Question

Routing between two networks on a CISCO ASA 5505

Asked by: auroratc

I have a Cisco ASA 5505 with the necessary licensing and capabilities of multiple VLANS and I am trying to use it to route two different networks.  I have the VLAN setup up and have set the security level set to 100 (same as the internal network) and have selected the option to route within same security networks.  The two networks (192.168.10.0/24 and 192.168.50.0/24) are not talking to each other (can't ping between them) so I need some help getting this working.  In addition there are two hosts on each of the two networks that I am trying to route that cannot talk to each other so I need some help configuring the access-lists.  Every time I try to insert a rule, it shuts off internet access to the entire organization.  Config is posted in the code segment.

ASA Version 8.0(3)
!
hostname CCFM-ASA5505
domain-name ********
enable password **************** encrypted
names
name 192.168.10.7 CCFM-Win2003-Server description Radius server
name 192.168.10.10 ******!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.10.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address ******** 255.255.255.252
!
interface Vlan3
 nameif dmz
 security-level 50
 ip address 10.0.0.1 255.255.255.0
!
interface Vlan13
 description Backup interface to CableOne
 nameif CableOne
 security-level 0
 ip address ************** 255.255.255.0
!
interface Vlan23
 nameif MOZART
 security-level 100
 ip address 192.168.50.253 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 switchport access vlan 13
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
 switchport access vlan 23
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns server-group DefaultDNS
 domain-name ccfm.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service IntergyRemote tcp
 port-object range 60000 60004
access-list CCFMVPN-Split-Tunnel standard permit 192.168.5.0 255.255.255.0
access-list CCFMVPN-Split-Tunnel standard permit 192.168.10.0 255.255.255.0
access-list Default-VPN-Group-Filter extended permit ip 192.168.10.0 255.255.255
.0 192.168.5.0 255.255.255.0
access-list Default-VPN-Group-Filter extended permit ip 192.168.5.0 255.255.255.
0 192.168.10.0 255.255.255.0
access-list Default-VPN-Group-Filter extended permit ip 192.168.5.0 255.255.255.
0 any
access-list Default-VPN-Group-Filter extended deny ip any any
access-list inside_nat0_outbound extended permit ip any 192.168.5.0 255.255.255.
0
access-list outside_access_in extended permit tcp any any eq https
access-list outside_access_in extended permit tcp any any eq www
access-list outside_access_in extended permit tcp any any eq 8089
access-list outside_access_in extended permit tcp any any eq 8000
access-list outside_access_in extended permit tcp any any eq 8443
access-list http-list2 extended permit tcp any any
!
tcp-map mss-map
  exceed-mss allow
!
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu CableOne 1500
mtu MOZART 1500
ip local pool VPNpool 192.168.5.1-192.168.5.25 mask 255.255.255.0
ip local pool SSLVPNPool 192.168.6.1-192.168.6.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
asdm location CCFM-Win2003-Server 255.255.255.255 inside
asdm location ******** 255.255.255.255 inside
asdm location 192.168.10.9 255.255.255.255 inside
asdm location 192.168.50.7 255.255.255.255 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (CableOne) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface https CCFM-Win2003-Server https netmask 25
5.255.255.255
static (inside,outside) tcp interface www CCFM-Win2003-Server www netmask 255.25
5.255.255
static (inside,outside) tcp interface 8089 192.168.10.240 8089 netmask 255.255.2
55.255
static (inside,outside) tcp interface 8000 192.168.10.240 8000 netmask 255.255.2
55.255
static (inside,outside) tcp interface 8443 CCFM-Win2003-Server 8443 netmask 255.
255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 209.161.27.45 1 track 100
route CableOne 0.0.0.0 0.0.0.0 24.117.110.1 254
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server CCFMAAA protocol radius
 max-failed-attempts 5
aaa-server CCFMAAA host CCFM-Win2003-Server
 key 3isgoingonvacation
 radius-common-pw ******
 acl-netmask-convert auto-detect
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
filter java except 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
http server enable
http 192.168.10.0 255.255.255.0 inside
http 192.168.5.0 255.255.255.0 inside
snmp-server host inside 192.168.10.50 poll community *********
snmp-server location *************************************
no snmp-server contact
snmp-server community ****************************
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 1
 type echo protocol ipIcmpEcho 209.161.27.45 interface outside
 num-packets 3
sla monitor schedule 1 life forever start-time now
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SH
A
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 5
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
!
track 100 rtr 1 reachability
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 192.168.10.0 255.255.255.0 inside
ssh 192.168.5.0 255.255.255.0 inside
ssh 209.161.35.213 255.255.255.255 outside
ssh 209.151.55.40 255.255.255.255 outside
ssh 63.228.179.89 255.255.255.255 outside
ssh timeout 5
console timeout 20
dhcpd address 192.168.10.30-192.168.10.125 inside
dhcpd dns 192.168.10.9 209.161.1.2 interface inside
dhcpd wins 192.168.10.9 interface inside
dhcpd lease 129600 interface inside
dhcpd ping_timeout 100 interface inside
dhcpd domain ccfm.local interface inside
dhcpd update dns both interface inside
dhcpd enable inside
!
 
threat-detection basic-threat
threat-detection statistics access-list
ntp server 64.202.112.65 source outside prefer
webvpn
 port 8080
 enable outside
 svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
 svc image disk0:/anyconnect-macosx-i386-2.1.0148-k9.pkg 2
 svc image disk0:/anyconnect-macosx-powerpc-2.1.0148-k9.pkg 3
 svc image disk0:/anyconnect-linux-2.1.0148-k9.pkg 4
group-policy CCFMVPNGroup internal
group-policy CCFMVPNGroup attributes
 vpn-filter value Default-VPN-Group-Filter
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value CCFMVPN-Split-Tunnel
 default-domain value ccfm.local
group-policy DfltGrpPolicy attributes
 banner value ********
 banner value Unauthorized Access Is Strictly Prohibited!!!!
 dns-server value 192.168.10.7
 vpn-tunnel-protocol IPSec svc
username ccfmadmin password ****************encrypted privilege 15
username ccfmpix password ********************* encrypted privilege 15
username auroratc password ******************** encrypted privilege 15
tunnel-group CCFMVPN type remote-access
tunnel-group CCFMVPN general-attributes
 address-pool VPNpool
 authentication-server-group CCFMAAA LOCAL
 default-group-policy CCFMVPNGroup
tunnel-group CCFMVPN ipsec-attributes
 pre-shared-key *
!
class-map http-map1
 match access-list http-list2
!
!
policy-map http-map1
 class http-map1
  set connection advanced-options mss-map
!
service-policy http-map1 interface outside
prompt hostname context
Cryptochecksum:6a33db1353716cf713467358633cf743
CCFM-ASA5505#

                                  
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:

Select allOpen in new window

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-08-18 at 12:50:20ID24662722
Tags

Cisco

,

ASA

,

ASA 5505

,

Routing

Topics

Networking Hardware Firewalls

,

Miscellaneous Networking

,

Network Routers

Participating Experts
2
Points
500
Comments
16

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Cisco ASA 5510 Question
    I have just purchased a Cisco ASA 5510 and I want to separate my network out with it. It has Interface0/0 through Interface0/3 which gives me four interfaces. Is it safe to assume that I can use each interface as a separate VLAN and address them separately but still set up ...
  2. Cisco IOS or Cisco ASA
    Hello !! I am just thinking to purchase new either Cisco IOS Router 2800 Series or Cisco ASA 5520 Series, but I am not sure what to choose. Can someone explain me, is there more or better security in Cisco ASA than in the Cisco IOS Router ? or ? I am in little dillema becau...
  3. Cisco, ASA 5510, 5510, VLAN configuration
    I am somewhat familiar with using VLANs on the ASA 5505. My question, is something similar available for the ASA 5510, that is, can the 5510 handle VLANs without using an external switch? My 5510 has 4 built-in ethernet ports and 4 ether ports on a 4GE SSM plug-in module. ...
  4. Cisco 3750 and 3560 inter-vlan routing issue with ASA
    Hi Cisco experts, I need help with a cisco config that i can't figure out for the life of me. I have 2x Cisco switches, 1x 3750 and 1x 3560 with IP Base images. here is my current config: both switches have "ip routing" enabled 3560 Switch (VTP Server): VLAN 10...
  5. Configuring Cisco ASA 5505
    I am trying to do a test setup for a Cisco ASA 5505 inside a 192.168.1.0 network as a second firewall. I have the external IP gained by setting the ASA 5505 as a DHCP Client, I have the internal network as a 10.10.0.0 network with the ASA 5505 being a DHCP Server.. using the...
  6. ASA CISCO
    Hi Guys I want to setup a Cisco asa to redirect web traffic and ssl traffic 80 and 443 to a proxy server on the same vlan which is a DMZ one so it can be content filtered. the proxy server listen on requests on port 8080 so essentially the traffic has to be redirect form the...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: StrifeJesterPosted on 2009-08-18 at 13:26:45ID: 25127299

Can a machine in VLAN 1 ping 192.168.10.1?
Can a machine in VLAN 23 ping 192.168.50.253?

While you try this i am going to go over the ACLs and see if there is anything there that i can see.

 

by: StrifeJesterPosted on 2009-08-18 at 13:35:00ID: 25127385

Also can you do a show route command and post that as well please?

 

by: QuoriPosted on 2009-08-18 at 14:42:07ID: 25127965

You need to exclude the traffic from NAT:

access-list inside_nat0_outbound 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0

Also need to enable ICMP:

icmp permit any inside
icmp permit any MOZART

 

by: auroratcPosted on 2009-08-18 at 16:51:04ID: 25128591

Yes hosts on VLAN1 can ping 192.168.10.1 and hosts on VLAN23 can ping 129.168.50.253.

Gateway of last resort is 209.161.27.45 to network 0.0.0.0

C    192.168.10.0 255.255.255.0 is directly connected, inside
C    209.161.27.44 255.255.255.252 is directly connected, outside
C    127.1.0.0 255.255.0.0 is directly connected, _internal_loopback
S    192.168.5.3 255.255.255.255 [1/0] via 209.161.27.45, outside
C    192.168.50.0 255.255.255.0 is directly connected, MOZART
S*   0.0.0.0 0.0.0.0 [1/0] via 209.161.27.45, outside

 

by: auroratcPosted on 2009-08-18 at 16:53:44ID: 25128600

access-list inside_nat0_outbound 192.168.10.0 255.255.255.0 192.168.50.0 255.255                                           ^.255.0

ERROR: % Invalid input detected at '^' marker.

 

by: QuoriPosted on 2009-08-18 at 18:33:37ID: 25129047

Sorry, left out the 'permit ip' part - it was early in the morning :)

access-list inside_nat0_outbound permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255

 

by: auroratcPosted on 2009-08-18 at 19:07:55ID: 25129162

Great. That got the two networks talking.  Now is there any way that I can get the internet on VLAN23 and I could also use some help writing an ACL so that one host in each network cannot communicate with each other.

 

by: QuoriPosted on 2009-08-18 at 19:43:34ID: 25129295

You went through all that to get the two VLANs communicating and now want to remove that ability....?


NAT for that VLAN is easy:

Create a No-NAT ACL for stuff we don't want translated:

access-list mozart_nat0_outbound remark ** No-NAT ACL for VLAN23 **

nat (MOZART) 0 access-list mozart_nat0_outbound
nat (MOZART) 1 0.0.0.0 0.0.0.0

Remove the same security handling:

no same-security-traffic permit inter-interface
no same-security-traffic permit intra-interface


An ACL for the interface:
access-list mozart_access_in remark ** Access control for VLAN 23**
access-list mozart_access_in deny ip any 192.168.10.0 255.255.255.0

Apply the ACL:
access-group mozart_access_in in interface MOZART


Note that the name references I have (MOZART) is from the nameif command at the interface level. If you change the interface name you need to update all applicable rules.

 

by: QuoriPosted on 2009-08-18 at 19:45:23ID: 25129298

Sorry it is a 5505, the nameif command is at the SVI level (switched virtual interface - ie: int vlan23)

 

by: auroratcPosted on 2009-08-18 at 19:53:54ID: 25129325

I just have two hosts on each network (small business servers in the same domain) that cannot talk to each other or I will have some major AD problems.

 

by: QuoriPosted on 2009-08-18 at 19:59:57ID: 25129342

Ahhh just one host on each network. Use this ACL, assuming your AD servers are 192.168.10.100 and 50.100 respectively:

access-list mozart_access_in remark ** Access control for VLAN 23**
access-list mozart_access_in deny ip host 192.168.50.100 host 192.168.10.100


access-list inside_access_in remark ** Access control for VLAN 1**
access-list inside_access_in deny ip host 192.168.10.100 host 192.168.50.100



Be sure you read over the ACL so you understand how it works, not just copy and paste it in.

 

by: QuoriPosted on 2009-08-18 at 20:01:03ID: 25129343

You'll also need to add an entry to the No-NAT ACL we created for the VLAN23 NAT configuration:


access-list mozart_nat0_outbound remark ** No-NAT ACL for VLAN23 **
access-list mozart_nat0_outbound permit ip 192.168.50.0 255.255.255.0 192.168.10.0 255.255.255.0

 

by: auroratcPosted on 2009-08-18 at 21:06:18ID: 25129545

I have entered the nat rules and I am still able to ping from one server to the other.  Here is what I have for the rules.  Since the server on the 192.168.50 network has 3 IP addresses assigned I had to write some additional rules.  What do I have wrong?

access-list mozart_access_in extended deny ip host 192.168.50.5 host 192.168.10.9
access-list mozart_access_in extended deny ip host 192.168.50.7 host 192.168.10.9
access-list mozart_access_in extended deny ip host 192.168.50.8 host 192.168.10.9
access-list inside_access_in extended deny ip host 192.168.10.9 host 192.168.50.5
access-list inside_access_in extended deny ip host 192.168.10.9 host 192.168.50.7
access-list inside_access_in extended deny ip host 192.168.10.9 host 192.168.50.8

 

by: QuoriPosted on 2009-08-18 at 21:14:25ID: 25129569

Did you apply the ACLs to interfaces?

sh run | i access-group

 

by: auroratcPosted on 2009-08-18 at 22:52:37ID: 25129889

Once I apply the ACL to the interface, it shuts off internet to the organization.  

 

by: QuoriPosted on 2009-08-18 at 22:55:22ID: 25129901

Throw in a 'permit ip any any' at the end of each ACL. Forgot about the implicit deny.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...