Cisco Router – Configure NAT (NAT Overload)
NAT Overload KB ID 0000971 Problem NAT is the process of taking one or more IP addresses and translating it/them into different IP addresses. You may require your router to translate all your internal IP addresses to your public (ISP allocated) IP address. To do that we use a process called NAT Overload. Solution : Nat Overload 1. Connect to the router, and got to enable mode, then global configuration mode. PetesRouter#configure...
Cisco ASA Domain Authentication and Trust (Allowing)
ASA Domain Authentication KB ID 0000973 Problem I cringed this morning when I was asked about this, last time I had to get a client to authenticate to a domain through a firewall, it was ‘entertaining’. The problem is Windows loves to use RPC, which likes to use random ports, so to make it work you either had to open TCP ports 49152 and 65535 (Yes I’m Serious). Or you had to registry hack all your domain controllers...
Cisco ASA Static (One to One) NAT Translation
KB ID 0000691 Problem Note: This is for Cisco ASA 5500, 5500-x, and Cisco Firepower devices running ASA Code. If you have a spare/available public IP address you can statically map that IP address to one of your network hosts, (i.e. for a mail server, or a web server, that needs public access). This is commonly referred to as a ‘Static NAT’, or a ‘One to One translation’. Where all traffic destined for public...
Cisco VPN – Split Tunnel Not Working?
KB ID 0001239 Problem Here I’m dealing with AnyConnect VPNs, but the principles are exactly the same for both remote IPSEC and L2TP VPNs. You connect to your VPN and can no longer browse the internet from your remote location. You can confirm that split-tunnelling is working or not by connecting with your VPN client and looking at the routing information. Solution Before proceeding are you sure Split-Tunnelling has ever been...
Mail Routing Issue ‘451 5.7.3 Cannot achieve Exchange Server authentication’
KB ID 0000791 Problem While putting in a New Exchange 2010 server today, I test moved a mailbox to this new site, and could not get mail to flow to the Exchange 2010 server at the clients main site. 451 4.4.0 Primary target IP address responded with: “451 5.7.3 Cannot achieve Exchange Server authentication.” Attempted failover to alternate host , but that did not succeed. Either there are no alternative hosts, or delivery...