Solved

Cisco NAT & VPN problems - review

Posted on 2004-08-06
22
1,380 Views
Last Modified: 2011-09-20
I have 2 cisco 1710 vpn access routers with 12.3 ios with 3des encryption.
I have a router in st pete and one in chicago.

I can get the vpn up and i can ping the chicago address to the st. pete address. but what i cant figure out is some traffic must not be getting through the tunnel.

I need to browse (netbios) from one sit to the other, we have win 2003 servers that need to comunicate, but somehting is not working.  Cant authenticate from chicago to the st pete domain.
Below is both configs for both routers.


Chicgo Router ------------------------------------------------------------
!
version 12.3
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Chicago
!
!logging buffered 4096 debugging
!logging rate-limit console 10 except errors
enable secret 123
!
memory-size iomem 15
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
no ip domain-lookup
ip name-server 206.141.192.60
ip name-server 206.141.193.55
!
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
!
crypto isakmp policy 1
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 3
 authentication pre-share
!
crypto isakmp policy 4
 hash md5
 authentication pre-share
crypto isakmp key somekey address xxx.xxx.184.100
!
!
crypto ipsec transform-set rtpset1 esp-des esp-md5-hmac
crypto ipsec transform-set rtpset2 esp-des esp-sha-hmac
crypto ipsec transform-set rtpset3 esp-null esp-md5-hmac
crypto ipsec transform-set rtpset4 esp-null esp-sha-hmac
crypto ipsec transform-set rtpset5 esp-des
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
crypto map rtp 1 ipsec-isakmp
 set peer xxx.xxx.184.100
 set transform-set rtpset1 rtpset2 rtpset3 rtpset4 rtpset5
 match address 111

!This is so that nating does not happen when its tunnel traffic
interface loopback 1
 ip address 10.1.1.1 255.255.255.0
!
interface Ethernet0
 description Connection to Internet
 ip address yy.yyy.173.186 255.255.255.248
 ip nat outside
 no ip route-cache
 no ip mroute-cache
 full-duplex
 no cdp enable
 crypto map rtp
!
interface FastEthernet0
 description Connection to Private Network
 ip address 192.168.2.1 255.255.255.0
 ip access-group 103 in
 ip nat inside
 no ip route-cache
 ip policy route-map nonat
 no ip mroute-cache
 speed auto
 full-duplex
 no cdp enable
!
ip nat pool NAT yy.yyy.173.186 yy.yyy.173.186 netmask 255.255.255.248
ip nat inside source list 104 pool NAT overload
!
ip nat inside source static tcp 192.168.2.2 3389 yy.yyy.173.186 3389 extendable
! WebServer
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 yy.yyy.173.190
no ip http server
!
!
access-list 101 permit esp any any
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 log-input
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255 log-input
access-list 101 permit udp host xxx.xxx.184.100 host yy.yyy.173.186 eq isakmp
access-list 101 permit esp host xxx.xxx.184.100 host yy.yyy.173.186
access-list 101 permit ahp host xxx.xxx.184.100 host yy.yyy.173.186
access-list 101 permit ip host xxx.xxx.184.100 any
access-list 101 permit tcp any any established
access-list 101 permit udp any eq domain any
access-list 101 permit tcp any eq domain any
access-list 101 permit icmp any any
access-list 101 permit udp any any tftp
access-list 101 permit tcp any host yy.yyy.173.186 eq 3389
access-list 101 deny   ip any any
!
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 log-input
access-list 103 deny   udp any any eq 21331
access-list 103 deny   tcp any any eq 139
access-list 103 deny   tcp any any eq 445
access-list 103 deny   udp any any eq tftp
access-list 103 deny   tcp any any eq 69
access-list 103 permit ip any any
!
!

access-list 104 permit ip 192.168.2.0 0.0.0.255 any
!
access-list 111 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 log-input
!
!
access-list 120 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 log-input
access-list 120 deny ip 192.168.2.0 0.0.0.255 any
!
!
!
route-map nonat permit 10
  match ip address 120
  set ip next-hop 10.1.1.2
!
!
no cdp run
!
!
!
line con 0
line aux 0
line vty 0 4
 access-class 2 in
 password 123 login
line vty 5 15
 login
!
end


----------------------------------
St pete router
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname StPete
!
logging buffered 4096 debugging
logging rate-limit console 10 except errors
enable secret 123
!
memory-size iomem 15
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
no ip domain-lookup
ip name-server 206.222.97.50
ip name-server 206.222.97.82
ip name-server 216.21.234.74
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
!
crypto isakmp policy 1
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 3
 authentication pre-share
!
crypto isakmp policy 4
 hash md5
 authentication pre-share
crypto isakmp key somekey address yy.yyy.173.186
!
!
crypto ipsec transform-set rtpset1 esp-des esp-md5-hmac
crypto ipsec transform-set rtpset2 esp-des esp-sha-hmac
crypto ipsec transform-set rtpset3 esp-null esp-md5-hmac
crypto ipsec transform-set rtpset4 esp-null esp-sha-hmac
crypto ipsec transform-set rtpset5 esp-des
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
crypto map rtp 1 ipsec-isakmp
 set peer yy.yyy.173.186
 set transform-set rtpset1 rtpset2 rtpset3 rtpset4 rtpset5
 match address 111
!
!
!
!This is so that nating does not happen when its tunnel traffic
interface loopback 1
 ip address 10.1.1.1 255.255.255.0
!
interface Ethernet0
 description Connection to Internet
 ip address xxx.xxx.184.100 255.255.255.224
 ip nat outside
 no ip route-cache
 no ip mroute-cache
 full-duplex
 no cdp enable
 crypto map rtp
!
interface FastEthernet0
 description Connection to Private Network
 ip address 192.168.0.1 255.255.255.0
 ip access-group 103 in
 ip nat inside
 no ip route-cache
 ip policy route-map nonat
 no ip mroute-cache
 speed auto
 full-duplex
 no cdp enable
!
ip nat pool NAT xxx.xxx.184.100 xxx.xxx.184.100 netmask 255.255.255.192
ip nat inside source list 104 pool NAT overload
!
ip nat inside source static tcp 192.168.0.2 3389 xxx.xxx.184.100 3389 extendable
ip nat inside source static tcp 192.168.0.2 80 xxx.xxx.184.100 80 extendable
ip nat inside source static tcp 192.168.0.2 25 xxx.xxx.184.100 25 extendable
ip nat inside source static tcp 192.168.0.2 110 xxx.xxx.184.100 110 extendable
ip nat inside source static tcp 192.168.0.2 443 xxx.xxx.184.100 443 extendable
ip nat inside source static tcp 192.168.0.2 53 xxx.xxx.184.100 53 extendable
ip nat inside source static tcp 192.168.0.2 21 xxx.xxx.184.100 21 extendable
ip nat inside source static udp 192.168.0.2 53 xxx.xxx.184.100 53 extendable
!
!
ip classless
ip route 192.168.1.0 255.255.255.0 192.168.0.6
ip route 0.0.0.0 0.0.0.0 xxx.xxx.184.97
no ip http server
!
!
!
!
access-list 101 permit esp any any
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255 log-input
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 log-input
access-list 101 permit udp host yy.yyy.173.186 host xxx.xxx.186.100 eq isakmp
access-list 101 permit esp host yy.yyy.173.186 host xxx.xxx.186.100
access-list 101 permit ahp host yy.yyy.173.186 host xxx.xxx.186.100
access-list 101 permit ip host yy.yyy.173.186 any
!
access-list 101 permit tcp any any established
access-list 101 permit udp any eq domain any
access-list 101 permit tcp any eq domain any
access-list 101 permit icmp any any
access-list 101 permit udp any any eq tftp
access-list 101 permit tcp any host xxx.xxx.184.100 eq 3389
access-list 101 permit tcp any host xxx.xxx.184.100 eq 25
access-list 101 permit tcp any host xxx.xxx.184.100 eq 110
access-list 101 permit tcp any host xxx.xxx.184.100 eq 80
access-list 101 permit tcp any host xxx.xxx.184.100 eq 443
access-list 101 permit tcp any host xxx.xxx.184.100 eq 53
access-list 101 permit udp any host  xxx.xxx.184.100 eq 53
access-list 101 permit tcp any host xxx.xxx.184.100 eq 21

access-list 101 deny ip any any log
!
!
access-list 103 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255 log-input
access-list 103 deny   udp any any eq 21331
access-list 103 deny   tcp any any eq 139
access-list 103 deny   tcp any any eq 445
access-list 103 deny   udp any any eq tftp
access-list 103 deny   tcp any any eq 69
access-list 103 permit ip any any
!
!
access-list 104 permit ip 192.168.0.0 0.0.0.255 any
!
access-list 111 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255 log-input
!
!
access-list 120 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255 log-input
access-list 120 deny ip 192.168.0.0 0.0.0.255 any
!
!
route-map nonat permit 10
  match ip address 120
  set ip next-hop 10.1.1.2
!
no cdp run
!
!
!
line con 0
line aux 0
line vty 0 4
 access-class 2 in
 password 123
 login
line vty 5 15
 login
!
end

-----------------------------------------------

I should beable to browse from chicago to stpete.  I should be able to have a computer join a domain loacted in stpete.  I  should beable to authenticate a computer user logging on in chicago to the server in stpete (dns on the win 2003 box points to st pete domain dns)

George.
0
Comment
Question by:GBorsuk
  • 11
  • 8
  • 2
  • +1
22 Comments
 
LVL 36

Expert Comment

by:grblades
Comment Utility
Hi GBorsuk,
I doubt it is a router configuration problem.
Have you made sure that all computers at both sites are configured to use the DNS server on the Active Directory domain controller?
Once this is done the computers should be able to find each other and then start exchanging browse lists so all computers start to appear in network neighborhood.
0
 

Author Comment

by:GBorsuk
Comment Utility
Dns is not a problem.  I have a server behind the router in chicago with dns pointing to st pete server.  I can ping everything but join the domain does not work. i get semaphore time out problems from it.  I have a feeling its in the config of the router, but i'm not that great at router configs and then troubleshooting them.

George
0
 

Author Comment

by:GBorsuk
Comment Utility
Also when i create a site to site vpn with microsft RAS service everything can see everything and all works well. so i am really thinking its the router configs!

George
0
 
LVL 36

Expert Comment

by:grblades
Comment Utility
Can you post the IP address of your AD domain controller and DNS server.
Can you also post the IP address of another machine on the other site which cannot access the server or join the domain.
I'll have a look through the access lists to see if anything is denied.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
Comment Utility
Couple of things here:

>set transform-set rtpset1 rtpset2 rtpset3 rtpset4 rtpset5
Choose ONE transform set common on both ends, do not use all 5


>!This is so that nating does not happen when its tunnel traffic
interface loopback 1
 ip address 10.1.1.1 255.255.255.0
>route-map nonat permit 10
  match ip address 120
  set ip next-hop 10.1.1.2
!

There is a better way to do this. Take the route-map off of the Lan interface and apply it instead to the nat process (mirrored on both sides)

route-map nonat permit 10
 match ip address 122

access-list 122 deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 122 permit ip 192.168.0.0 0.0.0.255 any

no ip nat inside source list 104 pool NAT overload
ip nat inside source route-map nonat pool NAT overload

interface fastethernet 0
 no ip policy route-map nonat

While troubleshooting, just remove acl 103 from the Ethernet interface. I see you've already removed 101 from the outside interface...



0
 

Author Comment

by:GBorsuk
Comment Utility
domain controller is 192.168.0.2 in st pete.  the server i cant get to join the domain is at 192.168.2.2 in chicago

0
 

Author Comment

by:GBorsuk
Comment Utility
I have removed the acls on both routers to troubleshoot and still have the same problem.  I blieve is my nating like you say.  The trasnform sets i am taking from another config that someone else desinged.  Which transform set should i use?

George
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
I would use this crypto set only:
   crypto ipsec transform-set rtpset2 esp-des esp-sha-hmac

You really do need to change the way you're doing the NAT, too..
0
 

Author Comment

by:GBorsuk
Comment Utility
Do you have any "how to" to also get a ipsec tunnel setup with a windows server 2003 behind a linksys router with the server placed in the DMZ zone?

George
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
This might help:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b12b5.shtml
I have not yet been successful at making it work through a linksys/NAT, but theoretically it should.
0
 

Author Comment

by:GBorsuk
Comment Utility
I have tried this and cannot get it to work. :(

George
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Have you got the VPn working?
We can start a new thread on PIX-Windows VPN...
0
 

Author Comment

by:GBorsuk
Comment Utility
What would be needed to create a fully messed vpn with the addition of a 3rd router?  Just peers and isakmp keys and acl?

0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Yes, multiple peers, keys, and acl's, and additions to the crypto map:
Example:
# Existing
crypto map rtp 1 ipsec-isakmp
 set peer yy.yyy.173.186
 set transform-set rtpset1 rtpset2 rtpset3 rtpset4 rtpset5
 match address 111

#new site
crypto map rtp 2 ipsec-isakmp
 set peer a.b.c.d
 set transform-set rtpset2
 match address 112

#new site #3
crypto map rtp 2 ipsec-isakmp
 set peer x.y.z.a
 set transform-set rtpset2
 match address 113

access-list 112 permit ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255 <--site #2
access-list 113 permit ip 192.168.0.0 0.0.0.255 192.168.4.0 0.0.0.255 <--site #3

Remember to change your route-map acl accordingly:
route-map nonat permit 10
 match ip address 122

access-list 122 deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 122 deny ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255 <--site #2
access-list 122 deny ip 192.168.0.0 0.0.0.255 192.168.4.0 0.0.0.255 <--site #3
access-list 122 permit ip 192.168.0.0 0.0.0.255 any

0
 

Author Comment

by:GBorsuk
Comment Utility
something is not right.
on every static mapped port below, i can not get anything to work. for instance, i have a port translation for 53 for DNS, i can not run a query against the server in the 192.168.0.2 from 192.168.2.2 but i can go backwards, because in the 192.168.2.0 router i do not have a static routing for 53.  All I have is 3389, which i then cant terminal from 192.168.0.2 to 192.168.2.2

Does any of this have to do with the NATing and the way cisco has it using the loopback adapter and set next hop stuff?


ip nat pool NAT xxx.xxx.184.100 xxx.xxx.184.100 netmask 255.255.255.192
ip nat inside source route-map nonat pool NAT overload
!
ip nat inside source static tcp 192.168.0.2 3389 xxx.xxx.184.100 3389 extendable
ip nat inside source static tcp 192.168.0.2 80 xxx.xxx.184.100 80 extendable
ip nat inside source static tcp 192.168.0.2 25 xxx.xxx.184.100 25 extendable
ip nat inside source static tcp 192.168.0.2 110 xxx.xxx.184.100 110 extendable
ip nat inside source static tcp 192.168.0.2 443 xxx.xxx.184.100 443 extendable
ip nat inside source static tcp 192.168.0.2 53 xxx.xxx.184.100 53 extendable
ip nat inside source static tcp 192.168.0.2 21 xxx.xxx.184.100 21 extendable
ip nat inside source static udp 192.168.0.2 53 xxx.xxx.184.100 53 extendable
non of the above statics work from a 192.168.2.2 server to try to telnet etc..
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
>Does any of this have to do with the NATing and the way cisco has it using the loopback adapter and set next hop stuff
Yes, I told you that you would have to change it..
Reference:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
0
 

Author Comment

by:GBorsuk
Comment Utility
Ok I'm confused now.  The cisco article has the route-map on the interface and sets the next hop to be a loopback, but above you suggested to move the route map from the interface to the ip nat section.
Which convention should i follow?  On the interface or in the ip nat section for policy routing?

0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
My bad. I'm working several issues at once and confuse myself sometimes....

Use this reference document. Be sure to deny all those statics in the route-map access-list.

Let's try this again:
Given what you already have:

ip nat inside source list 104 pool NAT overload
!
ip nat inside source static tcp 192.168.0.2 3389 xxx.xxx.184.100 3389 extendable
ip nat inside source static tcp 192.168.0.2 80 xxx.xxx.184.100 80 extendable
ip nat inside source static tcp 192.168.0.2 25 xxx.xxx.184.100 25 extendable
ip nat inside source static tcp 192.168.0.2 110 xxx.xxx.184.100 110 extendable
ip nat inside source static tcp 192.168.0.2 443 xxx.xxx.184.100 443 extendable
ip nat inside source static tcp 192.168.0.2 53 xxx.xxx.184.100 53 extendable
ip nat inside source static tcp 192.168.0.2 21 xxx.xxx.184.100 21 extendable
ip nat inside source static udp 192.168.0.2 53 xxx.xxx.184.100 53 extendable
!
!# add a deny statement in the NAT ACL
access-list 104 deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255  <-- ADD
access-list 104 permit ip 192.168.0.0 0.0.0.255 any
!
!
!# all-new acl 120 for the route-map:
access-list 120 permit tcp host 192.168.0.2 192.168.2.0 0.0.0.255
access-list 120 permit udp host 192.168.0.2 eq 53 192.168.2.0 0.0.0.255
!
!
route-map nonat permit 10
  match ip address 120
  set ip next-hop 10.1.1.2

0
 

Author Comment

by:GBorsuk
Comment Utility
-> Be sure to deny all those statics in the route-map access-list.
 
They are being added in acl 120, not deny?


here's what i came up with.

1.add to interface fastethernet0
ip policy route-map nonat

2.nat section is as follows
ip nat pool NAT 21xxx.xxx.184.100 xxx.xxx.184.100 netmask 255.255.255.192
ip nat inside source list 104 pool NAT overload
!
!
ip nat inside source static tcp 192.168.0.2 3389 xx.xx.184.100 3389 extendable
ip nat inside source static tcp 192.168.0.2 80 xx.xx.184.100 80 extendable
ip nat inside source static tcp 192.168.0.2 25 xx.xx.184.100 25 extendable
ip nat inside source static tcp 192.168.0.2 110 xx.xx.184.100 110 extendable
ip nat inside source static tcp 192.168.0.2 443 xx.xx.184.100 443 extendable
ip nat inside source static tcp 192.168.0.2 53 xx.xx.184.100 53 extendable
ip nat inside source static tcp 192.168.0.2 21 xx.xx.184.100 21 extendable
ip nat inside source static udp 192.168.0.2 53 xx.xx.184.100 53 extendable
!
3. acl for natting - 104
access-list 104 deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255    --- this is traffic for the tunnel
access-list 104 permit ip 192.168.0.0 0.0.0.255 any   -- all other traffic
  in the cisco article, it denys ip host 192.168.x.x any - not sure why...??

4. create an interface loopback  i removed it based on what we did above
interface loopback 1
 ip address 10.1.1.1 255.255.255.0
!

5. route map nonat as follows
route-map nonat permit 10
  match ip address 120
  set ip next-hop 10.1.1.2

6. acl on 120
 at this point i'm lost.  


0
 

Author Comment

by:GBorsuk
Comment Utility
If you want i can creat another question. you are helping me tremendously. and you deserve some more points.
George
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
>3. acl for natting - 104
access-list 104 deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255    --- this is traffic for the tunnel
access-list 104 permit ip 192.168.0.0 0.0.0.255 any   -- all other traffic
  in the cisco article, it denys ip host 192.168.x.x any - not sure why...??

Reason why is because you already have a static nat for that host. We're denying that host/protocol from hitting the NAT process--because we have statics. In your case you might need a series of denies that only deny the specific ports that you have static maps for.

6. acl on 120
 at this point i'm lost.  
 ! <-- what we're trying to do here is re-route ONLY the static nat mapped traffic 'through' the loopback interface. Since the loopback interface is not designated "nat inside", then that traffic will bypass the NAT process and the VPN users can get to the services on this host. It would be much easier if you used a 1-1 static nat for this one host, then used access-list to restrict traffic.
!
access-list 120 permit tcp host 192.168.0.2  192.168.2.0 0.0.0.255
! -- might have to have all the individual ports, i.e.
access-list 120 permit tcp host 192.168.0.2 eq 80 192.168.2.0 0.0.0.255
access-list 120 permit tcp host 192.168.0.2 eq 3389 192.168.2.0 0.0.0.255
access-list 120 permit tcp host 192.168.0.2  eq 443 192.168.2.0 0.0.0.255
<etc>
access-list 120 permit udp host 192.168.0.2 eq 53 192.168.2.0 0.0.0.255
!
!
route-map nonat permit 10
  match ip address 120
  set ip next-hop 10.1.1.2
0
 
LVL 3

Expert Comment

by:frieked
Comment Utility
Instead of:
ip nat inside source static tcp 192.168.0.2 53 xx.xx.184.100 53 extendable
You could have just done:
ip nat inside source static tcp 192.168.0.2 53 xx.xx.184.100 53 route-map nonat extendable

That would make each port accessible from both inside and outside the lan
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Watchguard Firewall Setup 3 27
VLAN question 7 42
Eigrp Router 5 44
Can 16Mbps internet speed work on this line ? 4 31
This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now