Vpn-asa 5505 - connects fine, can't use resources

Similar Messages

• Apple iPad Camera Connection Kit, can I use it with USB speakers?

  I have a speaker system which has a USB connection so can i use Apple iPad Camera Connection Kit to listen to the music from my iphone 4 on to the speakers..will the camera connection kit support it?

  The Camera Connection Kit is for connecting a camera or SD card to your iPad and downloading photos. It is not a general USB port addition to your iPad.

• Internet connexion problem for remote site in Site to site VPN asa 5505

  Hi all
  I'm configuring a site to site Ipsec VPN in 2 sites using ASA 5505 V 8.2, The VPN is working fine i can ping machine in the 2 sides but the problem is the remote site dont' have internet.
  The architecture is, we 2 site Site1 is the main site and Site2 is secondary site there will be Site3, ...
  The internet connection is based in Site1 and site2 and site 3 will have internet connection through Site1. Site1, Site2 and Site 3 is interconnected by Ipsec VPN.
  Here is my ASA 5505 Configuration :
  SITE 1:
  ASA Version 8.2(5)
  hostname test-malabo
  domain-name test.mg
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd ta.qizy4R//ChqQH encrypted
  names
  interface Ethernet0/0
   description "Sortie Internet"
   switchport access vlan 2
  interface Ethernet0/1
   description "Interconnexion"
   switchport access vlan 171
  interface Ethernet0/2
   description "management"
   switchport access vlan 10
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
   nameif inside
   security-level 100
   ip address 192.168.1.1 255.255.255.0
  interface Vlan2
   nameif outside
   security-level 0
   ip address 41.79.49.42 255.255.255.192
  interface Vlan10
   nameif mgmt
   security-level 0
   ip address 10.12.1.100 255.255.0.0
  interface Vlan171
   nameif interco
   security-level 0
   ip address 10.22.19.254 255.255.255.0
  ftp mode passive
  dns server-group DefaultDNS
   domain-name test.mg
  object-group network LAN-MALABO
   description LAN DE MALABO
   network-object 192.168.1.0 255.255.255.0
  object-group network LAN-BATA
   description LAN DE BATA
   network-object 192.168.2.0 255.255.255.0
  object-group network LAN-LUBA
   description LAN DE LUBA
   network-object 192.168.3.0 255.255.255.0
  access-list interco_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
  pager lines 24
  mtu inside 1500
  mtu outside 1500
  mtu mgmt 1500
  mtu interco 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any outside
  icmp permit any interco
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  nat (interco) 1 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 41.79.49.1 1
  route interco 192.168.3.0 255.255.255.0 10.22.19.5 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map interco_map0 1 match address interco_1_cryptomap
  crypto map interco_map0 1 set pfs group1
  crypto map interco_map0 1 set peer 10.22.19.5
  crypto map interco_map0 1 set transform-set ESP-3DES-SHA
  crypto map interco_map0 interface interco
  crypto ca trustpoint _SmartCallHome_ServerCA
   crl configure
  crypto isakmp enable interco
  crypto isakmp policy 10
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  telnet 192.168.1.0 255.255.255.0 inside
  telnet 10.12.0.0 255.255.0.0 mgmt
  telnet timeout 30
  ssh 192.168.1.0 255.255.255.0 inside
  ssh 10.12.0.0 255.255.0.0 mgmt
  ssh timeout 30
  console timeout 0
  management-access interco
  dhcpd option 3 ip 192.168.1.1
  dhcpd address 192.168.1.100-192.168.1.254 inside
  dhcpd dns 41.79.48.66 8.8.8.8 interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
  tunnel-group 10.22.19.5 type ipsec-l2l
  tunnel-group 10.22.19.5 ipsec-attributes
   pre-shared-key *****
   isakmp keepalive threshold 60 retry 5
  class-map inspection_default
   match default-inspection-traffic
  policy-map global_policy
   class inspection_default
    inspect dns
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect snmp
    inspect icmp
  prompt hostname context
  call-home reporting anonymous
  call-home
   profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:5aa0d27f15e49ea597c8097cfdb755b8
  : end
  SITE2:
  ASA Version 8.2(5)
  hostname test-luba
  domain-name test.eg
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
   description "Sortie Interco-Internet"
   switchport access vlan 2
  interface Ethernet0/1
   description "management"
   switchport access vlan 10
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
   nameif inside
   security-level 100
   ip address 192.168.3.1 255.255.255.0
  interface Vlan2
   nameif outside
   security-level 0
   ip address 10.22.19.5 255.255.255.0
  interface Vlan10
   nameif mgmt
   security-level 0
   ip address 10.12.1.101 255.255.0.0
  ftp mode passive
  dns server-group DefaultDNS
   domain-name test.eg
  object-group network LAN-MALABO
   description LAN DE MALABO
   network-object 192.168.1.0 255.255.255.0
  object-group network LAN-BATA
   description LAN DE BATA
   network-object 192.168.2.0 255.255.255.0
  object-group network LAN-LUBA
   description LAN DE LUBA
   network-object 192.168.3.0 255.255.255.0
  access-list outside_1_cryptomap extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
  pager lines 24
  mtu inside 1500
  mtu outside 1500
  mtu mgmt 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat (inside) 0 access-list inside_nat0_outbound
  route outside 0.0.0.0 0.0.0.0 10.22.19.254 1
  route outside 192.168.1.0 255.255.255.0 10.22.19.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map outside_map0 1 match address outside_1_cryptomap
  crypto map outside_map0 1 set pfs group1
  crypto map outside_map0 1 set peer 10.22.19.254
  crypto map outside_map0 1 set transform-set ESP-3DES-SHA
  crypto map outside_map0 interface outside
  crypto ca trustpoint _SmartCallHome_ServerCA
   crl configure
  crypto ca certificate chain _SmartCallHome_ServerCA
  crypto isakmp enable outside
  crypto isakmp policy 10
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  telnet 10.12.0.0 255.255.0.0 mgmt
  telnet timeout 30
  ssh 192.168.3.0 255.255.255.0 inside
  ssh 10.12.0.0 255.255.0.0 mgmt
  ssh timeout 30
  console timeout 0
  management-access outside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
  tunnel-group 10.22.19.254 type ipsec-l2l
  tunnel-group 10.22.19.254 ipsec-attributes
   pre-shared-key *****
   isakmp keepalive threshold 60 retry 5
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
  service-policy global_policy global
  prompt hostname context
  call-home reporting anonymous
  call-home
   profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:185bd689118ba24f9a0ef2f7e80494f6
  Can anybody help why my remote site can't connect to Internet.
  REgards,
  Raitsarevo

  Hi Carv,
  Thanks for your reply. i have done finally
  i used no crypto ipsec nat-transparency udp-encapsulation in my end router only.
  and in remote access VPN i have enabled UDP for client configuration. the most imprtant is i have given IP add of same LAN pool to VPN user,
  Regards,
  Satya.M

• ASA 5505 Connection Limit and TIME_WAIT Freezing Device

  My little ASA 5505 is working great and I am quite happy with the purchase now that I've solved a number of the issues we had, thank you all very much for the help.
  The next issue I have is rather annoying.  The device appears to be artificially crippled and limited to 10,000 connections.  This isn't a "CPU limit" it's just some fake limit in the device as far as I can tell.
  The problem we have is that we are only using around 500-600 connections and CPU usage is only like 25%, and yet the connection count is pegged at 10,000 and locks us out of our network.
  I am pretty sure this is because there are a lot of "dead" TIME_WAIT connections hanging around not being used.  In our application we only have the couple hundred connections but they do move around a bit every now and then.
  Is there anyway to get the device to ignore the "dead" connections and not count them towards the artificial limit on the device given that it's pretty clear the CPU / etc., is not utilized sufficiently.  These aren't real connections, we only have a couple 100 established, they do just move around a bit however.
  We are really only using 500-700 connections according to our servers, the others are just sitting in TIME_WAIT doing nothing.
  Anyone had this issue before or can offer solutions or workarounds?

  Hello,
  Have you checked the output of 'show conn' and 'show local-host' at a time when the connection count is maxed out? If the ASA is not removing idle connections, you should open a TAC case to have this investigated. Otherwise, the above commands should show you which hosts are maxing out the connections and you can take steps to remediate those problem hosts.
  -Mike

• ASA 5505 Connected To Linksys Router

  Hello, I have a cable modem internet connection and my cable modem is connected to an ASA 5505.  The inside interface of the ASA has an IP address of 192.168.2.2 and is connected to a Linksys router's internet port which has an IP address of 192.168.2.1.  The Linksys router then has a local area network of 192.168.1.0 and all my clients are on that network.  Everything is working fine except in my ASA logs all the traffic shows up as the router's external address which is 192.168.2.1.  I would like to see the 192.168.1.x address of the clients in the ASA firewall.  I've tried making some changes to the Linksys router but that hasn't resolved it.  Is there any changes I can make on the ASA to get this to work?   Below is some of the config:
  ASA Version 8.2(5)
  hostname djchristasa
  enable password k7X9tTHKoCUET/3Z encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.2.2 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address dhcp setroute
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  ASA Version 8.2(5)
  hostname djchristasa
  enable password k7X9tTHKoCUET/3Z encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.2.2 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address dhcp setroute
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  I didn't post ACL's and some other things.  Please let me know if you need more.
  Thanks,
  Dave

  Dave
  The Linksys doing NAT is the reason why the ASA sees all the traffic as having source address as 192.168.2.1. The only way for the ASA to see the original 192.168.1.x address is to change the Linksys to not do NAT.
  One thing that I notice is that there is not a route statement in what you posted for the 192.168.1.0 network. It is not clear whether the route does exist and you did not post it or whether the route does not exist. But if it does not exist it would certainly be a reason why you lose Internet connectivity when you change the Linksys to not perform NAT. (the ASA would have no knowledge of how to forward to the network and would drop all the traffic). Try adding the route to the ASA and changing the Linksys to not perform NAT and let us know if it works.
  HTH
  Rick

• I recently bought a new iMac as well as a wireless time capsule and have it connected how can I use this external drive as the location to store all my files for iTunes, or is this even possible?

  New iMac user here, I recently bought a new iMac and Time capsule and have the whole network up and running now. I have connected another external HD to the time capsule as well and have a total of 3 TB of storage connected wireless to my new iMac. My question is can I use this location as the default location for iTunes?  I doubt I am gonna run out of room considering the iMac has 1 TB of storage already, but I'd prefer to keep my movies and music off the Mac to keep it running smoothly. If this is possibly, I'd like to do this with iPhoto as well. 

  I would advise against placing your iTunes library on a Time Capsule.
  The Time Capsule is designed as a backup device and not for wireless streaming of video.
  Before you do anything more, can I suggest you put into place a reliable, redundant backup strategy.
  Unless you are prepared to risk loss of your iTunes library due to a hard drive failure, I would not put iTunes on the Time Capsule.
  Leave your iTunes library on your iMac until such time as your internal drive is full. Backup to Time Capsule using Time Machine and create a clone of your internal iMac HD to your external drive.
  That's my 2 cents worth. Others may have a different opinion.

• S2S VPN - ASA 5505 to ASA 5540 - Routing Problems

  I'm a software developer (no doubt the issue) trying to setup my remote office (5505) to the main office (5540). No problem getting the S2S VPN up, but I definitely have problems with the routing. Using tracert, it shows it going into the remote network for a couple of hops, but then timing out. Packet tracer shows everything is fine. Using my client VPN credentials to the remote network, same on the return path...does a few hops, then gets lost. I've stripped down the config to the basics and ensured it isn't security settings on both ends, but still doesn't work. I've spent A LOT of hours trying to get this to work, so thanks for any assistance!
  Current running config:
  ASA Version 8.2(5)
  hostname asa15
  enable password XXXXX encrypted
  passwd XXXXX encrypted
  names
  name 10.0.0.0 remote-network
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 172.16.5.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address dhcp setroute
  ftp mode passive
  access-list outside_1_cryptomap extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
  access-list inside_nat0_outbound extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
  access-list inside_access_in extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
  access-list inside_nat0_outbound_1 extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
  pager lines 24
  logging enable
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm location remote-network 255.0.0.0 inside
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound_1
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group inside_access_in in interface inside
  route outside 0.0.0.0 0.0.0.0 99.X.X.7 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 172.16.5.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 3600
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set peer 99.X.X.7
  crypto map outside_map 1 set transform-set ESP-AES-128-SHA
  crypto map outside_map 1 set reverse-route
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 28800
  vpn-addr-assign local reuse-delay 5
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 172.16.5.100-172.16.5.130 inside
  dhcpd auto_config outside interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  webvpn
  tunnel-group 99.X.X.7 type ipsec-l2l
  tunnel-group 99.X.X.7 ipsec-attributes
  pre-shared-key XXXXX
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
  message-length maximum client auto
  message-length maximum 512
  policy-map global_policy
  class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  : end

  just out of curiosity, why do you have
  route outside 0.0.0.0 0.0.0.0 99.X.X.7 1
  You already set your default route through DHCP setroute under the interface. this could be the issue.
  If your VPN config is ok and you are seeing encaps/decaps, it is likely a routing issue.
  Does the remote device have the correct default gateway?
  May be a Natting issue if you have a one-way tunnel (usually send but no receive)...
  Patrick

• Cisco ASA 5505 - EasyVPN - ARD can't scan remote Networks

  Hi all,
  We have been installing Cisco ASA5505 to hook our systems and remote offices together.  Our first install went great, and I can scan the remote network no problem, this network is setup using the site to site VPN setup.
  Since then we have added 3 more ASA5505 so the the mix, these are not running via the Site to Site VPN but are rather using the EZVPN.
  On the Remote ASAs using EasyVPN, I cannot scan the networks with ARD or even Ping. 
  I am wondering if anyone has any insights on this?  I know this info is a bit sketchy...
  I will post more as I get it.

  ASAs are the default gw for respective LANs. For the point 2 if i trace the packets i can see that their are blocked
  packet-tracer input inside-g tcp 192.168.1.42 80 192.168.2.31 80
  Phase: 1
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   192.168.2.0     255.255.255.0   outside
  Phase: 2
  Type: UN-NAT
  Subtype: static
  Result: ALLOW
  Config:
  nat (inside-g,outside) source static obj-LAN-G obj-LAN-G destination static obj-LAN-BO obj-LAN-BO no-proxy-arp route-lookup
  Additional Information:
  NAT divert to egress interface outside
  Untranslate 192.168.2.31/80 to 192.168.2.31/80
  Phase: 3
  Type: ACCESS-LIST
  Subtype:
  Result: DROP
  Config:
  Implicit Rule
  Additional Information:
  Result:
  input-interface: inside-g
  input-status: up
  input-line-status: up
  output-interface: outside
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (acl-drop) Flow is denied by configured rule
  192.168.1.42 is the ASA1 inside IP address. But i've an explicit ACL that permits ALL traffic from 192.168.1.0/24.
  I've also tried to add an ACL for the specific IP for inside interface but with no results.

• Can't connect but can ping & use AP Util

  A couple issues:
  TC shows up in finder, can ping it (static ip, as are all my ip's) and use the airport utility. It worked fine for a day or so, now with no changes, this is where I'm at. I get an error about it not existing. I've tried to 'connect As' even 'connect to server' in Finder trying names and ip - no joy.
  TC is set up with only Ethernet (cable) WiFi is turned off. File sharing with accounts (all are OK) My MacBook Pro and Mini can't connect.
  I find it odd that the Air Port utility connects to it just fine. Does it use the AFP or UDP/TCP?
  I'm going to reboot the TC and see. But if I need to reboot it every day or so, its worthless to me.
  Topology (another issue) is:
  router/switch Gb --> switch 2 100b ---> TC
  When I tried to make the TC be the middle (to keep a Gb network) it didn't work. (yes, I know about the uplink ports; even tried the standard ports)
  (oh other kinda non issue: Printers don't show up in the AirPort utility, but remote 'puters print fine)
  Message was edited by: MudShark

  This TC is going back. What a POS! Now it won't even connect to the LAN. Had it for less then a week and its been down more then up. NOT impressed.

• Shrew Soft VPN won't connect through 4G LTE - using Pantech UML290

  Hey everyone,
  I'm using Shrew Soft VPN to connect to my companies network and can't seem to connect when using the 4G broadband. I have no issues using Ethernet/wifi but for some reason I can't establish a connection with using 4G.
  I'm currently using the Pantech UML290 to connect to the 4G network. I tried to switch to 3G to see if there was some type of encryption causing the issue. That doesn't resolve it.
  Has anyone else experienced this and found a solution?

  I opened a case with Verizon and it seems the problem is on their end.  To get access to VPN again, you have to downgrade the VZAccess, downgrade the Firmware (that is "required") to an older version, and uninstall Verizon firmware updates in Add/Remove programs.  This is the email that VZ sent me:
  Thank you for contacting the Verizon Wireless Data Technical Support department through our website. We are sorry to learn that you are unable to connect to your company's VPN when using your UML290 Modem. We are pleased to assist you.
  We can certainly understand your frustration when your device does not work as expected. You should be able to connect to your company's VPN service when using the UML290. We will be providing you with steps to check your VZAccess Manager Software version.
  After updating to MR2 (Maintenance Release 2) software, the UML290 may not be able to connect to some VPNs. The MR2 software was included in the VZAccess Manager build 7.6.3 (2642j). To check the current version that you are currently running on your computer, please complete the steps provided below:
  1. Launch VZAccess Manager
  2. Click Help
  3. Select About VZAccess Manager
  If you are running VZAccess Manager 7.6.3 (2642j), please downgrade the software. To do so, please complete the steps provided below:
  1. Browse to http://www.vzam.net/download/download.aspx
  2. Select your Operating System
  3. Select the device you are using
  4. Select your hardware i.e. Pantech UML290
  5. Click Continue
  6. Click the Downgrade Utility link located under the Installation Instructions and/or Device Drivers
  You should be able to use the steps provided above to downgrade the VZAccess Manager Software. Once this has been completed, you should be able to connect to your company's VPN when using the Pantech UML290.
  Make sure you read the read_me.pdf doc packaged with the firmware downgrade utility.  There are some steps that are left out of this procedure that are in that doc.  Good luck to everyone.
  -daddy

• Is AirPort a cellular connection that can be used out in the country?

  Can the AirPort be used out in the country?

  If you are saying that you only have celllular service, you will need an adapter like the example shown below to be able to connect an AirPort Extreme.
  http://www.wirelessnwifi.com/Cradlepoint-CBR400
  Make sure that the device you choose will support your cellular service before you buy any product.

• Camera connection kit can be used to read files other than pictures?

  1. Is it possible to use it to load/ transfer document files to ipad through the CCK, without jailbreaking...?
  2. Is there a "delete all" button for me to delete all the imported pics at one go? I needa press several hundreds time in order to delete them!

  1. You can only transfer pictures and some types of movies (those usually created by digital cameras) to the iPad. Nothing else and not the other way around.
  2. You mean once they are on the iPad? Not that I'm aware of. You should be able to delete them when you connect the iPad to a computer.

• Server connected but can't use images?

  Hello to all.  I am new to DW, but so far I've set up a basic .css file, and I'm trying to use images from my server, which said it's connected successfully, but when I try to edit my background-image, the server button isn't clickable.  How do I use pictures from my server that I know I'm connected to?

  my website is http://asc.pcassistant.net/dreamweaver/index.htm      My backgound image is working fine, but my header and content images aren't showing up, also, my header and footers have extended to the left where I only want the background image to show.  BTW, my body background image has black space built into the image, I couldn't figure out any other way to have images on the side and only black in the middle.
  This is my .css file so far.  Much left to do, but it's a basic:
  body {
  margin:0;
  padding:0;
  text-decoration: none;
  background-attachment: fixed;
  background-color: #000;
  background-repeat: repeat-y;
  background-position: center center;
  background-image: url(bg.jpg);
  #wrap {
  background-color: #000;
  width: 80%;
  height: auto;
  #header {
  background-attachment: fixed;
  background-color: #000;
  background-image: url(header.jpg);
  background-repeat: no-repeat;
  background-position: center center;
  height: 160px;
  width: 100%;
  #nav {
  background-color: #000;
  #content {
  font-family: Arial;
  font-size: 0.75em;
  color: #F00;
  text-decoration: none;
  background-attachment: fixed;
  background-color: #000;
  background-image: url(contentbg.jpg);
  background-repeat: no-repeat;
  background-position: center center;
  text-align: left;
  height: auto;
  border-top-style: none;
  border-right-style: none;
  border-bottom-style: none;
  border-left-style: none;
  width: auto;
  #footer {
  font-family: Arial;
  font-size: 0.625em;
  color: #F00;
  text-decoration: none;
  background-color: #000;
  text-align: center;
  Here is my .htm document:
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>As Shadows Collapse - Home</title>
  <link href="main.css" rel="stylesheet" type="text/css" />
  </head>
  <body>
  <div id="wrap">
    <div id="header">
    </div>
    <div id="nav">
    </div>
    <div id="content">
    </div>
  </div>
  <div id="footer">&copy;  Copyright 2011 - As Shadows Collapse.  All Rights Reserved.
  </div>
  </body>
  </html>

• Do I have to use one internet connection or can I use more?

  Hello,
  I have three Airport routers (Airport extream (dual band n), Airport time (also dual band n) and an airport express) and I'm interested in making one network with two different internet connections. Is there any way to do this?

  I'm interested in making one network with two different internet connections. Is there any way to do this?
  Not with an Apple router. You will need a router with dual WAN ports.
  Something like this, for example:
  Cisco RV042 Dual WAN VPN Router - Cisco Systems

• Can i use bookmarks in offline?? means, if i have not network connection then can i use a particular webpage which is already maked bookmark by me.

  sir/mam
  i did used to bookmarks in offline(without internet connection).But after installing new window(OS) this is not wokrking.

  That should still be possible if those pages are in the disk cache.
  *File > Work Offline
  *Firefox > Developer > Work Offline
  See also the about:cache page for info about the current cache usage.
  *Firefox/Tools > Options > Advanced > Network > Cached Web Content