?
Solved

Best possible script needed for Cisco 2621 to work with Watchguard Firebox 1000

Posted on 2003-03-26
30
Medium Priority
?
466 Views
Last Modified: 2008-01-09
Newbie to Cisco Question:
I'm having trouble with computers connected to the eth0/0 interface getting out to the internet.  I would like to reconfigure the router since I'm adding a watchguard firebox 1000 firewall appliance.  I will connect the firebox to the router's eth0/0 port.  The existing configuration of the router interfaces (below), will need to be changed, but I'm not sure how and where.

Currently, here's the config on eth0/0:

interface FastEthernet0/0
 description ARAA LAN
 ip address 66.x.x.x 255.255.255.248 secondary
 ip address 192.168.25.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 duplex auto
 speed auto

_____________________________

Here's the cisco router's serial configs:

interface Serial0/0
 description T1
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay IETF
 service-module t1 timeslots 1-24
 no arp frame-relay
 frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
 description Virtual T1
 ip address 66.x.x.x 255.255.255.252
 ip access-group 130 in
 no ip directed-broadcast
 ip nat outside
 no ip mroute-cache
 no arp frame-relay
 frame-relay interface-dlci 212

_____________________________

And the rest of the script that needs to be cleaned up.  I don't see a need for any ACL's since in theory the firewall should take care of it all, however, if there are some safeguards that need to be in this configuration, I'm all ears:

ip nat inside source list 1 interface Serial0/0.1 overload
ip nat inside source static 192.168.25.7 66.x.x.200
ip nat inside source static 192.168.25.32 66.x.x.201
ip classless
ip route 0.0.0.0 0.0.0.0 66.x.x.x
ip route 192.168.16.0 255.255.255.0 192.168.25.2
no ip http server
ip http port 12337
!
access-list 1 permit 192.168.25.0 0.0.0.255
access-list 1 permit 192.168.33.0 0.0.0.255
access-list 1 permit 192.168.16.0 0.0.0.255
access-list 20 deny   192.168.33.0 0.0.0.255
access-list 20 permit 192.168.25.0 0.0.0.255
access-list 20 permit 192.168.16.0 0.0.0.255
access-list 30 deny   192.168.25.0 0.0.0.255
access-list 30 permit 192.168.33.0 0.0.0.255
access-list 30 deny   192.168.16.0 0.0.0.255
banner login ^C
banner login ^C

^C
banner motd ^C
------------------------------------------
     UNAUTHORIZED USE IS PROHIBITED
------------------------------------------

^C
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password blahblah
 login
!
no scheduler allocate
end

__________________________

I know this answer could be somewhat time consuming, so I'm making it a high point value to get it right.  Thanks, compinfo
0
Comment
Question by:compinfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 18
  • 12
30 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 8211585
>I don't see a need for any ACL's since in theory the firewall should take care of it
not necessarily. A good security stragey calls for "defense in depth" or mulitiple layers of security. Setting up a good screening access list keeps the firewall from having to work so hard.

Firewall's outside address should be in the same 66.x.x.x subnet. Let the firewall do all the NAT.

Suggestion: make the secondary the primary and get rid of the secondary:

Interface fast 0/0
 ip address 66.x.x.x 255.255.255.248
 no ip nat inside
Interface Serial 0/0.1
 no ip nat outside
 no ip access-group 130 in
 ip access-group screening_acl in


no ip nat inside source list 1 interface Serial0/0.1 overload
no ip nat inside source static 192.168.25.7 66.x.x.200
no ip nat inside source static 192.168.25.32 66.x.x.201

ip access-list extended screening_acl
 deny   udp any any eq netbios-ns
 deny   udp any any eq netbios-dgm
 deny   udp any any eq 3052
 deny   tcp any any eq 1433
 deny   udp any any eq 1434
 permit icmp any any echo-reply
 permit icmp any any echo
 permit icmp any any ttl-exceeded
 permit icmp any any packet-too-big
 permit icmp any any unreachable
 permit udp any eq domain any
 permit tcp any any established
 permit ip any host <ip address of FW used for NAT>
 deny   ip any any log
!

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8213341
Good reference, see Cisco Router Guides:
http://www.nsa.gov/snac/index.html
0
 

Author Comment

by:compinfo
ID: 8218609
Thanks, I have some follow up questions:

1.  Are your settings above in place of, or in addition to, what is currently there for each interface?

2.  Since you propose taking the  66.x.x.x IP Address off of the Interface Serial 0/0.1, won't that mess with our ISP access?  My assumptions here:  

a.  Interface Serial 0/0.1 is the csu/dsu connection directly to the T1
b.  Our ISP put it there for communications directly to the Interface
c.  Why should I even have a 0/0.1 interface?

3.  I also have an additional interface eth 0/1, that I didn't put on my first post.  It needs to be able to access an external server via http and ftp:

interface FastEthernet 0/1
ip address 66.x.x.134 255.255.255.248 secondary
ip address 192.168.33.254 255.255.255.0
ip access-group 101 in
no ip directed-broadcast
ip nat inside
ip nat inside
duplex auto
speed auto

**************************

There you have it!  Thanks in advance.
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 79

Expert Comment

by:lrmoore
ID: 8218685
1. just showing the changes to what you have.
2. Not proposing that at all. Refer to #1
 a. The serial 0/0 is the one directly connected to the CSU/DSU/T1. Serial 0/0.1 is a virtual interface for the frame-relay PVC
 b. Common setup for any frame-relay connection
 c. see above. It is the most common way to setup a frame-relay interface

3. OK, assuming that the firewall will be connected to Fast 0/0, and this Fast 0/1 will not have an external firewall, you should keep the nat inside, but remove the secondary addressing unless you have internal systems that have the public address on them.

If you still have to nat from the Fast 0/1 interface to the outside, keep these lines:
ip nat inside source list 1 interface Serial0/0.1 overload
access-list 1 permit 192.168.33.0 0.0.0.255

Q: where is the 192.168.16.0 subnet? Off of Fast 0/0, or Fast 0/1 ?
You're not giving me the whole picture here...

0
 

Author Comment

by:compinfo
ID: 8221671
Thanks.  Sorry for not giving the whole picture, I didn't know how much was too much! ;)

The 192.168.16.0 subnet is being handled by a Windows 2000 Small Business Server acting as the proxy (also directly off the Fast 0/0).  Fast0/0 to the Window Server's external ethernet (192.169.25.2).

This server has 2 ethernet cards, one for the (internal) 192.168.16.x network and one for the (external) 192.168.25.x network.  I want to disable the proxy business from the windows server and have the firebox run dhcp to the current 192.168.16.x network.

HTH...
0
 

Author Comment

by:compinfo
ID: 8221895
And, I forgot to add this, which was at the top of the router confir script:

ip subnet-zero
ip name-server 64.x.x.22
ip name-server 64.x.x.14
ip dhcp exclude-address 192.168.25.1 192.168.25.99
ip dhcp exclude-address 192.168.25.200 192.168.25.255
!
ip dhcp pool AdminLAN
network 192.168.25.0 255.255.255.0
default-router 192.168.25.1
dns-server 64.x.x.22 64.x.x.14
lease 3

*************
I don't want the router to handle any DHCP, but I'm not sure what to delete, etc.
0
 

Author Comment

by:compinfo
ID: 8221897
And, I forgot to add this, which was at the top of the router confir script:

ip subnet-zero
ip name-server 64.x.x.22
ip name-server 64.x.x.14
ip dhcp exclude-address 192.168.25.1 192.168.25.99
ip dhcp exclude-address 192.168.25.200 192.168.25.255
!
ip dhcp pool AdminLAN
network 192.168.25.0 255.255.255.0
default-router 192.168.25.1
dns-server 64.x.x.22 64.x.x.14
lease 3

*************
I don't want the router to handle any DHCP, but I'm not sure what to delete, etc.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8221948
If you don't want it to do dhcp, delete the pool:

no ip dhcp pool AdminLAN
!
and these are now not needed either:
!
no ip dhcp exclude-address 192.168.25.1 192.168.25.99
no ip dhcp exclude-address 192.168.25.200 192.168.25.255
!

Your firwall should handle all the NAT from the 192.168.16.x and 192.168.25.x networks.
You won't need this route statement, either:

no ip route 192.168.16.0 255.255.255.0 192.168.25.2

That should just about wrap it up.
0
 

Author Comment

by:compinfo
ID: 8232814
Things didn't work, I'm upping the points to 1000 becuase I seriously need this up and going in the next week:

1.  no ip nat inside source list 1 interface Serial0/0.1 overload - gave me:  "dynamic mapping in use, cannot remove"

1.5. no ip dhcp pool AdminLAN - gave me:  "AdminLAN not in the database"
 

2.  no ip dhcp exclude-address 192.168.25.1 192.168.25.99 - gave me: "Invalid input detected at '-' in 'exclude-address'.

3.  I am continually getting bombarded with messages regarding "blocking" attempts and whatnot from implementing the screening_acl.  (but I can deal with that!)

4.  I tested the firewall, and for a split second, I was able to access the internet, then, access to the internet stopped.  I bypassed the firewall by connecting my laptop directly to the router (made sure I was on the same ip scheme, etc.) and sure enough, STILL no access to the internet.  I was able to ping eth0/0, but nothing on the outside.  So, something in the configuration of the router is stopping access....

Here's the configuration as I created it from your suggestions above:

_________________________

Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname blahblah
!
enable secret 5 blahencrypted
enable password blah
!
!
!
!
!
ip subnet-zero
ip name-server 64.x.x.22
ip name-server 64.x.x.14
ip dhcp excluded-address 192.168.25.1 192.168.25.99
ip dhcp excluded-address 192.168.25.200 192.168.25.255
!
 --More--
ip dhcp pool adminLAN
   network 192.168.25.0 255.255.255.0
   default-router 192.168.25.1
   dns-server 64.x.x.22 64.x.x.14
   lease 3
!
!
!
!
interface FastEthernet0/0
 description adminLAN
 ip address 66.x.x.36 255.255.255.248
 no ip directed-broadcast
 duplex auto
 speed auto
!
interface Serial0/0
 description T1
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay IETF
 service-module t1 timeslots 1-24
 no arp frame-relay
 frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
 description Virtual T1
 ip address 66.x.x.142 255.255.255.252
 ip access-group screening_acl in
 no ip directed-broadcast
 no ip mroute-cache
 no arp frame-relay
 frame-relay interface-dlci 212
!
interface FastEthernet0/1
 description The  network
 ip address 66.x.x.134 255.255.255.248 secondary
 ip address 192.168.33.254 255.255.255.0
 ip access-group 101 in
 no ip directed-broadcast
 ip nat inside
 duplex auto
 speed auto
!
ip nat inside source list 1 interface Serial0/0.1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 66.x.x.141
no ip http server
ip http port 12337
!
!
ip access-list extended screening_acl
 deny   udp any any eq netbios-ns
 deny   udp any any eq netbios-dgm
 deny   udp any any eq 3052
 deny   tcp any any eq 1433
 deny   udp any any eq 1434
 permit icmp any any echo-reply
 permit icmp any any echo
 permit icmp any any ttl-exceeded
 permit icmp any any packet-too-big
 permit icmp any any unreachable
 permit udp any eq domain any
 permit tcp any any established
 permit ip any host 66.x.x.37
 deny   ip any any log
access-list 1 permit 192.168.25.0 0.0.0.255
access-list 1 permit 192.168.33.0 0.0.0.255
access-list 1 permit 192.168.16.0 0.0.0.255
access-list 20 deny   192.168.33.0 0.0.0.255
access-list 20 permit 192.168.25.0 0.0.0.255
access-list 20 permit 192.168.16.0 0.0.0.255
access-list 30 deny   192.168.25.0 0.0.0.255
access-list 30 permit 192.168.33.0 0.0.0.255
access-list 30 deny   192.168.16.0 0.0.0.255
banner login ^C


<blah>



^C
banner motd ^C
------------------------------------------
     UNAUTHORIZED USE IS PROHIBITED
------------------------------------------

^C
!
line con 0
 transport input none
line aux 0

-__________________


 
0
 

Author Comment

by:compinfo
ID: 8232816
It won't let me up it to 1000 points, but I'll see if the ee folks can help me do it... :)
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8232859
>AdminLAN not in the database
Case sensitive. Try
!
no ip dhcp pool adminLAN
!

>dynamic mapping in use, cannot remove
Try this command first:
router#clear ip nat trans *

Then go to config mode:
no ip nat inside source list 1 interface Serial0/0.1 overload

What Ip address are you going to assign to the firewall?


Since you don't have an access-list 101, need to remove the acl from the interface:
!
interface FastEthernet0/1
 no ip access-group 101 in
!

Did your ISP assign you two separate subnets? It could be a routing issue.
66.xx.xx.32 / 255.255.255.248
66.xx.xx.128 / 255.255.255.248

>connecting my laptop directly to the router
Did you use a crossover cable to direct-connect?


If you want to nat between fast 0/1 and the Internet, add this back:
!
int ser 0/0.1
 ip nat outside
!
 
0
 

Author Comment

by:compinfo
ID: 8233973
Thanks,

1.  What IP Address for the firewall:  66.xxx.xxx.37/29) (And the IP Address for eth0/0 is 66.xxx.xxx.36/29)

2.  Did your ISP assign you two separate subnets?  Yes, I have:  66.xxx.9.x, and 66.xxx.117.x, and 66.xxx.113.x.  

3.  Did you use a crossover cable to direct-connect?  Yes

____
0
 

Author Comment

by:compinfo
ID: 8234313
Also, how/when do I need to add the exclamation points?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8234411
Exclamation points are just dividers/spacers, you don't actually add them. If you do a "show config" you'll see them, but in a config it just means Ignore what follows, i.e.
! this is a comment
!
0
 

Author Comment

by:compinfo
ID: 8235372
For some reason, eth fa0/1 isn't able to get out to the internet anymore!  Here's what it looks like:

interface FastEthernet0/1
 description The FIDS network
 ip address 66.147.9.134 255.255.255.248 secondary
 ip address 192.168.33.254 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 duplex auto
 speed auto

_____________

Plus, I have the following in the script:

ip nat inside source list 1 interface Serial0/0.1 overload
ip classless

(even after doing this:  clear ip nat trans * at the router# prompt, I'm still getting the error and it won't let me get rid of the ip nat inside source...)

access-list 1 permit 192.168.33.0 0.0.0.255 is still there too.

_____________

Everything else is working fine with the firewall so far!

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8235394
Progress, then--that's good!
Did you add "ip nat outside" back on the Serial 0/0.1 interface?

0
 

Author Comment

by:compinfo
ID: 8236230
Yes, here's the scripts:

interface Serial0/0
 description T1
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay IETF
 service-module t1 timeslots 1-24
 no arp frame-relay
 frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
 description Virtual T1
 ip address 66.xxx.xxx.142 255.255.255.252
 ip access-group screening_acl in
no ip directed-broadcast
 ip nat outside
 no ip mroute-cache
 no arp frame-relay
 frame-relay interface-dlci 212
____________________

What should I do next?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8236595
These are still there?
ip nat inside source list 1 interface Serial0/0.1 overload
access-list 1 permit 192.168.33.0 0.0.0.255

How about posting you complete config as it is now.
0
 

Author Comment

by:compinfo
ID: 8241478
OK, current configuration:
____________________________

Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname blahman
!
enable secret 5 blah encrypted
enable password blah
!
!
!
!
!
ip subnet-zero
ip name-server 64.xx.x.22
ip name-server 64.xx.x.14
ip dhcp excluded-address 192.168.25.1 192.168.25.99
ip dhcp excluded-address 192.168.25.200 192.168.25.255
!
!
!
!
interface FastEthernet0/0
 description ARAA LAN
 ip address 66.xxx.xxx.36 255.255.255.248
 no ip directed-broadcast
 duplex auto
 speed auto
!
interface Serial0/0
 description T1
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay IETF
 service-module t1 timeslots 1-24
 no arp frame-relay
 frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
 description Virtual T1
 ip address 66.xxx.xxx.142 255.255.255.252
 ip access-group screening_acl in
ip nat outside
 no ip mroute-cache
 no arp frame-relay
 frame-relay interface-dlci 212
!
interface FastEthernet0/1
 description The FIDS network
 ip address 66.xxx.xxx.134 255.255.255.248 secondary
 ip address 192.168.33.254 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 duplex auto
 speed auto
!
ip nat inside source list 1 interface Serial0/0.1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 66.xxx.xxx.141
no ip http server
ip http port 12337
!
!
ip access-list extended screening_acl
deny   udp any any eq netbios-ns
 deny   udp any any eq netbios-dgm
 deny   udp any any eq 3052
 deny   tcp any any eq 1433
 deny   udp any any eq 1434
 permit icmp any any echo-reply
 permit icmp any any echo
 permit icmp any any ttl-exceeded
 permit icmp any any packet-too-big
 permit icmp any any unreachable
 permit udp any eq domain any
 permit tcp any any established
 permit ip any host 66.xxx.xxx.37
 deny   ip any any log
access-list 1 permit 192.168.25.0 0.0.0.255
access-list 1 permit 192.168.33.0 0.0.0.255
access-list 1 permit 192.168.16.0 0.0.0.255
access-list 20 deny   192.168.33.0 0.0.0.255
access-list 20 permit 192.168.25.0 0.0.0.255
access-list 20 permit 192.168.16.0 0.0.0.255
access-list 30 deny   192.168.25.0 0.0.0.255
access-list 30 permit 192.168.33.0 0.0.0.255
access-list 30 deny   192.168.16.0 0.0.0.255
banner login ^C


<blah>



^C
banner motd ^C
------------------------------------------
     UNAUTHORIZED USE IS PROHIBITED
------------------------------------------

^C
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password blahblah
 login
!
end
____________________________
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8241643
SO, everything off FA 0/0 and the firewall is working?
Clients behind Fast 0/1 on subnet 192.168.33.x are not working?

Do you have any clients with a 66.x.x.x ip address attached to int fast 0/1? If not, I'd like to try removing the secondary address:

interface FastEthernet0/1
no ip address 66.xxx.xxx.134 255.255.255.248 secondary
ip address 192.168.33.254 255.255.255.0
!
no ip nat inside source list 1 interface Serial0/0.1 overload
!
ip nat pool net-128 66.x.x.x.129 66.x.x.x.133 prefix-length 29
ip nat inside soure list 101 pool net-128 overload

access-list 101 permit ip 192.168.33.0 0.0.0.255 any

This will give you a way to see the effect to make sure you're hitting the acl with "sho ip access-list 101" and you can see the hit count. This is a good troubleshooting tool..




0
 

Author Comment

by:compinfo
ID: 8241675
1.  Yes everything behind fa0/0 is working.
2.  The only thing that one client/server on fa0/1 does is send an html file via ftp to an external webhost/site, so it just needs direct access out.  No other clients on this network need the internet.
3.  I'm not sure if any clients or the server need this 66.x.x.x ip address, let me try this suggestion...
0
 

Author Comment

by:compinfo
ID: 8241816
Well, no dice.  I have added the above mentioned items.  I do know that I will need that secondary ip address on fa0/1.  

I haven't seen any indications from the troubleshooting tool, what am I looking for and where?  I am seeing this sort of stuff alot:

*Mar  2 21:42:37.424: %SEC-6-IPACCESSLOGP: list screening_acl denied udp 192.35.
82.50(123) -> 66.xxx.xxx.129(123), 5 packets
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 8241865
udp port 123 is network time protocol. Any XP clients?
Do you have a system on the LAN that is assigned the 66.x.x.129 IP address?

You can add a line to the inbound acl:
permit udp any any eq 123

192.35.82.50 = dns.cit.cornell.edu

If you do a router#show ip access-list 101
do you see any (hits)

Look at the results of:
router#sho ip nat trans

You can remove the inbound acl and see if everything works. If so, then we know it's an acl issue, not a NAT issue.

Q: Check the default gateway of the PC on the Fast 0/1 LAN that is having problems. Is the gateway the router's IP address, or something else? Is the subnet mask correct?

Some NAT troubleshooting help:
http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Internetworking:NAT&s=Verification_and_Troubleshooting#Troubleshooting_Steps





0
 

Author Comment

by:compinfo
ID: 8246848
I get this:

Extended IP access list 101
    permit ip 192.168.33.0 0.0.0.255 any (290 matches)

when I type:  show ip access-list 101

****

0
 

Author Comment

by:compinfo
ID: 8246979
I think I see the problem, here's where the screening_acl is denying what I need to go through:

*Mar  3 16:04:30.164: %SEC-6-IPACCESSLOGP: list screening_acl denied tcp 217.162
.196.86(3770) -> 66.xxx.xxx.128(445), 2 packets
*Mar  3 16:04:59.872: %SEC-6-IPACCESSLOGP: list screening_acl denied tcp 217.162
.196.86(3784) -> 66.xxx.xxx.135(445), 2 packets
*Mar  3 16:05:21.220: %SEC-6-IPACCESSLOGP: list screening_acl denied tcp 216.210
.237.218(3661) -> 66.xxx.xxx.32(445), 1 packet

*********************

This is actually my computer (192.168.33.210) using FTP to get to an external website.  Funny thing is, I'm able to login to the ftp site, but it won't process any commands (like 'ls' or 'mkdir').  I get the ftp error:  425 Can't build data connection: No route to host.  Looks like ftp is trying to send information back and it's being caught by one of the screening_acl filters, but which one?
0
 

Author Comment

by:compinfo
ID: 8247054
I was able to verify by taking the screening_acl off of the s0/0.1 interface, and it works perfectly.  All that is left is to identify which line in that acl is doing the blocking...

Thanks, once this is done, we'll call this great ticket COMPLETE! :)
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8248596
Are you using active or passive mode FTP? Try using passive mode with the existing acl..
0
 

Author Comment

by:compinfo
ID: 8336662
Sorry so long to comment, been out for awhile.  Passive mode isn't an option on this server, unfortunately, it's a proprietary system.  Any other way?  
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8442652
G'day, compinfo
It has been 36 days since you posted this question.
Do you still need help? Have you received enough information?
Can you close out this question?
Ways to close questions: http://www.apollois.com/EE/Help/Closing_Questions.htm
0
 

Author Comment

by:compinfo
ID: 8641898
lrmoore,  thanks again for your help, sorry it took SO long.  I have one more question I hope you can help me with:

http://www.experts-exchange.com/Hardware/Routers/Q_20635617.html
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question