Allow external traffic to access internal computers

Similar Messages

• Using AirPort Time Capsule as an external drive with access to files by guest account

  Is it possible to use my AirPort Time Capsule as an external drive with access to files by a guest account?
  I would like to store a large number of folders containg photographs on my AirPort Time Capsule and allow anyone with a password to access the photographs - at the time of viewing the Time Capsule would be connected to the internet but I wouldn't want users to actually access anything other than the files on the Time Capsule - is this possible?  if so any help in configuring it would be really helpful.

  No it is not possible.. Guest is just that.. a guest that is allowed permission to access the internet but none of the local files.
  To give a person access to the TC they must have password to access your normal network..
  From there it is up to you how you do this.. people cannot actually access files on your computers unless you give them share and password permissions for that.. you can even setup accounts on the TC although I recommend against it.. if you want shared photos anyway. All security on a TC is illusion.. merely pressing the reset and it is all blown away.. so if you are concerned about security don't put stuff on the TC people should not access.. or like your TM backups ensure they are encrypted.
  A person can then access you TC and the photos.. but what else on the network??

• Allow external iframes local IP

  I am at the beginning of migrating from on-site SharePoint to SharePoint Online.
  Trying to get a page viewer to display an HTML/PHP page that is hosted locally. I understand that this will cause problems when viewing the pages when off-site, but that is ok for the requirements.
  Is it possible to set Site Settings > Site
  Collection Administration > HTML
  Field Security > Allow
  External iFrames to accept content from internal servers, local IP (eg 192.168.1.*)?
  If so, what "domain" is needed in the above settings (or otherwise) to allow these pages to display?
  The URL pointing to the local page works in web browsers fine, just doesn't display on SharePoint Online.
  Thanks,
  Lachy

  Hello
  Nat provides ip.translation but its doesnt give.you any real security to.the server you still.need.to prohibit access via either ios fw features( cbac zbfw,extended acls etc) or via a designated fwl
  To answer your question
  Yes you can
  You can position it in a dmz with a.public ip address and use port forwarding/filtering etc to.open up specifc ports to the server
  Res
  Paul
  Sent from Cisco Technical Support Android App

• RV016 Router Allow All Traffic For Outside IP

  Hi,
  I need to configure the firewall to allow all traffice for an IP address of a sever. What steps in the router do i need to configure this? This is a cloud based voip server and we have IP phones and we need to add an IP address of the phone server to allow all traffic for that IP.
  thanks.

  Hi Jonathan,
  I have a similar problem with VOIP traffic being dropped by my new RV016 v3 router.
  I have created one Firewall Rule, to allow ALL traffic from the external VOIP PBX provider (single IP) to connect to the internal VOIP phones, which have assigned addresses in a small IP Address range (eg. 10.1.2.50 - 10.1.2.59)
  The Aastra VOIP phones continually loose their  registration wtih the cloud-based PBX. If you make an outgoing call, it will work, but the PBX will lose connection with the phone, 3 or 4 minutes after you hang up,  and will mark it as offline. Incoming calls made within the 3 or 4 minutes will get through, but after that they go right to voicemail on the PBX system.
  We used to have an RV016 v2 router and VOIP traffic worked  OK,  with a similar Firewall Rule.  We replaced the v2 router  because its CPU crashed. 
  I tested the VOIP traffic with a WRT160 router with minimal Firewall Rules, and it works OK, as long as SIP-ALG is turned Off.   We want to use the RV016 because it provides a larger number of ports for our LAN.
  Any suggestions ?
  Kirk

• Allow DNS Traffic

  Hi!
  We need to allow DNS Traffic from Lan to Wan network for our internal LAN Users through Cisco Router. May we have the lines to add in the router and do we need anything else to apply this access-list?
  Thanks.

  access-list 101 extended permit tcp net_lan sub net_wan sub eq 53
  access-list 101 extended permit udp net_lan sub net_wan sub eq 53
  access-list 101 extended deny any any
  interface Serial 0/0
   ip access-group 101 out
  N.B. That access-list is only for permit traffic for DNS protocol. All traffic except DNS will be deny  

• Firewall Allow all traffic on lan

  Is there a way to make a firewall rule to allow all traffic on en1? I have my ip ranges set to allow all traffic, but I still have to turn the firewall off for DHCP to give IP addresses to new devices on the network.

  dtich wrote:
  thx dean, yes, i had certainly looked at the log, which shows these entries:
  Nov 11 21:49:25 north-knoll-server ipfw[8789]: 65534 Deny UDP 169.254.14.242:138 169.254.255.255:138 in via en0
  but i have no idea where 169xxx is, nothing on my lan... if the port is 65534, that's an ftp passive port, tried opening that, doesn't solve the problem. if the port is 138, that's netbios, which would be odd, but i tried opening that too. nothing doing. can't figure it out. and the log really isn't helping too much.
  traceroute gives me:
  traceroute to 169.254.14.242 (169.254.14.242), 64 hops max, 40 byte packets
  1 169.254.14.242 (169.254.14.242) 0.593 ms 0.504 ms 0.195 ms
  so, i guess that's some internal address that my router uses or something..?? wacky. i'm out of my depth here.
  if i allow 169.254.x.x, i still get no joy.
  mean anything else to you?
  yeah, 169.254.x.x is part of the zeroconf net address range. (See http://en.wikipedia.org/wiki/Zeroconf for more details)
  Not sure why the device in particular is trying port 138 unless it's Windows box maybe? Is en0 on your local network or external?

• I use Djay for my Apple and I would like to use TC as an external hd to access from Djay, however when I look for my external T1 drive I cannot find it in iTunes so I can load onto Djay? Any help?

  I use Djay for my Apple and I would like to use TC as an external hd to access from Djay, however when I look for my external T1 drive I cannot find it in iTunes so I can load onto Djay? Any help?

  Initially, you asked if you can hardwire your MBA to the TC. The answer is yes, by using the optional USB Ethernet adapter that Apple provides. However, in order for your MBA to access the TC's internal or USB-attached HDD, it would need to establish a network connection to it. This would be true of any NAS device on an Ethernet network. Therein, lies the problem. Your MBA cannot connect to two networks simultaneously.
  One option then, would be to have two separate iTunes Media folders; one on the MBA & the other on the TC. This way, you can download the music to your MBA when connected to the Internet at the AirPort lounge, and then use iTunes Consolidate Library feature to transfer the audio files to the TC's iTunes Media Folder location. A great program to help maintain multiple iTunes Librarys and/or Media Folders, that you may want to consider, is PowerTunes.

• I am looking into Lightroom (Creative Cloud) to allow a Team Member access my Catalog to keyword search which images will work for our Social Media platforms.

  I am looking at LR Creative Cloud to allow a Team Member access my catalog so she can keyword search which images will work for our social media campaigns. My catalog has both personal and business images (which are in separate folders), however, I only want them to access the business images. What is the best way to do this?
  and a second question as I am new to the Cloud LR product. I am assuming that my images still stay on my external drive...how am I or her able to view these images if I am out of town on another computer?

  My catalog has both personal and business images (which are in separate folders), however, I only want them to access the business images. What is the best way to do this?
  I think the only way in Lightroom to make this happen is to use two catalogs, one for business and one for personal, and then prevent access to the personal catalog via putting it on a disk or location that your team member does not have access to.
  I am assuming that my images still stay on my external drive...how am I or her able to view these images if I am out of town on another computer?
  Situations like this require you to put the catalog file AND photos on the external HD and then move the external drive to whatever location and whatever computer is needed. An alternative is to put the photos on a network drive and the catalog file on a local disk and access the catalog locally and the photos via network, but that limits you to using a single computer.
  I am looking at LR Creative Cloud to allow a Team Member access my catalog so she can keyword search which images will work for our social media campaigns.
  As far as I know, this does not require Creative Cloud, nor does Creative Cloud help in this situation. Furthermore, if you are thinking about a situation where you and your team member have simultaneous access to the catalog(s) of interest, this is not possible in Lightroom. Lightroom is a single user application.
  If you are interested in a true multi-use application, where more than one individual can access a catalog at the same time, you might want to look at Daminion. Note: I am not endorsing or recommending Daminion, as I have never used it; I simply point out the that it has the feature being discussed.

• ACL to allow SNMP traffic

  I created an ACL to allow SNMP traffic through.  Once I applied it traffic does not pass.  Should be pretty simple.  Below is what I used.  I am using SNMP v2.
  ip access-list extended ABC-ACL
  permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmp
  permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmptrap
  permit icmp X.X.0.0 0.0.255.255 host SERVER_IP
  Additional permit statements omited.

  HMidkiff wrote:I created an ACL to allow SNMP traffic through.  Once I applied it traffic does not pass.  Should be pretty simple.  Below is what I used.  I am using SNMP v2.ip access-list extended ABC-ACL
  permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmp
  permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmptrap
  permit icmp X.X.0.0 0.0.255.255 host SERVER_IPAdditional permit statements omited.
  HMidkiff wrote:I created an ACL to allow SNMP traffic through.  Once I applied it traffic does not pass.  Should be pretty simple.  Below is what I used.  I am using SNMP v2.ip access-list extended ABC-ACL
  permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmp
  permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmptrap
  permit icmp X.X.0.0 0.0.255.255 host SERVER_IPAdditional permit statements omited.
  Where it is applied it to a L3 switch vlan interface or a router interface, which direction etc.,.
  Is the SNMP traffic from a specific device, you could add a permit log for that specific device to see what ports it is using.
  Also, where is the SNMP coming from in your acl ? if it is the x.x.0.0 network the acl should be -
  permit udp x.x.0.0 0.0.255.255 eq snmp host SERVER_IP eq snmp
  etc..
  Jon

• Core Data: "Allows external storage" for Transformable type?

  When I create a Core Data attribute, and set its type to "Transformable", the "Allows external storage" option is unavailable. I only see it available for Binary type.
  How can I use "Allows external storage" with Transformable type?

  I wanted to post an update and let everyone know what I decided on and how well it works.
  I went with the following setup.
  eSATA Express Card
  http://www.newegg.com/Product/Product.aspx?Item=N82E16839200006
  eSATA enclousure
  http://www.newegg.com/Product/Product.aspx?Item=N82E16817173043
  eSATA drive
  http://www.newegg.com/Product/Product.aspx?Item=N82E16822136218
  All of this cost me a total of $159.57 for about 600gigs of high performance storage after being formated! I did some benchmarks and the drive is performing faster than my internal 7200rpm drive. It is not much faster but it is faster.
  So I would have to say that if you really want some fast performing drives for just about anything eSATA is probably the way to go.
  About the items,
  The eSATA card looked used when i got it. The seal was broken and the item was dirty and had finger prints on it. It was however very easy to install. I just downloaded the newest drivers from rosewill.com plugged it in and it worked.
  The hard disk enclosure seems well made and was a breeze to setup and install. It also does usb 2.0 if you need it. It has as a big cooling fan and includes a usb and sata cable as well as a eSATA bracket for your desktop pc.
  All in all a great buy. So thank you again for all the info

• Can I transfer single files both ways from external usb drive to internal ssd drive?

  I just installed an ssd 240g in a mac pro and put the old 500 hd to the usb port for backup . how can I access individual files from the external storage to the internal ? I can sign in only one a HD at a time now.

  My guess is that you cloned the hard drive to the SSD, correct? In that case you can still view both drives at a time. Just plug in your external hard drive, open Finder, and look for it on the left-hand side of the window (called the sidebar). Click on it once you have found it, and you should be good to go!

• Allow IPSEC traffic thru 871?

  I am using Cisco 871's with Advanced IP Sec IOS for remote offices. I need to allow IPSEC traffic to pass thru the 871 to establish a client IPSEC tunnel. The client VPN software is Nortel's Contivity VPN.
  How can I allow IPSEC traffic to pass thru the 871?

  If you are initiating vpn client connectivity from behind the 871 to outside you need to allow through the IPsec ports udp 500, udp 4500 and protocol 50 esp. I don't know Nortel's vpn client but Im sure they follow the Ipsec security standards.
  try this on your 871 router.
  access-list 101 permit udp any any eq 500 log
  access-list 101 permit udp any any eq 4500 log
  access-list 101 permit esp any any log
  apply acl-101 to your outbound interface
  access-group 101 in
  HTH
  Jorge

• How to configure the mac mini to allow the clients to access both partitions...the client will only see the one we are logged into at the server???

  if possible??? how do we configure the mac mini to allow the clients to access both partitions...the client will only see the one we are logged into at the server???

  You have to explicitly share directories on external/secondary volumes.
  Use the Server admin app to configure file sharing, and select which directory/directories on the second drive you want to share, then they'll be available to clients.

• Accessing internal tables at runtime.

  Hi all,
  I am writing a code where in i have to transfer data from excel to database table.
  Iam getting the excel data in an itab. Can anybody help me with how to access internal tables at runtime ?
  i am using the following code with sy-tabix. here, when the sy-tabix is odd it picks up the value,
  but i want that within the same loop when i increment sy-tabix by 1, then it should fetch the second column of same row. But its not working as it shows an error that it does not permit subfield access.
  the code is as follows:
  LOOP AT t_tab[] into wa_tab .
    data: l_tabix type sy-tabix,
          name_index type sy-tabix.
          data: c type i.
          l_tabix = sy-tabix.
          name_index = l_tabix+1.
          c = ( l_tabix mod 2 ).
  ******to check if sy-tabix is odd**********
         if c ne 0.
           READ TABLE t_tab into wa_tab index l_tabix.
           wa_product1-product = wa_tab-VALUE.
  ************incrementing sy-tabix*************
           READ TABLE t_tab into wa_tab index name_index. (here it shows error)
           wa_product1-product_name = wa_tab-value.
         endif.
    endloop.
  Thanks in advance.

  Hi Omer,
  Copy and paste this code.
  =====================================
  REPORT ztest_create_data_dynamic .
  TYPE-POOLS: slis.
  DATA: it_fcat TYPE slis_t_fieldcat_alv,
  is_fcat LIKE LINE OF it_fcat.
  DATA: it_fieldcat TYPE lvc_t_fcat,
  is_fieldcat LIKE LINE OF it_fieldcat.
  DATA: new_table TYPE REF TO data.
  DATA: new_line TYPE REF TO data.
  FIELD-SYMBOLS: <l_table> TYPE ANY TABLE,
  <l_line> TYPE ANY,
  <l_field> TYPE ANY.
  Build fieldcat
  CALL FUNCTION 'REUSE_ALV_FIELDCATALOG_MERGE'
  EXPORTING
  i_structure_name = 'SYST'
  CHANGING
  ct_fieldcat = it_fcat[].
  LOOP AT it_fcat INTO is_fcat WHERE NOT reptext_ddic IS initial.
  MOVE-CORRESPONDING is_fcat TO is_fieldcat.
  is_fieldcat-fieldname = is_fcat-fieldname.
  is_fieldcat-ref_field = is_fcat-fieldname.
  is_fieldcat-ref_table = is_fcat-ref_tabname.
  APPEND is_fieldcat TO it_fieldcat.
  ENDLOOP.
  Create a new Table
  CALL METHOD cl_alv_table_create=>create_dynamic_table
  EXPORTING
  it_fieldcatalog = it_fieldcat
  IMPORTING
  ep_table = new_table.
  Create a new Line with the same structure of the table.
  ASSIGN new_table->* TO <l_table>.
  CREATE DATA new_line LIKE LINE OF <l_table>.
  ASSIGN new_line->* TO <l_line>.
  Test it...
  DO 30 TIMES.
  ASSIGN COMPONENT 'SUBRC' OF STRUCTURE <l_line> TO <l_field>.
  <l_field> = sy-index.
  INSERT <l_line> INTO TABLE <l_table>.
  ENDDO.
  LOOP AT <l_table> ASSIGNING <l_line>.
  ASSIGN COMPONENT 'SUBRC' OF STRUCTURE <l_line> TO <l_field>.
  WRITE <l_field>.
  ENDLOOP.

• I can connect my cisco mobile vpn but can't ping & access internal IP

  Hi somebody,
  i've configured mobile vpn configuration in cisco 7200 with GNS3. i can connect VPN to my cisco router with cisco vpn client software from outside. but i can't ping to internal ip and can't access internal resources.
  My Internal IP is 192.168.1.x . And IP for mobile VPN client from outside is 172.60.1.x.
  Your advise will be appreciate.
  here is my configuration with cisco 7200 in GNS 3,
  OfficeVPN_Router#sh run
  Building configuration...
  Current configuration : 2186 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname OfficeVPN_Router
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$E0Gz$U8UzNtHOXy2CeoEFj30by0
  aaa new-model
  aaa authentication login userlist local
  aaa authorization network grouplist local
  aaa session-id common
  ip cef
  no ip domain lookup
  username asm privilege 15 password 0 pncsadmin
  username user privilege 15 password 0 pncsadmin
  username user1 privilege 15 password 0 pncsadmin
  username cisco123 secret 5 $1$lCOc$Db.e8AFd/0f02ZI4/aeV./
  crypto isakmp policy 10
  encr aes
  authentication pre-share
  group 2
  crypto isakmp client configuration group MWG
  key cisco
  dns 165.21.83.88
  pool vpnpool
  acl 101
  netmask 255.255.0.0
  crypto ipsec transform-set myset esp-aes esp-sha-hmac
  crypto dynamic-map dynmap 10
  set transform-set myset
  reverse-route
  crypto map mymap client authentication list userlist
  crypto map mymap isakmp authorization list grouplist
  crypto map mymap client configuration address initiate
  crypto map mymap client configuration address respond
  crypto map mymap 10 ipsec-isakmp dynamic dynmap
  interface FastEthernet0/0
  no ip address
  shutdown
  duplex half
  interface FastEthernet1/0
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex full
  speed 100
  interface FastEthernet1/1
  ip address 200.200.200.200 255.255.255.0
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map mymap
  ip local pool vpnpool 172.60.1.10 172.60.1.100
  no ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 200.200.200.201
  no ip http server
  no ip http secure-server
  ip nat inside source list 111 interface FastEthernet1/1 overload
  access-list 101 permit ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
  access-list 111 deny   ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
  access-list 111 permit ip any any
  control-plane
  gatekeeper
  shutdown
  line con 0
  exec-timeout 0 0
  password cisco123
  logging synchronous
  stopbits 1
  line aux 0
  stopbits 1
  line vty 0 4
  password cisco123
  end
  OfficeVPN_Router#sh ver
  Cisco IOS Software, 7200 Software (C7200-A3JK9S-M), Version 12.4(25), RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by Cisco Systems, Inc.
  Compiled Tue 21-Apr-09 18:50 by prod_rel_team
  ROM: ROMMON Emulation Microcode
  BOOTLDR: 7200 Software (C7200-A3JK9S-M), Version 12.4(25), RELEASE SOFTWARE (fc2)
  OfficeVPN_Router uptime is 30 minutes
  System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
  System image file is "tftp://255.255.255.255/unknown"
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Cisco 7206VXR (NPE400) processor (revision A) with 245760K/16384K bytes of memory.
  Processor board ID 4279256517
  R7000 CPU at 150MHz, Implementation 39, Rev 2.1, 256KB L2 Cache
  6 slot VXR midplane, Version 2.1
  Last reset from power-on
  PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth points.
  Current configuration on bus mb0_mb1 has a total of 600 bandwidth points.
  This configuration is within the PCI bus capacity and is supported.
  PCI bus mb2 (Slots 2, 4, 6) has a capacity of 600 bandwidth points.
  Current configuration on bus mb2 has a total of 0 bandwidth points
  This configuration is within the PCI bus capacity and is supported.
  Please refer to the following document "Cisco 7200 Series Port Adaptor
  Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
  for c7200 bandwidth points oversubscription and usage guidelines.
  3 FastEthernet interfaces
  125K bytes of NVRAM.
  65536K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
  8192K bytes of Flash internal SIMM (Sector size 256K).
  Configuration register is 0x2102
  OfficeVPN_Router#

  Dear Javier ,
  Thanks for your info. i already tested as you say. but still i can't use & ping to my internal IP which is behind cisco VPN router. i posted my config file.
  OfficeVPN_Router(config)#ip access-list resequence 111 10 10
  OfficeVPN_Router(config)#do sh run
  Building configuration...
  Current configuration : 2201 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname OfficeVPN_Router
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$E0Gz$U8UzNtHOXy2CeoEFj30by0
  aaa new-model
  aaa authentication login userlist local
  aaa authorization network grouplist local
  aaa session-id common
  ip cef
  no ip domain lookup
  username asm privilege 15 password 0 pncsadmin
  username user privilege 15 password 0 pncsadmin
  username user1 privilege 15 password 0 pncsadmin
  username cisco123 secret 5 $1$lCOc$Db.e8AFd/0f02ZI4/aeV./
  crypto isakmp policy 10
  encr aes
  authentication pre-share
  group 2
  crypto isakmp client configuration group MWG
  key cisco
  dns 165.21.83.88
  pool vpnpool
  acl 101
  netmask 255.255.0.0
  crypto ipsec transform-set myset esp-aes esp-sha-hmac
  crypto dynamic-map dynmap 10
  set transform-set myset
  reverse-route
  crypto map mymap client authentication list userlist
  crypto map mymap isakmp authorization list grouplist
  crypto map mymap client configuration address initiate
  crypto map mymap client configuration address respond
  crypto map mymap 10 ipsec-isakmp dynamic dynmap
  interface FastEthernet0/0
  no ip address
  shutdown
  duplex half
  interface FastEthernet1/0
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex full
  speed 100
  interface FastEthernet1/1
  ip address 200.200.200.200 255.255.255.0
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map mymap
  ip local pool vpnpool 172.60.1.10 172.60.1.100
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 200.200.200.201
  no ip http server
  no ip http secure-server
  ip nat inside source list 111 interface FastEthernet1/1 overload
  access-list 101 permit ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
  access-list 111 deny   ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
  access-list 111 permit ip 192.168.1.0 0.0.0.255 any
  control-plane
  gatekeeper
  shutdown
  line con 0
  exec-timeout 0 0
  password cisco123
  logging synchronous
  stopbits 1
  line aux 0
  stopbits 1
  line vty 0 4
  password cisco123
  end