I am facing a problem i.e, my all Network Computers traffic, Microsoft Exchange traffic, VPN traffic goes through one link,
I have a pool of live IP addresses with a mask of /29
some of my computers have virus and they broadcast to port 25 (smtp) which causes my live ip block on diffrent spam sites, resulting my Exchange emails bouncing with errors,,,,, then I need to clear my ip address from those sites and to change the live ip from my pool.....
I want to isolate my Live IP with the following config
1 - Microsoft Exchange Traffic should use one Live IP address
2 - VPN traffic shoud use one Live IP address
3 - Internal Network computers should use remaining Live IP pool for internet surfing.....
Currently my configuration is :
Ip address 192.168.74.1 255.255.255.0 (for example)
Ip nat inside
Ip address 220.127.116.11 255.255.255.248 (for example)
Ip nat outside
ip local pool ippool 192.168.55.100 192.168.55.200
Ip nat inside source list deny_vpn_go_nat interface fa0/1 overload
ip access-list extended deny_vpn_go_nat
deny ip 192.168.74.0 0.0.0.255 192.168.20.0 0.0.3.255 deny ip 192.168.74.0 0.0.0.255 192.168.55.0 0.0.0.255 deny ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.3.255 deny ip 192.168.1.0 0.0.0.255 192.168.55.0 0.0.0.255 permit ip 192.168.0.0 0.0.255.255 any
In the above scenario, I am using my one live ip from the pool,, others are not in use,,, I want to use these with this config....
ip access-list extended deny_vpn_go_nat deny ip 192.168.74.0 0.0.0.255 192.168.20.0 0.0.3.255 deny ip 192.168.74.0 0.0.0.255 192.168.55.0 0.0.0.255 deny ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.3.255 deny ip 192.168.1.0 0.0.0.255 192.168.55.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 any
ip nat pool localint 18.104.22.168 22.214.171.124 netmask 255.255.255.248
ip access-list extended locint deny ip 192.168.1.0 0.0.0.255 any permit ip 192.168.0.0 0.0.255.255 any
ip nat inside source list locint pool localint overload
Please advise,, whether this configuration will work or not,, as my Router is in production network, and I can take only limited time for its down time for configuration change,,,.,,
Any other idea for Isolation of my Live IP addresses will be very helpful for me,,,
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...