Accessing device attached to VPN router
Hi. We have a VPN router, RV180, that was installed to allow us to access data on a PLC which is physically attached to the router via ethernet cable. We are able to establish a VPN connection from a remote laptop using QuickVPN. However, we cannot figure out how to browse to the PLC using Internet Explorer. The IP address we have for the PLC is identical to an external IP address and our browser simply loads the page from the Internet. How do we browse to the PLC using the VPN connection?
Thanks
Mike
Hello. If I may reactivate an old string I have a bit of an ironic question. The Mac connection which seemed so difficult is now the only one that works. To be clear, The Windows folks can still create a VPN connection. However, they cannot access the PLC on the other side. This wasn't obvious when I last posted because we didn't have the correct login info for the PLC so none of us could get in. Now, my VPN connection allows me to log in to the PLC. The Windows VPN connection cannot see the PLC log in page. Can anyone suggest some areas to check in the administration pages of the router to find the difference between the PPTP protocol which works and the QuickVPN protocol which doesn't?
Mike
Similar Messages
-
How can I create public AND private access with a wireless VPN router?
I am thinking about getting one of the new pre-n wireless routers that has a builtin VPN. I will need to have a private net for my office and a public net for my customers. On the private side- my employees will need to access all network resources and servers etc. On the public side, my customers just need to get to the Internet and maybe print on that side too.
Both sides will be DHCP.
Can I set this up with 1 device ro do I need 2? How can I do this? Any help is greatlu appreciated.
Thanks all.
Message Edited by Gman on 10-14-200607:08 PMThe only safe way to do this is to creat user groups On your server and give specific assess to the users who log into the network.
Using a single router , bifurcating a public from a private network is not possible.You will not be able to use the VPN since the users hav e to be connected to the VPN to log into your network. -
VPN to access NAS attached to WRT300N remotely?
I have a WRT300N which has a SimpleShare network attached storage device (NAS) connected. I would like to be able to access files on the NAS and use the attached printer remotely when I am away from the house. The SimpleShare has a print server built in also.
Is the best way to do this with a VPN? Ultimately I would like to be able to access the files directly on the SimpleShare rather than setting up a server at home.
Thanks for any and all help.There are two options. Firstly, if your NAS supports FTP hosting and your printer supports IPP (internet Printing) then you can simply host an FTP server through the NAS and enable IPP on the printer. You may just required ports on the router. Secondly you can try a VPN, for that you may need a VPN router so using it you can create a VPN connection.
-
On a Windows 2008 R2 server that had been working fine, all of a sudden some shared folders became inaccessible. Clicking on them returned the following: "<Folder> is not accessible. You might not have permission to use this network
resource. A device attached to the system is not functioning."
If I create another share with a different name for that same folder, it works fine. If I delete the original share then recreate it with the same name, I get the same error. However, if I right click on the problematic share and select 'map
network drive' that works. So this would not appear to be a permission issue.
I discovered this problem because the path for mapping the home folder as a property of their AD account stopped working.
I have tried most of the common things found on the internet. I've tried accessing via IP, same issue. While I only have a couple 2003 servers, those can access this resource.
At this point, I'm pretty much out of ideas. Any help would be appreciated. I also have some reports of potential issues with some printer mappings too which I will have to investigate in the morning.
If anyone has a solution to this I would be extremely grateful. Thank you.Hi,
Can you access the shard folder locally? Is a specific server cannot access the shared folder? Please try to Boot your server in Clean Mode to check if some third-party software cause the issue.
How to perform a clean boot in Windows
http://support.microsoft.com/kb/929135
Best Regards,
Mandy
If you have any feedback on our support, please click
here .
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Access share on NSS4000 with error: A device attached to the system is not functioning
Hello,
We use Acronis True Image Server to backup 4 Windows 2008 Standard Server system
with 2 different domains, each containing a DC and a RDP-Server.
After Server reboot, backup will run only once a day.
The next day backup aborts, and while trying to access
the network share like \\ip-address\share, as configured in Acronis
I get the error message: A device attached to the system is not functioning.
On the other hand, I can ping the NSS4000 and access share by using the
network (netbios) name instead of the ip.
This will work only for one day, also.
Now, if I try to access the share on the NSS4000 again by ip,
I get the error code 0x80070043 The networkname can not be found.
Ping on ip and netbiosname works.
Share access from one server to an other is not affected and full funtional at all times.
On the first sight I thought, that there it might be with the authentication protocol NTLMV2.
So I configured the GP to send only NTLM Authentication only, without fixing the problem.
Fyi:
I use a NSS4000, Firmware version 1.16-3
The NSS4000 is not a member in neither domains.
I created a dummy user account on each domain, an created a local user on the NSS4000 related
to the dummy user account on each domain.
A good answer helping me to fix with this issue, would be great.I am constantly seeing this error at multiple sites on Windows Server 2012 and 2012 R2 Standard and DataCenter.
I have counted over 50 different server I manage with services such as domain controller, hyper-v, file servers, exchange 2013, SQL 2008/2012, and print servers.
I have seen it happen on machine that have been in production for over 2 years and to machines that were just created last week.
It is happening on metal, hyper-v and esx vmware servers.
It is happening when the machine have updates waiting or no updates, or after updates have been applied and awaiting a restart.
It is happening on Dell PowerEdge server, HP Proliant servers and IBM servers.
It is happening on servers with Intel and AMD chip-sets.
It is happening on machines that are a part of a domain or in a workgroup.
It is happening on machines with AV of Bitdefendor, Trend Micro, Vipre, Microsoft Endpoint, and Symantec Endpoint.
Only a restart will fix it.
I have ran process monitor on several of the problem machines and I cannot find anything.
Since I have only started seeing this about 6 month ago it must be a Windows update causing it.
Moses Hull of Alexant Systems -
WD My Book NAS drive, Cisco VPN router and FTP access
Hello:
I have a Western Digital My Book World Editon II NAS drive that is connected through a Cisco ASA 5500 VPN router.
This NAS drive has a service to use it as an FTP server using port 21 as default or other specific port.
I also have a XP PC in which I installed Filezilla where I am trying to access the NAS files.
Only problem is that Filezilla apparently connects to the NAS drive but it lists the directory as empty.Changing to Active mode makes no difference.
Does this sounds like a problem with the VPN configuration?
Do I have to configure some kind of port forwarding on the VPN router for port 21?
Or does the VPN router has nothing to do with this problem?
Thanks for your helpWould you "Solve" this question please ?
-
HT5622 i can't access my itunes account because there are too many devices attached too it?
I can't access my itunes account because it says i have too many devices attached to it. I need to clear some if the devices that are associated with my account?
Welcome to the Apple Community.
Remove some of the associated devices using your account settings in iTunes. -
Configure VPN access on a Cisco WRV210 wireless-G vpn router -range booster
Please help....
I need to configure a vpn on a Cisco WRV210 Wireless-G VPN Router - RangeBooster, i have five users that are going to connect to a file server. windows and Mac laptops will be connecting. The file server access is all set i just need a step by step document to configure the vpn screens on the router.thanksHi Robert
You can refer the below link in finding out the exact config to start with.
do make sure that your Cisco 831 box with the current IOS code installed in it supports the required feature to run the same..
http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html#anchor16
regds -
PIX 501 and Linksys VPN Router (WRV200)
I have inherited a job where we have a Cisco PIX 501 firewall at one site, and Linksys WRV200 VPN Router on two other
sites. I have been asked to connect these Linksys routers to the PIX firewall via VPN.
I believe the Linksys vpn routers can only connect via IPSec VPN, so i am looking for help on configuring the PIX 501 to allow the linksys to connect with the following parameters, if possible.
Key Exchange Method: Auto (IKE)
Encryption: Auto, 3DES, AES128, AES192, AES256
Authentication: MD5
Pre-Shared Key: xxx
PFS: Enabled/Disabled
ISAKMP Key Lifetime: 28800
IPSec Key Lifetime: 3600
On the PIX i have the PDM installed and i have tried using the VPN Wizard to no avail.
I chose the following settings when doing the VPN Wizard:
Type of VPN: Remote Access VPN
Interface: Outside
Type of VPN Client Device used: Cisco VPN Client
(can choose Cisco VPN 3000 Client, MS Windows Client using PPTP, MS Windows client using L2TP)
VPN Client Group
Group Name: RabyEstates
Pre Shared Key: rabytest
Extended Client Authentication: Disabled
Address Pool
Pool Name: VPN-LAN
Range Start: 192.168.2.200
Range End: 192.168.2.250
DNS/WINS/Default Domain: None
IKE Policy
Encryption: 3DES
Authentication: MD5
DH Group: Group 2 (1024-bit)
Transform Set
Encryption: 3DES
Authentication: MD5
I have attached the VPN log from the Linksys VPN Router.
This is the first time i've ever worked with PIX so i'm still trying to figure the thing out, but i'm confident with CCNA level networking.
Thanks for your help!Hi again,
I believe the pix has a 3des license because of the following parts of the "show version"
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
This PIX has a Restricted (R) license.
I've tried reconnecting the VPN tunnel with debugging on the PIX and get the output as shown in the attached file "vpndebug.txt"
As for the other show commands they give:
pixfirewall# show crypto isakmp sa
Total : 0
Embryonic : 0
dst src state pending created
pixfirewall# show crypto ipsec sa
interface: outside
Crypto map tag: transam, local addr. 10.0.0.1
local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
current_peer: 10.0.0.2:0
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.0.0.1, remote crypto endpt.: 10.0.0.2
path mtu 1500, ipsec overhead 0, media mtu 1500
current outbound spi: 0
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
pixfirewall#
Thanks again Daniel, i really appreciate your help on this matter. -
Unable to Access Company LAN via VPN
Hello,
I have a ASA 5505 that I have been using to test run the IPSec VPN connection after studying the different configs and running through the ASDM I keep getting the same issue that I can't receive any traffic.
The company LAN is on a 10.8.0.0 255.255.0.0 network, I have placed the VPN clients in 192.168.10.0 255.255.255.0 network, the 192 clients can't talk to the 10.8 network.
On the Cisco VPN client I can see lots of sent packets but none received.
I think it could be to do with the NAT but from the examples I have seen I believe it should work.
I have attached the complete running-config, as I could well have missed something.
Many Thanks for any help on this...
FWBKH(config)# show running-config
: Saved
ASA Version 8.2(2)
hostname FWBKH
domain-name test.local
enable password XXXXXXXXXXXXXXX encrypted
passwd XXXXXXXXXXXXXXXX encrypted
names
name 9.9.9.9 zscaler-uk-network
name 10.8.50.0 inside-network-it
name 10.8.112.0 inside-servers
name 17.7.9.10 fwbkh-out
name 10.8.127.200 fwbkh-in
name 192.168.10.0 bkh-vpn-pool
interface Vlan1
nameif inside
security-level 100
ip address fwbkh-in 255.255.0.0
interface Vlan2
nameif outside
security-level 0
ip address fwbkh-out 255.255.255.248
interface Vlan3
nameif vpn
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Ethernet0/0
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
banner login Trespassers will be Shot, Survivors will be Prosecuted!!!!
banner motd Trespassers will be Shot, Survivors will be Prosecuted!!!!
banner asdm Trespassers will be Shot, Survivors will be Prosecuted!!!!
boot system disk0:/asa822-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name test.local
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_UDP_1 udp
port-object eq 4500
port-object eq isakmp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
protocol-object udp
access-list inside_access_in extended permit tcp 10.8.0.0 255.255.0.0 any object-group DM_INLINE_TCP_2 log warnings inactive
access-list inside_access_in extended permit ip inside-network-it 255.255.255.0 any inactive
access-list inside_access_in extended permit tcp 10.8.0.0 255.255.0.0 host zscaler-uk-network eq www
access-list inside_access_in extended permit ip inside-servers 255.255.255.0 any log warnings
access-list USER-ACL extended permit tcp 10.8.0.0 255.255.0.0 any eq www
access-list USER-ACL extended permit tcp 10.8.0.0 255.255.0.0 any eq https
access-list outside_nat0_outbound extended permit ip bkh-vpn-pool 255.255.255.0 10.8.0.0 255.255.0.0
access-list outside_access_in extended permit udp any host fwbkh-out object-group DM_INLINE_UDP_1 log errors inactive
access-list inside_nat0_outbound extended permit object-group DM_INLINE_PROTOCOL_1 10.8.0.0 255.255.0.0 any
access-list inside_nat0_outbound_1 extended permit ip 10.8.0.0 255.255.0.0 bkh-vpn-pool 255.255.255.0
access-list UK-VPN-USERS_splitTunnel extended permit ip 10.8.0.0 255.255.0.0 bkh-vpn-pool 255.255.255.0
access-list UK-VPN-USERS_splitTunnel extended permit ip inside-servers 255.255.255.0 bkh-vpn-pool 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu vpn 1500
ip local pool UK-VPN-POOL 192.168.10.10-192.168.10.60 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
nat-control
global (inside) 1 interface
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 1 10.8.0.0 255.255.0.0 dns
nat (outside) 0 access-list outside_nat0_outbound outside
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 17.7.9.10 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 10.8.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint BKHFW
enrollment self
subject-name CN=FWBKH
crl configure
crypto ca certificate chain BKHFW
certificate fc968750
308201dd 30820146 a0030201 020204fc 96875030 0d06092a 864886f7 0d010105
05003033 310e300c 06035504 03130546 57424b48 3121301f 06092a86 4886f70d
ccc6f3cb 977029d5 df42515f d35c0d96 798350bf 7472725c fb8cd64d 514dc9cb
7f05ffb9 b3336388 d55576cc a3d308e1 88e14c1e 8bcb13e5 c58225ff 67144c53 f2
quit
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 10.8.0.0 255.255.0.0 inside
ssh timeout 30
ssh version 2
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy UK-VPN-USERS internal
group-policy UK-VPN-USERS attributes
dns-server value 10.8.112.1 10.8.112.2
vpn-tunnel-protocol IPSec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value UK-VPN-USERS_splitTunnel
default-domain value test.local
address-pools value UK-VPN-POOL
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol webvpn
username admin password XXXXXXXXXXXXXXXXX encrypted privilege 15
username karl password XXXXXXXXXXXXXXX encrypted privilege 15
tunnel-group UK-VPN-USERS type remote-access
tunnel-group UK-VPN-USERS general-attributes
address-pool UK-VPN-POOL
default-group-policy UK-VPN-USERS
tunnel-group UK-VPN-USERS ipsec-attributes
pre-shared-key *****
tunnel-group IT-VPN type remote-access
tunnel-group IT-VPN general-attributes
address-pool UK-VPN-POOL
default-group-policy UK-VPN-USERS
tunnel-group IT-VPN ipsec-attributes
pre-shared-key *****
class-map ALLOW-USER-CLASS
match access-list USER-ACL
class-map type inspect http match-all ALLOW-URL-CLASS
match not request header from regex ALLOW-ZSGATEWAY
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map type inspect http ALLOW-URL-POLICY
parameters
class ALLOW-URL-CLASS
drop-connection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
policy-map ALLOW-USER-URL-POLICY
class ALLOW-USER-CLASS
inspect http
service-policy global_policy global
service-policy ALLOW-USER-URL-POLICY interface inside
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:00725d3158adc23e6a2664addb24fce1
: endHi Karl,
Please make the following changes:
ip local pool VPN_POOL_UK_USERS 192.168.254.1-192.168.254.254
access-list inside_nat0_outbound_1 extended permit ip 10.8.0.0 255.255.0.0 192.168.254.0 255.255.255.0
no nat (outside) 0 access-list outside_nat0_outbound outside
access-list UK-VPN-USERS_SPLIT permit 10.8.0.0 255.255.0.0
group-policy UK-VPN-USERS attributes
split-tunnel-network-list value UK-VPN-USERS_SPLIT
no access-list UK-VPN-USERS_splitTunnel extended permit ip 10.8.0.0 255.255.0.0 bkh-vpn-pool 255.255.255.0
no access-list UK-VPN-USERS_splitTunnel extended permit ip inside-servers 255.255.255.0 bkh-vpn-pool 255.255.255.0
access-list inside_access_in extended permit ip 10.8.0.0 255.255.255.0 192.168.254.0 255.255.255.0
management-access inside
As you can see, I did create a new pool, since you already have an interface in the 192.168.10.0/24 network, which does affect the VPN clients.
Once you are done, connect the client and try:
ping 10.8.127.200
Does it work?
Try to ping other internal IPs as well.
Let me know how it goes.
Portu.
Please rate any helpful posts
Message was edited by: Javier Portuguez -
Is RV110W capable of "selective" VPN routing? Split tunneling?
Hello,
I'm trying to find an anwer to for a question whether the RV110W is capable of distinguish between traffic that should go to VPN tunnel and traffic that should not go thru the VPN tunnel - I think this is called split tunneling.
I've been requested to create a VPN Tunnel between an office that's using the RV110W and one corporate network where a VPN server is running. That is quite easy as I know that RV110W has VPN client mode, however there a requirement not to route all traffic through the VPN tunnel. Only traffic that directs to the corporate network (certain ragne of IP addresses) should be routed thru the VPN tunnel and the rest that directs elsewhere should not go to VPN tunnel.
Is this achievable with this device?
If not, could you recommend me a device that is capable to satisfy this requirement?
Thank you for your anwers.Ladislav,
When you create a site to site VPN tunnel, all devices on each side that are on the same VLAN in which the tunnel is created should have access to each other. It will be like they are on the same network but they will have different IP subnets. So the answer is yes, devices on the "server" side should be able to access devices on the RV110W side.
- Marty -
Unable to access secondary subnet from VPN client
Please can someone help with the following; I have an ASA 5510 running v8.4(3)9 and have setup a remote user VPN using the Cisco VPN client v5.0.07.0410 which is working appart from the fact that I cannot access resources on a secondary subnet.
The setup is as follows:
ASA inside interface on 192.168.10.240
VPN clients on 192.168.254.x
I can access reources on the 192.168.10 subnet but not any other subnets internally, I need to specifically allow access to the 192.168.20 subnet, but I cannot figure out how to do this please advise, the config is below: -
Result of the command: "show startup-config"
ASA Version 8.4(3)9
hostname blank
domain-name
enable password encrypted
passwd encrypted
names
dns-guard
interface Ethernet0/0
nameif outside
security-level 0
ip address 255.255.255.224
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.240 255.255.255.0
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 10.10.10.253 255.255.255.0
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa843-9-k8.bin
boot system disk0:/asa823-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 194.168.4.123
name-server 194.168.8.123
domain-name nifcoeu.com
object network obj-192.168.0.0
subnet 192.168.0.0 255.255.255.0
object network obj-192.168.5.0
subnet 192.168.5.0 255.255.255.0
object network obj-192.168.10.0
subnet 192.168.10.0 255.255.255.0
object network obj-192.168.100.0
subnet 192.168.100.0 255.255.255.0
object network obj-192.168.254.0
subnet 192.168.254.0 255.255.255.0
object network obj-192.168.20.1
host 192.168.20.1
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj_any-01
subnet 0.0.0.0 0.0.0.0
object network obj-0.0.0.0
host 0.0.0.0
object network obj_any-02
subnet 0.0.0.0 0.0.0.0
object network obj-10.10.10.1
host 10.10.10.1
object network obj_any-03
subnet 0.0.0.0 0.0.0.0
object network obj_any-04
subnet 0.0.0.0 0.0.0.0
object network obj_any-05
subnet 0.0.0.0 0.0.0.0
object network NS1000_EXT
host 80.4.146.133
object network NS1000_INT
host 192.168.20.1
object network SIP_REGISTRAR
host 83.245.6.81
object service SIP_INIT_TCP
service tcp destination eq sip
object service SIP_INIT_UDP
service udp destination eq sip
object network NS1000_DSP
host 192.168.20.2
object network SIP_VOICE_CHANNEL
host 83.245.6.82
object service DSP_UDP
service udp destination range 6000 40000
object service DSP_TCP
service tcp destination range 6000 40000
object network 20_range_subnet
subnet 192.168.20.0 255.255.255.0
description Voice subnet
object network 25_range_Subnet
subnet 192.168.25.0 255.255.255.0
description VLAN 25 client PC devices
object-group network ISP_NAT
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service SIP_INIT tcp-udp
port-object eq sip
object-group service DSP_TCP_UDP tcp-udp
port-object range 6000 40000
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.254.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object 20_range_subnet 192.168.254.0 255.255.255.0
access-list Remote-VPN_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list Remote-VPN_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list 100 extended permit object-group TCPUDP object SIP_REGISTRAR object NS1000_INT object-group SIP_INIT
access-list 100 extended permit object-group TCPUDP object SIP_VOICE_CHANNEL object NS1000_DSP object-group DSP_TCP_UDP
access-list 100 extended permit ip 62.255.171.0 255.255.255.224 any
access-list 100 extended permit icmp any any echo-reply inactive
access-list 100 extended permit icmp any any time-exceeded inactive
access-list 100 extended permit icmp any any unreachable inactive
access-list 100 extended permit tcp any host 10.10.10.1 eq ftp
access-list 100 extended permit tcp any host 10.10.10.1 eq ftp-data
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool VPN-Pool 192.168.254.1-192.168.254.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
asdm history enable
arp timeout 14400
nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.5.0 obj-192.168.5.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-192.168.10.0 obj-192.168.10.0 destination static obj-192.168.100.0 obj-192.168.100.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-192.168.10.0 obj-192.168.10.0 destination static obj-192.168.254.0 obj-192.168.254.0 no-proxy-arp route-lookup
nat (outside,inside) source static SIP_REGISTRAR SIP_REGISTRAR destination static interface NS1000_INT service SIP_INIT_TCP SIP_INIT_TCP
nat (outside,inside) source static SIP_REGISTRAR SIP_REGISTRAR destination static interface NS1000_INT service SIP_INIT_UDP SIP_INIT_UDP
object network obj_any
nat (inside,outside) dynamic interface
object network obj_any-01
nat (inside,outside) dynamic obj-0.0.0.0
object network obj_any-02
nat (inside,DMZ) dynamic obj-0.0.0.0
object network obj-10.10.10.1
nat (DMZ,outside) static 80.4.146.134
object network obj_any-03
nat (DMZ,outside) dynamic obj-0.0.0.0
object network obj_any-04
nat (management,outside) dynamic obj-0.0.0.0
object network obj_any-05
nat (management,DMZ) dynamic obj-0.0.0.0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 80.4.146.129 1
route inside 192.168.20.0 255.255.255.0 192.168.10.254 1
route inside 192.168.25.0 255.255.255.0 192.168.10.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.10.0 255.255.255.0 inside
http 192.168.25.0 255.255.255.0 inside
http 62.255.171.0 255.255.255.224 outside
http 192.168.254.0 255.255.255.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=
crl configure
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 2f0e024d
quit
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
quit
crypto isakmp identity address
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh 62.255.171.0 255.255.255.224 outside
ssh 192.168.254.0 255.255.255.0 outside
ssh 192.168.10.0 255.255.255.0 inside
ssh 192.168.25.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
vpn-sessiondb max-other-vpn-limit 250
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.168.10.6 source inside prefer
webvpn
group-policy Remote-VPN internal
group-policy Remote-VPN attributes
wins-server value 192.168.10.21 192.168.10.22
dns-server value 192.168.10.21 192.168.10.22
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Remote-VPN_splitTunnelAcl
default-domain value
username blank password blank encrypted privilege 0
username blank attributes
vpn-group-policy Remote-VPN
username blank password encrypted privilege 0
username blank attributes
vpn-group-policy Remote-VPN
tunnel-group Remote-VPN type remote-access
tunnel-group Remote-VPN general-attributes
address-pool VPN-Pool
default-group-policy Remote-VPN
tunnel-group Remote-VPN ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect ip-options
inspect sip
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
contact-email-addr
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:b8263c5aa7a6a4d9cb08368c042ea236Your config was missing a no-nat between your "192.168.20.0" and "obj-192.168.254.0"
So, if you look at your config there is a no-nat for inside subnet "obj-192.168.10.0" as shown below.
nat (inside,any) source static obj-192.168.10.0 obj-192.168.10.0 destination static obj-192.168.254.0 obj-192.168.254.0
So all you have to do is create a no-nat for your second subnet, like I showed you before, the solution was already there on your config but I guess you over looked at it.
I hope that helps.
Thanks
Rizwan Rafeek -
getting a java.util.zip.zipexception : a device attached to the system is not functioning error - what could cause such an error?
My program finds all zip files in an archive and then searches through them for xls files, which it extracts and re-locates.
I havent even a clue where to look for the cause of this exception but Ill attach at the bottom the code in the general vicitiny of the trigger so that you can get kind of an idea what Im trying to do, and if im lucky, even spot my problem. :) Thanks!!
//zips is an array of zip files
int found = 0;
File[] haveXLs = new File[zips.length];
for (int i = 0; i < zips.length; i++){
String fileName = new String("L:/Vision/Archive/" + zips.getName());
ZipFile archive = new ZipFile(fileName);
String name = zips[i].getName().substring(0,8);
for(Enumeration e = archive.entries(); e.hasMoreElements();){
ZipEntry entry = (ZipEntry) e.nextElement();
if(entry.getName().substring(0,8) == name){
haveXLs[found] = zips[i];
found++;Hey there a few things.
Make sure that you dont use fileseparators like you do. ("/")
Use the separator generated for your system.
Something like:
String sep = System.getProperty("file.separator");
You mentioned it work local, but not network.
Either you have plenty of harddrives or L: is a mapped drive.
Is it working at the mapped drive?
When you say on the network, how are you accessing the files?
Could it be possible for another user to lock a file, so you wont have access to it over the network?
BR.
MagDy -
How can i connect a hard drive attached to my router?
hello;
i have a zyxel vmg3312 dsl router and the router have a usb host and i attached my usb hard drive to the port. i can access all files from my PC but i cannot connect with my mac. the problem is when i try to connect to hard drive with smb connection like this.
my mac asks me to enter a user name and password like bellow and i don't have any. in PC i dont need any user name and password. the guest option is not letting me connect.
here is my question how can i connect my external hard drive attached to my router ?You need to connect as a Registered User Create a USERNAME and a PASSWORD it has to be something you will remember not something you will forget in a week. Click to Remember this Password in my Keychain. After you are finished restart your computer and then connect.
-
Hi, I'm having a problem with my iPod.. when I connect the iPod this message pops:
"One of the USB devices attached to this computer has ...."
I've searching a similar problem in the forums, and I have found many discussion about it, but any of them can solve my problem.
Well, all began like this, the iPod was attached to the computer AND showing on iTunes, suddendly the screen shines I DID NOT Eject it (the iPod was on its menu, not in the Do not disconnect screen) so I thougth it was ok... but the iPod was still showing on iTunes, so I ejected.
The iPod remains connected for about an hour then I disconnect it without any problems. The problems began when I connect the iPod again (2 hours later), the message "One of the USB devices attached to this computer has ...." pops, now my computer can't access the iPod (it isnt on My Computer or iTunes)...so the first thing I did was search a similar problem in the forums, I've found that exact problem in many discussions, and I've tried everything they say:
1. The Five R's
2. Uninstall and Reinstall iPod software and iTunes
3. Enable manually disk mode (still not recognized)
4. Check if the USB was low powered and Uncheck the "Allow the computer to turn off this device to safe power" (it isn't low powered 'cause the iPod was working with that USB)
No matter what I did, the iPod is not showing on My Computer, I hope you can help me out, tomorrow I will try on a different computer and a different cable
PD: Sorry for my poor English, I'm from Peru.
AMD Athlon XP 2400+ Windows XP ProI've got the same issue, looked everywhere, no solution seems to work.
Maybe you are looking for
-
Outlook and owa freezes every day, sometimes at the same time
Hello, I have very strange problem! 2 users complain that the outlook hangs every day, approximately at the same time. But other 200 users work fine. I can't see any error on the mail servers ( two servers exchange 2010 sp 3 with dag) Outlook can han
-
How can I create a custom button for opening a form?
I have a parent form having child forms. In my main form I want to create custom buttons for opening child forms. I want to use master-detail form but there are more than one child forms, and in master-detail form I can only create one detail form. S
-
Recovering photo's from crashed HP desk top hard drive on to my Toshiba Satellite A505-S6980?
I recently had my HP desk top crash.The HP says it cannot find any operating system but powers up and I do not have any kind of recovery disc for it. Is there any way to connect the hard drive to my Toshiba to recover the documents and photos? I'm no
-
How to track stolen iphone4s?
how to track stolen iphone4s? I havent setup Icloud or findmyiphone on my device..So how i can track or Block my Iphone 4s?
-
Flash player not working for games (Win. 7 64-bit)
The Flash Player often doesn't work so that games only show as blank white. I get this on a variaty of websites, typically games and sometimes parts of the Harry Potter official website. However, I have no problems with YouTube. My computer is new an