10-12-2007 05:27 AM - edited 03-05-2019 07:03 PM
Hi Folks,
Newbie here. Searched the forum and can't find an answer.
Situation, a 5505 between the inside network (192.168.130.x) and the "outside" network (192.168.135.x) - they are LAN's that have their own IPs, the outside network consists of wireless equipment so we only want to let port 80 through so they can connect to an internal web server to deliver content to the wireless PDAs on the outside.
(In an ideal world, we'd also like to set up a NAT on the outside interface so that none of the wireless traffic gives away any of the internal IP addresses in the chatter.)
We've managed to get it so that anything on the inside interface works fine and a response comes from the wireless devices ... however, nothing on the outside can initiate a conversation with anything on the inside. The outside interface on the 5505 won't even respond to ping, even after defining any-any rules on everything.
The router has a "basic" licence, and I am wondering if there is a restriction. The manual says...
Base Platform
Transparent Mode - Up to two active VLANs
Routed Mode - Up to three active VLAN's. The DMZ VLAN is restricted from initiating traffic to the inside VLAN.
So ... is this the case please, and if so, how do I switch the router in to transparent mode? Or how do I configure the router to do what is needed as outlined above, please? - or are we going to have to get a higher licence?
Any assistance greatly appreciated.
Michelle Knight
10-18-2007 07:41 AM
Before you begin configuring the adaptive security appliance to accept remote access IPsec VPN connections, make sure that you have the following information available:
Range of IP addresses to be used in an IP pool. These addresses are assigned to remote VPN clients as they are successfully connected.
List of users to be used in creating a local authentication database, unless you are using a AAA server for authentication.
Networking information to be used by remote clients when connecting to the VPN, including the following:
IP addresses for the primary and secondary DNS servers
IP addresses for the primary and secondary WINS servers
Default domain name
List of IP addresses for local hosts, groups, and networks that should be made accessible to authenticated remote clients
and also Upload the detail toplolgy, paste sh run and sh ver config.
10-18-2007 07:54 AM
Dear Owillins,
Thank you for responding. I have to admit that after no response for a while, I turned to a few other people and got the issue sorted. It turned out to be PAT upsetting various things that were happening.
Apologies for not updating the thread but I thought that with this amount of time, it had sunk without trace.
Thanks once again for taking the time to respond.
Michelle.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: