Asa 8.2 access files share on outside network from VPN Client.
please help me
I have cisco asa 5505 with 8.2
outside is 111.22.200.51
inside is 192.168.1.0/24 dhcp
vpnpool is 192.168.10.1-192.168.10.30
configured split tunnel to vpn client to access web
I was able to connect from outside via vpn.
Goal is access fileserver(on window) on 111.22.200.21 from vpn clients.
internal client can access the share folder
vpn client cannot access ther share on 111.22.200.21
============================
names
name 192.168.1.1 ciscogw
name 111.21.200.1 umgw
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
switchport access vlan 5
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 5
interface Ethernet0/6
switchport access vlan 5
interface Ethernet0/7
switchport access vlan 5
interface Vlan1
nameif inside
security-level 100
ip address ciscogw 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 111.22.200.51 255.255.255.0
interface Vlan5
no nameif
security-level 50
ip address dhcp setroute
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns server-group DefaultDNS
domain-name vpn.nmecsc.org
access-list RAteam_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.192
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.10.1-192.168.10.30 mask 255.255.255.224
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 111.22.200.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
quit
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.1.5-192.168.1.50 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd wins 111.22.210.65 111.22.210.61 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
group-policy DfltGrpPolicy attributes
banner value WARNING: Unauthorized access to this system is forbidden and will be prosecuted by law. By accessing this system, you agree that your actions may be monitored if unauthorized usage is suspected.
group-policy RA_SSLVPN internal
group-policy RA_SSLVPN attributes
vpn-tunnel-protocol webvpn
webvpn
url-list value team
group-policy RAteam internal
group-policy RAteam attributes
wins-server value 111.22.210.65
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RAteam_splitTunnelAcl
default-domain value vpn.nmecsc.org
username teamssl2 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
username teamssl2 attributes
vpn-group-policy RA_SSLVPN
username team2 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
username team2 attributes
vpn-group-policy RAteam
username teamssl1 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
username teamssl1 attributes
vpn-group-policy RA_SSLVPN
username team1 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
username team1 attributes
vpn-group-policy RAteam
tunnel-group team type remote-access
tunnel-group team general-attributes
default-group-policy RA_SSLVPN
tunnel-group team webvpn-attributes
group-alias team enable
group-url https://111.22.200.51/team enable
tunnel-group RAteam type remote-access
tunnel-group RAteam general-attributes
address-pool vpnpool
default-group-policy RAteam
tunnel-group RAteam ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
Cryptochecksum:680b9059ca6ca6610857bab04d855031
I just upgrade asa to 9.3
add access-list but still no luck. I attached the diagram.
name 192.168.1.1 ciscogw
ip local pool vpnpool 192.168.10.1-192.168.10.50 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address ciscogw 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 111.22.200.51 255.255.255.0
boot system disk0:/asa923-k8.bin
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_26
subnet 192.168.10.0 255.255.255.192
access-list ipsec_group_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list ipsec_group_splitTunnelAcl standard permit host 111.22.200.21
access-list ipsec_group_splitTunnelAcl standard permit 111.22.200.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-731-101.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.10.0_26 NETWORK_OBJ_192.168.10.0_26 no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 111.22.200.1 1
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
tunnel-group-list enable
group-policy ssl_vpn internal
group-policy ssl_vpn attributes
vpn-tunnel-protocol ssl-clientless
webvpn
url-list value carino
group-policy DfltGrpPolicy attributes
group-policy ipsec_group internal
group-policy ipsec_group attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ipsec_group_splitTunnelAcl
Similar Messages
-
Accessing file shares from JSP
Hi,
I need to be able to access file shares from a JSP page. Here's the JSP code:
<%@ page language="java" %>
<%@ page import="java.io.*" %>
<%@ page errorPage="errorPage.jsp" %>
<%
String fileSystemPath = "\\\\130.26.1.199\\MeetingManager30\\test.txt";
File f = new File(fileSystemPath);
f.createNewFile();
%>The above code resides in a server with IP 130.9.68.6 and is deployed onto the Tomcat on the server.
When I tried to run the above code, I got this error
java.io.IOException: Access is denied at java.io.WinNTFileSystem.createFileExclusively(Native Method) at java.io.File.createNewFile(File.java:827) at org.apache.jsp.test_jsp._jspService
(test_jsp.java:55) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service
(JspServletWrapper.java:210) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2422) at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171) at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:163)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:199) at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:833) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processCon
nection(Http11Protocol.java:711) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:687) at java.lang.Thread.run(Thread.java:536) Seems like I'm having a system level security setting problem here.
I know it's a security issue, because I've encountered the equivalent problem in ASP/IIS, and I had to give a domain user rights to both the IIS Virtual Directory, and the file share to be able to access.
Any ideas how to set up Tomcat to be able to access the file share successfully?
Thanks in advance!Hello Veer,
From what you have posted it looks like while logging your error another problem occurred. Did you get any output from your System.out calls? If not can you try adding a few in order to home in the problem area.
Hussein Badakhchani
www.orbism.com -
How to view and access files on my iBook G3 from another iMac
**Hello, everybody on this excelent forum. I need to know how to use my Firewire conection, to view and access files in my iBook G3, from another iMac G3, both are OK in working good condition. I put this question because some days ago a Mac expert fix to me the access in my recent SwapMeet second hand aqcired iMac G3, without the original last owner password.
this person are egoistic, and DoNot show me how he use the Firewire do this job.
Thank You: Eduardo from NorthWest Mexico.Hello, Niel, Thank You very Much for your fast and kindly responce.
the next monday I'll buy a new FireWire cable to test the metod you tell me.
Again thanks and best regards from NW-Mexico.
Eduardo -
Can't access any shares on the network
Hi,
As the topic says, I can't access any shares on the network. I've tried connecting to a Iomega NAS, Windows 7 laptop, and a macMini. In the "Shared" list in finder im able to see all the shares, I'm able to click them and see the folders they share, but when I try to open one of the folders I get an error, no matter which share it is:
+"The operation can’t be completed because the original item for “<folder name>” can’t be found."+
The shares can all access each other, and they can access my folders. I just can't access any folder on the network.
I got a mac pro with osx 10.6.2 and have all the latest updates.
How can I solve this problem?
Thanks.Well, try this (I was able to fix my with these steps):
Go Utilities > Disk Utility
Select your Startup Disk, e.g. Macintosh HD
Then, under the First Aid Tab, click Verify Disk Permissions.
If there are errors, then click repair Disk Permissions.
After it is done, restart the computer and see if your problem is resolved.
I hope this help.
Zeke
www.ZekeYuen.com/blog/ -
How do you access files on your time capsule from your mac?
how do you access files on your time capsule from your mac?
i had an old macbook pro that i had all the pictures on and i backed it up to my time capsule through time machine. i got a new macbook pro retina display recently and im wanting to see if i can get some of the pictures off of my time capsule now but i dont want all of them.
-
Accessing the same stateful session bean from multiple clients in a clustered environment
I am trying to access the same stateful session bean from multiple
clients. I also want this bean to have failover support so we want to
deploy it in a cluster. The following description is how we have tried
to solve this problem, but it does not seem to be working. Any
insight would be greatly appreciated!
I have set up a cluster of three servers. I deployed a stateful
session bean with in memory replication across the cluster. A client
obtains a reference to an instance of one of these beans to handle a
request. Subsequent requests will have to use the same bean and could
come from various clients. So after using the bean the first client
stores the handle to the bean (actually the replica aware stub) to be
used by other clients to be able to obtain the bean. When another
client retrieves the handle gets the replica aware stub and makes a
call to the bean the request seems to unpredictably go to any of the
three servers rather than the primary server hosting that bean. If the
call goes to the primary server everything seems to work fine the
session data is available and it gets backed up on the secondary
server. If it happens to go to the secondary server a bean that has
the correct session data services the request but gives the error
<Failed to update the secondary copy of a stateful session bean from
home:ejb20-statefulSession-TraderHome>. Then any subsequent requests
to the primary server will not reflect changes made on the secondary
and vice versa. If the request happens to go to the third server that
is not hosting an instance of that bean then the client receives an
error that the bean was not available. From my understanding I thought
the replica aware stub would know which server is the primary host for
that bean and send the request there.
Thanks in advance,
Justin
If 'allow-concurrent-call' does exactly what you need, then you don't have a problem,
do you?
Except of course if you switch ejb containers. Oh well.
Mike
"FBenvadi" <[email protected]> wrote:
>I've got the same problem.
>I understand from you that concurrent access to a stateful session bean
>is
>not allowed but there is a
>token is weblogic-ejb-jar.xml that is called 'allow-concurrent-call'
>that
>does exactly what I need.
>What you mean 'you'll get a surprise when you go to production' ?
>I need to understand becouse I can still change the design.
>Thanks Francesco
>[email protected]
>
>"Mike Reiche" <[email protected]> wrote in message
>news:[email protected]...
>>
>> Get the fix immediately from BEA and test it. It would be a shame to
>wait
>until
>> December only to get a fix - that doesn't work.
>>
>> As for stateful session bean use - just remember that concurrent access
>to
>a stateful
>> session bean is not allowed. Things will work fine until you go to
>production
>> and encounter some real load - then you will get a surprise.
>>
>> Mike
>>
>> [email protected] (Justin Meyer) wrote:
>> >I just heard back from WebLogic Tech Support and they have confirmed
>> >that this is a bug. Here is their reply:
>> >
>> >There is some problem in failover of stateful session beans when its
>> >run from a java client.However, it is fixed now.
>> >
>> >The fix will be in SP2 which will be out by december.
>> >
>> >
>> >Mike,
>> >Thanks for your reply. I do infact believe we are correctly using
>a
>> >stateful session bean however it may have been misleading from my
>> >description of the problem. We are not accessing the bean
>> >concurrently from 2 different clients. The second client will only
>> >come into play if the first client fails. In this case we want to
>be
>> >able to reacquire the handle to our stateful session bean and call
>it
>> >from the secondary client.
>> >
>> >
>> >Justin
>> >
>> >"Mike Reiche" <[email protected]> wrote in message
>news:<[email protected]>...
>> >> You should be using an entity bean, not a stateful session bean
>for
>> >this application.
>> >>
>> >> A stateful session bean is intended to be keep state (stateful)
>for
>> >the duration
>> >> of a client's session (session).
>> >>
>> >> It is not meant to be shared by different clients - in fact, if
>you
>> >attempt to
>> >> access the same stateful session bean concurrently - it will throw
>> >an exception.
>> >>
>> >> We did your little trick (storing/retrieving handle) with a stateful
>> >session bean
>> >> on WLS 5.1 - and it did work properly - not as you describe. Our
>sfsb's
>> >were not
>> >> replicated as yours are.
>> >>
>> >> Mike
>> >>
>> >> [email protected] (Justin Meyer) wrote:
>> >> >I am trying to access the same stateful session bean from multiple
>> >> >clients. I also want this bean to have failover support so we want
>> >to
>> >> >deploy it in a cluster. The following description is how we have
>tried
>> >> >to solve this problem, but it does not seem to be working. Any
>> >> >insight would be greatly appreciated!
>> >> >
>> >> >I have set up a cluster of three servers. I deployed a stateful
>> >> >session bean with in memory replication across the cluster. A client
>> >> >obtains a reference to an instance of one of these beans to handle
>> >a
>> >> >request. Subsequent requests will have to use the same bean and
>could
>> >> >come from various clients. So after using the bean the first client
>> >> >stores the handle to the bean (actually the replica aware stub)
>to
>> >be
>> >> >used by other clients to be able to obtain the bean. When another
>> >> >client retrieves the handle gets the replica aware stub and makes
>> >a
>> >> >call to the bean the request seems to unpredictably go to any of
>the
>> >> >three servers rather than the primary server hosting that bean.
>If
>> >the
>> >> >call goes to the primary server everything seems to work fine the
>> >> >session data is available and it gets backed up on the secondary
>> >> >server. If it happens to go to the secondary server a bean that
>has
>> >> >the correct session data services the request but gives the error
>> >> ><Failed to update the secondary copy of a stateful session bean
>from
>> >> >home:ejb20-statefulSession-TraderHome>. Then any subsequent requests
>> >> >to the primary server will not reflect changes made on the secondary
>> >> >and vice versa. If the request happens to go to the third server
>that
>> >> >is not hosting an instance of that bean then the client receives
>an
>> >> >error that the bean was not available. From my understanding I
>thought
>> >> >the replica aware stub would know which server is the primary host
>> >for
>> >> >that bean and send the request there.
>> >> >
>> >> >Thanks in advance,
>> >> >Justin
>>
>
>
-
Accessing File Shares Over NAT
Hello,
I am working with a client that set up a new sub net that uses hide NAT. When I try to access a file share on a server in a different sub net, I can only browse for a few seconds and then an error such as "Server service not started" or "network
name no longer available" appears, and I can't browse folders on that server anymore (it has Server 2003 SP2). Netmon found that the connection was constantly being reset. If I reconfigure the same client (XP SP3) with it's original unNATed IP address,
everything works fine, and the Windows firewall is disabled on both the server and client. Is there a trick to get CIFS or SMB or whatever to work over hide NAT?
Thanks!Hi,
SMB uses a single session for a pair of IPs and all file transfer between these 2 IPs are made over this session. This makes the file transfer more efficient over the network. On the flip side, since only one SMB session is maintained, clients coming through
NAT will have problems since all these clients are presented as a single IP to the server. With SMB, only a single session will be maintained and thus there is nothing unique for each client. This breaks the communication.
We will need to use NetBIOS over TCPIP in place of SMB. This can be achieved by:
1. Disabling SMB on the server or on all the client machines by setting the registry:
Name: SMBDeviceEnabled
Type: REG_DWORD
Value: 0
The location of the registry key is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. You may have to create this if not already existing.
2. Block TCP port 445 for the segment accessing shares through NAT
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected] -
Access Denied trying to access file shares with correct credentials
I am getting the Access Denied message when trying to connect to network shares from Windows 10 (9926)
When trying to access a network share, I get the username and password prompt, and it always fails.
Using the same credentials on a Windows 8.1 machine to connect to the same shares and it will work.
Shares can be hosted on Windows Server 2012 R2, Windows 8.1, Linux Samba, NAS, or even \\127.0.0.1 and all will fail with the same message.
But you can access the shares hosted on the the windows 10 machine from other remote machines.
Credentials have been entered in the format of: domain\username,
machinename\username, and just username
All machines are on the same workgroup\domain
NOTE: Typing in an invalid machine name will also bring up the credential prompt.
I.e. entering \\QWERTY will still ask you for your username and password and fail immediately.
The same shares worked in the version before 9926
Peter Taylor
Red Planet Programming LtdI have the same problem, and I figured out that my windows is installed in french, and every users groups are created in french also, groups like Everyone don't exists and i can't change by console.
Regards, Roberto Borges please remember to mark the replies as answers if they help and unmark them if they provide no help. -
Why won't my mac file share with my network?
I want to share my files throughout my home network, but my mac computer is the only one that is causing trouble. My other windows computers and the USB drive connected to my router is working fine. Whenever I try to look for these devices through the network folder on my mac computer, it just sits there and no other devices appear. On any other computer, they will show up within 5 seconds. I have let it sit for 5 minutes and I nothing has found up.
How can I get these computers and usb drive to show up. This mac has been resisting me the whole way when it comes to network.OS X: How to connect with File Sharing using SMB
-
Access Files on My Samsung Continuum from my Mac
Hello,
How can I access my files on my Samsung Continuum from my mac computer?
Samsung says that my device cannot be mounted:
http://ars.samsung.com/customer/usa/jsp/faqs/faqs_view_us1.jsp?PAGE_GBN=faqs_search&SITE_ID=22&PG_ID=0&AT_ID=342136&PROD_SUB_ID=0&PROD_ID=561
Does anyone have any other ideas of how to download/access the SD card?
thanks,Good morning andrewiskandar,
The Samsung continuum comes with an 8GB pre-installed microSD memory card. Is this the card we are working with? Also, if your Mac states that it accepts the card version that you posted, then you may need a memory card adaptor to the standard SD memory card format. Once you have the adaptor, the pc or Mac will recognize the memory card. On the pc, the card will come up as an add'l drive in "My computer". On the Mac, an icon will appear on the desktop to represent the memory card. Once the computers recognize the memory card, you can manipulate and transfer media on either platform. I hope I didn't overwhelm you with too much info.
Good luck... -
Unable to access secondary subnet from VPN client
Please can someone help with the following; I have an ASA 5510 running v8.4(3)9 and have setup a remote user VPN using the Cisco VPN client v5.0.07.0410 which is working appart from the fact that I cannot access resources on a secondary subnet.
The setup is as follows:
ASA inside interface on 192.168.10.240
VPN clients on 192.168.254.x
I can access reources on the 192.168.10 subnet but not any other subnets internally, I need to specifically allow access to the 192.168.20 subnet, but I cannot figure out how to do this please advise, the config is below: -
Result of the command: "show startup-config"
ASA Version 8.4(3)9
hostname blank
domain-name
enable password encrypted
passwd encrypted
names
dns-guard
interface Ethernet0/0
nameif outside
security-level 0
ip address 255.255.255.224
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.240 255.255.255.0
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 10.10.10.253 255.255.255.0
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa843-9-k8.bin
boot system disk0:/asa823-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 194.168.4.123
name-server 194.168.8.123
domain-name nifcoeu.com
object network obj-192.168.0.0
subnet 192.168.0.0 255.255.255.0
object network obj-192.168.5.0
subnet 192.168.5.0 255.255.255.0
object network obj-192.168.10.0
subnet 192.168.10.0 255.255.255.0
object network obj-192.168.100.0
subnet 192.168.100.0 255.255.255.0
object network obj-192.168.254.0
subnet 192.168.254.0 255.255.255.0
object network obj-192.168.20.1
host 192.168.20.1
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj_any-01
subnet 0.0.0.0 0.0.0.0
object network obj-0.0.0.0
host 0.0.0.0
object network obj_any-02
subnet 0.0.0.0 0.0.0.0
object network obj-10.10.10.1
host 10.10.10.1
object network obj_any-03
subnet 0.0.0.0 0.0.0.0
object network obj_any-04
subnet 0.0.0.0 0.0.0.0
object network obj_any-05
subnet 0.0.0.0 0.0.0.0
object network NS1000_EXT
host 80.4.146.133
object network NS1000_INT
host 192.168.20.1
object network SIP_REGISTRAR
host 83.245.6.81
object service SIP_INIT_TCP
service tcp destination eq sip
object service SIP_INIT_UDP
service udp destination eq sip
object network NS1000_DSP
host 192.168.20.2
object network SIP_VOICE_CHANNEL
host 83.245.6.82
object service DSP_UDP
service udp destination range 6000 40000
object service DSP_TCP
service tcp destination range 6000 40000
object network 20_range_subnet
subnet 192.168.20.0 255.255.255.0
description Voice subnet
object network 25_range_Subnet
subnet 192.168.25.0 255.255.255.0
description VLAN 25 client PC devices
object-group network ISP_NAT
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service SIP_INIT tcp-udp
port-object eq sip
object-group service DSP_TCP_UDP tcp-udp
port-object range 6000 40000
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.254.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object 20_range_subnet 192.168.254.0 255.255.255.0
access-list Remote-VPN_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list Remote-VPN_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list 100 extended permit object-group TCPUDP object SIP_REGISTRAR object NS1000_INT object-group SIP_INIT
access-list 100 extended permit object-group TCPUDP object SIP_VOICE_CHANNEL object NS1000_DSP object-group DSP_TCP_UDP
access-list 100 extended permit ip 62.255.171.0 255.255.255.224 any
access-list 100 extended permit icmp any any echo-reply inactive
access-list 100 extended permit icmp any any time-exceeded inactive
access-list 100 extended permit icmp any any unreachable inactive
access-list 100 extended permit tcp any host 10.10.10.1 eq ftp
access-list 100 extended permit tcp any host 10.10.10.1 eq ftp-data
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool VPN-Pool 192.168.254.1-192.168.254.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
asdm history enable
arp timeout 14400
nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.5.0 obj-192.168.5.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-192.168.10.0 obj-192.168.10.0 destination static obj-192.168.100.0 obj-192.168.100.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-192.168.10.0 obj-192.168.10.0 destination static obj-192.168.254.0 obj-192.168.254.0 no-proxy-arp route-lookup
nat (outside,inside) source static SIP_REGISTRAR SIP_REGISTRAR destination static interface NS1000_INT service SIP_INIT_TCP SIP_INIT_TCP
nat (outside,inside) source static SIP_REGISTRAR SIP_REGISTRAR destination static interface NS1000_INT service SIP_INIT_UDP SIP_INIT_UDP
object network obj_any
nat (inside,outside) dynamic interface
object network obj_any-01
nat (inside,outside) dynamic obj-0.0.0.0
object network obj_any-02
nat (inside,DMZ) dynamic obj-0.0.0.0
object network obj-10.10.10.1
nat (DMZ,outside) static 80.4.146.134
object network obj_any-03
nat (DMZ,outside) dynamic obj-0.0.0.0
object network obj_any-04
nat (management,outside) dynamic obj-0.0.0.0
object network obj_any-05
nat (management,DMZ) dynamic obj-0.0.0.0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 80.4.146.129 1
route inside 192.168.20.0 255.255.255.0 192.168.10.254 1
route inside 192.168.25.0 255.255.255.0 192.168.10.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.10.0 255.255.255.0 inside
http 192.168.25.0 255.255.255.0 inside
http 62.255.171.0 255.255.255.224 outside
http 192.168.254.0 255.255.255.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=
crl configure
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 2f0e024d
quit
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
quit
crypto isakmp identity address
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh 62.255.171.0 255.255.255.224 outside
ssh 192.168.254.0 255.255.255.0 outside
ssh 192.168.10.0 255.255.255.0 inside
ssh 192.168.25.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
vpn-sessiondb max-other-vpn-limit 250
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.168.10.6 source inside prefer
webvpn
group-policy Remote-VPN internal
group-policy Remote-VPN attributes
wins-server value 192.168.10.21 192.168.10.22
dns-server value 192.168.10.21 192.168.10.22
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Remote-VPN_splitTunnelAcl
default-domain value
username blank password blank encrypted privilege 0
username blank attributes
vpn-group-policy Remote-VPN
username blank password encrypted privilege 0
username blank attributes
vpn-group-policy Remote-VPN
tunnel-group Remote-VPN type remote-access
tunnel-group Remote-VPN general-attributes
address-pool VPN-Pool
default-group-policy Remote-VPN
tunnel-group Remote-VPN ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect ip-options
inspect sip
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
contact-email-addr
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:b8263c5aa7a6a4d9cb08368c042ea236Your config was missing a no-nat between your "192.168.20.0" and "obj-192.168.254.0"
So, if you look at your config there is a no-nat for inside subnet "obj-192.168.10.0" as shown below.
nat (inside,any) source static obj-192.168.10.0 obj-192.168.10.0 destination static obj-192.168.254.0 obj-192.168.254.0
So all you have to do is create a no-nat for your second subnet, like I showed you before, the solution was already there on your config but I guess you over looked at it.
I hope that helps.
Thanks
Rizwan Rafeek -
Can't access internal network from VPN using PIX 506E
Hello,
I seem to be having an issue with my PIX configuration. I can ping the VPN client from the the internal network, but can cannot access any resources from the vpn client. My running configuration is as follows:
Building configuration...
: Saved
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password N/JZnmeC2l5j3YTN encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname SwantonFw2
domain-name *****.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list outside_access_in permit icmp any any
access-list allow_ping permit icmp any any echo-reply
access-list allow_ping permit icmp any any unreachable
access-list allow_ping permit icmp any any time-exceeded
access-list INSIDE-IN permit tcp interface inside interface outside
access-list INSIDE-IN permit udp any any eq domain
access-list INSIDE-IN permit tcp any any eq www
access-list INSIDE-IN permit tcp any any eq ftp
access-list INSIDE-IN permit icmp any any echo
access-list INSIDE-IN permit tcp any any eq https
access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.255.0 192.168.240.0 255.255.255.0
access-list swanton_splitTunnelAcl permit ip any any
access-list outside_cryptomap_dyn_20 permit ip any 192.168.240.0 255.255.255.0
no pager
mtu outside 1500
mtu inside 1500
ip address outside 192.168.1.150 255.255.255.0
ip address inside 192.168.0.35 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPN_Pool 192.168.240.1-192.168.240.254
pdm location 0.0.0.0 255.255.255.0 outside
pdm location 192.168.1.26 255.255.255.255 outside
pdm location 192.168.240.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
access-group outside_access_in in interface outside
access-group INSIDE-IN in interface inside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
isakmp enable outside
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup swanton address-pool VPN_Pool
vpngroup swanton dns-server 192.168.1.1
vpngroup swanton split-tunnel swanton_splitTunnelAcl
vpngroup swanton idle-time 1800
vpngroup swanton password ********
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.0.36-192.168.0.254 inside
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
username scott password hwDnqhIenLiwIr9B encrypted privilege 15
username norm password ET3skotcnISwb3MV encrypted privilege 2
username tarmbrecht password Zre8euXN6HxXaSdE encrypted privilege 2
username jlillevik password 9JMTvNZm3dLhQM/W encrypted privilege 2
username ruralogic password 49ikl05C8VE6k1jG encrypted privilege 15
username bzeiter password 1XjpdpkwnSENzfQ0 encrypted privilege 2
username mwalla password l5frk9obrNMGOiOD encrypted privilege 2
username heavyfab1 password 6.yy0ys7BifWsa9k encrypted privilege 2
username heavyfab3 password 6.yy0ys7BifWsa9k encrypted privilege 2
username heavyfab2 password 6.yy0ys7BifWsa9k encrypted privilege 2
username djet password wj13fSF4BPQzUzB8 encrypted privilege 2
username cmorgan password y/NeUfNKehh/Vzj6 encrypted privilege 2
username cmayfield password Pe/felGx7VQ3I7ls encrypted privilege 2
username jeffg password zQEQceRITRrO4wJa encrypted privilege 2
terminal width 80
Cryptochecksum:9005f35a85fa5fe31dab579bbb1428c8
: end
[OK]
Any help will be greatly appreciatedBj,
Are you trying to access network resources behind the inside interface?
ip address inside 192.168.0.35 255.255.255.0
If so, please make the following changes:
1- access-list SWANTON_VPN_SPLIT permit ip 192.168.0.0 255.255.255.0 192.168.240.0 255.255.255.0
2- no vpngroup swanton split-tunnel swanton_splitTunnelAcl
vpngroup swanton split-tunnel SWANTON_VPN_SPLIT
3- no access-list outside_cryptomap_dyn_20 permit ip any 192.168.240.0 255.255.255.0
4- isakmp nat-traversal 30
Let me know how it goes.
Portu.
Please rate any helpful posts -
ASA5505 I cannot reach to an outside network from a branch office
My customer has a HQ office and many Branch offices. In the HQ there is an ASA5510 configured as a default gateway, From HQ customer must access to internet (everythig works fine), from Inside LAN should reach to anyway including special services like Credit Card service provider and others (it works fine). From Branch offices must reach Inside LAN hosts (it works fine), from Branch Offices must reach DMZ (it works fine), from branch offices should reach CC Service provider and here's the point of this Q, From almost all branch offices they reach CCSP fine but branch offices where an ASA5505 is installed (Offices that reach CCSP have a RV042 installed or a TPlink ER6120 installed) but offices with ASA just can ping to LAN side of CCSP's router.
I think ASA5505 conf is an opened door configuration. Here's the 5505 configuration and also attached the network diagram. Some one can help pleaseHi,
Are the branch offices connected to the HQ through some ISP MPLS network since I do not see any L2L VPN configurations on the ASA5505?
I presume this is the case. Since you say that the connections between Branch Office (with ASA5505) and HQ LAN work fine it should tell us that there should be no routing problems between those networks.
The diagram possibly also suggests that all the Branch Office connections come to your HQ network through the same Router at the edge so if other Branc Offices connections CCSP work then there should be no routing problem between the Branch Offices and the CCSP (atleast regarding your part of the network)
Now, some questions.
Does the ISR Router forward traffic destined to CCSP directly to the Router at 192.168.2.249 ?
Does the Router with the connection to the CCSP use the Internet to reach the CCSP or is there somekind of dedicated connection between these networks?
If the Router towards CCSP uses Internet then does it lack some NAT configurations for the source network 192.168.27.0/24? Does it perhaps lack a route towards the network 192.168.27.0/24? Or is there any possible errors in the configurations (wrong gateway IP or network mask somewhere?)
Is there any ACLs configured on the Router that has the connection to the CCSP that might block traffic?
Does the CCSP have all the required routing information to pass traffic towards the network 192.168.27.0/24? (If were talking about a dedicated connection and not traffic through the Internet) Have they allowed traffic from the mentioned network 192.168.27.0/24 to their servers/network?
Have you taken "packet-tracer" output from the ASA5505 to confirm that the ASA configurations allow the traffic and dont drop it for some reason?
For example
packet-tracer input inside tcp 192.168.27.100 12345 193.168.1.100 80
You can modify the IP addresses (source/destination) and the used destination port and protocol to match the connections that are actually attempted.
Have you monitored the connections on the ASA when users attempt them? This should atleast tell you why they are failing or give a hint. You could also configure traffic capture on the ASA5505 if you wanted to make sure if any traffic was coming from the CCSP towards this ASA (return traffic for connection attempt)
Hope this helps :)
Let me know if I missunderstood the situation wrong somehow.
- Jouni -
Accessing file shares on Vista
No matter what I do I cannot access an administrative share that is located on Vista from my Mac. I can explicitly share a folder and it works just fine but admin shares just give me the generic "Could not connect to server...".
Anyone else notice this issue? Know of a fix??Hi,
SMB uses a single session for a pair of IPs and all file transfer between these 2 IPs are made over this session. This makes the file transfer more efficient over the network. On the flip side, since only one SMB session is maintained, clients coming through
NAT will have problems since all these clients are presented as a single IP to the server. With SMB, only a single session will be maintained and thus there is nothing unique for each client. This breaks the communication.
We will need to use NetBIOS over TCPIP in place of SMB. This can be achieved by:
1. Disabling SMB on the server or on all the client machines by setting the registry:
Name: SMBDeviceEnabled
Type: REG_DWORD
Value: 0
The location of the registry key is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. You may have to create this if not already existing.
2. Block TCP port 445 for the segment accessing shares through NAT
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected] -
Smb was working under 10.9.1. Now smb and usning the finder I get "connection failed". Both of my NAS are not out when i am using my mac book pro thru the wifi connection. Is any one else have the same problem?
Same story here - smb:// worked under 10.9.1, but the Update 10.9.2 broke it.
Some facts:
Mac Book Pro Retina 2012
Network connection is over WLAN (The connection is very stable and no issues else where)
The issue seems to be caused when there are larger files (> 500MB) in the share
smb:// works for shares with lots of folders but only small files in them
smb:// and cifs:// are both almost unusable
smb:// shows a blank screen for ages- Finder will eventually hang up
cifs:// will connect fast (wow!), but the connection is very unstable for larger files
The funny part is, that Mavericks (pre 10.9.2) was the first OS X which fixed most SMB issues of its predecessor. (SMB2 was somwhat slow, but quite usable) Now, I can not really use my Mac to work...
Moral of the story, I think I will switch to Ubuntu 14 when it is released in April - it should support HDPI Displays.
Maybe you are looking for
-
Add a link to an image in iBooks?
Is this possible? I can't seam to add any links to an image that I placed in the document.
-
Error in JMS communicatin channel while deleivering to WMQ server
How to check whether a node in Adapter engine is having messaging service active? I am having one of the JMS receiver node having error : "Message processing failed. Cause: com.sap.aii.af.ra.ms.api.RecoverableException: Connector for ConnectionProfi
-
Brand new macbook loses wirelessconnection when have connection only 1 bar.
I just bought my macbook yesterday.It connects to my wireless but i have to type in the wep password everytime and if i put it in sleep mode it won't reconnect. Only connects again once it's shut down. Also, when it is connected it's not strong only
-
ITunes 11.01 on Windows 8 audio will not sync with video
I have a new computer that is running Windows 8, and I have had no issues with iTunes 11.01 thus far on it other than the fact that when playing videos, the audio will not sync up with the video. With the ineptitude that seems to define Apple as of l
-
Downloaded Yosemite and now can't open photoshop on Mac Book Pro?
I have downloaded Yosemite on MacBook Pro and now can't open photoshop. I have updated Java but still no help. Anyone know anything about this please?