Can't Browse Web when connected to VPN

Similar Messages

• Can't send mail when connected to vpn

  I'm hooked up with a private vpn service using OpenVpn. Everything works beautifully -- except that I can't send mail (receiving is no problem) because the SMTP ports offered through Mail 4.5 (ports 25, 465, 587) are blocked by many VPN providers as an anti-spam measure. I can't use port 993 with SSL because I live in Monaco, which has one ISP -- and it does not provide or support secure email (which is one of the reasons I want the VPN).
  Is there another port I can select for SMTP, or some configuration tricks I'm missing? Thanks...:)

  Hello Brian,
  Basically this is the VPN group:
  crypto isakmp client configuration group open
   key (something)
   dns 192.168.1.1 8.8.8.8
   domain something.com
   pool SDM_POOL_1
   save-password
   backup-gateway 192.168.1.1
   max-users 5
   netmask 255.255.255.0
   banner ^Cyou have connected to the vpn-ings!.  well done!    ^
  I see that you are doing tunnel all, and you are not split tunneling on this configuration, what you can do is to use split tunnel, under this configuration as follow:
  ip access-list extended SPLIT_TUNNEL
  permit ip XXXXX XXXXX 192.168.1.0 0.0.0.255
  XXXXX --> are the inside subnets
  Then under this:
  crypto isakmp client configuration group open
  acl SPLIT_TUNNEL
  This will allow you to have access to the internal subnets through the tunnel and have access to internet through the internet connection on your computer.
  For further details take a look to this document:
  - http://www.cisco.com/c/en/us/support/docs/routers/3600-series-multiservice-platforms/91193-rtr-ipsec-internet-connect.html
  Don't use Any on your ACL statements for split tunneling purposes.
  Let me know how it works out!
  Please don't forget to rate and mark as correct the helpful Post!
  David Castro,
  Regards,

• Can't access non-VPN resources when connected to VPN

  I need to access web based resources over a VPN for work. My admin gave me the connection parameters, and I can connect to the VPN and access what I need, no problem. But when connected to VPN, I can't access websites, Subversion repositories, Skype, etc. that are not on the VPN.
  On Windows, there's a connection property on VPN connections called "Use default gateway". With that option cleared on my Windows machine, I can access both VPN and non-VPN resources simultaneously. I can't spot anything equivalent in the VPN connection in Network Preferences.
  So I guess the question is: what network settings on Mac (Snow Leopard) will enable me to access both VPN and normal resources simultaneously?

  I have found a workaround. It isn't optimal, and it's disappointing that VPN is so poorly supported on Mac. Though the specific IPs are probably applicable only to the particular VPN I connect to, maybe the general idea can be of help to others and your network admins can supply the particular IPs you need.
  1. My Admin had me open Network Preferences, select the VPN connection, click the Tools icon at the bottom, and select Set Service Order. In that dialog, move the VPN connection to the bottom of the list (my EVDO modem that gets me my internet connection is fist in the list). Apply this change.
  2. Next, my admin asked me to run the following in Terminal, once when VPN was not connected (but internet was connected), and again with VPN connected, and send him the output:
  *netstat -nr*
  3. After looking at the terminal output, admin told me to run the following in Terminal with the VPN connected:
  *sudo route add -net 10.123 -netmask 255.255.0.0 10.123.50.1*
  After disconnecting both VPN and Internet connection and reactivating each in turn (internet, then VPN), I was able to access both VPN and non-VPN resources simultaneously.
  The bad news is that every time I need to connect I have to run route add in Terminal and enter my password. I will probably make a shell script to at least run the command so I don't have to remember it.
  Here's hoping this helps if others bump into this pernicious little problem.

• Users can only connect to RD farm website and cannot remote into terminal server , when connected via VPN

  Hello,
  I have a RD farm using 3 Win 2012 servers (1 broker and 2 session host), for internal use only, have not
  configured gateway for internet access.
  Users are able to connect to RD farm website and remote into terminal server, within office
  but can only connect to RD farm website and cannot remote into terminal server , when connected via VPN
  Its takes long time at securing connection and fails.
  Thanks

  Hi,
  Thank you for your posting in Windows Server Forum.
  First of all I would suggest you to configure RD gateway role on your server and pass all the connection through it because it’s a best practice to use RD Gateway in RDS Farm. 
  Apart from this, if you are not using RD Gateway then you must check that you have successfully forwarded port 3389 for RDS to access via VPN. Also check that you have made configuration under IIS Manager to enable Forms Authentication. Please check
  this link.
  In addition, please refer beneath article for additional details.
  1. How to Access Windows Remote Desktop Over the Internet
  2. Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp
  (For reference)
  Hope it helps! 
  Thanks,
  Dharmesh

• I am trying to search the web when I click on Firefox Icon this message shows up Offline Mode Fire Fox is currently in offline mode and can not browse web how do I fix this?

  I am trying to search the web when I click on Firefox Icon this message shows up Offline Mode Fire Fox is currently in offline mode and can not browse web how do I fix this?

  Firefox does not have a built-in "Run" option on downloads for security reasons. If you "Run" an item, your anti-virus/anti-spyware may not have an opportunity to fully examine the contents until it is already installed on your hard drive. Result: damage, if infected, is already installed on your system.
  With that in mind, you can install the following add-on, but you accept the risk mentioned above ('''NOTE:''' the developer has not updated this product -- OR any of his other 7 extensions -- to be compatible beyond Firefox 3.6.x; therefore, when you upgrade to a more current version of Firefox, you may lose the functionality of the add-on if the developer does not update it.):
  *https://addons.mozilla.org/en-US/firefox/addon/opendownload/
  '''If this reply solves your problem, please click "Solved It" next to this reply when <u>signed-in</u> to the forum.'''
  Not related to your question, but...
  You need to update some plug-ins:
  *Plug-in check: https://www-trunk.stage.mozilla.com/en-US/plugincheck/
  *Adobe Shockwave for Director Netscape plug-in: [https://support.mozilla.com/en-US/kb/Using%20the%20Shockwave%20plugin%20with%20Firefox#w_installing-shockwave Installing ('''''or Updating''''') the Shockwave plugin with Firefox]
  *Adobe PDF Plug-In For Firefox and Netscape: [https://support.mozilla.com/en-US/kb/Using%20the%20Adobe%20Reader%20plugin%20with%20Firefox#w_installing-and-updating-adobe-reader Installing/Updating Adobe Reader in Firefox]
  *Shockwave Flash (Adobe Flash or Flash): [https://support.mozilla.com/en-US/kb/Managing%20the%20Flash%20plugin#w_updating-flash Updating Flash in Firefox]

• How can i access web when i am connected through a proxy?

  HI,
  I am rakesh from bangalore. I want to know how can i access web when i am connected to internet throug a proxy. are there any classes to handle this in java.net package?
  Thanking you
  Rakesh

  the URL class can also handle a proxyserver.
  URL urlobj = new URL("http", proxyhost, proxyport, url);

• Can you update apps when connected to itunes on laptop?

  can you update apps when connected to itunes on laptop?

  Yes. You can download the updates to the apps in iTunes and then sync them to the iPad while the iPad is connected to your computer. I did that last night because I had so many large app updates to do - apps that were 250MB up to 650MB in size - and it just made more sense to me to do it that way.

• Kerberos issue when connecting via VPN

  Hi,
  I am have some issues when connecting via VPN.
  The following kdc log is issued when I log via VPN
  May 02 12:12:21 ATHENA.MYDOMAIN.LAN krb5kdc[163](info): DISPATCH: repeated (retransmitted?) request from 192.168.2.5, resending previous response
  May 02 12:12:21 ATHENA.MYDOMAIN.LAN krb5kdc[163](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.2.5: UNKNOWN_SERVER: authtime 1146535939, [email protected] for ldap/[email protected], Server not found in Kerberos database
  I also have a system log May 2 12:12:21 ATHENA DirectoryService[41]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
  This logs only happen while logging through VPN.
  Any idea?
  Cheers
  Ben

  Hi,
  When using your VPN are yo using Terminal LIcense or Remote Desktop Connection?
  Please do the following to save form settings:
  1. Only 1 module should be open when using form settings.
      Close other modules that doesn't need.
  2. Close the module after changed. To make sure the settings are saved.
  3. Always close all the module before exiting SBO program, use the click FIle and Exit habit.
  4. Terminal Licensing should be use when connecting remotely.
  Thanks.
  Clint

• Can't browse web (outbound HTTP port 80) using wired Ethernet

  I just purchased a new 20" Core 2 Duo iMac today (Leopard installed) and I'm seeing a very strange problem: I can't browse the web using a wired Ethernet connection. Here are the specifics:
  - When I set up wireless ethernet w/ Airport, it works fine (outbound port 80 access is successful)
  - Going back to wired ethernet, when I pop down into a shell, I notice that outbound FTP (port 25), outbound SSH on port 15554 works fine. When I run curl (text-based web browser), it hangs. This tells me that its only port 80 that's giving me problems and nothing else. The network connection in general is fine.
  This tells me the following:
  - wireless ethernet is working fine
  - wired ethernet mostly works - all outbound TCP ports that I've tested work great. Its just the HTTP/Web port 80 that seems to be blocked.
  I went into the Security area and under Firewalls, it appears that the default configuration is set up to allow just about anything out and in.
  This is so bizzare - I thing as far as networking goes, the web access is the most important one, so I can't see Apple disabling this somehow. What gives??
  Earlier, I had set up a few user accounts for the rest of the family and set up Parental Controls on my two kids accounts. When I started noticing the outbound web access issues, I even went as far as deleting all the accounts to try to return the system as close as possible to how i received it.
  Anyone have any ideas why my outbound web access is blocked?
  Thanks,
  Ben

  I am not sure what the fix is but let me give it a try here for you. (Making sure edit works with questions 1,2,3)
  1. What version of ColdFusion Builder are you running. Are you sure you are running Beta 3?
  2. Can you access these files from your explorer window?
  3. Are you using RDS to connect to these files or the file system? (should be able to do both but that might be helpful to know which is failing.)
  4. Now the final question... by browse you might have a different issue. What version of CF server are you running? This might not be the issue but again could be if you are running developer version. If not an issue let me know and will try to hook up with you via connect to do an online screen share and help you out here.

• Possible to select self-signed certificate for client validation when connecting to VPN with EAP-TLS

  In windows 8.2, I have a VPN connection configured with PPTP as the outer protocol and EAP : "Smart card or other certificate ..." as the inner protocol. Under properties, in the "When connecting" section I've selected "Use a certificate
  on this computer" and un-checked "Use simple certificate selection".
  My preference would be to use separate self-signed certificates for all clients rather than having a common root certificate that signed all of the individual client certificates. I've tried creating the self-signed certificate both with and without the
  client authentication EKU specified, and I've added the certificate to the trusted root certificate authority store on the client. But when I attempt to connect to the VPN I can not get the self signed certificate to appear on the "Choose a certificate"
  drop down.
  Are self signed certificates supported for this use in EAP-TLS? If it makes a difference, I'm working with makecert (not working with a certificate server).
  TIA,
  -Rick

  Hi Rick,
  Thank you for your patience.
  According to your description, would you please let me know what command you were using to make a self-signed certificate by tool makecert? I would like to try to reproduce this issue. Also based on my experience, please let me
  know if the certificate has private key associated and be present in the local machine store. Hence, please move the certificate from the trusted root certificate authority store to personal store.
  Best regards,
  Steven Song
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Default Gateway when connected to VPN

  Thanks for reading!
  This is probably a dump question so bear with me...
  I have set up a VPN connection with a Cisco ASA 5505 fronting internet, with the customers environment behind it (on the same subnet), When connected ot the VPN I can reach the inside Router fronting me and one switch behind the Router (every switch is connected to the router), but nothing else.
  My beet is that the Router is messing with my connection, but,, nevermind that!, the setup ain't complete anyway... my question is more related to the Gateway I'm missing when I'm, from the outside, is connected to the VPN on the ASA, could this mess it up? Shouldn't I have a Standard-Gateway in the ipconfig settings in windows?
  This is who it looks like now:
          Anslutningsspecifika DNS-suffix . : VPNOFFICE
          IP-adress . . . . . . . . . . . . : 10.10.10.1
          Nätmask . . . . . . . . . . . . . : 255.255.255.0
          Standard-gateway  . . . . . . . . :
  The internal network is :
  172.16.12.0 255.255.255.0
  Below is my config for the ASA, thanks a lot!!!!!!!
  !FlASH PÅ ROUTERN FRÅN BÖRJAN
  !asa841-k8.bin
  hostname DRAKENSBERG
  domain-name default.domain.invalid
  enable password XXXXXXX
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 172.16.12.4 255.255.255.0
  interface Vlan10
  nameif outside
  security-level 0
  ip address 97.XX.XX.20 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 10
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  clock timezone CEST 1
  clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  access-list nonat extended permit ip 172.16.12.0 255.255.255.0 10.10.10.0 255.255.255.0
  access-list MSS_EXCEEDED_ACL extended permit tcp any any
  access-list VPN-SPLIT-TUNNEL remark VPN SPLIT TUNNEL
  access-list VPN-SPLIT-TUNNEL standard permit 172.16.12.0 255.255.255.0
  tcp-map MSS-MAP
    exceed-mss allow
  pager lines 24
  logging enable
  logging timestamp
  logging buffer-size 8192
  logging console notifications
  logging buffered notifications
  logging asdm notifications
  mtu inside 1500
  mtu outside 1500
  ip local pool VPN 10.10.10.1-10.10.10.40 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any outside
  asdm image disk0:/asdm-625-53.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list nonat
  nat (inside) 1 172.16.12.0 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 97.XX.XX.17 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  http server enable
  http 172.16.12.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 172.16.12.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  group-policy VPNOFFICE internal
  group-policy VPNOFFICE attributes
  dns-server value 215.122.145.18
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPN-SPLIT-TUNNEL
  default-domain value VPNOFFICE
  split-dns value 215.122.145.18
  msie-proxy method no-proxy
  username admin password XXXXXX privilege 15
  username Daniel password XXXXX privilege 0
  username Daniel attributes
  vpn-group-policy VPNOFFICE
  tunnel-group VPNOFFICE type remote-access
  tunnel-group VPNOFFICE general-attributes
  address-pool VPN
  default-group-policy VPNOFFICE
  tunnel-group VPNOFFICE ipsec-attributes
  pre-shared-key XXXXXXXXXX
  class-map MSS_EXCEEDED_MAP
  match access-list MSS_EXCEEDED_ACL
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect icmp error
    inspect pptp
    inspect ipsec-pass-thru
    inspect icmp
  class MSS_EXCEEDED_MAP
    set connection advanced-options MSS-MAP
  service-policy global_policy global
  privilege cmd level 3 mode exec command perfmon
  privilege cmd level 3 mode exec command ping
  privilege cmd level 3 mode exec command who
  privilege cmd level 3 mode exec command logging
  privilege cmd level 3 mode exec command failover
  privilege cmd level 3 mode exec command packet-tracer
  privilege show level 5 mode exec command import
  privilege show level 5 mode exec command running-config
  privilege show level 3 mode exec command reload
  privilege show level 3 mode exec command mode
  privilege show level 3 mode exec command firewall
  privilege show level 3 mode exec command asp
  privilege show level 3 mode exec command cpu
  privilege show level 3 mode exec command interface
  privilege show level 3 mode exec command clock
  privilege show level 3 mode exec command dns-hosts
  privilege show level 3 mode exec command access-list
  privilege show level 3 mode exec command logging
  privilege show level 3 mode exec command vlan
  privilege show level 3 mode exec command ip
  privilege show level 3 mode exec command ipv6
  privilege show level 3 mode exec command failover
  privilege show level 3 mode exec command asdm
  privilege show level 3 mode exec command arp
  privilege show level 3 mode exec command route
  privilege show level 3 mode exec command ospf
  privilege show level 3 mode exec command aaa-server
  privilege show level 3 mode exec command aaa
  privilege show level 3 mode exec command eigrp
  privilege show level 3 mode exec command crypto
  privilege show level 3 mode exec command vpn-sessiondb
  privilege show level 3 mode exec command ssh
  privilege show level 3 mode exec command dhcpd
  privilege show level 3 mode exec command vpnclient
  privilege show level 3 mode exec command vpn
  privilege show level 3 mode exec command blocks
  privilege show level 3 mode exec command wccp
  privilege show level 3 mode exec command webvpn
  privilege show level 3 mode exec command module
  privilege show level 3 mode exec command uauth
  privilege show level 3 mode exec command compression
  privilege show level 3 mode configure command interface
  privilege show level 3 mode configure command clock
  privilege show level 3 mode configure command access-list
  privilege show level 3 mode configure command logging
  privilege show level 3 mode configure command ip
  privilege show level 3 mode configure command failover
  privilege show level 5 mode configure command asdm
  privilege show level 3 mode configure command arp
  privilege show level 3 mode configure command route
  privilege show level 3 mode configure command aaa-server
  privilege show level 3 mode configure command aaa
  privilege show level 3 mode configure command crypto
  privilege show level 3 mode configure command ssh
  privilege show level 3 mode configure command dhcpd
  privilege show level 5 mode configure command privilege
  privilege clear level 3 mode exec command dns-hosts
  privilege clear level 3 mode exec command logging
  privilege clear level 3 mode exec command arp
  privilege clear level 3 mode exec command aaa-server
  privilege clear level 3 mode exec command crypto
  privilege cmd level 3 mode configure command failover
  privilege clear level 3 mode configure command logging
  privilege clear level 3 mode configure command arp
  privilege clear level 3 mode configure command crypto
  privilege clear level 3 mode configure command aaa-server
  prompt hostname context
  Cryptochecksum:aaa1f198bf3fbf223719e7920273dc2e
  : end

  I didn't realise I had that crypto settings on, thanks my bad!!!
  But... the 172.16.12.0 network is directly connected, the Router (that to be honest is a firewall) / switches is all on the same subnet (172.16.12.X/24), so sorry I didn't explain thoroughly, was more wondering about the GW and didn't want to overcomplicate things..
  The Firewall/Router dosen't do any routing, so it should work right (I you count out the firewalling in the firewall and so forth, there shouldn't be any problems accomplishing this with the ASA)? The Firewall is more a DHCP for the clients/Firwall for the clients.. this will change in the future.. it will be removed,
  the vpn network is staticly routed back to my ASA in that firewall...
  I don't like this solution.. but this is who it looks.. for now..
  (VPN network is 10.10.10.X/24)
  But... shouldn't I see a default gateway under ipconfig when I'm connected to the VPN from internet, on the vpn client that's vpned in, is this correct?
  THANKS for all the help!

• Problems accessing 1 remote desktop when connected with VPN

  Hi everyone,
  I have an ASA 5505 and have a problem where when I connect through VPN I can RDP into a server using its internal address but I cannot RDP to another server using its internal address.
  The one I can connect to has an IP of 192.168.2.10 and the one I cannot connect to has an IP of 192.168.2.11 on port 3390.
  Both rules are configured exactly the same except for the IP addresses and I cannot see why I cannot connect to this one server.
  I am also able to connect to my camera system with an IP 192.168.2.25 on port 37777 and able to ping any other device on the internal network.
  I've also tried pinging it and telneting to port 3390 with no success.
  Here is the config.
  ASA Version 8.4(4)1
  interface Ethernet0/0
  switchport access vlan 3
  interface Ethernet0/1
  interface Ethernet0/2
  switchport access vlan 2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan2
  nameif inside
  security-level 100
  ip address 192.168.2.2 255.255.255.0
  interface Vlan3
  nameif outside
  security-level 0
  ip address 10.1.1.1 255.255.255.0
  ftp mode passive
  clock timezone EST -5
  clock summer-time EDT recurring
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network CTSG-LAN-OUT
  range 10.1.1.10 10.1.1.49
  object network CTSG-LAN-IN
  subnet 192.168.2.0 255.255.255.0
  object service RDP3389
  service tcp destination eq 3389
  description To DC
  object network SERVER-IN
  host 192.168.2.10
  object network SERVER-OUT
  host 10.1.1.50
  object network CAMERA-IN-TCP
  host 192.168.2.25
  object network CAMERA-OUT
  host 10.1.1.51
  object service CAMERA-TCP
  service tcp destination eq 37777
  object network SERVER-Virt-IN
  host 192.168.2.11
  object network SERVER-Virt-OUT
  host 10.1.1.52
  object service RDP3390
  service tcp destination eq 3390
  description To VS for Master
  object network CAMERA-IN-UDP
  host 192.168.2.25
  object service CAMERA-UDP
  service udp destination eq 37778
  object network CTSG-LAN-OUT-VPN
  subnet 10.1.1.128 255.255.255.128
  object network SERVER-Virt-IN-VPN
  host 192.168.2.11
  object network SERVER-IN-VPN
  host 192.168.2.10
  object network CAMERA-IN-VPN
  host 192.168.2.25
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  access-list AnyConnect_Client_Local_Print extended deny ip any any
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
  access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
  access-list AnyConnect_Client_Local_Print remark Windows' printing port
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
  access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
  access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
  access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
  access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
  access-list inside1_access_in remark Implicit rule: Permit all traffic to less secure networks
  access-list inside1_access_in extended permit ip any any
  access-list outside_access_in extended permit object RDP3389 any host 192.168.2.10
  access-list outside_access_in extended permit object RDP3390 any host 192.168.2.11
  access-list outside_access_in extended permit object CAMERA-TCP any host 192.168.2.25
  access-list outside_access_in extended permit object CAMERA-UDP any host 192.168.2.25
  pager lines 24
  logging enable
  logging buffer-size 10240
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool RAVPN 10.1.1.129-10.1.1.254 mask 255.255.255.128
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat (inside,outside) source static SERVER-IN-VPN SERVER-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
  nat (inside,outside) source static CAMERA-IN-VPN CAMERA-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
  nat (inside,outside) source static SERVER-Virt-IN-VPN SERVER-Virt-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
  object network CTSG-LAN-IN
  nat (inside,outside) dynamic interface
  object network SERVER-IN
  nat (inside,outside) static SERVER-OUT service tcp 3389 3389
  object network CAMERA-IN-TCP
  nat (inside,outside) static CAMERA-OUT service tcp 37777 37777
  object network SERVER-Virt-IN
  nat (inside,outside) static SERVER-Virt-OUT service tcp 3390 3390
  access-group inside1_access_in in interface inside
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 10.1.1.2 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP
  -DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ca trustpoint ASDM_TrustPoint0
  enrollment terminal
  subject-name CN=SACTSGRO
  crl configure
  crypto ikev1 enable outside
  crypto ikev1 policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 120
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.2.0 255.255.255.0 inside
  telnet timeout 15
  ssh 192.168.2.0 255.255.255.0 inside
  ssh timeout 5
  ssh version 2
  ssh key-exchange group dh-group1-sha1
  console timeout 15
  dhcpd auto_config inside
  threat-detection basic-threat
  threat-detection statistics port
  threat-detection statistics protocol
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  username admin password xxxxx encrypted privilege 15
  username admin attributes
  vpn-group-policy DfltGrpPolicy
  tunnel-group CTSGRA type remote-access
  tunnel-group CTSGRA general-attributes
  address-pool RAVPN
  tunnel-group CTSGRA ipsec-attributes
  ikev1 pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:0140431e7642742a856e91246356e6a2
  : end
  Thanks for your help

  Ok,
  So you basically have configured the router so that you can connect directly to the ASA using the Cisco VPN Client. And also the objective was to in the end only allow traffic to the LAN through the VPN Client connection ONLY.
  It would seem to me to achieve that, you would only need the following NAT configurations
  VPN Client NAT0 / NAT Exempt / Identity NAT
  object network LAN
  subnet 192.168.2.0 255.255.255.0
  object network VPN-POOL
  subnet 10.1.1.128 255.255.255.128
  nat (inside,outside) source static LAN LAN destination static VPN-POOL VPN-POOL
  The purpose of the above NAT configuration is simply to tell the ASA that dont do any kind of NAT when there is traffic between the LAN network of 192.168.2.0/24 and the VPN Pool of 10.1.1.128/25. This way if you have any additional hosts on the LAN that need to be connected to, you wont have to make any form of changes to the NAT configurations for the VPN client users. You just allow the connections in the ACL (explained later below)
  Default PAT
  object-group network DEFAULT-PAT-SOURCE
  network-object 192.168.2.0 255.255.255.0
  nat (inside,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
  This configurations purpose is just to replace the earlier Dynamic PAT rule on the ASA. I guess your router will be doing the translation from the ASA "outside" interface IP address to the routers public IP address and this configuration should therefore allow normal Internet usage from the LAN.
  I would suggest removing all the other NAT configuration before adding these.
  Controlling VPN clients access to internal resources
  Also I assume that your current VPN client is configured as Full Tunnel. In other words it will tunnel all traffic to the the VPN connection while its active?
  To control the traffic coming from the VPN Client users I would suggest that you do the following
  Configure "no sysopt connection permit-vpn" This will change the ASA operation so that connections coming through a VPN connections ARE NOT allowed by default to bypass the "outside" interface ACL. Therefore after this change you can allow the connections you need in the "outside" interface ACL.
  Configure any rules you need regarding the VPN client connections to the "outside" interface ACL. Though I guess they already exist since you are connecting there without the VPN also
  I cant guarantee this with 100% certainty but it would seem to me that the above things should get you to the point where you can access the internal resources ONLY after when you have connected to the ASA through the VPN client connection. Naturally take precautions like configuration backups if you are going to do major configuration changes. Also if you are remotely managing the ASA then you also have the option to configure a timer on the ASA after which it will automatically reload. This could help in situations where a missconfiguration breaks you management connection and you have no other way to connect remotely. Then the ASA would simply reboot after the timer ran out and also reboot with the original configuration (provided you hadnt saved anything in between)
  Why are you using a different port for the other devices RDP connection? I can understand it if its used through the Internet but if the RDP connection would be used through the VPN Client only then I dont think there is no need to manipulate the default port of 3389 on the server or on the ASA.
  Also naturally if there is something on the actual server side preventing these connections then these configuration changes might not help at all.
  Let me know if I have understood something wrong
  - Jouni

• 10.6.1: Can't resolve FQDN when connecting via WLAN / Airport Base Station

  Hi everybody,
  after hours of work and having read many helpful topics in this forum (and other) I've successfully setup a Single Signon Environment for my home office. It's a dual core macmini server running 10.6.1 and only mac clients.
  The server is connected via switch to my airport extreme base station. This airport station uses PPPoE to connect to my ISP and it has the DHCP service running, handing out the clients' IP addresses. The server and the switch have all static IP addresses.
  My issue is the following:
  Whenever I connect via wifi or vpn using my MBP, I am not able to "bind" to the server (via system preferences : users : login setting) using the FQDN. The error is "can't resolve address. -2200" Instead it only finds myserver.local - and then I am able to set up my wifi connected client.
  However, when I set up the client with the .local address I am unable to get a kerberos ticket for my users. The ticket viewer says, that it can't resolve the address for myserver.mycompany.private
  I was able to get afp or ical to work on my vpn or airport connected clients when I used the server's IP address instead of a domain name - but only with kerberos turned off and with other problems.
  I've heard that if everything is configured right, the server should show up in every clients' sidebar with its FQDN and NOT the bonjour name. Right now it shows only the bonjour name - even on the clients connected via Ethernet.
  The other strange thing is that when I log into my client system I still have to authenticate with ticket viewer in order to get my kerberos ticket. Usually Single Signon should work with the login window, right?
  I really don't know what else to do. I double checked my DNS settings and everything seems ok. I entered the FQDN of the my server in the airport stations' DHCP settings as "LDAP server" - nothing changed...
  Do I need to use the server's DHCP service instead of the airport station's DHCP? And if I do this, how to I turn off airport's DHCP? It does not seem to be possible when connected via PPPoE to my ISP.
  I am unsure what to do in order to get things to work. Anybody out there who can help?

  Hi Davidh and thanks for posting!
  I had 3 DNS entries in my client's network settings - one was the server and the other 2 were from my ISP. Removing the ISP's DNS entries and keeping the server DNS IP solved my kerberos issue. Wow!
  I'd never thought that it won't work with more than the server given as DNS entries. I'll need to check this with my iPhone later, because I had a similar issue with that device yesterday when trying to connect via VPN.
  Thanks very much!
  Still one question:
  The sidebar of my clients still don't show the server's FQDN - but only its bonjour name. Is this right? I read in another forum that the client's sidebar should show the FQDN if everything is configured right.

• Panic when connecting to VPN

  Hi
  We have several users who are getting panics when connecting to our VPN from home. They are configured to use either PPTP or IPSEC (they can choose either) and it happens across multiple macbooks, though not all, and when connecting to either type of VPN.
  The panic logs show the following but my eye is drawn to what looks like a Sonnet SATA driver, which strikes me as odd. Any ideas ?
  Sun May 15 13:56:58 2011
  panic(cpu 1 caller 0x2aab59): Kernel trap at 0x01aae1e0, type 14=page fault, registers:
  CR0: 0x8001003b, CR2: 0x00000000, CR3: 0x00100000, CR4: 0x00000660
  EAX: 0x00000000, EBX: 0x00000000, ECX: 0x0054fdea, EDX: 0x447b1000
  CR2: 0x00000000, EBP: 0x52f63f28, ESI: 0x00000004, EDI: 0x00000000
  EFL: 0x00010246, EIP: 0x01aae1e0, CS:  0x00000008, DS:  0x00000010
  Error code: 0x00000000
  Backtrace (CPU 1), Frame : Return Address (4 potential args on stack)
  0x52f63d08 : 0x21b510 (0x5d9514 0x52f63d3c 0x223978 0x0)
  0x52f63d58 : 0x2aab59 (0x59aeec 0x1aae1e0 0xe 0x59b0b6)
  0x52f63e38 : 0x2a09b8 (0x52f63e50 0x447b10c8 0x52f63f28 0x1aae1e0)
  0x52f63e48 : 0x1aae1e0 (0xe 0x48 0x9300010 0x10)
  0x52f63f28 : 0x554254 (0x447b1000 0x930bcc0 0x0 0x4bca4b54)
  0x52f63f78 : 0x22fd0d (0x930bcc0 0x89b21dc 0x52f63fc8 0x550788)
  0x52f63fc8 : 0x2a06dc (0x863ea0 0x0 0x2a06eb 0xa0f6ee4)
        Kernel Extensions in backtrace (with dependencies):
           com.sonnettech.driver.SonnetSATA(2.2.5)@0x1a9e000->0x1abbfff
              dependency: com.apple.iokit.IOATAFamily(2.5.1)@0x1a91000
              dependency: com.apple.iokit.IOPCIFamily(2.6)@0x927000
  BSD process name corresponding to current thread: kernel_task
  Mac OS version:
  10J869
  Kernel version:
  Darwin Kernel Version 10.7.0: Sat Jan 29 15:17:16 PST 2011; root:xnu-1504.9.37~1/RELEASE_I386
  System model name: MacBookPro5,2 (Mac-F2268EC8)
  System uptime in nanoseconds: 6185013429022
  unloaded kexts:
  com.apple.iokit.IOATABlockStorage          2.6.0 (addr 0x58ec9000, size 0x57344) - last unloaded 6108231979777
  loaded kexts:
  com.sonnettech.SonnetSATABlockStorage          2.2.5
  com.sonnettech.driver.SonnetSATA          2.2.5
  com.apple.driver.AppleRAID          4.0.6 - last loaded 6145052191856
  com.apple.filesystems.webdav          1.8.2
  com.apple.filesystems.afpfs          9.7
  com.apple.nke.asp_tcp          5.0
  com.apple.driver.AppleBluetoothMultitouch          54
  com.apple.driver.AppleHWSensor          1.9.3d0
  com.apple.filesystems.autofs          2.1.0
  com.apple.driver.AGPM          100.12.19
  com.apple.driver.AppleMikeyHIDDriver          1.2.0
  com.apple.driver.AppleMikeyDriver          1.9.9f12
  com.apple.kext.AppleSMCLMU          1.5.0d3
  com.apple.driver.AudioAUUC          1.54
  com.apple.driver.AppleLPC          1.4.12
  com.apple.driver.AppleUpstreamUserClient          3.5.4
  com.apple.driver.AppleMCCSControl          1.0.17
  com.apple.driver.SMCMotionSensor          3.0.0d4
  com.apple.driver.AppleHDA          1.9.9f12
  com.apple.Dont_Steal_Mac_OS_X          7.0.0
  com.apple.driver.AudioIPCDriver          1.1.6
  com.apple.driver.AppleIntelPenrynProfile          17
  com.apple.driver.ACPI_SMC_PlatformPlugin          4.5.0d5
  com.apple.driver.AppleGraphicsControl          2.8.68
  com.apple.GeForce          6.2.6
  com.apple.driver.AppleUSBTCButtons          200.3.2
  com.apple.driver.AppleUSBTCKeyboard          200.3.2
  com.apple.driver.AppleIRController          303.8
  com.apple.iokit.SCSITaskUserClient          2.6.5
  com.apple.iokit.IOAHCIBlockStorage          1.6.3
  com.apple.driver.AirPortBrcm43224          427.36.9
  com.apple.driver.AppleSmartBatteryManager          160.0.0
  com.apple.driver.AppleAHCIPort          2.1.5
  com.apple.BootCache          31
  com.apple.AppleFSCompression.AppleFSCompressionTypeZlib          1.0.0d1
  com.apple.nvenet          2.0.15
  com.apple.driver.AppleFWOHCI          4.7.1
  com.apple.driver.AppleUSBHub          4.1.7
  com.apple.driver.AppleUSBEHCI          4.1.8
  com.apple.driver.AppleUSBOHCI          4.1.5
  com.apple.driver.AppleEFINVRAM          1.4.0
  com.apple.driver.AppleRTC          1.3.1
  com.apple.driver.AppleHPET          1.5
  com.apple.driver.AppleACPIButtons          1.3.5
  com.apple.driver.AppleSMBIOS          1.6
  com.apple.driver.AppleACPIEC          1.3.5
  com.apple.driver.AppleAPIC          1.4
  com.apple.driver.AppleIntelCPUPowerManagementClient          105.13.0
  com.apple.security.sandbox          1
  com.apple.security.quarantine          0
  com.apple.nke.applicationfirewall          2.1.11
  com.apple.driver.AppleIntelCPUPowerManagement          105.13.0
  com.apple.driver.IOBluetoothHIDDriver          2.4.0f1
  com.apple.driver.AppleMultitouchDriver          207.10
  com.apple.driver.AppleProfileReadCounterAction          17
  com.apple.driver.AppleSMBusController          1.0.8d0
  com.apple.driver.AppleSMBusPCI          1.0.8d0
  com.apple.driver.AppleProfileTimestampAction          10
  com.apple.driver.AppleProfileThreadInfoAction          14
  com.apple.driver.AppleProfileRegisterStateAction          10
  com.apple.driver.AppleProfileKEventAction          10
  com.apple.driver.AppleProfileCallstackAction          20
  com.apple.iokit.IOFireWireIP          2.0.3
  com.apple.iokit.IOATAFamily          2.5.1
  com.apple.driver.DspFuncLib          1.9.9f12
  com.apple.iokit.IOSurface          74.2
  com.apple.iokit.IOBluetoothSerialManager          2.4.0f1
  com.apple.iokit.IOSerialFamily          10.0.3
  com.apple.iokit.IOAudioFamily          1.8.0fc1
  com.apple.kext.OSvKernDSPLib          1.3
  com.apple.driver.AppleHDAController          1.9.9f12
  com.apple.iokit.IOHDAFamily          1.9.9f12
  com.apple.iokit.AppleProfileFamily          41
  com.apple.driver.AppleSMC          3.1.0d3
  com.apple.driver.IOPlatformPluginFamily          4.5.0d5
  com.apple.nvidia.nv50hal          6.2.6
  com.apple.NVDAResman          6.2.6
  com.apple.iokit.IONDRVSupport          2.2
  com.apple.iokit.IOGraphicsFamily          2.2
  com.apple.driver.BroadcomUSBBluetoothHCIController          2.4.0f1
  com.apple.driver.AppleUSBBluetoothHCIController          2.4.0f1
  com.apple.iokit.IOBluetoothFamily          2.4.0f1
  com.apple.driver.AppleUSBMultitouch          206.6
  com.apple.iokit.IOUSBHIDDriver          4.1.5
  com.apple.driver.AppleUSBMergeNub          4.1.8
  com.apple.driver.AppleUSBComposite          3.9.0
  com.apple.iokit.IOSCSIMultimediaCommandsDevice          2.6.5
  com.apple.iokit.IOBDStorageFamily          1.6
  com.apple.iokit.IODVDStorageFamily          1.6
  com.apple.iokit.IOCDStorageFamily          1.6
  com.apple.driver.XsanFilter          402.1
  com.apple.iokit.IOAHCISerialATAPI          1.2.5
  com.apple.iokit.IOSCSIArchitectureModelFamily          2.6.5
  com.apple.iokit.IO80211Family          314.1.1
  com.apple.iokit.IOAHCIFamily          2.0.4
  com.apple.iokit.IONetworkingFamily          1.10
  com.apple.iokit.IOFireWireFamily          4.2.6
  com.apple.iokit.IOUSBUserClient          4.1.5
  com.apple.iokit.IOUSBFamily          4.1.8
  com.apple.driver.NVSMU          2.2.7
  com.apple.driver.AppleEFIRuntime          1.4.0
  com.apple.iokit.IOHIDFamily          1.6.5
  com.apple.iokit.IOSMBusFamily          1.1
  com.apple.kext.AppleMatch          1.0.0d1
  com.apple.security.TMSafetyNet          6
  com.apple.driver.DiskImages          289
  com.apple.iokit.IOStorageFamily          1.6.2
  com.apple.driver.AppleACPIPlatform          1.3.5
  com.apple.iokit.IOPCIFamily          2.6
  com.apple.iokit.IOACPIFamily          1.3.0

  ...happens across multiple macbooks...The panic logs show the following but my eye is drawn to what looks like a Sonnet SATA driver, which strikes me as odd. Any ideas ?
  I don't have an answer, but are these Macbook Pros with the ExpressCard slot?  (17" MBP or older 15" MBPs.)  If so, then do these users have external hard drives?  Sonnet does make some ExpressCard SATA adapters so perhaps a driver update is needed.
  http://eshop.macsales.com/Search/Search.cfm?Ntk=Primary&Ns=P_Popularity%7c1&Ne=8 050&N=4294967277&Ntt=PCMCIA+AND+Express34

• How can I browse localhost when working offline?

  When I startup FF when not connected to a network FF start as Working offline. This disables web-development until I uncheck Work offline.
  This is annoying, since I work in various environments, frequently not connected. I want to browse localhost when working offline or simply disable FF getting to Work offline

  Properties are another level below the items. These properties have also attributes like Quality, Timestamp etc. like the items too.