Allow external iframes local IP

Similar Messages

• Allow external traffic to access internal computers

  We have an ASA 5505 running version 8.4. We are having problems allowing external traffic to access computers behind the firewall. Our current config is:
  ASA Version 8.4(3)
  hostname ciscoasa
  domain-name default.domain.invalid
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.2.1.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 152.18.75.132 255.255.255.240
  boot system disk0:/asa843-k8.bin
  ftp mode passive
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object network a-152.18.75.133
  host 152.18.75.133
  object network a-10.2.1.2
  host 10.2.1.2
  object-group network ext-servers
  network-object host 142.21.53.249
  network-object host 142.21.53.251
  network-object host 142.21.53.195
  object-group network ecomm_servers
  network-object 142.21.53.236 255.255.255.255
  object-group network internal_subnet
  network-object 10.2.1.0 255.255.255.0
  access-list extended extended permit ip any any
  access-list extended extended permit icmp any any
  access-list extended extended permit ip any object-group ext-servers
  access-list acl_out extended permit tcp any object-group ecomm_servers eq https
  access-list outside_in extended permit ip any host 10.2.1.2
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any echo-reply inside
  icmp permit 10.2.1.0 255.255.255.0 inside
  icmp permit any echo-reply outside
  icmp permit any outside
  asdm image disk0:/asdm-523.bin
  no asdm history enable
  arp timeout 14400
  nat (inside,outside) source static a-10.2.1.2 a-152.18.75.133
  route outside 0.0.0.0 0.0.0.0 152.18.75.129 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 10.2.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  telnet timeout 5
  ssh 10.2.1.2 255.255.255.255 inside
  ssh 122.31.53.0 255.255.255.0 outside
  ssh 122.28.75.128 255.255.255.240 outside
  ssh timeout 30
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 10.2.1.2-10.2.1.254 inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect icmp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:c7d7009a051cb0647b402f4acb9a3915
  : end
  ciscoasa(config)# sh nat
  Manual NAT Policies (Section 1)
  1 (inside) to (outside) source static a-10.2.1.2 a-152.18.75.133
      translate_hits = 1, untranslate_hits = 112
  ciscoasa(config)# sh nat
  Manual NAT Policies (Section 1)
  1 (inside) to (outside) source static a-10.2.1.2 a-152.18.75.133
      translate_hits = 1, untranslate_hits = 113
  ciscoasa(config)#

  Okay I will bite.
  Assuming you have
  a.  dynamic pat rule for lan users-devices to reach the internet
  (missing ???????????????
  (should look like a nat rule that makes two entries when you make the one rule)
  (with router set at defaults it may make this rule for you already in place)
  -object bit  
  object network obj_any_inside
  subnet 0.0.0.0 0.0.0.0
  and rule bit
  object network obj_any_inside
  nat (inside,outside) dynamic interface
  b.  route rule - tells asa next hop is IP gateway address
  route outside 0.0.0.0 0.0.0.0 152.18.75.129 1
  c.  Nat rule for port forwarding- Using objects it creates two entries (lets say i call it natforward4server)
  object bit
  object network natforward4server
  host 10.2.1.2
  Nat bit
  object network natforward4server
  nat (inside,outside) static interface service tcp 443 443
  d. Nat for translated ort.
  If you had wanted to translate a port, lets say you have external users that can only use port 80 but need to access https
  object bitobject network natfortransl4server
  host 10.2.1.2
  Nat bit
  object network natfortransl4server
  nat (inside,outside) static interface service tcp 443 80

• How to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically?

  Sharepoint 2013 online/office 365.
  I am creating site collection programmatically using sharepoint Auto hosted app.
  Now i want to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically after site collection creation.
  Is it possible through code? If yes please let me know how to do it?
  Najitha Sidhik

  For SharePoint 2013 Online, check below links:
  http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/manage-sharing-with-external-users-HA102849862.aspx
  http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sharing-for-your-sharepoint-online-environment-HA102849864.aspx
  https://www.nothingbutsharepoint.com/sites/eusp/Pages/SharePoint-Online-2013-Sharing-with-External-Users.aspx
  http://blogs.office.com/2013/11/21/sharepoint-online-improves-external-sharing/
  Please ensure that you mark a question as Answered once you receive a satisfactory response.

• CRS-2630: Only cluster administrators are allowed to create local resources

  I have installed and configured a 12c database across two linux nodes and all is well. I have also installed the Oracle rdbms 12.1.01 on the same nodes. Now when I try and use netca or dbca to create a database or listener, I get the following errors;
  CRS-2630: Only cluster administrators are allowed to create local resources
  I can log in as the GRID user and can create resources but not as database user. Both users are members of the dba group.
  Any ideas anyone?  Thanks a lot H.

  The issue is resolved, the 12c configuration is a lot more comprehensive than 11g. Here we have to create the user DBA with the right rights to access and change the cluster resources.
  For example to allow the dba users the ability to create listeners on the RAC nodes, we have to issue some command such as follows; here the oedsdp is the dba user and ogridp is the grid main owner.
  t@rac2node ~]# /oracle/grid/bin/crsctl setperm resource ora.rac1node.vip -u user:oedsdp:rwx
  [root@rac2node ~]# /oracle/grid/bin/crsctl setperm resource ora.net1.network -u user:oedsdp:rwx
  [root@rac2node ~]# /oracle/grid/bin/crsctl setperm resource ora.net1.network -u user:oedsdp:rwx
  [root@rac2node ~]# /oracle/grid/bin/crsctl setperm resource ora.rac2node.vip -u user:oedsdp:rwx
  [root@rac2node ~]# /oracle/grid/bin/crsctl setperm resource ora.net1.network -u user:oedsdp:rwx
  Interesting, I think we need to carefully plan the new user groups before we start the GRID configuration.
  H.

• [svn] 3680: Modifying ant build.xml to allow for a local. properties for individual developer build config.

  Revision: 3680
  Author: [email protected]
  Date: 2008-10-16 07:58:21 -0700 (Thu, 16 Oct 2008)
  Log Message:
  Modifying ant build.xml to allow for a local.properties for individual developer build config. Also moving ja_JP locale to the other.locales target (this is called during build machine packaging and isn't needed by dev by default).
  QE: No
  Doc: No
  Checkintests: Pass
  Reviewer: Discussed with Jim
  Modified Paths:
  flex/sdk/trunk/build.xml
  flex/sdk/trunk/frameworks/projects/airframework/build.xml
  flex/sdk/trunk/frameworks/projects/framework/build.xml
  flex/sdk/trunk/frameworks/projects/rpc/build.xml

  I tried
  ant deployTestSuites
  this works. If i do that with the wrong domain (dep_cotrol vs dep_me) name it fails with
  ORABPEL-02052Cannot lookup BPEL domain.The BPEL domain "dep_cotrol" cannot be found; the domain may not have initialized properly.Please verify that the BPEL domain loader has a valid set of initialization properties in the application properties file.
  So i think my config is ok. There is a bug in this ant bpelTest which ignores the domain?

• "Allow log on locally" permission (SetInteractiveLogonRight) for SCOM 2012

  Hi Experts,
  Do we need to have  “Allow log on locally” permission (SetInteractiveLogonRight) for any of the SCOM accounts in 2012 R2?
  If yes why?
  Regards,
  Prajul Nambiar

  Yes, The default action account must have the following minimum privileges:
  • Member of the local Users group
  • Member of the local Performance Monitor Users group
  • Allow log-on-locally permission (SetInteractiveLogonRight)
  because SCOM provide you with monitoring for agents which need to access event viewer of this server to show you any issue that happened.
  Monitoring and collecting Windows event log data.
  Monitoring and collecting Windows performance counter data.
  Monitoring and collecting Windows Management Instrumentation (WMI) data.
  Running actions such as scripts or batches.
  Also you can refer below link
  https://technet.microsoft.com/en-us/library/hh212808.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"Mai Ali | My blog:
  Technical | Twitter:
  Mai Ali

• Core Data: "Allows external storage" for Transformable type?

  When I create a Core Data attribute, and set its type to "Transformable", the "Allows external storage" option is unavailable. I only see it available for Binary type.
  How can I use "Allows external storage" with Transformable type?

  I wanted to post an update and let everyone know what I decided on and how well it works.
  I went with the following setup.
  eSATA Express Card
  http://www.newegg.com/Product/Product.aspx?Item=N82E16839200006
  eSATA enclousure
  http://www.newegg.com/Product/Product.aspx?Item=N82E16817173043
  eSATA drive
  http://www.newegg.com/Product/Product.aspx?Item=N82E16822136218
  All of this cost me a total of $159.57 for about 600gigs of high performance storage after being formated! I did some benchmarks and the drive is performing faster than my internal 7200rpm drive. It is not much faster but it is faster.
  So I would have to say that if you really want some fast performing drives for just about anything eSATA is probably the way to go.
  About the items,
  The eSATA card looked used when i got it. The seal was broken and the item was dirty and had finger prints on it. It was however very easy to install. I just downloaded the newest drivers from rosewill.com plugged it in and it worked.
  The hard disk enclosure seems well made and was a breeze to setup and install. It also does usb 2.0 if you need it. It has as a big cooling fan and includes a usb and sata cable as well as a eSATA bracket for your desktop pc.
  All in all a great buy. So thank you again for all the info

• Does "Allow log on locally" work with environment variables?

  This is merely out of curiosity and just because I'm doing some conceptual gambling.
  I'd like to create a GPO having the Allow log on locally set to something like the following list:
  %OWNER%
  BUILTIN\Administrators
  The concept behind this is to prepare the system during OS installation with a value to the OWNER environment variable to allow only the specified user account (apart from the Administrators group, of course) to log on to the system without A) having to
  configure this setting locally on the client and B) having a great range of different GPOs to handle all the user/computer combinations.
  My questions are:
  Does this work at all?
  If it works, what do I need to provide as a value?
  I've already tried to set <user name>, <domain name>\<user name> and
  <user name>@<FQDN> but none of those seem to work.

  Hi,
  Glad to see your problem resolved. Hope your experience could helps other who had same cofusion.
  Roger Lu
  TechNet Community Support

• How to fix Lightroom 5.6 crashing when backing up catalog database (external AND local backup) - Mac 10.9.5

  How to fix Lightroom 5.6 from crashing when backing up catalog database (external AND local backup) - Mac 10.9.5
  It starts to cue and within 3-4 seconds, the program just crashes hard. As stated, I tried it on local hard drive and external. Same result...
  In the destination backup folder, it will copy over one folder, no images.
  Thanks ahead of time.
  -Dan

  Anyone? - (Adobe?!?!?)

• Problem: MBP Is not allowing external monitor Widescreen resolutions.

  I am using a 27" LCD HD TV (Yes, TV, not monitor) DVI->DVI and the MBP will not allow me to use a widescreen resolution on my external monitor.
  Yes, I assure you, it is Widescreen. The native resolution is 1280x720.
  Anyone have a clue how I can fix this? Running a stretched 4:3 screen ***** HARD. This was my old windows PC monitor and I never had this issue before.

  Hi,
  I've got the same problem. Tried SwitchResX with not much success. I'm using as second screen a Benq w100 projector. When I force resolutions like 854x480 at about 60Hz, the projector won't recognise it, which makes sense since the input is not supported as such from a PC.
  I think the clue would be sending a HDTV/HDMI signal through the DVI cable. Has anybody managed to do this with the ATI Radeon X1600 that comes with the MBP?
  Gabriel

• Allow external host to relay through Ironport?

  What is the "safest" way to allow an external host to relay e-mail through our Ironport? I know it's not "recommended", but I don't have any choice.
  I guess I could set up the external IP that's allowed to relay in
  Mail Policies --> Hat Overview - Relaylist. But that would allow anyone from that IP to relay, and I don't really feel that it's secure enough.
  Is it anyway to "tighten" the security and also require a username/password in combination with coming for the correct IP-address to make it atleast a little bit more safe?

  Hi Jonas,
  The safest way to achieve the required is to configure SMTP Authentication feature on Cisco IronPort Appliance.
  SMTP Auth is a mechanism for authenticating clients connected to an SMTP server. You can use this functionality to enable users at your organization to send mail using your mail servers even if they are connecting remotely (e.g. from home or while traveling).
  Cisco IronPort supports two methods to authenticate user credentials:
  1.      You can use an LDAP directory.
  2.      You can use a different SMTP server (SMTP Auth forwarding and SMTP Auth outgoing).
  Once authenticated, the user will be allowed to relay mail through Cisco IronPort Appliance. To find out step by step instructions on configuring this feature, I would recommend you to go through "Configuring AsyncOS for SMTP Authentication" section in the Advanced Configuration Guide of AsyncOS.
  Hope this will help.
  Regards,
  Rehan Latif

• Allow External Server on Cloud to Relay Email

  Hi Exchange Server Expert,
  I have a query to ask. Currently my company has hosted a web server on the cloud with the public IP address. Since it is a web server, we will need to allow it to relay email via the Microsoft IIS to our exchange server. I have tried before for the internal
  server with private ip to relay email on the exchange server by creating a receive connector. however, I never try for the remote server with public ip address. we would like the remote server to relay email to both our internal email (accepted domain in exchange
  server) and also external recipients with the external domain.
  How am I suppose to perform this task?
  Thanks for your attention.
  Best Regards,
  Henry

  Hi Oliver,
  thanks again for your prompt response.
  I can't login to the web server as it is managed by vendor that configure the web server and we are only being allowed to access the web server via the public URL. basically, i don't know what is the configuration behind. I was being told that they will
  configure the email inside the IIS, which i also don't know how to configure.
  I have tried to configure the relay connector inside the exchange before following the same guide by changing the private IP to the web server public ip. i also allowed the permission group to exchange servers and authentication on "externally secured".
  however after i inform the vendor to test it, it didn't work at all.
  i am not able to test using telnet like what i did when doing relay for my internal server. I can't use telnet to test my web server to check whats wrong with the relay. i would like to test like what the guide do, but it is not allowed me to telnet.
  what should i do to troubleshoot? i think that allowing relay of external server is a security breach which is very risky. am i right?
  thanks
  Regards,
  Henry
  Hi Henry,
  Speak to the vendor that manages the web server for IIS setup and ask 'can I use authentication?' If they come back with a 'yes you can' simply provide them with a user/pass so they can authenticate.
  Personally I wouldn't allow a public IP to relay by configuring an Exchange Organisation to allow anonymous relay for a public IP, and would ask that they authenticate.
  If they come back with a no - then we can troubleshoot your Exchange configuration.
  Oliver Moazzezi | Exchange MVP, MCSA:M, MCITP:Exchange 2010,Exchange 2013, BA (Hons) Anim | http://www.exchange2010.com | http://www.cobweb.com | http://twitter.com/OliverMoazzezi

• ITunes, external drive, local drive, and iCloud and Match- help!

  I have a 2011 Macbook Air as my primary machine. Given it's small sized hard drive, I don't want any music or media to be on the local machine (if possible. So, I've done a few things over the years:
  (1) I have, inside iTunes, the default media location set to be a folder on my external thunderbolt drive.
  (2) I have iCloud support for iTunes turned on
  (3) I have iTunes Match turned on
  My iTunes library is split 70/30 between music and movies/TV shows. My household has iPhones and iPads and I need all this content available to all the devices.
  Ok, given the above factors, things seem to work pretty well. The iTunes folder on my external hard drive is about 145 gigs (about right I would think). But as it turns out, I have a iTunes folder on my local drive as well, in the "Music" folder per the Favorites section in Finder. This iTunes folder is roughly 36 gigs, so barely 1/5th the size of the folder on the external drive.
  So, I backed up the local iTunes folder (onto the external drive), and then deleted it off my local machine. iTunes started, and it played music and movies, but a few songs (picked at random) could not be found, and iTunes would try to communicate with Apple for iTunes match, but this process would stall...and the app would eventually crash (within 10 minutes of starting...even when music was playing). It didn't completely close, but it became unresponsive. Moving the smaller iTunes folder back to its original place on the local drive seems to have fixed this issue.
  Ultimately I'd like to clean off the local drive, use the external drive for whatever "local" storage I need for iTunes, and rely on iCloud and Match to provide the content to the mobile devices.
  Can anyone assist?

  The first thing you need to do is properly move the iTunes media off the internal HDD of the MBA to the external HDD. This KB article will help you with that: http://support.apple.com/kb/ht1449
  To use iTunes Match exclusively for streaming music the best practice is to create a new iTunes library and enable iTM on that library. This has the advantage of leaving the original library untouched. To create a new library quit iTunes, then launch it while holding down the Option key. Choose "new library" in the dialog. Do not have iTunes scan for media; then enable iTunes Match on the new library. Once the initial scan is done you will be able to stream the music.
  You will need to have a backup scheme in place for when you add new music to the library as well.

• Azure VNet, How to allow external VLans to connect to existing VNet.

  i have an existing VNet setup as follows:
  Static Routing
  Site - Site
  Connected to Local Network.
  i want to establish a connection from another external VLAN network to my existing VNET above. How can i achieve this? basically multiple external sites to 1 VNet.
  the amount of documentation available seems more confusing than informative.
  thank-you

  Hello, you have to set up a multi site VPN, you'll find the Technet documentation below :
  https://msdn.microsoft.com/en-us/library/azure/dn690124.aspx

• Allow external editor file name template to be customized

  Currently, only a global name can be set. I'd like to have the ability to set a global name that can be overriden in the settings for particular external editors. For example, if I use the Nik SilverEfexPro plugin as one external editor, it may be useful to specify the external file to be named something like
  <filename>-SilverEfexPro.jpg
                    Dilip

  No, there's still no way to rename Masters short of exporting them with the version name and re-importing.
  The only way 'Save As' is going to work from an external editor is if you use exactly the same file name - that is the only file Aperture has sent out and it's the only file that Aperture is expecting back.
  Saving with a different file name is functionally the same as copying a new file into the Library using the Finder - Aperture has no way to expect it. You'd have to save to somewhere outside the Library and then import it as a new Master, maybe setting up a hot folder in Automator for automatic importing.
  Ian