A tale of two (or rather four) cities/perspectives.
The amount of conversation that has happened on these boards the last week has been nothing short of amazing. The passion, persistence and sheer love of what people do made it fun to read and watch, even when things would get slightly out of hand. It is why most professionals love what they do -- passion. When people love something, they take ownership of it, even if they had little hand in creating it. A company like Apple engenders a lot of this, because for the most part, it is the way they do business that makes the the perfect choice to use as tools to run our businesses and causes.
I have watched as diverse opinions, which in many cases came at odds centered around a product that most likely had never seen an ounce of the code, nor know any of the developers that made it come to fruition. Four distinctly different sides (in no particular order): the consumer, prosumer, professional and the apple fan. Each had almost an entirely different point of view, yet each one had their reasons and rights to weigh in on a brand new product.
Here is the coolest thing about all of this... Most companies would KILL for what has happened here this last week. How many companies truly have products that inspire so much territorial-like protection and social marketing? If this were a product from most other companies, little would be said. But, these are people that live to push their own limits, daring to dream and then pulling out the stops to make it a reality. I have to believe that this is exactly why no matter which side of the FInal Cut Studio argument they are on, each holds a reverence for both the former and the new product. They have let it become part of their lives, either professionally or personally, because it made a difference where other programs have not. This is a testament to just how good Apple can and does building solutions (when it wants to). When Apple does not live up to the level it has gotten us accustomed to, people feel like they lost out on what could have been.
That all said, here is what I have taken from the last week.
I was very, very much looking forward to a new pro-offering in the video market. Having seen them slowly let other pro-level programs and solutions fade over the years, I had hoped that this was so that things that Apple has historically been brilliant at come back to their full brilliance. Secretly, I had hopes that Apple was taking everything they had in Final Cut Studio, Shake, Logic and every other Apple talent and wrap it up into something mind-blowingly brilliant.
As a backup in my mind, I knew that we already had FCS and had hoped that if it did not deliver, at least we would get an upgraded FCS that actually for once took advantage of the hardware Steve and Phil have been telling us we needed as professionals for years. Can you imagine that something like FCS was still unable to utilize the resources of machines released in 2006? So, the idea of at least getting to see workstations utilized was a dream come true. Even if no new features came to the table, we would have a suite we could rely on and really start to flex the muscle of the resources we had invested so much in over the years. Most people think that to be a professional, it just takes buying FCS. In reality, it is thousands of dollars beyond that to get a complete solution, and in most cases, years to integrate and finesse everything to work to the level that when you see a feature film, television show, documentary or commercial, they look the very best they can.
What may seem like a bunch of whiners is only because we want to deliver our very best and when the toolset that is used is thrown away and the roadmap is blurry, at best, it lease us wondering what to tell our clientele, or how we are going to replace what we have to continue to be competitive in an ever changing environment. Now, imagine you have an entire facility built around that solution, with hundreds of thousands of dollars that was centered around a solution that just was "end-of-lifed." Imagine knowing that you will have to either add to or replace systems and now, you cannot even get the current version of the suite you were sold on as a long-term solution from Apple. Now, try to factor in how you are going to have to slowly find a more long-term solution and know that it cuts money out of the budget for raises, benefits or even outright salaries, just to keep a solution that the business needs for stability.
I think if you ask the professional on this list, it is not as much about Final Cut Pro X, as much as it is about the way Apple handled it. The complete disregard for selling on an enterprise-level solution, all while knowing that they were going to get out of the professional market altogether. It is a respect and trust issue at stake and not a software, nor even solution-based issue. If this is a move Apple needs to make, be open and honest, so that we have a chance to make smart business decisions that can be long term.
On the other side of the argument, I think that the prosumer market just got a heck of a nice tool for doing much of what we have built entire solutions to accomplish. They are slowly getting tools to make even the most mundane video project extraordinary. They really are the beneficiaries of the new software, and I look forward to how it inspires our next generations of videographers, motion graphic artists, editors, directors, producers. This definitely will be a tool that will help them.
Having said that, the way Apple handled the professional market was extremely unprofessional, at best. As a company with such an immense talent pool, resource and technical capabilities, and a marketing arm that rivals almost any company on the planet, I expected them to handle this much, much more appropriately. As professionals, we could not survive if we treated our clientele in this manner, so I am no about to continue to reward them with continued sales for solutions they clearly have little interest in producing. I am also going to remain a little more apprehensive when they come to me showing new large-scale solutions. While companies like Avid and Adobe have their faults, they generally do listen to professionals, and as a reward engender great customers. We also are not afraid to pay for solutions. They respect this (for the most part), whereas Apple thinks that only its opinion need matter. Final Cut was an amazing suite, in many ways because Apple collaborated with some of the best in the industry to make it do what was not just needed, but wanted and dreams about. That is where magic begins.
Steve, Phil, Randy... You let a lot of us down. You could have had FCS, FCPX and looked brilliant. You did not have to burn the bridges down. Or, if you wanted us to go elsewhere, at least had the respect to give us a head's up and some solutions to ease the transition. Instead, you simply didn't care, and still don't seem to care. Is this how you would like us to look at future Apple solutions? If you are going to abandon those that spend a good portion of income on end-to-end Apple solutions and watch you throw them away, what next is on the chopping block? If you want the respect of businesses, then you need to show businesses respect.
I haven't tried to find out the cause of this stir, only days after I purchased my home-use FCS/hardware package. If companies are trying to restrict the access to the technology it could only be to give interests like yours time to adjust. I suggest you do so quickly, since people like me now know the capabilities and pricing requirements of the technology, and we don't stand for bogus monopoly in the land of individual liberty.
However, I suspect Apple feels and acts with the same premises, and I know that's true for all the best companies, so I am looking forward only to the continuation of more and better solutions in the future.
Similar Messages
-
I seem to have at least two, and maybe four, iCloud accounts, across my iPhone, my iPad and my MacBook Pro. Can I combine them into one iCloud account? I have been able to log into what appears to be three of the four iCloud accounts I have. Two of them seem to be remarkably similar, and one appears to be only for my MacBook.I think I know which one my iPhone is backing up to, as I successfully restored from a back-up last week. The fourth iCloud account I can't access via password or security questions. Any advice would be much appreciated.
Thanks.
Cheers,
Aaron
Melbourne, AustraliaYou cannot merge accounts.
-
A Tale of Two iPhones and One iTunes
So this little problem has plagued us for years... nearly three to be more precise. We have two iPhones and one PC. Wife syncs contacts with GMail and I sync contacts with Outlook. Funny thing was that the tab for contact sync would not 'stick' with the phone... if I synced mine first, when I plugged hers in it would still be setup for Outlook. Or if I changed it to Google for her and then plugged mine in it wouldn't remember my phone wanted Outlook and would sync with Google. I gave up trying to get it working and setup a seperate profile on the PC for my wife that really was only used for her to sync her phone. The only drawback we could see was we couldn't have a single repository for apps and I had to add music to libraries twice (one for each profile on the computer).
Well, now that we're on the 4S I thought I'd see if iTunes has evolved since 3 years ago when I gave up. I uninstalled all Apple applications and loaded the latest iTunes. The cool part of iOS 5 and the new iTunes is we don't have to connect phones any more So now both phones show up at the same time. I can toggle through all the tabs and see how they differ... different sets of applications are selected, different photo options, music options, etc. EXCEPT the tab with contacts. If I set her phone to google, my phone changes too. I set mine back to Outlook and hers changes to Outlook. We've mixed and matched contacts several times trying to get them to stay in tune and that is a huge PITA to clean up.
I tried the Genius bar. The Genius answer was that we should probably do a restore on the phone. I asked him to help me understand how restoring one phone would solve a problem that existed across 4 phones (two 3G's and two 4S's) and untold versions of iTunes over three years. He just insisted that we probably need to do a restore on the 4S. You know, because that would clearly explain the problem we also had on the 3G. His backup plan was to call Apple support.
So before I submit a ticket to Apple, anyone else able to confirm this limitation? I've checked with my friends and the ones that have iPhones don't sync their contacts anywhere. iCloud will help but we use XP and the PC software requires Vista or better so for now we're still unable to sync our contacts to our PC.
Thanks!
davidOn your wife's phone, when you said you've done a restore, was that a restore from backup or as a "new" device? I would suggest deleting the .ipsw file/files on your computer, connecting your wife's phone and restore as "new". When finished, DO NOT SYNC, rather eject the phone and test, verify that all is working correctly. If so, connect her phone & sync her content back.
The .ipsw file is located here, delete all you find, there should only be one:
~/Library/iTunes/iPhone Software Updates
If this works, under preferences, devices, in itunes, delete her backups, as they are most likely corrupted. -
How--can I access my iTunes library on both?
Hey there Bj418,
It sounds like you are looking for a solution to be able to access the same iTunes library on both computers in two different cities. If all of your purchases are from the iTunes Store, you can use iTunes in the Cloud to keep both libraries up to date. First enable iTunes to show your iTunes in the Cloud purchases in your iTunes preferences Store tab:
Show iTunes in the Cloud purchases
Display items purchased from the iTunes Store that haven’t been downloaded to your computer. These items have a Download button next to them.
iTunes 11 for Windows: iTunes Store preferences
http://support.apple.com/kb/PH12468
Then download your previous purchases to your computer with this article:
iTunes 11 for Mac: Download previous purchases from the iTunes Store
http://support.apple.com/kb/PH12283
If you have content that you have imported from other sources, then you may want to look into iTunes Match as an option. This method does have a yearly subscription cost, but it enables you to access your non iTunes Store music from any authorized computer. Here is some more information about it:
https://www.apple.com/itunes/itunes-match/
Thank you for using Apple Support Communities.
Take care,
Sterling -
Only two of my four signatures will reflect as options my e-mail
I have four signatures set up as options on Mac Mail. However, when I write an e-mail only two of them are accessible to choose from. How do I access the other two? I'm running Lion 10.7.5 on a Mac Baook Pro.
see threads
https://discussions.apple.com/message/1853788#1853788
https://discussions.apple.com/message/4995636#4995636
https://discussions.apple.com/message/2154265#2154265
http://support.apple.com/kb/PH11696 -
Building a Raid-0 with two out of four internal drives?
Hello everyone
I have four drives in my MacPro:
1) OS+Apps
2) Virtualization
3) iTunes
4) empty
My iTunes library fills drive 3 and I am close to having a full drive.
I would like to 'span' my iTunes library over to drive 4 and was thinking about building a Raid-0 on drives 3) and 4).
Can I do this without any additonal software and hardware?
Do I simply do that in Disk Utility?
Can you foresee any limitations to that setup (except for fault tolerance)?
I assume performance is also sufficient as after all it is only for iTunes.
I am not worried about drive crashes as I can back-up the spanned drives externally
Any thoughts?
Thanks in advanceQuick follow-up information from the disk utility help menu:
"Using several disks as a single volume with a concatenated RAID set
If you need to set up two or more disks or volumes to work together as a single, large volume, you can create a concatenated RAID set. You can even increase the size of a concatenated disk set after it's been created by dragging more disks to it in Disk Utility. This RAID set is helpful if you have a file, such as a database, that's larger than any of the disks you have. Or you may need to create a mirrored or striped RAID set with one large disk and two smaller disks.
If you booted your computer from a disk that has multiple partitions, you cannot create a RAID set that contains partitions from your boot disk. To create a RAID disk that contains partitions from that disk, you must boot your computer from another disk or the Mac OS X Install disk first.
You cannot remove individual disks from a concatenated disk set."
So it seems I can add disks whenever I want but once added I can't remove them... -
Upraded to 10.5.6 and two of my four displays are no longer "detectable"
I was happily running 4 displays from my 2 graphics cards (9600XT and 9200) under 10.3.9. 3 x DVI (one of which is with the ACI adapter) and 1 running via VGA to a plasma TV. The 3 displays running from DVI were all "name" recognized in System Preferences and all resolution options were available under 10.3.9.
I have now upgraded to 10.5.6 (and subsequently 10.5.8 in case that solved the issue) and suddenly two of the displays aren't recognized and I am only given a single, low resolution option, if I press "Detect" is does nothing but if I untick the button to show me all Colour profiles..there are all my original profiles with the names of the displays but you can't select them per se. - also on these two affected displays, display the Leopard background (the Universe pic) is mainly blue - almost like when you have a loose cable (but they are not). It's almost like the black and yellow has been take out. Both screens are "usable" in that you can clearly read them just one is now in 640 x 400 ( I think) and the other in 1024 x 768 (24" Widescreen Dell).
The problem is not card specific i.e. it seem to effect one socket from each card - the VGA on the stock Apple ATI card and one DVI on the ATI 9200
I have tried swapping the displays between the cards and when I do the alternate display is then recognized so it can't be a problem with any of the displays either.
Any ideas? I need all 4 displays running in their respective resolutions (and without a blue screen) for Logic screenshots.
Message was edited by: PipmeisterOk.. tried the Sysresex that fixed others HDMI Mac Mini problem - but that didn't work. It can't be a problem with Application Enhancer as I didn't have that installed, although I do now just to see if it made any difference.
I have tried unseating and reseating both video cards and nothing. I know it's not the drivers for the displays as they work when swapped. -
The tale of two IPSec Tunnels...
I'm trying to set up an ipsec tunnel at a particular site, and I am just stumped at this point. I have two sites I'm working with, a test site on my bench and the other actual site at another location. Both are ASA 5510's, both are running ASA v8.2(5). The test site has a 3560 off of it, and the production site has a 3750 stack off it. I don't think that part should matter, though.
I used the wizard to create the ipsec configuration on both devices, test and prod, and used the same naming on both to help compare. The test site connects and I can ssh to the 3560 behind it just fine. The production site, however, cannot connect to that 3750 or ping it to save my life. I've poured through the configs on both, and although there are just a couple of differences, the two ASA's are pretty close in configs.
At first I thought it was an acl issue, but I've filtered the logs by syslog id 106023 to watch for denys by access group. When I try to connect to the 3750, I get absolutely no entry in the log that anything is being denied, so I figure that's not it.
Then I thought it may be a routing issue. The one difference between the two sites is that the test site is using eigrp to disperse routes between the asa and switch, while the production site is using static routes. But I also didn't think that would've mattered, because on the static route switch I even put a static route in there to the vpn network which didn't make a difference.
I've also run packet traces on the firewall when doing a ping, and on the test siteI see echo requests and replies. Oon the production site I only see requests, no replies. My encap counters don't increment during pings, but the decap counters do, which make sense.
Other things to note: The test site that works also has a site-to-site vpn up and runnning, so you'll see that in the config as well. Client is Mac OS X 10.6.8, using the Cisco IPSec Config.
I'm hoping someone can look at my configs and tell me if they see anything I'm missing on them that could help solve my problems. I'd appreciate it! Thanks
Test Site that works
Production Site that Doesn't
testasa01-5510# sh run
: Saved
ASA Version 8.2(5)
hostname testasa01-5510
names
interface Ethernet0/0
nameif outside
security-level 0
ip address <outsideif> 255.255.255.240
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.39.194.2 255.255.255.248
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
no ip address
management-only
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
access-list inside_access_in extended permit ip 10.39.0.0 255.255.0.0 any log disable
access-list RemoteAccess_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
access-list inside_nat0_outbound extended permit ip 10.39.0.0 255.255.0.0 10.0.0.0 255.0.0.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 172.16.139.0 255.255.255.240
access-list outside_cryptomap extended permit ip 10.39.0.0 255.255.0.0 10.0.0.0 255.0.0.0
access-list remoteaccess extended permit ip 172.16.139.0 255.255.255.240 any log disable
tcp-map WSOptions
tcp-options range 24 31 allow
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpn_ip_pool 172.16.139.0-172.16.139.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-713.bin
no asdm history enable
arp timeout 14400
global (outside) 100 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 100 10.39.0.0 255.255.0.0
access-group inside_access_in in interface inside
router eigrp 100
network 10.0.0.0 255.0.0.0
passive-interface default
no passive-interface inside
route outside 0.0.0.0 0.0.0.0 <outsideif> 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 10.0.0.0 255.0.0.0 management
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map1 1 match address outside_cryptomap
crypto map outside_map1 1 set pfs group1
crypto map outside_map1 1 set peer 209.242.145.200
crypto map outside_map1 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map1 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map1 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 170
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 86400
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 60
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server <server> source inside
webvpn
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol IPSec
group-policy RemoteAccess internal
group-policy RemoteAccess attributes
dns-server value 8.8.8.8
vpn-filter value remoteaccess
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RemoteAccess_splitTunnelAcl
split-tunnel-all-dns disable
vlan none
tunnel-group RemoteAccess type remote-access
tunnel-group RemoteAccess general-attributes
address-pool vpn_ip_pool
default-group-policy RemoteAccess
tunnel-group RemoteAccess ipsec-attributes
pre-shared-key *****
tunnel-group 111.222.333.444 type ipsec-l2l
tunnel-group 111.222.333.444
general-attributes
default-group-policy GroupPolicy1
tunnel-group 111.222.333.444
ipsec-attributes
pre-shared-key *****
class-map WSOptions-class
match any
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class WSOptions-class
set connection advanced-options WSOptions
policy-map type inspect ip-options ip-options-map
parameters
eool action allow
nop action allow
router-alert action allow
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
: end
mp01-5510asa# sh run
: Saved
ASA Version 8.2(5)
hostname mp01-5510asa
names
interface Ethernet0/0
nameif inside
security-level 100
ip address 10.29.194.2 255.255.255.252
interface Ethernet0/1
nameif dmz
security-level 50
ip address 172.16.29.1 255.255.255.0
interface Ethernet0/2
description
nameif backup
security-level 0
ip address <backupif> 255.255.255.252
interface Ethernet0/3
description
speed 100
duplex full
nameif outside
security-level 0
ip address <outsideif> 255.255.255.248
interface Management0/0
nameif management
security-level 100
ip address 10.29.199.11 255.255.255.0
management-only
banner login Authorized Use Only
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
object-group network DM_INLINE_NETWORK_1
network-object 10.29.1.0 255.255.255.0
network-object 10.29.15.0 255.255.255.0
network-object 10.29.199.0 255.255.255.0
network-object 10.29.200.0 255.255.255.0
network-object 10.29.31.0 255.255.255.0
access-list inside_access_in extended permit ip 10.29.0.0 255.255.0.0 any log warnings
access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_1 any log warnings
access-list inside_access_in extended permit ip 192.168.29.0 255.255.255.0 any log warnings
access-list inside_access_in extended permit ip 10.29.32.0 255.255.255.0 any log warnings
access-list outside_access_in extended permit ip any host 50.59.30.116 log warnings
access-list RemoteAccess_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 10.254.29.0 255.255.255.0 log warnings
access-list remoteaccess extended permit ip 10.254.29.0 255.255.255.0 any log warnings
access-list RemoteAccess2_splitTunnelAcl standard permit 10.29.0.0 255.255.0.0
pager lines 24
logging enable
logging list acl-messages message 106023
logging buffered acl-messages
logging asdm acl-messages
mtu inside 1500
mtu dmz 1500
mtu backup 1500
mtu outside 1500
mtu management 1500
ip local pool vpn_ip_pool3 10.254.29.0-10.254.29.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
asdm history enable
arp timeout 14400
global (inside) 201 interface
global (dmz) 101 interface
global (backup) 101 interface
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 10.29.1.0 255.255.255.0
nat (inside) 101 10.29.15.0 255.255.255.0
nat (inside) 101 10.29.31.0 255.255.255.0
nat (inside) 101 10.29.32.0 255.255.255.0
nat (inside) 101 10.29.199.0 255.255.255.0
nat (inside) 101 10.29.200.0 255.255.255.0
nat (inside) 101 192.168.29.0 255.255.255.0
static (inside,outside) <outsideif> 10.29.15.10 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 50.59.30.113 1 track 1
route backup 0.0.0.0 0.0.0.0 205.179.122.165 254
route management 10.0.0.0 255.0.0.0 10.29.199.1 1
route inside 10.29.0.0 255.255.0.0 10.29.194.1 1
route inside 192.168.29.0 255.255.255.0 10.29.194.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.0.0.0 255.0.0.0 management
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 100
type echo protocol ipIcmpEcho 74.125.239.16 interface outside
num-packets 3
frequency 10
sla monitor schedule 100 life forever start-time now
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
track 1 rtr 100 reachability
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh 10.0.0.0 255.0.0.0 management
ssh timeout 60
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.200.1.41 source inside
webvpn
group-policy RemoteAccess internal
group-policy RemoteAccess attributes
dns-server value 8.8.8.8
vpn-filter value remoteaccess
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RemoteAccess_splitTunnelAcl
split-tunnel-all-dns disable
vlan none
tunnel-group RemoteAccess type remote-access
tunnel-group RemoteAccess general-attributes
address-pool vpn_ip_pool3
default-group-policy RemoteAccess
tunnel-group RemoteAccess ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
testasa01-5510# sh crypto ipsec sa
interface: outside
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: <outsideif>
local ident (addr/mask/prot/port): (10.0.0.0/255.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.16.139.1/255.255.255.255/0/0)
current_peer: <peer ip>, username: blah
dynamic allocated peer ip: 172.16.139.1
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 30, #pkts decrypt: 30, #pkts verify: 30
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: <outsideif>/4500, remote crypto endpt.: <peer ip>/37291
path mtu 1500, ipsec overhead 82, media mtu 1500
current outbound spi: 0A7F396F
current inbound spi : E87AF806
inbound esp sas:
spi: 0xE87AF806 (3900372998)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, NAT-T-Encaps, }
slot: 0, conn_id: 49152, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 3587
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x7FFFFFFF
outbound esp sas:
spi: 0x0A7F396F (176109935)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, NAT-T-Encaps, }
slot: 0, conn_id: 49152, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 3587
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
mp01-5510asa# sh crypto ipsec sa
interface: outside
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: <outsideif>
local ident (addr/mask/prot/port): (10.0.0.0/255.0.0.0/0/0)
remote ident (addr/mask/prot/port): (10.254.29.1/255.255.255.255/0/0)
current_peer: <peer ip>, username: blah
dynamic allocated peer ip: 10.254.29.1
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 51, #pkts decrypt: 51, #pkts verify: 51
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: <outsideif>/4500, remote crypto endpt.: <peer ip>/37291
path mtu 1500, ipsec overhead 82, media mtu 1500
current outbound spi: 096265D4
current inbound spi : F5E4780C
inbound esp sas:
spi: 0xF5E4780C (4125390860)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, NAT-T-Encaps, }
slot: 0, conn_id: 102400, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 3576
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x001FFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x096265D4 (157443540)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Tunnel, NAT-T-Encaps, }
slot: 0, conn_id: 102400, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (sec): 3576
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001Config (non working site) looks fine(unless I missed something:)) . You may want to add :
access-list RemoteAccess_splitTunnelAcl standard permit 192.168.29.0 255.255.255.0
Try by taking out vpnfilter : vpn-filter value remoteaccess
To further t-shoot, try using packet tracer from ASA to the client...
https://supportforums.cisco.com/docs/DOC-5796
Thx
MS -
Help! I have two Macs, my 18 month old Intel iMac and a 6 month old MacBook Pro. Initially after a struggle, several restarts, and temporarily using Ethernet I got the Time Capsule working with the iMac. Then I tried the MacBook Pro which backed itself up to TC smoothly on WiFi. Now the iMac won't talk properly to TC again. But open up the MacBook and it smoothly and immediately backs itself up.
Both machines are running identical fully up-dated versions of Leopard. The only difference I can see between them is the amount of data, 200 GB on a 500GB HD on the iMac, but only 20GB on the MacBook Pro. The iMac tries to back itself up, but throws one of two error messages, either could not connect to backup disk, or "Error setting up backup directory".
Any suggestions very welcome!On the iMac, do you see TC on the Finder under Shared?
If you can see it, can you mount it as well?
After it's mounted, do you see some files named "iMacName12345678.sparsebundle" in the root of the volume? -
I just downloaded Firefox 4 and the add-on, AniWeather. It only gives me four locations, none of which is mine...either Sun City, AZ or Phoenix, AZ will do. I don't need NY, Chicago, etc. as I go to Weather Underground for those details. How can I customize AniWeather?
Try to create a new profile and install your AniWeather again. Here is how to create a new profile:
http://support.mozilla.com/en-US/kb/Managing%20profiles
If still not working, let me know (contact AT aniweather.com) -
Hello,
I have a Dell laptop that I have purchased many TV shows and Movies. All are present on my Dell Laptop. I was recently given a Windows Tablet at work and opened my ITunes account only to find that just two TV shows that I purchased are available to watch, and the only movies that I can see are the two that I got as free downloads when purchasing the movie on DVD.
How do I go about being able to access all my purchases on my new tablet?
Thanks
DavidOne of the two photos is the HDR version. The other is the normal picture without HDR.
To eliminate the normal photo from being save see Settings > Photos and Camera > Keep Normal Photo and turn OFF. -
A couple oe f days ago, I started downloading the BBC's version of Sherlock. I have the entire first season completely downloaded. The second season (and unaired pilot) is a different story. It was downloading, but my internet kept crashing so I couldn't finish the downloading process. I shut down iTunes for the night and thought to myself "I finish it in the morning." This morning, I attempted to finish the downloading process, but it would only let me download two of the four episodes. The other two just say "This computer is already associated with an Apple ID. You can download past purchases with just one Apple ID every 90 days. This computer can be used with a different Apple ID after 90 days." I used one account to download the TV shows and nothing else.
I'm really confused and really frustrated with this. Any suggestions/answers are welcomed and greatly appreciated!This is a somewhat recent change, but frankly there is no reason to constantly be logging out of one Apple ID and logging in with a different Apple ID.
If multiple people with different Apple ID's are regularly using the same computer, either authorize the computer for each of the Apple IDs or created unique logins on the computer for each user and have each sign in with their appropriate Apple ID. -
In our household we have three ipads, two ipod touches, four ipod shuffles, and one (very old) ipod...plus two Apple I.D.s. How do i put them all together on one apple i.d. and one computer?
Apple ID's cannot be merged, however, a single iTunes can be authorized for up to five Apple ID's.
the following support article may be useful:
How to use multiple iPods, iPads, or iPhones with one computer -
How do I combine two user accounts into one account?
When we originally set-up our iMac, I set-up two accounts for my wife and I. Since then it has been a royal pain with music and applications sharing. How do I merge the two accounts into one?
I found an answer to this by searching on "merging two accounts" rather than "combining two accounts." BTW, it's a little mini-nightmare if you only use "combine" on both Google and Apple support. At least this post might help others avoid the same fate.
Here's where to go to find the answer: http://discussions.apple.com/message.jspa?messageID=5629676#5629676 -
Two ODSs share the same InfoSource but with different updata mode load?
We've got two different ODSs (ODS1 and ODS2) for two respective clients (client 1 and client 2). Client 1 has already going alive and in the InfoPackage, we only pick up ODS1 (Client 1) as feeding target and we have conducted initial load and several times of Delta loads for ODS1 (data load daily). But now we are going to start to load data to ODS2 (Client 2) and at the same time we will have to continue our delta load to ODS1.
It could not be possible that the two ODSs will be feeded data with different pace (ODS1: continue delta load, ODS2: initial load) if they share the same InfoSource. Then what's the best way to resolve this issue?
Thankshi Pradip,
Tell you a bad news that the solution doesn't work on two of the EBP (a source system which is similar to R3, we've got 4 EBP ODS/InfoSources, but two of the four don't work with the last step listed below) ODSs/InfoSources. The steps I took on production are:
1. Conduct Full Repair data load to ODS2;
2. Delete init option of ODS1 from Scheduler menu;
3. Run Init without data transfer to set delta pointer for both ODS1 and ODS2.
But the last step to run Init without data transfer has taken 1 whole day and eventually becomes red since it takes so long time to set delta pointer.
When I said our solution worked is that I conducted the test on our GL ODS and the Init without data transfer took about 1 hour to finish.
Also when we conduct the last step to do the Init without data transfer to click Start button to set pointer, a msg box titled "Activate ODS Data" pops up saying that "No requests have been selected for activation. Do you want to make a selection, or activate all the requests?" with buttons "Activate all requests", "Select requests" and "Cancel". If clicking the button "Select requests", another msg box pops up to prompt to input a Date range, we didn't input any date range, just click continue, then the Init without data transfer will run forever!
Thank
Message was edited by: Kevin Smith
Maybe you are looking for
-
Hi, I created and configured process scheduler through psadmin.exe and getting error when tried to start it...... PeopleSoft Process Scheduler Administration 1) Start a Process Scheduler Server 2) Stop a Process Scheduler Server 3) Configure a Proces
-
Hello Gurus and Gurettes, I am currently working on a new conversion project. My problem is I have not been able to find much information about the conversion of this specific software( FAS Sage) to SAP. I was hoping someone has had experience and c
-
Getting error message for beta downloading cannot find archive files
I downloaded firefox beta for my windows 7 ...after download was complete.. I clicked on run and a pop up stated" can not find archive file"
-
Cost of removal account for assets
When ever I retire an asset (though its a loss) but the system Debits the Gain account defined for the cost of removal in book control. Does any one has an idea why? thanks, Ramadhar
-
Applying feathering to only one layer
Hi, I'm created a two-part ad. One of the two parts (on two different layers) has a background image that I would like only the center to show up and the rest I'd like to whiten (about 90% opacity, leaving 10% of the background image visible) using