ASA 5555x default TCP normalizer settings
Greetings, I am trying to find what is the default actions of the TCP normalizer in the ASA 5555x (9.1(3)). I can see in packet captures that the ASA is stripping some option flags (SACK) and I am also wondering if it is dropping none conforming packets etc etc. So far my research has shown that only specific traffic from specific systems is being stripped, in my case storage replication traffic. Thanks for any details, I am also going to open a TAC case and I will update this thread. Cheers!
You find much on the defaults in the config-gude:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/conns_connlimits.html#pgfId-1090664
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/conns_connlimits.html#53790
Similar Messages
-
%ASA-7-710005: TCP request discarded error in Client to Site VPN in CISCO ASA 5510
Hi Friends,
I'm trying to built client to site VPN in CISCO ASA 5510 8.4(4) and getting below error while connecting cisco VPN client software. Also, I'm getting below log in ASA. Please help me to reslove.
Error in CISCO VPN Client Software:
Secure VPN Connection Terminated locally by the client.
Reason : 414 : Failed to establish a TCP connection.
Error in CISCO ASA 5510
%ASA-7-710005: TCP request discarded from <Public IP> /49276 to outside:<Outside Interface IP of my ASA> /10000
ASA Configuration:
XYZ# sh run
: Saved
ASA Version 8.4(4)
hostname XYZ
domain-name XYZ
enable password 3uLkVc9JwRA1/OXb level 3 encrypted
enable password R/x90UjisGVJVlh2 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
nameif outside_rim
security-level 0
ip address 1.1.1.1 255.255.255.252
interface Ethernet0/1
duplex full
nameif XYZ_DMZ
security-level 50
ip address 172.1.1.1 255.255.255.248
interface Ethernet0/2
speed 100
duplex full
nameif outside
security-level 0
ip address 2.2.2.2 255.255.255.252
interface Ethernet0/3
speed 100
duplex full
nameif inside
security-level 100
ip address 3.3.3.3 255.255.255.224
interface Management0/0
shutdown
no nameif
no security-level
no ip address
boot system disk0:/asa844-k8.bin
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
domain-name XYZ
object network obj-172.17.10.3
host 172.17.10.3
object network obj-10.1.134.0
subnet 10.1.134.0 255.255.255.0
object network obj-208.75.237.0
subnet 208.75.237.0 255.255.255.0
object network obj-10.7.0.0
subnet 10.7.0.0 255.255.0.0
object network obj-172.17.2.0
subnet 172.17.2.0 255.255.255.0
object network obj-172.17.3.0
subnet 172.17.3.0 255.255.255.0
object network obj-172.19.2.0
subnet 172.19.2.0 255.255.255.0
object network obj-172.19.3.0
subnet 172.19.3.0 255.255.255.0
object network obj-172.19.7.0
subnet 172.19.7.0 255.255.255.0
object network obj-10.1.0.0
subnet 10.1.0.0 255.255.0.0
object network obj-10.2.0.0
subnet 10.2.0.0 255.255.0.0
object network obj-10.3.0.0
subnet 10.3.0.0 255.255.0.0
object network obj-10.4.0.0
subnet 10.4.0.0 255.255.0.0
object network obj-10.6.0.0
subnet 10.6.0.0 255.255.0.0
object network obj-10.9.0.0
subnet 10.9.0.0 255.255.0.0
object network obj-10.11.0.0
subnet 10.11.0.0 255.255.0.0
object network obj-10.12.0.0
subnet 10.12.0.0 255.255.0.0
object network obj-172.19.1.0
subnet 172.19.1.0 255.255.255.0
object network obj-172.21.2.0
subnet 172.21.2.0 255.255.255.0
object network obj-172.16.2.0
subnet 172.16.2.0 255.255.255.0
object network obj-10.19.130.201
host 10.19.130.201
object network obj-172.30.2.0
subnet 172.30.2.0 255.255.255.0
object network obj-172.30.3.0
subnet 172.30.3.0 255.255.255.0
object network obj-172.30.7.0
subnet 172.30.7.0 255.255.255.0
object network obj-10.10.1.0
subnet 10.10.1.0 255.255.255.0
object network obj-10.19.130.0
subnet 10.19.130.0 255.255.255.0
object network obj-XXXXXXXX
host XXXXXXXX
object network obj-145.248.194.0
subnet 145.248.194.0 255.255.255.0
object network obj-10.1.134.100
host 10.1.134.100
object network obj-10.9.124.100
host 10.9.124.100
object network obj-10.1.134.101
host 10.1.134.101
object network obj-10.9.124.101
host 10.9.124.101
object network obj-10.1.134.102
host 10.1.134.102
object network obj-10.9.124.102
host 10.9.124.102
object network obj-115.111.99.133
host 115.111.99.133
object network obj-10.8.108.0
subnet 10.8.108.0 255.255.255.0
object network obj-115.111.99.129
host 115.111.99.129
object network obj-195.254.159.133
host 195.254.159.133
object network obj-195.254.158.136
host 195.254.158.136
object network obj-209.164.192.0
subnet 209.164.192.0 255.255.224.0
object network obj-209.164.208.19
host 209.164.208.19
object network obj-209.164.192.126
host 209.164.192.126
object network obj-10.8.100.128
subnet 10.8.100.128 255.255.255.128
object network obj-115.111.99.130
host 115.111.99.130
object network obj-10.10.0.0
subnet 10.10.0.0 255.255.0.0
object network obj-115.111.99.132
host 115.111.99.132
object network obj-10.10.1.45
host 10.10.1.45
object network obj-10.99.132.0
subnet 10.99.132.0 255.255.255.0
object-group network Serversubnet
network-object 10.10.1.0 255.255.255.0
network-object 10.10.5.0 255.255.255.192
object-group network XYZ_destinations
network-object 10.1.0.0 255.255.0.0
network-object 10.2.0.0 255.255.0.0
network-object 10.3.0.0 255.255.0.0
network-object 10.4.0.0 255.255.0.0
network-object 10.6.0.0 255.255.0.0
network-object 10.7.0.0 255.255.0.0
network-object 10.11.0.0 255.255.0.0
network-object 10.12.0.0 255.255.0.0
network-object 172.19.1.0 255.255.255.0
network-object 172.19.2.0 255.255.255.0
network-object 172.19.3.0 255.255.255.0
network-object 172.19.7.0 255.255.255.0
network-object 172.17.2.0 255.255.255.0
network-object 172.17.3.0 255.255.255.0
network-object 172.16.2.0 255.255.255.0
network-object 172.16.3.0 255.255.255.0
network-object host 10.50.2.206
object-group network XYZ_us_admin
network-object 10.3.1.245 255.255.255.255
network-object 10.5.33.7 255.255.255.255
network-object 10.211.5.7 255.255.255.255
network-object 10.3.33.7 255.255.255.255
network-object 10.211.3.7 255.255.255.255
object-group network XYZ_blr_networkdevices
network-object 10.200.10.0 255.255.255.0
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.21
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.22
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
access-list XYZ_PAT extended permit ip 10.19.130.0 255.255.255.0 any
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.159.133
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.158.136
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 any
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 209.164.192.0 255.255.224.0
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.208.19
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.192.126
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
access-list nonat extended permit ip object-group Serversubnet object-group XYZ_destinations
access-list nonat extended permit ip 10.10.1.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list nonat extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
access-list nonat extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list Guest_PAT extended permit ip 10.8.108.0 255.255.255.0 any
access-list Cacib extended permit ip 10.8.100.128 255.255.255.128 145.248.194.0 255.255.255.0
access-list Cacib_PAT extended permit ip 10.8.100.128 255.255.255.128 any
access-list New_Edge extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list XYZ_global extended permit ip 10.7.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
access-list XYZ_global extended permit ip 172.17.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.17.3.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.3.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.7.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.2.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.3.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.4.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.6.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.9.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.11.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.12.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.1.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.21.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.16.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.2.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.3.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.7.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
access-list XYZ_global extended permit ip object-group Serversubnet object-group XYZ_destinations
access-list XYZ_global extended permit ip object-group XYZ_destinations object-group Serversubnet
access-list ML_VPN extended permit ip host 115.111.99.129 209.164.192.0 255.255.224.0
access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.208.19
access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.192.126
access-list Da_VPN extended permit ip host 10.9.124.100 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.101 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.102 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.100 10.125.81.0 255.255.255.0
access-list Da_VPN extended permit ip host 10.9.124.101 10.125.81.0 255.255.255.0
access-list Da_VPN extended permit ip host 10.9.124.102 10.125.81.0 255.255.255.0
access-list Sr_PAT extended permit ip 10.10.0.0 255.255.0.0 any
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.86.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.86.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.86.46
access-list XYZ_reliance extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list coextended permit ip host 2.2.2.2 host XXXXXXXX
access-list coextended permit ip host XXXXXXXXhost 2.2.2.2
access-list ci extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list ci extended permit ip 208.75.237.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list acl-outside extended permit ip host 57.66.81.159 host 172.17.10.3
access-list acl-outside extended permit ip host 80.169.223.179 host 172.17.10.3
access-list acl-outside extended permit ip any host 172.17.10.3
access-list acl-outside extended permit tcp any host 10.10.1.45 eq https
access-list acl-outside extended permit tcp any any eq 10000
access-list acl-outside extended deny ip any any log
pager lines 10
logging enable
logging buffered debugging
mtu outside_rim 1500
mtu XYZ_DMZ 1500
mtu outside 1500
mtu inside 1500
ip local pool XYZ_c2s_vpn_pool 172.30.10.51-172.30.10.254
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
no asdm history enable
arp timeout 14400
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-208.75.237.0 obj-208.75.237.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.7.0.0 obj-10.7.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.2.0 obj-172.17.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.3.0 obj-172.17.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.2.0 obj-172.19.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.3.0 obj-172.19.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.7.0 obj-172.19.7.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.3.0.0 obj-10.3.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.4.0.0 obj-10.4.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.6.0.0 obj-10.6.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.9.0.0 obj-10.9.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.11.0.0 obj-10.11.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.12.0.0 obj-10.12.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.1.0 obj-172.19.1.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.21.2.0 obj-172.21.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.16.2.0 obj-172.16.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.2.0 obj-172.30.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.3.0 obj-172.30.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.7.0 obj-172.30.7.0 no-proxy-arp route-lookup
nat (inside,any) source static Serversubnet Serversubnet destination static XYZ_destinations XYZ_destinations no-proxy-arp route-lookup
nat (inside,any) source static obj-10.10.1.0 obj-10.10.1.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-XXXXXXXX obj-XXXXXXXX no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-145.248.194.0 obj-145.248.194.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-10.1.134.100 obj-10.9.124.100
nat (inside,outside) source static obj-10.1.134.101 obj-10.9.124.101
nat (inside,outside) source static obj-10.1.134.102 obj-10.9.124.102
nat (inside,outside) source dynamic obj-10.8.108.0 interface
nat (inside,outside) source dynamic obj-10.19.130.0 obj-115.111.99.129
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.159.133 obj-195.254.159.133
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.158.136 obj-195.254.158.136
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.0 obj-209.164.192.0
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.208.19 obj-209.164.208.19
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.126 obj-209.164.192.126
nat (inside,outside) source dynamic obj-10.8.100.128 obj-115.111.99.130
nat (inside,outside) source dynamic obj-10.10.0.0 obj-115.111.99.132
nat (inside,outside) source static obj-10.10.1.45 obj-115.111.99.133
nat (inside,outside) source dynamic obj-10.99.132.0 obj-115.111.99.129
object network obj-172.17.10.3
nat (XYZ_DMZ,outside) static 115.111.99.134
access-group acl-outside in interface outside
route outside 0.0.0.0 0.0.0.0 115.111.23.129 1
route outside 0.0.0.0 0.0.0.0 115.254.127.130 10
route inside 10.10.0.0 255.255.0.0 10.8.100.1 1
route inside 10.10.1.0 255.255.255.0 10.8.100.1 1
route inside 10.10.5.0 255.255.255.192 10.8.100.1 1
route inside 10.8.100.128 255.255.255.128 10.8.100.1 1
route inside 10.8.108.0 255.255.255.0 10.8.100.1 1
route inside 10.19.130.0 255.255.255.0 10.8.100.1 1
route inside 10.99.4.0 255.255.255.0 10.99.130.254 1
route inside 10.99.132.0 255.255.255.0 10.8.100.1 1
route inside 10.1.134.0 255.255.255.0 10.8.100.1 1
route outside 208.75.237.0 255.255.255.0 115.111.23.129 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set vpn2 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn6 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set vpn5 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn7 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set vpn4 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn1 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn_reliance esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set c2s_vpn esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 86400
crypto dynamic-map dyn1 1 set ikev1 transform-set c2s_vpn
crypto dynamic-map dyn1 1 set reverse-route
crypto map vpn 1 match address XYZ
crypto map vpn 1 set peer XYZ Peer IP
crypto map vpn 1 set ikev1 transform-set vpn1
crypto map vpn 1 set security-association lifetime seconds 3600
crypto map vpn 1 set security-association lifetime kilobytes 4608000
crypto map vpn 2 match address NE
crypto map vpn 2 set peer NE_Peer IP
crypto map vpn 2 set ikev1 transform-set vpn2
crypto map vpn 2 set security-association lifetime seconds 3600
crypto map vpn 2 set security-association lifetime kilobytes 4608000
crypto map vpn 4 match address ML_VPN
crypto map vpn 4 set pfs
crypto map vpn 4 set peer ML_Peer IP
crypto map vpn 4 set ikev1 transform-set vpn4
crypto map vpn 4 set security-association lifetime seconds 3600
crypto map vpn 4 set security-association lifetime kilobytes 4608000
crypto map vpn 5 match address XYZ_global
crypto map vpn 5 set peer XYZ_globa_Peer IP
crypto map vpn 5 set ikev1 transform-set vpn5
crypto map vpn 5 set security-association lifetime seconds 3600
crypto map vpn 5 set security-association lifetime kilobytes 4608000
crypto map vpn 6 match address Da_VPN
crypto map vpn 6 set peer Da_VPN_Peer IP
crypto map vpn 6 set ikev1 transform-set vpn6
crypto map vpn 6 set security-association lifetime seconds 3600
crypto map vpn 6 set security-association lifetime kilobytes 4608000
crypto map vpn 7 match address Da_Pd_VPN
crypto map vpn 7 set peer Da_Pd_VPN_Peer IP
crypto map vpn 7 set ikev1 transform-set vpn6
crypto map vpn 7 set security-association lifetime seconds 3600
crypto map vpn 7 set security-association lifetime kilobytes 4608000
crypto map vpn interface outside
crypto map vpn_reliance 1 match address XYZ_rim
crypto map vpn_reliance 1 set peer XYZ_rim_Peer IP
crypto map vpn_reliance 1 set ikev1 transform-set vpn_reliance
crypto map vpn_reliance 1 set security-association lifetime seconds 3600
crypto map vpn_reliance 1 set security-association lifetime kilobytes 4608000
crypto map vpn_reliance interface outside_rim
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto isakmp identity address
no crypto isakmp nat-traversal
crypto ikev1 enable outside_rim
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28800
crypto ikev1 policy 2
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 4
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28000
crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.8.100.0 255.255.255.224 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy XYZ_c2s_vpn internal
username testadmin password oFJjANE3QKoA206w encrypted
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXXtype ipsec-l2l
tunnel-group XXXXXXXXipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XYZ_c2s_vpn type remote-access
tunnel-group XYZ_c2s_vpn general-attributes
address-pool XYZ_c2s_vpn_pool
tunnel-group XYZ_c2s_vpn ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect ip-options
service-policy global_policy global
privilege show level 3 mode exec command running-config
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command crypto
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:caa7476cd348ed89b95d37d4e3c9e1d8
: end
XYZ#Thanks Javier.
But i have revised the VPN confuration. Below are the latest configs. with this latest configs. I'm getting username & password screen while connecting cisco vpn client software. once we entered the login credential. it shows "security communication channel" then it goes to "not connected" state. Can you help me to fix this.
access-list ACL-RA-SPLIT standard permit host 10.10.1.3
access-list ACL-RA-SPLIT standard permit host 10.10.1.13
access-list ACL-RA-SPLIT standard permit host 10.91.130.201
access-list nonat line 1 extended permit ip host 10.10.1.3 172.30.10.0 255.255.255.0
access-list nonat line 2 extended permit ip host 10.10.1.13 172.30.10.0 255.255.255.0
access-list nonat line 3 extended permit ip host 10.91.130.201 172.30.10.0 255.255.255.0
ip local pool CO-C2S-VPOOL 172.30.10.51-172.30.10.254 mask 255.255.255.0
group-policy CO-C2S internal
group-policy CO-C2S attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list vlauel ACL-RA-SPLIT
dns-server value 10.10.1.3
tunnel-group TUN-RA-SPLIT type remote-access
tunnel-group TUN-RA-SPLIT general-attributes
default-group-policy CO-C2S
address-pool CO-C2S-VPOOL
tunnel-group TUN-RA-SPLIT ipsec-attributes
pre-shared-key sekretk3y
username ra-user1 password passw0rd1 priv 1
group-policy CO-C2S internal
group-policy CO-C2S attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list vlauel ACL-RA-SPLIT
dns-server value 10.10.1.3
tunnel-group TUN-RA-SPLIT type remote-access
tunnel-group TUN-RA-SPLIT general-attributes
default-group-policy CO-C2S
address-pool CO-C2S-VPOOL
tunnel-group TUN-RA-SPLIT ipsec-attributes
pre-shared-key *********
username ******* password ******** priv 1
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set 3DES
crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
crypto isakmp identify address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encr 3des
hash sha
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set 3DES
crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
crypto map vpn interface outside
crypto isakmp identify address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encr 3des
hash sha
group 1
lifetime 3600 -
Configure DNS & Search Domains in TCP/IP Settings via Terminal?
HI Folks,
I've been having a long standing battle trying to find out what is wrong with my machine, it's been running like a dog for a while and having recently added 2 new Macs to our network i recall that there was a setting missing - namely within the TCP/IP settings for the Built In Ethernet, the DNS Servers and Search Domains are not configured on my machine, but are on the new ones i've added (mine was my new foray into Macs so i maybe set it up wrong!)
However the main problem occurs when i try to edit the settings for the above from within System Preferences -> Network, i get a spinning beach ball of doom and have to Force Quit. Yet oddly i can access the setting fine when i am at home and not connected to the AD of the Windows Server Environment... which makes me think the events could be linked.... i thought it may have been Parallels and it's NAT settings, but given that all works perfectly at home i'm not so sure. Hence, as a process of elimination i'd like to try and get the correct settings for Search Domain etc to see if it helps, before i flatten the machine and reinstall Tiger completely!
The main issues i've been having with the machine can be found here:
http://discussions.apple.com/thread.jspa?threadID=854009&tstart=0
Thanks
Scott
MBP 2.0Ghz, 2Gb RAM, 100Gb 7200rpm Mac OS X (10.4.9) ParallelsHi Phil (and others!)
I opted for the easy choice, which did work... and have added the Search Domain info etc whilst at home... and touch wood today things seem to be working better, i can easily access network preferences etc and have had no hanging apps as yet...
I did try and use different locations for work and home, but sadly i ended up with a spinning beach ball of doom when i tried to change the location at work, so it was a slightly pointless exercise!!!
The lookupd -configuration printout is as follows (no idea if it's useful in any way!)
ConfigSource: default
LookupOrder: Cache NI DS
MaxIdleServers: 4
MaxIdleThreads: 2
MaxThreads: 64
TimeToLive: 43200
Timeout: 30
ValidateCache: YES
ValidationLatency: 15
configname: Global Configuration
LookupOrder: Cache FF DNS NI DS
configname: Host Configuration
LookupOrder: Cache FF NI DS
configname: Service Configuration
LookupOrder: Cache FF NI DS
configname: Protocol Configuration
LookupOrder: Cache FF NI DS
configname: Rpc Configuration
TimeToLive: 60
ValidateCache: NO
configname: Group Configuration
TimeToLive: 300
ValidateCache: NO
configname: Initgroup Configuration
LookupOrder: Cache FF DNS NI DS
configname: Network Configuration
Thanks
Scott
MBP 2.0Ghz, 2Gb RAM, 100Gb 7200rpm Mac OS X (10.4.9) Parallels -
I have a MacBook Pro. My mac can detect wifi. But will not connect anywhere. I did get connected via TCP/IP settings but I can't connect to any wifi anywhere. Network diagnostic has a green light for wi-fi and wi-fi settings. Red light for the rest. (Network settings, ISP, Internet and server.)
Hello NotAppleSavy,
Thanks for the question. After reviewing your post, it sounds like the computer wont connect to networks. I see you have used network diagnostic. I would recommend that you read this article, there are a lot of other things you can do in this article that may be able to help you resolve or isolate the issue.
Wi-Fi: How to troubleshoot Wi-Fi connectivity
Thanks for using Apple Support Communities.
Have a nice day,
Mario -
No internet access using manual TCP/IP settings after 10.4.6
I stopped being able to access the internet with manual TCP/IP settings in the Network Preferences after updating from 10.4.5 -> 10.4.6.
When I change settings to use DHCP everything works fine, but I need to get the manual settings working as I use them quite often when configuring/setting-up routers.
This happens with both the AirPort and Ethernet interfaces, so it doesn't matter which interface I use to connect through.
My network Locations with manual TCP/IP settings have worked fine with 10.4.5, under the same networking hardware (routers, cables, etc...).
This occurs both at home (with my Linksys wireless router) and at work (with a DrayTek router).
At home, this problem occurs with both my PB12 and my wife's iBook12, after the 10.4.6 update was applied.
At work, all Windows laptops can connect to the internet using manual TCP/IP settings, but not my PB12.
Example of my settings:
- IP: 192.168.1.99
- Mask: 255.255.255.0
- Router: 192.168.0.1
- DNS: <empty>
- Domains: <empty>
Already tried, without success:
- verified disk -> no errors found on disk!
- repaired permissions, using Disk Utility, rebooted and tested -> no connection!
- tried with DNS=192.168.0.1 -> no connection!!
- tried with DNS=[my ISP primary dns] -> still nothing!!!
- even tried reapplying the combo update 10.4.5 -> of course, it didn't let me, as I'm now in 10.4.6!
Any thoughts or ideas to fix it and make it work in 10.4.6?
... other than archive&install, in order to downgrade!
PB12'' @ 1,33 GHz w/ 768MB RAM Mac OS X (10.4.6)Yes, buy I also state in my original post that I:
- tried with DNS=[my ISP primary dns] -> still nothing!!!
but yes, I probably should have titled it "No network access using..." (posting as 4:30 AM was probably not the best idea :D)
I understand I might have been a bit clumpsy posting my problem and appreciate everyone's corrections to what I wrote, but trust me that I have done a lot of tests and spent many hours on this... Bear in mind that I am using a network Location with manual definitions that was working before the update!
Anyway, as it happens, the likely culprit now seems to be more of a 3rd party software's inability to deal with 10.4.6 rather than the 10.4.6 itself!
I've disabled/unistalled/turnned off/deleted (depending on the app) anything NOT Apple that had anything to do with networking, be it for monitoring, controlling or managing (just to name a few: Little Snitch, Menu Meters, BrickHouse, etc, etc, etc...).
The Location with the manual settings is now working fine (at least at the office).
Over the next week or so I'll incrementaly re-install those 3rd party tools (which were most likely not up-to-date anyway) and see if something breaks at some point... but won't put much effort into it -- just happy to see it working again!
I'm closing this for now, as I don't have any more time for it (work is pilling up!)... If I manage to find out which version/app combination was causing the problem I'll post it back here! -
TCP/IP settings for airport card
ok, first off...please take it easy on me...i'm a windows guy but am close to purchasing a mac for my girlfriend and also have an iPhone so please understand that i love macs, just don't know too much about them..yet
i have a need to set TCP/IP settings for an airport card when the mac connects to a specific SSID (Peanut Gang). the problem is due to the fact that when macs connect to a linksys WRE54G wireless repeater, they do not obtain the TCP/IP info. you can go into system prefs -> network and renew the lease and it obtains the info but i've been asked to "automate" this process.
ok, i'm not sure if it's possible but when i saw the "automator" section here i thought i would ask. i know how i could do it through scripting on a windows machine but i digress, ha!
thanksYou may want to ask this over in the "Networking" group.
Also clarify whether you're having these issues with a mac you have, or just what.
Might want to specify what kind of mac is having this problem, too.
And be ready to explain just what you're asking when you say:"need to set TCP/IP settings for an airport card when the mac connects to a specific SSID"
There are some pretty good blokes in that discussion group.
welcome -
Early 08 MBPro-TCP/IP settings are not saved
On my home wireless network I have MAC address filtering enabled and broadcast SSID disabled. All MAC addresses are entered in the router's filter. An early 08 MBPro does not retain network settings for Verizon router on the network. When I look at the TCP/IP settings in network prefs I see they are nothing like other computers on my home network. If I click "assist me" then "diagnostics" in Airport setup I get walked through a process which allows me to choose the network I want to join. There is a list of available networks which does not include mine (since SSID is disabled) and a button which allows me to choose closed network, which I take. After entering my network's ID and WEP password I finally get connected and get a message that my connection is OK. Problem is, when I put the computer to sleep or restart I can't reconnect and the old settings which don't work reappear. It appears that the TCP/IP settings are not being saved. Could this be some corrupted preference of does it sound like a hardware problem? Thanks for any insights.
Message was edited by: Thomas CamilleriOdd. You may be able to repair this with the 10.5.7 Combo Update This is a fuller install, as opposed to an incremental "delta" update so it should overwrite any files that are damaged or missing. It does not matter if you have applied it before.
Remember to Verify Disk before update and repair permissions after update from /Applications/Utilities/Disk Utility.
Oh, and please be sure to re-boot your modem and router.
-mj
Message was edited by: macjack -
Missing TCP/IP settings for iPhone tethering (Bluetooth and USB)
Is it just me or Apple has completely disabled the TCP/IP settings for BT and USB connections for iPhone tethering (and possibly any other mobile devices)?
I can now only set the IP addresses and DNS server. No Proxies or WINS settings tabs.
I have also noticed that if you setup a USB tethering connection in Leopard and upgrade to Snow Leopard, the settings are still available, but NOT if you make a clean install of Snow Leopard and create a new iPhone USB tethering connection.
I always use a SOCKS5 when I'm using my tethering connection for security and better/faster connection with my manual proxy server setup. I find the new "options" in SL very limited, not only for my usage.
Screenshot here:
http://macblog.sk/files/pictures/snowleopardiphone_tethering_connectointcp.png
Message was edited by: DominikBI got this to work again (in fact, I'm tethered right now
Here are the steps I followed:
1) Upgraded to iTunes 9
2) Upgraded iPhone to OS 3.1
3) Removed device from Bluetooth Devices list on my MBP
4) Removed Bluetooth PAN from Network preferences
5) Restarted iPhone and MBP
6) Set-up iPhone as a Bluetooth Device on MBP
7) Enabled tethering on iPhone
8) Connected to iPhone network via the Bluetooth icon on my MBP menu bar
9) Verified that the blue "Internet Tethering" bar was on the iPhone
10) Manually added Bluetooth PAN to my MBP network preferences (connect show as yellow, "IP cannot be assigned" message)
11) Opened the Advanced pane and clicked the "Renew DHCP Lease" button
12) IP was assigned!
I'm not sure if the first two steps contributed to the solution or not, but these are the steps that worked for me.
Good luck to you all... -
Do you change the default RAW conversion settings?
I have used Sony (and formerly used Panasonic MFT) cameras (a900, a850) for two or three years and never had any reason to change the default RAW conversion settings. Five weeks ago I started using Sony's new a77, and for the first time am not satisfied with Aperture's default RAW conversion. (I recalibrated all my monitors -- twice -- thinking that something in my color workflow had got busted.) The default a77 RAW file conversion results in an overly-saturated, "Disneyfied" picture. I have found that by sliding "Boost" almost to zero, and cutting "Hue Boost" by half, I end up with a much more life-like, atmospheric, picture -- and one that closely matches the default rendering of RAW files from the a850 and a900.
1. Do you change the default RAW conversions settings? Why?
2. To what units, specifically, do the scales of these controls refer?
3. It seems that Hue Boost provides a range of settings that corresponds to the print settings "Perceptual" (= zero hue boost) to "Relative Colorimetric" (= full hue boost); does that make sense?
The User Manual, as usual, provides a solid concise explanation of the RAW Fine Tuning Brick.
Any experience you can share is appreciated. Thanks.
(Added:
(It seems conceptually wrong to me to have these controls be part of the RAW converter. Are there other adjustments in Aperture that do the same thing?)
--Kirby.
Message was edited by: Kirby KriegerWilliam -- many thanks for your help. I will almost certainly change the default for my a77 (as well as for the Nex-7 I used for a week).
Are there is any other adjustments mathematically similar to the "Boost" or "Hue Boost" sliders in the RAW Fine Tuning Brick? I ask for two reasons:
- Mostly I'm just trying to figure out what they do, and strengthen with knowledge my quiver of Aperture effects. According the the User Manual, they change the overall contrast, and the amount to which the hue is changed as the overall contrast is increased.
- In practice, it makes sense to me to have the RAW conversion produce the "flattest", least "effected" image possible -- to leave _aesthetic_ adjustments to me. I don't want to use the RAW Fine Tuning controls as part of my workflow; I want to know how to get the same increase in contrast and control of hues using other adjustments (that, specifically, don't require de-mosaic'ing). Apple seems to indicate that the use of the RAW Fine Tuning controls may be the best approach:
For images that consist of saturated primary and secondary colors, such as an image of flowers in a lush garden, shifting the hues to their true values has a desirable visual effect. However, this is not visually desirable for images containing skin tones.
The implication is spelled out in the sentencesthat follow: use the max setting for flowers, and the minimum setting for portraits. Isn't it odd that this recommendation is left to the RAW converter, and is buried deep in the User Manual? -
Default Optimize Image Settings?
How do I set my own default optimize jpeg settings for Image Preview in Dreamweaver CS5? Whenever I open the Image Preview window, quality is set to "82" (see image). I have already optimized my jpeg files and want them to be inserted at "100" automatically. Otherwise, transferring an existing site with over 2,000 jpegs into Dreamweaver will mean I have to reset the optimization over 2,000 times (once for each image)!
OK - I get it. Don't open the panel, don't get FW! I'm relatively new to DW, so am finding my feet. Thanks for your help.
-
Default Noise Reduction Settings
HI, i upgraded from Digital Photo Professional 3 to 4, and it looks like the "Default Noise Reduction Settings" have been removed from preferences. Is there any way to achieve a default luminance and chrominance settings of 0 in DPP4?
Thanks!I don't think so. There is nothing in the manual about, and like you, I can't see a way in preferences.
John Hoffman
Conway, NH
1D Mark IV, Rebel T5i, Pixma PRO-100, MX472 -
How do go back to my default display color settings? Just bought Spyder 3
Hello out there in Genius land...
I just purchased Spyder 3 Pro to calibrate my display monitor, but in order to do this correctly, I need to go back to my default color display settings.
I have manually calibrated my display several times in the past in the advanced mode, so I am familiar with this process, but I am unable to figure out how to go back to the default. Can't find a default option in the color settings tab.
Any assistance in this matter would be greatly appreciated.
Thanks,
AnneitaThank you for your quick response.
I just checked mine since I never changed it. It shows I have two default color >displays - Color LCD.
When I select either one, the "Delete Profile" button is grayed out. This would >indicate to me that you should also still have your "default" color profile >showing.
Hmmmm....
Good point about the grayed out "Delete Profile" button. I went back into my "Color" tab to check it out, and I have 4 different profiles listed:
- 12-30-10
- 7/29/08
- Color LCD
- Color NTSC (19530 Calibrated
When I click on each of them, they show a totally different display color.
The only one that the "Delete Profile" button is not grayed out is 12-30-10, which I made on that date. The other 3 delete buttons are grayed out. But I am thinking that my actual default may be the one that says "Color LCD" like yours.
Is that safe to assume? What do you think?
Thanks,
Anneita -
Upgrade from FWSM to ASA 5555Xs
Hello,
We would like to decommision our FWSMs and upgrade to the ASA 5555Xs. This leads me to ask the following: What would be the most efficient way of doing this without any interruption to production? Has anyone successfully acomplished this? If you have please share your experiences and caveats involved in this project.
Thanks!There will be some downtime.
1. You can configure the 5555s ahead of time off line as a failover pair with the same config as in the FWSM pair.
2. On the day of cut over. Power down the FWSMs and plug the ASAs into the network.
3. If the config is the same and same IP address is used on the ASAs then, clear the ARP cache on all adjacent L3 devices.
4. Test connectivity.
There will be slight downtime which cannot be avoided. This cannot be hitless when are you are switching platforms.
-Kureli
Checkout my breakout session at Cisco Live 2013, Orlando, Florida.
BRKSEC-2024 Deploying Next-Generation Firewall Services on the ASA
Room 314A Tuesday, June 25 3:00 PM - 4:30 PM -
Changing local TCP/IP settings via labview
Is there any means of changing the TCP/IP Settings on the local PC programaticaly. This may involve reseting the NIC instead of reseting the PC
In win2K and higher, you can use the solution I posted here.
-
AirPort Express - Keeps Defaulting to Factory Settings
Hi everybody:
I just got an AirPort Express to broadcast my broadband internet throughout my apartment.
I connected it to my cable modem by ethernet cable, created a new network in Airport Utility, and it set up just fine.
I noticed that the light on the Airport Express was flashing amber, although in the A.Utility, it showed green with a successful connection.
The Airport Express is placed directly next to my computer.
Everything was working great (for a while), and I was even able to set up another Airport Express on that same network to broadcast AirTunes in another room. That connection was successful, and the light on Airport Express #2 glowed green.
After a few hours however, I lost connection.
And in Airport Utility, the status on Airport #1 (the one used to create the new network & connected by ethernet to my modem) showed that it had been defaulted to factory settings.
I then manually reset both Airports to default settings, set up the whole configuration again by creating a whole new network, and everything worked as before (#1 flashing amber, but status good in A.Utility; #2 glowed green), but again, after a few hours lost connection #1 status showed default factory settings.
There's a good chance that I'm doing something wrong -- any ideas?
Any wisdom is greatly appreciated.Usually, if you have an amber light on the Express, there's also an amber light in AirPort Utility when you check the settings.
Click on the word "Status" to see if there are any messages in the window that opens. A flashing amber light can sometimes be a message that a firmware update is available for the AirPort Express.
Maybe you are looking for
-
Can't print scanned pdf files Xerox 3450 Adobe Pro and Reader 9
I have a user that cannot print PDF's made up of scanned images to a network printer. The job goes to the printer and spools up but hangs at either 64kb or 255kb and then errors out. Even if I print just one page, it does the same thing. Folks with A
-
A Pages file will not open due to index.xml not found, what is up with that?
I recently saved a file on Pages 5.5.2. on my IMac hard drive. Now I find that on attempting to open it the file will not open due to index.xml not found. Hoe do I correct this?
-
Applet, JFrame: Display icons in toolbar
Hello, I've a class called Designer which extends Applet. In the init method two JFrames are opened: DesignerFrame and DrawPanel. In the DesignerFrame I have a toolbar with icons. When I run the Applet in Eclipse (on my local computer) he shows the i
-
Restrict values in field catalog
hi, i am displaying some records in alv grid. i want to restrict some valus i.e in my input select options i will give range values for example student 1 to student 3 (total 6 studnts) i am calculating values and displaying it. It displayi
-
Parametering a graph in a web report
I am using a graph in a web report. I used the graph wizard from Reports to implement the XML code in a JSP file . I would like to send a parameter to this graph. The graph is based upon a querry I want to parameter ( the where instruction ). The pro