, there is no native way of mac filtering. If you want the client to access http/ftp/telnet traffic through MPLS, then you can use cut through proxy and give mac excemption for you specific PC..

If that solution in place, it will ask for an authentication if other PC's trying to access and the pc with mac excemption configred will bypass the authentication and can access

the following link provide you information on the solution

http://hanlinag.blogspot.com/2011/10/how-to-block-out-going-traffic-by-mac.html

Harish.

0 Helpful

omer_babiker
Level 1
Level 1
In response to Harish Balakrishnan

‎10-10-2012 12:20 AM

Hello Harish,

Thank you so much for your help.

do you think it's possible to define static ip address for that specific PC?

If that possible, the traffic from that pc can easily be routed to go to mpls network. please correct me if I'm wrong.

Regards,

0 Helpful

Harish Balakrishnan
Spotlight
Spotlight
In response to omer_babiker

‎10-10-2012 12:28 AM

Hello Omer,

Thant is the ideal solution,, give the static IP for that PC and exclude that IP in DHCP server..

Create ACL in ASA so that only that IP is permitted to MPLS network and deny complete subnet to MPLS network as second line and permit ip any any as the third line of the ACL

regards

Harish.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card