Can't connect to remote mini

I have a headless remote Mini in which I was hoping to reduce bandwidth consumption by following the knowledge base note HT3789 (http://support.apple.com/kb/HT3789), "Mac OS X v10.6: Disabling mDNSResponder will disable DNS" which is a method to stop Bonjour service advertisement.
Now I can't connect to the Mini via SSH, screen sharing, sftp, smtp or anything else.
Any thoughts?

I took it to the Genius Bar and after checking/confirming that the hard drive was ok they reinstalled the OS. All seems ok now. I was then able to shut off Bonjour advertising without creating any problems.
I don't know what caused the Mini to become unbootable but I suspect when I rebooted it after the first attempt at shutting off advertising a critical boot file got damaged.
Unfortunately, after all that hassle, I still have the original high-traffic problem that seems to be related to port 5353.
Message was edited by: msbohn

Similar Messages

Can I connect my iPad mini to a data projector using a lightning to 30-pin adapter connected to a 30-pin to VGA connector? Or will this only work with a lightning to VGA connector.

Can I connect my iPad mini to a data projector using a lightning to 30-pin adapter connected to a 30-pin to VGA connector? Or will this only work with a lightning to VGA connector?

The lightning to 30 pin adapter does not support video as per the item description in the Apple online store:
http://store.apple.com/us/product/MD823ZM/A/lightning-to-30-pin-adapter
This adapter lets you connect devices with a Lightning connector to many of your 30-pin accessories.* Supports analog audio output, USB audio, as well as syncing and charging. Video output not supported.
You will need to the Lightning to VGA adapter directly
http://store.apple.com/us/product/MD825ZM/A/lightning-to-vga-adapter?fnode=3a
Or the Lightning Digital AV Adapter
http://store.apple.com/us/product/MD826ZM/A/lightning-digital-av-adapter
If the projector supports HDMI input.

Can I connect a MKP min AKAi with my Ipad mini retina ?

Can I connect a MKP min AKAi with my Ipad mini retina ?

Are you using a powered USB hub as recommended by the unit's manufacturers?
http://www.noterepeat.com/products/akai-professional/mpd-and-mpk-series/39-conne cting-usb-audio-interfaces-midi-controllers-and-keyboards-to-the-ipad

HT1430 Can I connect my iPad Mini to my computer to tap into my internet stick (T-Mobile) devise for internet?

Can I connect my iPad Mini to my computer to tap into my internet stick (T-Mobile) devise for internet?

That depends entirely on your computer. Some computers have the ability to share out their internet connection wirelessly to other devices
Consult your computers Manual or Help file for details.
The iPad can only connect to the internet wirelessly. So if you can get your computer to share its connection wirelessly you should be able to connect the iPad.

Can't connect to SL mini after laptop update to Lion

Situation:
- Mac Mini on Snow Leopard 10.6.8 (mini-old)
- Mac Mini on Lion 10.7.4 (mini-new)
- Macbook Pro on Lion 10.7.4, update from Snow Leopard 10.6.8 since yesterday
I used to be able to connect file sharing and screen sharing from the laptop to both mini's. Since the update to Lion on my laptop, I can't connect to mini-old from the laptop.
- file sharing from laptop to mini-old before the lion update -> worked
- screen sharing from laptop to mini-old before the lion update -> worked
- file sharing from mini-new to mini-old -> works
- screen sharing from mini-new to mini-old -> works
- file sharing from laptop to mini-new -> works
- screen sharing from laptop to mini-new -> works
- file sharing from laptop to mini-old after lion update, with guest -> works
- file sharing from laptop to mini-old after lion update, with registered user -> endless pinwheel, no error in console
- screen sharing from laptop to mini-old after lion update -> endless pinwheel, no error in console
- ssh user@mini-old from laptop to mini-old after lion update -> works
So I can safely assume the settings on mini-old are ok (haven't been changed in many months).
I've tried deleting the caches with OnyX on the laptop, but that didn't help.

Update: 'several' minutes = 10
Same goes for the file sharing.
I've tried the screen sharing a 2nd time to see if it speeds up, but it doesn't. :-( Don't know yet what's going on, because the connection from the mini-new is instantly.
FYI: all three are on the same local network, so no remote 'across the internet' issues.
Anybody?

After iTunes update, can't connect to remote speakers via Airport Express

I updated to iTunes 10.1.2.17 the other day, and ever since then, I can't connect to my stereo via my Airport Express. I get this message: "An error occurred while trying to connect to the remote speaker 'Airport Express'. The network connection failed."
My Airport Express firmware is up to date and I have not changed any settings since the iTunes update.
Anyone else have/had this problem? Any ideas?

I run Vista and I had the same problem after updating to the latest version of iTunes: Apple TV would indicate "Loading Library" for ever and nothing would happen. This had never happened before.
I tried different tricks like turning on/off home sharing on both iTunes and Apple TV (didn't work), unplugged/plugged Apple TV (didn't work), restore Apple TV (didn't work).
Eventually the solution was actually very simple: go to Firewall settings and make an exception for iTunes. I don't know why that was not necessary before the update, but it made the trick.

Can't connect to mac mini leopard shares or screen share

i'm having problem connecting to a mac mini that is on my network (running leopard 10.5.8) and is wired to the network via an AEBS.
previously when my MBP was also running 10.5.8 i had no problems using screen sharing and connecting to 2 shares on it using "afp://10.x.x.x/sharename", or browsing to them via finder.
i did a clean install of SL on the MBP and now even though the mac mini shows up in finder, when i select it it just sits there trying to connect and eventually the beach ball appears and fails saying it can't connect to it.
when i try to connect to the shares using command-K, again it won't connect to the shares.
if i try to connect to them using the samba share that is also configured on the mac min then is does connect to them.
i can ping the mac mini using network utility.
any ideas what the problem is? everything worked fine before i wiped and installed SL.
!http://www.simon-gray.co.uk/images/network.jpg!

HI,
Make sure screen sharing is turned on and you have set up sharing permissions on the computer whose screen you want to share.
To set up screen sharing:
Choose Apple menu > System Preferences and click Sharing.
Select the Screen Sharing checkbox.
To specify who can share your screen, select one of the following:
All users: Select this if you want to allow any user with a user account on your computer to share your screen.
Only these users: Select this if you want to restrict screen sharing to specific users.
Click Add + at the bottom of the Users list and select a user from Users & Groups (accounts you have set up in Accounts preferences), Network Users (users on your network), or your Address Book. Or click New Person and enter a name and password to create a sharing account. Then select that user from the list and click Select.
Click Computer Settings and set the following options:
Anyone may request permission to control screen: Select this to allow anyone on your network to request to share your screen.
VNC viewers may control screen with password: Select this and enter a password that VNC viewer applications can enter in order to control your screen.
It’s recommended that you not set a password if you only share this computer’s screen using the built-in screen sharing viewer in Mac OS X.
Carolyn

How can I connect the remote server which is installed with oracle

Now my computer is in my home,in my computer there is installed with the oracle 9i client,the server is also installed with oracle 9i,which is in my company.Now I want to use sql*plus to connect the database of the server through the internet work.I have created one listener service name in my home computer,but can't test successfully and the sql*plus can't connect the database.Who can tell me how to do it?Thank you!

Technical questions need to be addressed to one of the technical forums-- Products | Database | Database - General in this case.
Unless you are VPN-ing in or the DBA's at your company have configured Oracle Connection Manager to allow you to connect through the firewall to the database, however, I doubt this will work. If they have configured Connection Manager, you'll have to ask them to provide you with connection information. 99.9% of the time, you do not want people to access a database via the internet.
Justin
Distributed Database Consulting, Inc.
http://www.ddbcinc.com/askDDBC

Osx 10.4.11 can't connect with ipad mini

i'm using old Mac os 10.4.11, is it possible to connect with ipad mini ... which version of the itunes requested at least .... seems i cannot update itunes to the latest version ... please help if anyyone get any idea ..thanks

As stated in the iPad mini system requirements (on the box and Apple website), you need a Mac running Mac OS X 10.6.8 or later to use the iPad mini with it:
http://www.apple.com/ipad-mini/specs/
Time to buy a new Mac.

ITunes Error -3256 can't connect to remote speakers

iTunes is behaving erratically. I get a -3256 error when the app tries to connect to remote speakers via an AirPort Express.
Restarting iTunes allows me to connect. iTunes then works until my computer goes to sleep. When I wake the computer it hangs with the -3256 error again. Restart iTunes and it negotiates the network connection perfectly.
I ran AirTunes with no problem for years until version 8 of iTunes was released.
I'm running iTunes 8.0.2

I'm having the same problem with my macbook pro (OS 10.5.6, iTunes 8.0.2) but NOT with my imac flatpanel 15". I get "An error occurred while connecting to the remote speaker "Stereo". An unknown error occurred (-3256)." Restarting iTunes does NOT work for me.
My airport is administered by the older imac flatpanel. My girlfriend's computer - an older macbook pro - does NOT have this problem. Has anyone gotten an answer yet on this?
Is this a known bug since so many of us seem to be seeing it?

ITunes can't connect to remote speakers PLUS Airport Express p/word problem

I am running iTunes 7.4.1 and have previously been able to play iTunes through remote speakers via an Airport Express . After upgrading iTunes some time ago, I am unable to connect to the AE any more. The AE shows as an option in my iTunes window, but when I select it from the drop down option box bottom right, it just doesn't choose it.
I have read other discussions pertaining to this, and have followed all of those solutions, but to no avail.
I have done a hard reset on the AE restoring it's factory settings thinking I should just start again, and it has been renamed "Base Station Oa369f" so I know this has worked, but when I try to reconfigure it through Airport Utility, it asks for a password. I tried it's old password, and also tried the generic one "public" as stated in the AE setup guide, but it rejects both.
I am keen to figure this out as I'm about to buy a new printer and another AE so I can print wirelessly, but don't want to have the same issues if it's an AE bug that can't be fixed, I would be left with no printer!
I know this is two quite separate problems, but if anyone has any ideas for either I would be really grateful.
Thanks very much

I have exactly the same problem which has been driving me nuts for the last couple of days. However I am able to access the dropdown list of speakers. I have mine set to multiple speakers, and now it WILL play through my Airport Express again, but only when playing through the internal speakers at the same time. When I try to play solely through the Airport Express it just hangs.
Come on Apple, you need to be regression testing your upgrades far better than this, for something so basic to go wrong.

Can't connect to Mac Mini (ML Server)

I have a Mid-2009 Mac mini that's running the latest Mac OS X 10.8 Server. It's connected to my TV via HDMI.
For a long time, I had no issues connecting to it via Screen Sharing, SSH or AFP but recently all three will mysteriously fail. I know the machine is working because I stream iTunes content to my Apple TV and it's hosting a couple of web sites that it serves up just fine. The only attached peripheral is a Drobo S (2nd Gen) attached via FW 800. Drobo Dashboard and the firmware are completely up-to-date.
When it stops working, I have no alternative but to A) wait until I get home and B) force the machine off and reboot it. After a reboot, Screen Sharing, AFP and SSH all work fine for a while. It seems to conveniently fail when I'm away and need to get to it.
Note that it fails on all three protocols from outside AND inside. So this isn't a network routing or port forwarding issue. I'm a Mac IT professional with 15 years under my belt, so I think I know what I'm doing in that regard. Like I said it's worked fine for years and it's only been lately that these failures have been happening.
I can't seem to identify any rhyme or reason for this. It's a fairly clean installation with almost no 3rd party software installed on it.
Any help or suggestions would be greatly appreciated.

"Screen Sharing is currently being controlled by the Remote Management Service"
I've been fidgeting between the Server.app server Settings tab and the Screen Sharing checkbox in System Preferences Sharing pane all day.
I had tried "Share Screen" via Finder. After I tried "Share Screen" via Server.app from my client computer I noticed the above warning message when Screen Sharing in the server's System Preference Sharing pane was highlighted. I'm not sure which is cause or effect.
Everything is checked on the server "Settings" tab in Server.app on the server. Only "FIle Sharing," "Remote Login" and "Remote Management" are checked on the Sharing pane in System Preferences on the server.
Everything is checked on the server "Settings" tab in Server.app on the client. In this case, "Allow remote administration using Server" is checked and grayed out. "Screen Sharing" is checked on the Sharing pane in System Preferences on the client. (It may not have anything to do with a successful screen share connection, but it is on.)
Everything is now working better than expected. Thanks to you both for your help!

Can't Connect to Mac Mini Server 10.8

I want to use Screen Sharing to run a headless Mac Mini Server (late 2012) running Server.app under Mountain Lion.
From my Mac Mini I can connect to my iMac on the same LAN and use Screen Sharing, but I can't do the opposite, which is what I need to do. This is very frustrating because the support for this key feature is just plain awful.
Yes, screen sharing is checked under File Sharing preferences on the Mac Mini Server. And yes, both the display and the computer are set to never sleep on the Mac Mini Server.
What must I do to connect to my Mac Mini Server from my iMac so I can run the Mac Mini Server headless?
Thanks in advance for your time and consideration.

"Screen Sharing is currently being controlled by the Remote Management Service"
I've been fidgeting between the Server.app server Settings tab and the Screen Sharing checkbox in System Preferences Sharing pane all day.
I had tried "Share Screen" via Finder. After I tried "Share Screen" via Server.app from my client computer I noticed the above warning message when Screen Sharing in the server's System Preference Sharing pane was highlighted. I'm not sure which is cause or effect.
Everything is checked on the server "Settings" tab in Server.app on the server. Only "FIle Sharing," "Remote Login" and "Remote Management" are checked on the Sharing pane in System Preferences on the server.
Everything is checked on the server "Settings" tab in Server.app on the client. In this case, "Allow remote administration using Server" is checked and grayed out. "Screen Sharing" is checked on the Sharing pane in System Preferences on the client. (It may not have anything to do with a successful screen share connection, but it is on.)
Everything is now working better than expected. Thanks to you both for your help!

Can't Connect with Remote Desktop, It worked before!

Hello. We currently bought alot of seats of Remote Desktop to connect to computer not located in the office. During the time spent here at this office, all the remote desktop connections worked fine. Once the machines were moved up to the new business location, we tried to connect to the machine. We changed the IP's to the ISP new ip, which the server then port forwarded the correct ports to the specific ip for those machines.
We open up Remote Desktop on the computer, with the scanner, and type in the ip address where the computers are going to be stored. Once the ip is in, we can see the computers have been located on the scanner. When then select a computer we want to observe/control/curtain and typied in the username and password, which are all correct. It then says " connecting to "theipaddress" for about 1 min, then displays an error message saying "Connection failed to ipaddress".
something that ive noticed, is that in the scanner window the icon is grey, instead of its little blue monitor and only displays the ip address in the name field, but not the computer name like it did when we ran it thru the lan. question is what are we doing wrong.
can someone please tell us the correct ports to open on what side
what are the ports on the server side that need to be opened on the router/server?
are there any ports on the client side that need to be opened on the router/server?
please help me.

both udp and tcp, but the problem you're having may be the same one that stumped me for a couple of hours.
You can't communicate with a machine that has gone into deep sleep mode. If the screensaver is running, you're okay ... but once that cuts out and the screen goes blank, it's out of touch.
In ARD 3 you can tell whether or not it's available by the colour of the little 'monitor' icon to the left of the the listing in the Scanner or All Computers windows.
Grant

I can Ping FW inside interface but can not connect to remote resources

dear all
i configer my asa 5520 through ASDM to enable VPN Connection , i follow the cisco steps and it works fine and the anyconnect version 3.1 in Windows 8 - one day troubleshoot for this point only - can connect and have an IP address from the range , but i have something wrong in NAT may be because all guides talking about old ASDM ( NAT Exempt) but i am confeused to apply it on the new ASDM.
i can ping the inside interface from my labtop which using anyconnect , but i can not access anything else inside my network
Please anyone has a solution , please describe it using ASDM , thanks for help
This is my configuration
interface GigabitEthernet0/1
description
nameif SRV_ZONE
security-level 50
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/2
description
nameif TRUST_ZONE
security-level 100
ip address 172.17.200.1 255.255.255.0
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif MGMT
security-level 0
ip address 10.10.10.1 255.255.255.0
dns server-group DefaultDNS
domain-name xxx.xxx.xxx
object network obj-192.168.1.11
host 192.168.1.11
object network obj-xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object service obj-tcp-source-eq-25
service tcp source eq smtp
object network obj-192.168.1.12
host 192.168.1.12
object network obj-xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object service obj-tcp-eq-25
service tcp destination eq smtp
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-0.0.0.0
host 0.0.0.0
object network obj_any-01
subnet 0.0.0.0 0.0.0.0
object network obj-172.17.8.8
host 172.17.8.8
object network obj-172.17.0.0
subnet 172.17.0.0 255.255.0.0
object network obj_any-02
subnet 0.0.0.0 0.0.0.0
object network obj_any-03
subnet 0.0.0.0 0.0.0.0
object network obj_any-04
subnet 0.0.0.0 0.0.0.0
object network obj_any-05
subnet 0.0.0.0 0.0.0.0
object network obj_any-06
subnet 0.0.0.0 0.0.0.0
object network obj.172.17.8.115
host 172.17.8.115
object network obj.xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object service http
service tcp source eq www destination eq www
object network obj.xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
object service https
service tcp source eq https destination eq https
object service newservice
service tcp source eq pop3 destination eq pop3
object network mail
host 172.17.8.8
description mail
object network 192.168.1.11
host 192.168.1.11
description smtp
object service smtpnew
service tcp source eq 587 destination eq 587
object network VPN_RANGE
description VPN ACCESS RANGE
object network VPN_PoOL
subnet 172.17.16.0 255.255.255.0
description vpn
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.1.11
network-object host 192.168.1.12
object-group network Eighth_Floor
network-object 172.17.8.0 255.255.255.0
object-group service WEB_SERVICES
service-object tcp destination eq www
object-group network ENT_SERVERS
network-object host 192.168.1.11
network-object host 192.168.1.1
object-group network DM_INLINE_NETWORK_2
network-object 172.17.200.0 255.255.255.0
network-object 172.17.8.0 255.255.255.0
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
port-object eq https
port-object eq smtp
object-group service web tcp
port-object eq www
port-object eq xxx
port-object eq ftp
port-object eq xxx
port-object eq xxx
object-group service xxx_Web_and_Email
service-object object http
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 172.17.0.0 255.255.0.0
access-list DMZ_access_in extended permit ip 192.168.1.0 255.255.255.0 any
access-list justice_splitTunnelAcl standard permit 10.100.100.0 255.255.255.0
access-list xxx-VPN_splitTunnelAcl remark vpn
access-list xxx-VPN_splitTunnelAcl standard permit 172.17.16.0 255.255.255.0
access-list xxx-VPN_splitTunnelAcl standard permit any
access-list cap extended permit tcp any host xxx.xxx.xxx.xxx eq smtp log
access-list cap1 extended permit tcp host 192.168.1.11 any eq smtp
access-list SRV_ZONE_nat_outbound extended permit tcp 192.168.1.0 255.255.255.0 any eq smtp
access-list SRV_ZONE_nat_outbound extended permit ip host 192.168.1.11 any
access-list TRUST_ZONE_access_in extended permit ip host 172.17.88.108 any
access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_2 10.10.3.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit object-group DM_INLINE_PROTOCOL_3 10.10.50.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit ip 172.17.8.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit ip 172.17.200.0 255.255.255.0 any
access-list TRUST_ZONE_access_in extended permit ip 172.17.0.0 255.255.0.0 host 192.168.1.12
access-list TRUST_ZONE_cryptomap extended permit ip xxx.xxx.xxx.xxx 255.255.255.248 any
access-list outside_access_in extended permit tcp any host 192.168.1.11 eq smtp
access-list outside_access_in extended permit tcp any host 172.17.8.8 eq www
access-list outside_access_in extended permit tcp any host 192.168.1.12 object-group web
access-list outside_access_in extended permit tcp any host 172.17.8.8 eq pop3
access-list outside_access_in extended permit ip 172.17.16.0 255.255.255.0 any inactive
access-list vpn remark vpn
access-list vpn standard permit 172.17.16.0 255.255.255.0
pager lines 24
logging enable
logging trap informational
logging asdm informational
logging host TRUST_ZONE 172.17.8.100
mtu INT_ZONE 1500
mtu SRV_ZONE 1500
mtu TRUST_ZONE 1500
mtu MGMT 1500
ip local pool VPN_POOL 172.17.16.100-172.17.16.254 mask 255.255.255.0
ip verify reverse-path interface INT_ZONE
ip verify reverse-path interface SRV_ZONE
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any SRV_ZONE
icmp permit any TRUST_ZONE
asdm image disk0:/asdm-635.bin
no asdm history enable
arp timeout 14400
nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.11 obj-xxx.xxx.xxx.xxx service any obj-tcp-source-eq-25
nat (SRV_ZONE,INT_ZONE) source static obj-192.168.1.12 obj-xxx.xxx.xxx.xxx
nat (SRV_ZONE,INT_ZONE) source dynamic obj-192.168.1.0 interface service obj-tcp-eq-25 obj-tcp-eq-25
nat (INT_ZONE,SRV_ZONE) source static any any destination static 192.168.1.11 obj-172.17.8.8 service obj-tcp-source-eq-25 obj-tcp-source-eq-25
nat (TRUST_ZONE,INT_ZONE) source static VPN_PoOL VPN_PoOL destination static VPN_PoOL VPN_PoOL
object network obj_any
nat (SRV_ZONE,INT_ZONE) dynamic obj-0.0.0.0
object network obj_any-01
nat (SRV_ZONE,MGMT) dynamic obj-0.0.0.0
object network obj-172.17.8.8
nat (TRUST_ZONE,INT_ZONE) static xxx.xxx.xxx.xxx service tcp www www
object network obj-172.17.0.0
nat (TRUST_ZONE,SRV_ZONE) static 172.17.0.0
object network obj_any-02
nat (TRUST_ZONE,INT_ZONE) dynamic interface
object network obj_any-03
nat (TRUST_ZONE,SRV_ZONE) dynamic interface
object network obj_any-04
nat (TRUST_ZONE,INT_ZONE) dynamic obj-0.0.0.0
object network obj_any-05
nat (TRUST_ZONE,SRV_ZONE) dynamic obj-0.0.0.0
object network obj_any-06
nat (TRUST_ZONE,MGMT) dynamic obj-0.0.0.0
object network obj.172.17.8.115
nat (TRUST_ZONE,INT_ZONE) static obj.xxx.xxx.xxx.xxx service tcp www www
object network mail
nat (TRUST_ZONE,INT_ZONE) static obj-xxx.xxx.xxx.xxx service tcp pop3 pop3
nat (TRUST_ZONE,INT_ZONE) after-auto source static obj-172.17.8.8 obj-xxx.xxx.xxx.xxx service https https
access-group outside_access_in in interface INT_ZONE
access-group DMZ_access_in in interface SRV_ZONE
access-group TRUST_ZONE_access_in in interface TRUST_ZONE
route INT_ZONE 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
route TRUST_ZONE 10.10.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 10.11.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 10.12.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 10.13.0.0 255.255.0.0 172.17.200.254 1
route TRUST_ZONE 172.17.0.0 255.255.0.0 172.17.200.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
http server enable
http 172.17.8.0 255.255.255.0 TRUST_ZONE
http 172.17.8.155 255.255.255.255 TRUST_ZONE
http 172.17.8.45 255.255.255.255 TRUST_ZONE
http 10.10.10.2 255.255.255.255 MGMT
http 192.168.1.12 255.255.255.255 SRV_ZONE
http 0.0.0.0 0.0.0.0 INT_ZONE
http 172.17.200.0 255.255.255.0 TRUST_ZONE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map pol 1 match address TRUST_ZONE_cryptomap
crypto dynamic-map pol 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map INT_ZONE_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map TRUST_ZONE_map0 1 ipsec-isakmp dynamic pol
crypto map TRUST_ZONE_map0 interface TRUST_ZONE
crypto map INT_ZONE_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map INT_ZONE_map0 interface INT_ZONE
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn SEC-xxx-FW1
subject-name CN=SEC-xxx-FW1
no client-types
proxy-ldc-issuer
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment self
subject-name CN=SEC-xxx-FW1
keypair sslvpnkeypair
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 31
    57f4e52e 6b851966 77515d62 c209a0df 1c32ce94 bb90cbce 497cfd04 6745ea85
    efb75f85 2ae1ad35 344d94ab 915e01ab d3292626 ac697a52 b4ed6632 d3ed2332 ae
quit
crypto ca certificate chain ASDM_TrustPoint1
certificate e6054352
    c64f3661 30f14c3d 06b5f039 9f14560d 3b154fd1 42782268 7531689e 8e547d91
    85e88415 e326f653 74733a6c a3f5c935 f7e83f56 f6
quit
crypto isakmp enable INT_ZONE
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 INT_ZONE
ssh 172.17.8.0 255.255.255.0 TRUST_ZONE
ssh 10.10.10.2 255.255.255.255 MGMT
ssh timeout 5
console timeout 0
management-access TRUST_ZONE
vpn load-balancing
interface lbpublic INT_ZONE
interface lbprivate INT_ZONE
priority-queue INT_ZONE
tx-ring-limit 256
threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics host number-of-rate 3
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint1 INT_ZONE
webvpn
enable INT_ZONE
svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy xxx-VPN internal
group-policy xxx-VPN attributes
dns-server value xx.xx.xx.xx xx.xx.xx.xx
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value xxx-VPN_splitTunnelAcl
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol webvpn
group-policy GPNEW internal
group-policy GPNEW attributes
dns-server value 172.17.8.41
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
default-domain value xxx.xxx.xxx
address-pools value VPN_POOL
username VPNAM password xxx encrypted
username VPNAM attributes
service-type remote-access
vpn-group-policy xxx-VPN
tunnel-group xxx-VPN type remote-access
tunnel-group xxx-VPN general-attributes
dhcp-server 172.17.8.41
tunnel-group xxx-VPN ipsec-attributes
pre-shared-key *****
tunnel-group pol type ipsec-l2l
tunnel-group pol ipsec-attributes
pre-shared-key *****
trust-point ASDM_TrustPoint0
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
address-pool VPN_POOL
default-group-policy GPNEW
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
inspect pptp
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:78a941e3f509dec8f3570c60061eedaa
: end

thanks god
i solve the problem
the problem is in NAT
i creat an object with the ip address host from VPN pool and name it vpn
then i do the nat from inside to that host as the following picture...
trust zone is the inside zone
vpn is the outside vpn host...
thanks and hope it helps anyone else...

Can't connect to remote mini

Similar Messages

Maybe you are looking for