I fixed it by adding NAT in the MGMT Router
Current configuration : 1753 bytes ! ! Last configuration change at 11:38:56 UTC Tue May 31 2016 ! upgrade fpd auto version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Mgmt ! boot-start-marker boot-end-marker ! no logging console ! no aaa new-model ! ! ! ip source-route ip cef ! ! ! ! no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! redundancy ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex half ! ! interface GigabitEthernet1/0 ip address 192.168.1.123 255.255.255.0 ip nat outside ip virtual-reassembly negotiation auto ! ! interface Ethernet2/0 ip address 10.10.14.2 255.255.255.252 ip nat inside ip virtual-reassembly duplex half ! ! interface Ethernet2/1 ip address 10.10.10.1 255.255.255.252 ip nat inside ip virtual-reassembly duplex half ! ! interface Ethernet2/2 no ip address shutdown duplex half ! ! interface Ethernet2/3 no ip address shutdown duplex half ! ! interface Ethernet2/4 no ip address shutdown duplex half ! ! interface Ethernet2/5 no ip address shutdown duplex half ! ! interface Ethernet2/6 no ip address shutdown duplex half ! ! interface Ethernet2/7 no ip address shutdown duplex half ! ! ! router rip version 2 network 10.0.0.0 network 192.168.1.0 ! ip default-gateway 192.168.1.1 ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list 100 interface GigabitEthernet1/0 overload ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! access-list 100 permit ip any any ! ! ! ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end
... View more
I have a test lab for my VMWare.
for the routing between different network in the lab I used GNS3.
in the project I have five routers.
Router "Mgmt" is connected to my Physical server NIC and the NIC is connected to my physical router
Router "Mgmt" is good and can ping 22.214.171.124
my first test router is "VMNet3"
I am able to ping any port on the "Mgmt" from "VMNet3"
But cannot ping 192.168.1.1 (the IP address of the physical router/ Gateway of the Physical Router)
Please refer to the enclosed topology and the config file.
I am wondering what am I missing in the config of the VMNet3?
Thank you in advance
... View more
Hello there, My ASA 5505 is killing me. (OR I should say The level of my knowledge is killing me) Please refer to the capture.png for the configuration. it was working but after a long power outage I don't have access to the internet. ============================ Internet provider: Verizon Main Router Model: MI424WR All devices connected to the Main Router (Router of Verizon) are working properly I connected my ASA 5505 to the Main Router to have a test lab. The router assigned 192.168.1.19 to the ASA I have a PC (192.168.20.36) which I used to connect to it through RDP from my office. I erased everything and tried to reconfigure the ASA . from the main router interface I can see the ASA is enable but inactive (Refer to the Inactive.png) When I check the connectivity of ASA in the interface it shows everything is fine.(Refer to the OK.png) Now I do not have access to the internet I can see the message below in my PC: DHCP is not enabled for the "Local Area Connection". my configuration ASATest(config)# show run : Saved : ASA Version 9.1(2) ! hostname ASATest enable password 8Ry2YjIyt7RRXU24 encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.20.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ! ftp mode passive object network PC host 192.168.20.36 access-list INSIDE-NAT0 extended permit ip 192.168.20.0 255.255.255.0 any access-list outside_in remark Allow RDP access-list outside_in extended permit tcp any object PC eq 3389 pager lines 24 mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network PC nat (inside,outside) static interface service tcp 3389 3389 route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy telnet timeout 5 ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd dns 192.168.20.2 ! dhcpd address 192.168.20.5-192.168.20.36 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email firstname.lastname@example.org destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:84ce67e8e61dc20c02b10568edc77c99 : end Please Advise
... View more
OK I guess I figure out what is wrong. My ASA got its IP address from my main Firewall (Router) by DHCP, which is wrong, I should assign a static IP address to it. How? I do not know. my main firewall (Router) is MI24WR and in the same time one of the laptops in my house got the 192.168.1.6 so the router changes the ip address of the ASA to 192.168.1.5 and make it disable I should find out how to assign a static IP address to the port 0 of the ASA and if I do it what will happen to the configuration? Shall I change it?
... View more
Hello Sandee, Thank you so much for your time. I will receive my devices in the next week or early following week. I wanted to be ready for them first. Let me receive them I will setup them and let you know about the result. Again thank you so much for you time Amir
... View more
Hello Sandeep, Thank you so much for your reply. Let me re-phrase your description to be sure I understand it correctly. I am not very well in the networking but I have started to get my CCNA and I am in the middle of the course. As I need to have two separate Wi-Fis, I have to define two DHPC Pools (Let's say 192.168.120.0/24, 192.168.130.0/24) on the Layer 3 switch ip dhcp pool WiFi-P network 192.168.120.0 255.255.255.0 default-router 192.168.120.253 dns-server 192.168.100.5 192.168.100.7 ip dhcp pool WiFi-G network 192.168.130.0 255.255.255.0 default-router 192.168.130.253 dns-server 192.168.100.5 192.168.100.7 (Do I need to have this line for My guest Wi-Fi subnet? because the subnet should have access to internet only not any device in my network) interface Vlan 120 description "Wi-Fi - Private" ip address 192.168.120.253 255.255.255.0 description "Wi-Fi - Guess" ip address 192.168.130.253 255.255.255.0 then for the APs (Let's consider I am going to connect them to the ports 40 ~ 43) int range Gig 0/40 - 0/43 description Wi-Fi Switchport access vlan 120 Switchport access vlan 130 What will be the setting for the port which I am going to connect the WLC on the Layer 3 switch? Thank you in advance for your time Amir
... View more
Hello Scott, Thank you so much for your reply. Based on your recommendation I decided to go with CT2504 Wireless LAN Controller and four or Five Aironet 1602i Controller-based - wireless access point I looked at the installation instruction for the access points in the link below: http://www.cisco.com/c/en/us/td/docs/wireless/access_point/1600/quick/guide/ap1600getstart.pdf Step 1-d of the instruction says Make sure DHCP is enabled on the network The picture below shows the infrastructure setup in my current network The ASA modele is ASA5510 I have a Layer 3 WS-C3650x-48P-s and have three V-LANs on it 1- Servers and Printers (All static) Subnet: 100 2- Workstations (DHCP) Subnet: 110 3- Wi-Fi (DHCP) Subnet: 120 All Exp-500 switches are for the voice I have a plan to add the new devices in the network I am going to replace the current access points with the new ones As I mentioned before I have a plan to have two SSIDs in my network (Guest and Private) For the setup I am going to add new subnet in my net work for my Wi-Fi Guest (let's call it 130) . I am going to assign 4 ports in the layer 3 switch to my new access points and set them as Trunk. Now my questions: 1- Based on the instruction, where shall I connect the new Wi-Fi controller in my network? (it should see my network as well) my guess is a trunk port in the Layer 3 switch (am I correct)? 2- My current access points have a static IP address from the subnet 120, but I am confuse with the IP address of the new access points, would you please advise me? Thank you in Advance for your time Amir
... View more
Hello, Thank you so much for your reply. I looked at your recommendation. It seems it comes with 5 ans 15 accesspoint License. What does that mean? I mean if I buy a "Cisco 2504 Wireless Controller with 5 Access Point License", I can have only 5 Access point or 5 SSIDs? it seems it has only two POE ports. What model of access point shall I buy? I find out ppeople are buying Csco Air-LAP 1041N-A-K9 Aironet 1040, shall I buy 5 of them? Thank you in Advance for your time
... View more