Thanks for the reply Masoud, I think I have it figured out. Even though the wireless Ethernet are in bridge mode, I can enable the firewall on each and block ports 67 and 68 on the LAN ports on each side so that either side will not pass on DHCP. I didn't think I could filter IP, UDP, TCP or ICMP in bridge mode but after reading the manual and doing a little testing, it does work. Thanks.
... View more
I am in a small town with fairly unreliable internet. I own my business and my house is only 1 mile away with pretty good line of sight so I got these Ubiquiti wireless ethernet bridges between them. At home, I have ISP A with a Cisco 5505 running DHCP on the 172.16.100.0/24 subnet. At the office, I have a Cisco 5520 connecting to ISP B and a Windows 2008 Server running DHCP and DNS on 172.16.100/24. Both routers are running a static route to the ISP and EIGRP with static redistribution. I have a Cisco 3750 PoE L3 switch at the office and it is running EIGRP (I had a couple devices that were hard coded to 192.168.1.x so I had to have a VLAN and route between them). All devices's default gateway at the office point to the 3750.
5505 - 172.16.100.3
5520 - 172.16.100.4
3750 - 172.16.100.1
Windows Server - 172.16.100.200
I would like to have the 5505 hand out a range of IP addresses at home that the default gateway is to the 5505. The Windows Server hands out a range of IP's that is the 5520. The problem is that even though the 5505 is running DHCP, a PC requesting an address at home gets an address from the Windows Server at the office and thus its default gateway has to cross the wireless ethernet bridge which is the slow link. Then my kid's video streaming starts to eat bandwidth at the office and I end up having a bottleneck there and an ISP at home that isn't getting used. I don't care who hands out addresses but without re-addressing my home or enabling routing on the wireless bridges, is there a way to force a DHCP server to hand out addresses based on its locale? Or something? Or any other ideas?
... View more
I have a Cisco ASA5505 with VPN enabled. I used to be able to connect from anywhere, at home on my laptop (wifi), on my iPhone and iPad (wifi or cellular - 4G) using the AnyConnect clients. For some strange reason, now when I am trying to connect across the cellular network, it won't connect. It prompts me for my login, then shows connecting. It never connects and just goes back to Disconnected state, no error, no nothing. If I take my laptop and connect via HotSpot to through my phone/cellular network, the laptop will not connect and I get a failure due to network issues. It is only on my cellular connection on any device. If I connect via wifi, it works fine.
I am on Verion in NW Iowa. If I run a packet trace across the cellular network to my ASA, the packet bounces around coast to coast and sometimes over to Europe before it gets to my ASA. If I trace off my wifi, it is like 3-4 hops. Sometimes, the cellular network is up to 20+ hops. This is the only thing that I can think of that would make it stop working across a cellular network.
I have turned on diagnostics on an iPhone and can't see anything out of the ordinary but I don't understand a lot of what is going on, actually what the diagnostics are saying. I will update with a iPhone screenshot in a few minutes.
Any one have any other ideas?
This is a valid connection from the laptop on wifi, then disconnected, connect to iPhone hotspot, tried to connect the AnyConnect client. The login pops up and I enter my credentials, I get an Invalid Certificate error and try to login again and then get this message.
... View more