2800 w/ site-site tunnel using NAT and user tunnels
I am using a 2800 to terminate a site-site IPSec tunnel using a crypto map. It is also used to terminate several user tunnels.
Because of overlapping private address space there is a source NAT rule in place that overloads addresses prior to routing them across the site-site tunnel.
The problem is that the user tunnels are not able to communicate with any host located on the far end of the site-site tunnel. The site-site tunnel (and it's NAT) works just fine for users coming from any other interface on the 2800.
Does anyone have any ideas? I've gone ahead and attached the existing configuration for those that are brave or incredibly smart :) It is a fairly trashed config though, and I'm still trying to clean it up from where it was.
Thank you VERY much ahead of time,
Steve
Duplicate posts. :P
Go here: http://supportforums.cisco.com/discussion/12152361/2nd-site-site-ipsec-tunnel-nat-traversal-setting-fail-establish-however-1st
Similar Messages
-
Load balancing weirdness using NAT and same-metric route
Hi.
I'm trying to set up a double-WAN load-balancing scenario:
I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
=== PING 1 ECHO REQUEST ===
*Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
*Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
*Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
*Mar 3 04:38:43.521: ICMP type=8, code=0
=== PING 1 ECHO REPLY ===
*Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
*Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:45.589: ICMP type=0, code=0
=== (something else) ===
*Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
OLD rdb: via 10.129.124.33, Vlan2
NEW rdb: via 10.129.124.1, Vlan1
=== PING 2 ECHO REQUEST ===
*Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
*Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
*Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
*Mar 3 04:38:52.353: ICMP type=8, code=0
=== PING 2 ECHO REPLY ===
*Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
*Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:53.033: ICMP type=0, code=0
In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
no ip cef
ip dhcp pool lan-side
import all
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
domain-name doublewan.local
dns-server 8.8.8.8 8.8.4.4
lease infinite
ip domain name doublewan
interface FastEthernet0
!doesn't appear on running-config: vlan 1 is the default access vlan
!switchport access vlan 1
interface FastEthernet1
switchport access vlan 2
interface FastEthernet2
shutdown
interface FastEthernet3
shutdown
interface FastEthernet4
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
interface Vlan1
ip address 10.129.124.2 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
interface Vlan2
ip address 10.129.124.35 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
ip nat inside source route-map nat1 interface Vlan1 overload
ip nat inside source route-map nat2 interface Vlan2 overload
ip access-list standard acl4-nexthop-vlan1
permit 10.129.124.1
ip access-list standard acl4-nexthop-vlan2
permit 10.129.124.33
route-map nat2 permit 10
match ip address 102
match ip next-hop acl4-nexthop-vlan2
match interface Vlan2
route-map nat1 permit 10
match ip address 101
match ip next-hop acl4-nexthop-vlan1
match interface Vlan1
control-plane
Of course, there is some configuration pending for redundancy and stuff.
Thanks a lot in advance.
[1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.htmlHello.
This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing". -
Incorrect Viewing of Site when using mozilla and other browser
Hi, i got a little problem, i created a site using Macromedia
Dreamweaver 8, when previewing at Internet Explorer my site is ok
including margins and other, and then when i tried to view at
Mozilla Firefox the layout is quite incorrect such as layout and
margins and the text is quite lower compared at internet explorer.
Thanks you..Thank you for replying to my problem, coz m new to web
designing here's the URL www.mysystema.com, its still on
developement so pls help on this. thnx a lot!!! more power! -
Duplicate IPs while using NAT and HSRP
When using two routers in the same HSRP group and the same static NAT table on each, I run into Duplicate IP address messages detected on the interface where the routers are communicating to each other for redundancy.
HSRP is working properly because when I do a show standby one router is active and one is standby.
Any ideas on how to eliminate this problem?
BSCWhat you need is a feature called Stateful Fail-over of Network Address Translation or SNAT. This feature enables transparent failover of NAT sessions to the standby HSRP router if the primary HSRP device goes down.
The link below should provide the info you need about SNAT.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008060c61d.html#wp1049970
HTH,
Sundar
*Please rate all helpful posts. -
Using NAT and PAT together?
ASA is 5540 w/8.3. I have a large inside block of inside address I want to NAT or PAT
to outside addresses. Is it possible to use a block of outside addresses with NAT with
rollover PAT to the whole range, or is it restricted to roll over to only a single address?
Thanks, RogerAre you looking to do this for outbound connections to the internet? If so, this is possible to do a nat to a group of IP address and then if that gets all used up, have it roll over to a single IP address for PAT.
-
To avoid some of the issues related to Microsoft's stopping support for Windows XP, I recently installed Firefox, which has been working well. I kept Internet Explorer on my computer, though. I am a patient at a facility that has an online chart where one can go to get messages, test results, etc. When I am on Firefox and try to access this chart by entering my user name and password, I am denied access and keep getting a message that my session has timed out. When I try the same thing with Internet Explorer, which I would prefer not to use, I do get access. It seems to me that I have to add Firefox to my computer's system somehow (and maybe delete IE) in order for this to work. Can someone tell me how to do this, please?
Usually sites recognize that your session is still alive using cookies. Can you think of any changes you might have made to Firefox's cookie settings to increase your privacy or reduce tracking? Or any add-ons along those lines?
As a test, try logging in to the site (1) in Firefox's Safe Mode (2) in a Private Browsing window. This will help bypass restrictive cookie settings, as well as other filtering behaviors of extensions, to see whether those are a factor.
You can restart Firefox in Safe Mode using either:
* "3-bar" menu button > "?" button > Restart with Add-ons Disabled
* Help menu > Restart with Add-ons Disabled
''Not all add-ons are disabled: Flash and other plugins still run''
After Firefox shuts down, a small dialog should appear. Click "Start in Safe Mode" (''not'' Reset).
Then open a private browsing window using either:
* Ctrl+Shift+p
* "3-bar" menu button > New Private Window
* File menu > New Private Window
In that window, try logging in. Any difference? -
Hi,
I am trying to enable/disable a feature based on user.roles.
Added a constraint for that feature as below,
<adfmf:constraints>
<adfmf:constraint property="user.roles" operator="contains" value="manager" id="c1"/>
</adfmf:constraints>
In this case, Users have manager role should be able to access this feature.
My AccessControlService response is
{"userId" : "sales_mgr","roles" : [ "manager","MOO_OPPORTUNITY_SALES_MANAGER_DUTY","ZBS_ENT_SALES_MANAGER_DUTY"],"privileges" : [ "managerPriv","ZSF_DEFINE_SALES_FORECAST_PRIV","MOO_MANAGE_OPPORTUNITY_GROUP_SPACE_PRIV"]}
Repsonse has "manager" as one such role.
After adding constraint to the feature, am unable to access it.
I tried many possibilities like operator="contains" or "not" or "equal", but no use.
I don't know what is going wrong. Appreciate you help.
Thanks.If you are on 11.5.10 or greater or standalone 2.6.4 if you pass the responder value to wf_notification.respond API it should be updated in wf_notifications.responder column. The comments is now updated in wf_comments table against the notification id and not wf_notifications.user_comment column.
Thanks, Vijay -
Using SSO and user mapping with WebDav Repository
Hi guys,
I have a WebDav Repository in portal and i configured SSO with SSO22KerbMap in IIS server. All is ok, but i have some UME users than don't have user in our Active Directory, i need use user mapping with this users. Do it's possible?
Currently i have a KMWebDav system (with same alias name that http system) and i mapped one of my UME user (with name 'umeuser' for example) with one Active Directory user (with name 'aduser' for example), if i try access to my webdav repository from KM Content with 'umeuser' i can see in SSO22KerbMap log a message like:
10:48:57 6756/4652 i OnPreprocHeaders: Determined account umeuser from cookie MYSAPSSO2
10:48:57 6756/4652 E OnPreprocHeaders: Found 0 UserPrincipalNames for ADSI Filter...
Can somebody help me?
Thanks in advanced.Hi Guys,
Any takers?
Suggestions would be appreciated.
Cheers
Ian Henderson -
I dont know what else to say about it. I updated and now all this is happening and it didnt before my update to Firefox5. I have several site I use daily and I have gone in and marked them to allow popups and they just dont work. The sites are My Yearbook...Kia Financeing...and a few more. And also I am finding that I get a no response a lot!
I am sorry you are not in a position to replace the iPad. It is stating the obvious, but nothing lasts forever - especially something like an original iPad. IMHO, there is nothing you can do to address the issues you have posted about.
Barry -
NAT and Routed Network with Two ISP's on one router
I'm sure this has been done covered many times, but I am not finding it.
I have two ISP connections.
With ISP-A I have a /30 between us and 200.100.100.0/24 is routed to me via the /30 for thsi example we will say the /30 is 1.1.1.1 on isp end and 1.1.1.2 on my end
With ISP-B I have a 100.0.0.0/29 subnet. and the ISP gateway is on that subnet at 100.0.0.1
On the inside of my network I have devices using both 200.100.100.x addresses and devices on 192.168.100.x that need to use NAT.
I would like all of the devices on 200.100.100.x addresses to continue using ISP-A as their gateway.
Everything on 192.168.100.x should use NAT and go out ISP-B
I have tried
ip nat inside source route-map ISP-A interface GigabitEthernet0/1 overload
route-map ISP-B permit 10
match ip address 101
match interface GigabitEthernet0/1
set ip next-hop 100.0.0.1
route-map ISP-A permit 10
match ip address 111
match interface Multilink1
set ip next-hop 1.1.1.1
The problem comes when I have default routes to ISP-A in the router than none of the ISP-B traffic works, and vice versa.I think for this to work correctly and be able to split traffic between the 2 ISPs, you would need to use BGP, because default is going to use one ISP or the other.
If you can use BGP, this link will help you in load shearing between multiple ISPs when you have one router.
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html#conf4
HTH -
SSO and User Mapping at same time
Hi,
Can we use SSO and User mapping at same time between Portal and SAP Backend system?
For some of the users the user id is different in both end.
After implementing the SSO... Will it affect the existing user mapping? and the system alias created for that?
If not, Can we use both SSO and user Mapping same time?
Thanks,
VBHi VB,
In this case I suggest you create 2 systems one you might have created for users who are having common user ids in portal & at the backend system.
For the users whose ids are defeering you can create reference system and in user managemant property of that system
Authentication Ticket Type - Select -SAP Logon TicketSAP Assertion Ticket
Logon Method - UWPW
User Mapping Fields - {100,200,300}Client;Language
where 100,200,300 are the clients of the backend system.
Assign this system in the ivews.
Thanks,
Vishal -
EAP-TLS machine and user cert or both
If I use machine and user certificates does that mean the machine get's an IP address, authenticates, the user then logs on which causes another DHCP renew and user authentication? Is it better to use machine and user or just machine?
It depends on your needs and applications, the advantage of also using machine authentication is that the machine connects, authenticates and is on the wireless network irrelevant of whether a user has logged in, which means you can remote access or monitor the machine at that point. I know alot of facilities that do it that way because they manage the machines with things like SMS, etc.. Without machine authentication the computer won't attach to the wireless until a user physically logs into the machine at which point it pass authentication.
personally I like the machine authentication that way you can push updates and other things to the machines without having to either send a person to the machine to login or waiting for a user to login so that you can access the machine, it just needs to be on.
in short machine authentication replicates being hardwired to the network.
Hope this helps... please rate useful posts.
Thanks,
Kayle -
I just downloaded the new version of Firefox and now every site I used to use such as Facebook, Twitter, and Youtube show "This Connection Is Untrusted". Even when I do accept the risks the site no longer looks the way it's looked for years. Twitter doesn't even give me the option to accept the risks at all and shows this error (Error code: sec_error_unknown_issuer). I've tried resetting Firefox, I've checked the time and date, and I've removed and added Firefox to see if that would work. Nothing seems to be working so I can see the sites the way they normally would be instead of "coded". Can anybody help me please?!!! Thanks
ok, unfortunately the fiddler2.com issuer in certificates might be a sign of unwanted software present on your pc that is intercepting secure network traffic. please go into the system control panel and uninstall programs like BrowserSafeguard, BrowserSafe, SafeGuard or other software that sounds suspicious and didn't get installed by you intentionally.
<sub>reference: https://support.mozilla.org/en-US/questions/982532#answer-520145</sub>
afterwards, run a full scan of your system with different security tools like the [http://www.malwarebytes.org/products/malwarebytes_free free version of malwarebytes] & [http://www.bleepingcomputer.com/download/adwcleaner/ adwcleaner].
[[Troubleshoot Firefox issues caused by malware]] -
ISAKMP Phase 1 dying for Site to Site tunnel between ASA and Fortigate
I am facing strange issue on my asa and client Fortigate fw.
We have site to site tunnel with 3des and sha and DH-5 on asa
3des sha1 and dh-5 on Fortigate.
Tunnel came up when configured after some time it went down and it is throwing below errors. Please
some one help me here.
Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 8
Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, constructing ISAKMP SA payload
Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, constructing Fragmentation VID + extended capabilities payload
Jul 24 17:25:13 [IKEv1]: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 104
Jul 24 17:25:13 [IKEv1]: IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NONE (0) total length : 244
Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, processing ke payload
Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, processing ISA_KE payload
Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, processing nonce payload
Jul 24 17:25:13 [IKEv1]: IP = X.X.X.X, Unable to compute DH pair while processing SA!<<<<---------Please suggest if DH group 5 does not work with PSK.
Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, IKE MM Responder FSM error history (struct &0xcf9255d8) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG4, EV_GEN_DH_KEY-->MM_WAIT_MSG3, EV_PROCESS_MSG-->MM_WAIT_MSG3, EV_RCV_MSG-->MM_WAIT_MSG3, NullEvent-->MM_SND_MSG2, EV_SND_MSG-->MM_SND_MSG2, EV_START_TMR-->MM_BLD_MSG2, EV_BLD_MSG2
Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, IKE SA MM:5f1fdffc terminating: flags 0x01000002, refcnt 0, tuncnt 0
Jul 24 17:25:13 [IKEv1 DEBUG]: IP = X.X.X.X, sending delete/delete with reason message
Mum-PRI-ASA#Hey All,
I experienced same issue with my another tunnel. Lately I came to know it was higher level of DH computation which my ASA was not able to perform and ASA reboot worked here. See the logs for tunnel which came up after reboot.
Eror Before Reload
Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing ISAKMP SA payload
Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing Fragmentation VID + extended capabilities payload
Aug 06 21:17:33 [IKEv1]: IP = xx.xx.xx.xx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 416
Aug 06 21:17:33 [IKEv1]: IP = xx.xx.xx.xx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 108
Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, processing SA payload
Aug 06 21:17:33 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 5 Cfg'd: Group 2
Aug 06 21:17:33 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 5 Cfg'd: Group 2
Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Oakley proposal is acceptable
Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, processing VID payload
Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Received Fragmentation VID
Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: True
Aug 06 21:17:33 [IKEv1]: IP = xx.xx.xx.xx, Unable to compute DH pair while processing SA!
Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, IKE MM Initiator FSM error history (struct &0xd0778588) , : MM_DONE, EV_ERROR-->MM_BLD_MSG3, EV_GEN_DH_KEY-->MM_WAIT_MSG2, EV_PROCESS_MSG-->MM_WAIT_MSG2, EV_RCV_MSG-->MM_WAIT_MSG2, NullEvent-->MM_SND_MSG1, EV_SND_MSG-->MM_SND_MSG1, EV_START_TMR-->MM_BLD_MSG1, EV_BLD_MSG1
Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, IKE SA MM:64cf4b96 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Aug 06 21:17:33 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, sending delete/delete with reason message
Isakmp phase completion After reload
Aug 25 10:40:35 [IKEv1]: IP = xx.xx.xx.xx, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 108
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, processing SA payload
Aug 25 10:40:35 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 5 Cfg'd: Group 2
Aug 25 10:40:35 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 5 Cfg'd: Group 2
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Oakley proposal is acceptable
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, processing VID payload
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Received Fragmentation VID
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: True
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing ke payload
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing nonce payload
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing Cisco Unity VID payload
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing xauth V6 VID payload
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Send IOS VID
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, constructing VID payload
Aug 25 10:40:35 [IKEv1 DEBUG]: IP = xx.xx.xx.xx, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Aug 25 10:40:35 [IKEv1]: IP = xx.xx.xx.xx, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 320
SENDING PACKET to xx.xx.xx.xx -
After installing the new Yosemite OS on my iMac I can no longer send email. I can receive email, but not send. I use gmail and can send email on the gmail (google) site, but not on "mail" on my iMac. Any others with this problem? What should we do?
My gmail, which is correctly configured for Mail with gmail SMTP and Google IMAP, works for awhile on Mail, which I leave open while working on other applications. But several times a day I get msg from Google: "We recently blocked a sign-in attempt to your Google Account" . . . and requiring me to verify my account details, re-enter passwords, confirm security settings (or change them from "disable" to "enable less secure methods" and so on). In Mail I also have tried "taking all accounts online", and re-entering my gmail password inside Mail account settings. These steps successfully re-set comms between gmail and Mail ... for awhile, then it happens again. Enough occurrences over a work day that I just quit Mail and revert to accessing gmail directly. Apple Care advisor and an Apple knowledge base article say that Apple can't deal with this, as gmail is third-party app, and they refer me to gmail, and so far I've found nothing helpful there.
From today I also have several instances of a window saying "Mail has unexpectedly closed" and asking me to Re-open it.
I also use Yahoo mail, which stops working with Mac Mail at the same time as gmail, but I do not receive notices to re-verify from Yahoo.
I recently upgraded from Mavericks to Yosemite. The Mail problem happened occasionally with Mavericks but is far more frequent with Yosemite.
Maybe you are looking for
-
Hi I need one urgent solution In customer master data the payment terms is znz8 which is due 20th of the following month. But they want it if we do invoice 11/06/2008(today) the due date shpuld be 11/07/2008. for that in customer masta we need to ch
-
Is an Airport base station necessary for internet?
I have a cable modem and Airport Express. Can I just connect the cable modem to the Airport Express and get on the internet? Or do I have to have the Airport Extreme Base station to do that? Powerbook G4 Mac OS X (10.4.7)
-
if i open an extra tab, an extra firefox icon gets added to the taskbar (stacked icons turned on) If i close a tab, an icon disappears.
-
Firefox help drop down menu disabled
I'm running Firefox 26, as far as I can tell. When I try to open the Help drop down menu with my mouse or Alt-H, nothing happens. The Help menu doesn't drop down. I scanned for Malware, but found nothing. Happy Holidays!
-
Listing out the plsql objects which update tables
1) Is there a way i can list out which plsql object is doing DML statement on a table, i know we can use USER_DEPENDENCIES or DBA_DEPENDENCIES tables but it is listing out the packages or procedures even if a column is used to define a ref datatype o