Can we assign IPv4 IP address pool to IPv6 VPN Client

Similar Messages

• Can't assign alternate email address for sending?

  With my iPod Touch, running iPhone OS 3.1, I was able to assign multiple email addresses to a single account by delimiting them with commas. If I entered "[email protected],[email protected],[email protected]" for the "[email protected]" account, I could choose "[email protected]" or "[email protected]" from the "From" menu when I was mailing a message.
  This appears to be completely gone in iOS 4. Is there any way around this? The only workaround I've found is to add "[email protected]" and "[email protected]" as new accounts in the "Mail, Calendar, Contacts" settings, but then I end up with duplicate emails since I route everything into the "[email protected]" account.
  What I want is to be able to pull email from just the "[email protected]" account, but reply to and send new messages from the other two email addresses.
  I can do this in Mail.app in OS X. Why not from the iPhone?

  Anyone?

• Assign Route to Windows 2K or XP VPN Client

  Is it possible via radius, PIX vpdn, or IOS vpdn configuration to assign a route to a Windows 2K or XP VPN client?

  it is possible in VPN concentrator where we can send a default route to the VPN client, not sure if it works in PIX.

• How can I assign virtual IP address for Pluggable Database on Exadata?

  Hi Guru,
  My customer wants the architecture as below. and they want to assign IP address for each pdbs.
  Do you have any idea for this? Can I know the step for assigning IP?

  Hi,
  thank you for this interesting idea!
  Let me ask you to read this document as I refer to some of the concepts described there: Oracle Single Client Access Name (SCAN)
  Please let me go into details about assigning IPs to DBs:
  In a cluster configuration, IPs (often called VIPs) belong to a "network"
  vips can be bound to a host (they will failover in cases of node failure, but will not server an listener) or "float" on all available hosts (SCAN vips)
  A VIP can be used by (one or more) listener [let's assume "exactly one listener" to reduce complexity]
  with a SERVICE a service_name registers a database to listeners of a network where preferred or available INSTANCES can be defined
  Based on these details you can
  create one subnet for "Oracle" and another for "Shin" - your given IP definition will not work, i Hope that's not a problem
  define SCAN IPs & Listener in each subnet
  define VIPs per node/subnet & listeners for each VIP
  create a SERVICE "Oracle" for network1 with required instance of Svr #1
  create a SERVICE "Shin" for network2 with required instance of Svr #2
  This will be quite close to what your customer requests.
  but I agree with Salman, before you start that road, please ask for your customers goal.
  hth
  Martin

• Can you assign variables to question pools?

  I am trying to segment a quiz by topic. For example, create a 50 question quiz with 5 sections, 10 questions each. Each section would be randomly populated via question pools. The point of this is to make sure there is an adequate spread of the topics covered. What I want to do is determine a score by section to display on the results screen. So, if someone gets 3 out of 10 questions correct in a given section, can I display on the results slide "Section 2: 30%" for example?
  I really do not want to give people the ability to review the questions (in case they need to retake the quiz) but I want to be able to tell them the areas in which they struggled so they know what to go back and study. Can anyone help?
  Thanks!

  If you are working with CP4, I would make a project for each section. The results slide will not need any change, since it will be showing the results for that section. You can add a comment on each results slide, triggered by the result (action based on the variable 'cpQuizInfoTotalQuizPoints'). You can merge all the projects using the Aggregator. There are certainly other ways of realizing this, I'm just offering one idea.

• Can you assign multiple email addresses to Adobe Forms?

  Or does each form creator have to have Adobe Acrobat Pro XI license?

  If you're asking about submitting forms via email, you (the licensee) can set up a form to submit to anyone you want, even multiple recipients. Submitting by email is not very reliable and relies on the user to have a functioning email client.
  If you want to email the complete PDF (as opposed to just the form data) and you need it to work with Reader versions prior to 11, the document has to be Reader-enabled with Acrobat, but this has certain licensing restrictions. In short, if you distribute an enabled form so that more than 500 users have access to it, then you are allowed to use data from no more than 500 instances of the form (including hard copies) that have been returned to you.

• Can ISE 1.2 Virtual Appliance assign VPN address pool like ACS does?

  Dear friends,
  I have observed that Cisco ISE Virtual Appliance (VMware) can act as a RADIUS server in the same manner as ACS does, but I cannot find the way of assigning an IP address to a remote VPN client (only assigning a VLAN).
  At this point I don't know if it is strictly necessary to have the IP address assignment for the remote VPN clients done in the external firewall (i. e. Cisco ASA) in this case.
  Is there any way of defining an IP address pool in the ISE itself for VPN clients authenticated against that ISE?
  If the answer is not, which ones could be the options for that assignment other than the ASA pool assignment? Could it be possible defining the corresponding address pool in an internal DHCP server that could provide the IP address to the VPN client after successful authentication through ISE?
  Any help would be really appreciated to clarifying these questions.
  Thank you and best regards.

  Please find the link below for the may help you to get the answer related to comparision and even for deployment.
  http://pmbuwiki.cisco.com/Products/ISE/Technical/Design-Config/Guest_and_Web_Portal_Services

• VPN Client can't reach router or hosts, but can reach other connected sites.

  We have a VPN client configuration on a 2901 router. The client passes authentication and connects fine. When connected, cannot reach the 2901 or any devices directly behind it, BUT can reach routers and hosts that are connected to the same 2901 through site to site connections.
  Few notes:
  I have added some lines excluding NAT in a few different ways, but does not resolve.
  I have switched the RAP rool from 10.96.20.x to 172.21.20.x and can then connect to the local host. Appears to be a routing issue to the 10.x network, but I can't seem to find the solution.
  Any help would be greatly appreciated. Here is the config:
  boot-start-marker
  boot system flash
  boot system flash:c2900-universalk9-mz.SPA.153-2.T.bin
  no ip domain lookup
  ip inspect log drop-pkt
  ip inspect name FIREWALL tcp
  ip inspect name FIREWALL udp
  ip inspect name FIREWALL ftp
  ip inspect name FIREWALL fragment maximum 256 timeout 1
  ip inspect name FIREWALL ntp
  ip inspect name FIREWALL pptp
  ip inspect name FIREWALL dns
  ip inspect name FIREWALL l2tp
  ip inspect name FIREWALL pop3
  ip inspect name FIREWALL icmp router-traffic
  no ipv6 cef
  crypto isakmp policy 1
  encr aes
  authentication pre-share
  group 2
  crypto isakmp policy 5
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  crypto isakmp policy 95
  authentication pre-share
  group 2
  crypto isakmp policy 99
  hash md5
  authentication pre-share
  group 2
  crypto isakmp policy 110
  hash md5
  authentication pre-share
  crypto isakmp client configuration group VPN-RAS
  key *********
  dns 10.96.17.2 10.1.200.50
  wins 10.96.17.2 10.1.200.50
  domain mine.com
  pool RAPOOL
  acl SPLIT
  save-password
  split-dns mind.com
  netmask 255.255.255.0
  crypto isakmp profile USERS
     match identity group VPN-RAS
     client authentication list DOMAIN
     isakmp authorization list VPN-RAS
     client configuration address respond
     keepalive 300 retry 5
  crypto ipsec transform-set AES128 esp-aes esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set DES esp-des esp-md5-hmac
  mode tunnel
  crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
  mode tunnel
  crypto ipsec transform-set DES-SHA esp-des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set myset esp-3des esp-sha-hmac
  mode tunnel
  crypto dynamic-map dynmap 1
  set transform-set AES128
  set isakmp-profile USERS
  crypto map COMPANY_VPN 10 ipsec-isakmp
  set peer *******
  set transform-set 3DES-MD5
  match address PA-VPN
  qos pre-classify
  crypto map COMPANY_VPN 50 ipsec-isakmp
  set peer ******
  set transform-set AES128
  match address VPN
  qos pre-classify
  crypto map COMPANY_VPN 999 ipsec-isakmp dynamic dynmap
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  ip address 37.222.111.224 255.255.255.248
  ip access-group INBOUND in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip verify unicast reverse-path
  ip flow ingress
  ip flow egress
  ip nat outside
  ip inspect FIREWALL out
  ip virtual-reassembly in
  duplex auto
  speed auto
  no cdp enable
  no mop enabled
  crypto map COMPANY_VPN
  interface GigabitEthernet0/1
  no ip address
  ip flow ingress
  duplex auto
  speed auto
  interface GigabitEthernet0/1.17
  description LAN
  encapsulation dot1Q 17
  ip address 10.96.17.253 255.255.255.0
  ip access-group OUTBOUND in
  ip flow ingress
  ip flow egress
  ip nat inside
  ip virtual-reassembly in
  standby 0 ip 10.96.17.254
  standby 0 priority 110
  standby 0 preempt
  standby 0 track 1 decrement 20
  interface GigabitEthernet0/1.27
  description VOICE
  encapsulation dot1Q 27
  ip address 192.168.17.254 255.255.255.0
  ip access-group OUTBOUND in
  ip helper-address 10.96.17.2
  ip flow ingress
  ip nat inside
  ip virtual-reassembly in
  h323-gateway voip bind srcaddr 192.168.17.254
  ip local pool RAPOOL 10.96.20.50 10.96.20.150
  ip forward-protocol nd
  ip nat inside source route-map NAT-POOL interface GigabitEthernet0/0 overload
  ip route 0.0.0.0 0.0.0.0 37.222.111.223
  ip route 10.96.16.0 255.255.255.0 10.96.17.250
  ip route 172.22.1.0 255.255.255.0 10.96.17.250
  ip route 172.22.2.0 255.255.255.0 10.96.17.250
  ip route 172.22.3.0 255.255.255.0 10.96.17.250
  ip route 192.168.16.0 255.255.255.0 10.96.17.250
  ip access-list extended DMZ
  deny   ip any 10.0.0.0 0.255.255.255
  deny   ip any 192.168.0.0 0.0.255.255
  permit ip any any
  ip access-list extended GUEST
  deny   ip any 10.0.0.0 0.255.255.255
  deny   ip any 192.168.0.0 0.0.255.255
  permit ip any any
  ip access-list extended INBOUND
  deny   ip 80.25.124.0 0.0.0.255 any
  deny   ip 10.0.0.0 0.255.255.255 any
  deny   ip 172.16.0.0 0.15.255.255 any
  permit udp host 173.239.147.114 any eq isakmp
  permit esp host 173.239.147.114 any
  deny   ip 192.168.0.0 0.0.255.255 any
  permit udp any host 37.222.111.224 eq isakmp
  permit udp any host 37.222.111.224 eq non500-isakmp
  permit esp any host 37.222.111.224
  ip access-list extended NAT
  deny   ip 10.96.20.0 0.0.0.255 any
  deny   ip any 10.96.20.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 any
  permit ip 10.0.0.0 0.255.255.255 any
  ip access-list extended NONAT
  permit ip any 192.168.0.0 0.0.255.255
  permit ip any 10.0.0.0 0.255.255.255
  ip access-list extended OUTBOUND
  deny   udp any host 22.55.77.106 eq isakmp
  deny   udp any host 22.55.77.106 eq non500-isakmp
  deny   esp any host 22.55.77.106
  permit ip any any
  ip access-list extended PA-VPN
  permit ip 10.0.0.0 0.255.255.255 10.96.18.0 0.0.0.255
  permit ip 10.0.0.0 0.255.255.255 192.168.18.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 10.96.18.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 192.168.18.0 0.0.0.255
  ip access-list extended SPLIT
  permit ip 10.0.0.0 0.255.255.255 any
  permit ip 192.168.0.0 0.0.255.255 any
  ip access-list extended VPN
  permit ip 10.96.16.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.17.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.18.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.0.0 0.0.255.255 192.168.0.0 0.0.255.255
  permit ip 10.96.0.0 0.0.255.255 10.0.0.0 0.255.255.255
  permit ip 192.168.16.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.17.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.18.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.17.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 192.168.18.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 172.22.0.0 0.0.255.255 10.0.0.0 0.255.255.255
  permit ip 172.22.0.0 0.0.255.255 192.168.0.0 0.0.255.255
  route-map NAT-POOL deny 5
  match ip address NONAT
  route-map NAT-POOL permit 10
  match ip address NAT

  We have a VPN client configuration on a 2901 router. The client passes authentication and connects fine. When connected, cannot reach the 2901 or any devices directly behind it, BUT can reach routers and hosts that are connected to the same 2901 through site to site connections.
  Few notes:
  I have added some lines excluding NAT in a few different ways, but does not resolve.
  I have switched the RAP rool from 10.96.20.x to 172.21.20.x and can then connect to the local host. Appears to be a routing issue to the 10.x network, but I can't seem to find the solution.
  Any help would be greatly appreciated. Here is the config:
  boot-start-marker
  boot system flash
  boot system flash:c2900-universalk9-mz.SPA.153-2.T.bin
  no ip domain lookup
  ip inspect log drop-pkt
  ip inspect name FIREWALL tcp
  ip inspect name FIREWALL udp
  ip inspect name FIREWALL ftp
  ip inspect name FIREWALL fragment maximum 256 timeout 1
  ip inspect name FIREWALL ntp
  ip inspect name FIREWALL pptp
  ip inspect name FIREWALL dns
  ip inspect name FIREWALL l2tp
  ip inspect name FIREWALL pop3
  ip inspect name FIREWALL icmp router-traffic
  no ipv6 cef
  crypto isakmp policy 1
  encr aes
  authentication pre-share
  group 2
  crypto isakmp policy 5
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  crypto isakmp policy 95
  authentication pre-share
  group 2
  crypto isakmp policy 99
  hash md5
  authentication pre-share
  group 2
  crypto isakmp policy 110
  hash md5
  authentication pre-share
  crypto isakmp client configuration group VPN-RAS
  key *********
  dns 10.96.17.2 10.1.200.50
  wins 10.96.17.2 10.1.200.50
  domain mine.com
  pool RAPOOL
  acl SPLIT
  save-password
  split-dns mind.com
  netmask 255.255.255.0
  crypto isakmp profile USERS
     match identity group VPN-RAS
     client authentication list DOMAIN
     isakmp authorization list VPN-RAS
     client configuration address respond
     keepalive 300 retry 5
  crypto ipsec transform-set AES128 esp-aes esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set DES esp-des esp-md5-hmac
  mode tunnel
  crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
  mode tunnel
  crypto ipsec transform-set DES-SHA esp-des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set myset esp-3des esp-sha-hmac
  mode tunnel
  crypto dynamic-map dynmap 1
  set transform-set AES128
  set isakmp-profile USERS
  crypto map COMPANY_VPN 10 ipsec-isakmp
  set peer *******
  set transform-set 3DES-MD5
  match address PA-VPN
  qos pre-classify
  crypto map COMPANY_VPN 50 ipsec-isakmp
  set peer ******
  set transform-set AES128
  match address VPN
  qos pre-classify
  crypto map COMPANY_VPN 999 ipsec-isakmp dynamic dynmap
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  ip address 37.222.111.224 255.255.255.248
  ip access-group INBOUND in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip verify unicast reverse-path
  ip flow ingress
  ip flow egress
  ip nat outside
  ip inspect FIREWALL out
  ip virtual-reassembly in
  duplex auto
  speed auto
  no cdp enable
  no mop enabled
  crypto map COMPANY_VPN
  interface GigabitEthernet0/1
  no ip address
  ip flow ingress
  duplex auto
  speed auto
  interface GigabitEthernet0/1.17
  description LAN
  encapsulation dot1Q 17
  ip address 10.96.17.253 255.255.255.0
  ip access-group OUTBOUND in
  ip flow ingress
  ip flow egress
  ip nat inside
  ip virtual-reassembly in
  standby 0 ip 10.96.17.254
  standby 0 priority 110
  standby 0 preempt
  standby 0 track 1 decrement 20
  interface GigabitEthernet0/1.27
  description VOICE
  encapsulation dot1Q 27
  ip address 192.168.17.254 255.255.255.0
  ip access-group OUTBOUND in
  ip helper-address 10.96.17.2
  ip flow ingress
  ip nat inside
  ip virtual-reassembly in
  h323-gateway voip bind srcaddr 192.168.17.254
  ip local pool RAPOOL 10.96.20.50 10.96.20.150
  ip forward-protocol nd
  ip nat inside source route-map NAT-POOL interface GigabitEthernet0/0 overload
  ip route 0.0.0.0 0.0.0.0 37.222.111.223
  ip route 10.96.16.0 255.255.255.0 10.96.17.250
  ip route 172.22.1.0 255.255.255.0 10.96.17.250
  ip route 172.22.2.0 255.255.255.0 10.96.17.250
  ip route 172.22.3.0 255.255.255.0 10.96.17.250
  ip route 192.168.16.0 255.255.255.0 10.96.17.250
  ip access-list extended DMZ
  deny   ip any 10.0.0.0 0.255.255.255
  deny   ip any 192.168.0.0 0.0.255.255
  permit ip any any
  ip access-list extended GUEST
  deny   ip any 10.0.0.0 0.255.255.255
  deny   ip any 192.168.0.0 0.0.255.255
  permit ip any any
  ip access-list extended INBOUND
  deny   ip 80.25.124.0 0.0.0.255 any
  deny   ip 10.0.0.0 0.255.255.255 any
  deny   ip 172.16.0.0 0.15.255.255 any
  permit udp host 173.239.147.114 any eq isakmp
  permit esp host 173.239.147.114 any
  deny   ip 192.168.0.0 0.0.255.255 any
  permit udp any host 37.222.111.224 eq isakmp
  permit udp any host 37.222.111.224 eq non500-isakmp
  permit esp any host 37.222.111.224
  ip access-list extended NAT
  deny   ip 10.96.20.0 0.0.0.255 any
  deny   ip any 10.96.20.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 any
  permit ip 10.0.0.0 0.255.255.255 any
  ip access-list extended NONAT
  permit ip any 192.168.0.0 0.0.255.255
  permit ip any 10.0.0.0 0.255.255.255
  ip access-list extended OUTBOUND
  deny   udp any host 22.55.77.106 eq isakmp
  deny   udp any host 22.55.77.106 eq non500-isakmp
  deny   esp any host 22.55.77.106
  permit ip any any
  ip access-list extended PA-VPN
  permit ip 10.0.0.0 0.255.255.255 10.96.18.0 0.0.0.255
  permit ip 10.0.0.0 0.255.255.255 192.168.18.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 10.96.18.0 0.0.0.255
  permit ip 192.168.0.0 0.0.255.255 192.168.18.0 0.0.0.255
  ip access-list extended SPLIT
  permit ip 10.0.0.0 0.255.255.255 any
  permit ip 192.168.0.0 0.0.255.255 any
  ip access-list extended VPN
  permit ip 10.96.16.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.17.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.18.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 10.96.0.0 0.0.255.255 192.168.0.0 0.0.255.255
  permit ip 10.96.0.0 0.0.255.255 10.0.0.0 0.255.255.255
  permit ip 192.168.16.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.17.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.18.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.17.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 192.168.18.0 0.0.0.255 10.0.0.0 0.255.255.255
  permit ip 172.22.0.0 0.0.255.255 10.0.0.0 0.255.255.255
  permit ip 172.22.0.0 0.0.255.255 192.168.0.0 0.0.255.255
  route-map NAT-POOL deny 5
  match ip address NONAT
  route-map NAT-POOL permit 10
  match ip address NAT

• AnyConnect VPN Clients IP Address access rules

  I setup ASA5540 for SSL-VPN (clientless) works fine.
  But I try to use Client (AnyConnect) to access internal resources, it is failed.  It is stiil initiate sessions from remote client IP.
  I need to initiate session from client IP assigned by ASA5540 box (same with Cisco VPN client connect to Cat65 SVC module).
  How I setup it?

  I use Cisco VPN client (remote access VPN)to connect ASA.
  There is a configuration setup for group authentication/w password on Cisco VPN client.I do not know to setup on ASA to match this?
  Second, remote client  connect ASA, I should get the client IP address which I setup on ASA.
  It should use this IP to connect ASA internal net,but I failed.( Both Cisco VPN and AnyConnect)
  How I setup this ( SSL VPN on this ASA works).

• Ntp refuses to sync with error "Can't assign requested address"

  I'm attempting to use ntp to sync to several different time servers, including hte apple server and those in the ntp.org server pool. In all cases, I cannot sync correctly, with many system log and consol error messages of the form:
  ntpd[5123]: sendto(xxx.xxx.xxx.xxx): Can't assign requested address
  I checked that the firewall is allowed UDP connections on port 123. Some googling hinted that hte problem may be changing IP address of my laptop when i sleep it and wake with a different IP, so I manually restarted it, and everything was fine.
  Anyone know how to reliably start/restart ntp when I wake from sleep?
  cheers

  It looks like Java is consuming all client-side TCP
  ports. When the error occurs, I also start to have
  problems connecting from my browser to any Web-page.I would take this as an indication, that the problem is on the server side and the web server might keep some resources after the client disconnects from the socket. You could verify that if you run your test program from another computer after the error occurs. If that program is again able to open connections, then this might indicate that the problem is in fact on the client side. However if also access from another machine is blocked, then I would guess it is a server side problem.
  Am I having to wait for the garbage collector to free
  the ports, or is this an OS X problem?Garbage collection is not an issue here.

• RRAS 2012 - Cannot Change IPV4 From DHCP -- Static Address Pool

  Have set up RRAS/DA 2012 and it works but I need to change from using our DHCP server to a static address pool.    However, when I go to RRAS server properties & IPv4 tab the section to opt for DHCP/Static is dimmed out.
  Any suggestions to get around this annoyance so I can use static address pools for remote users?
  Thanks as always!

  Hi,
  Please try to use the following PowerSHell command and see how it works.
  Set-VpnIPAddressAssignment -IPAssignmentMethod ‘StaticPool’
  Set-VpnIPAddressAssignment
  http://technet.microsoft.com/en-us/library/hh918431.aspx
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• Airport Extreme 2nd Gen - can not retrieve or assign an IP address

  I had two 2nd gen Airport Extreme base stations. One connects to the internet, the other bridges the network to my office where I have wired devices connected. The office base station was no longer allowing me to connect to my USB drive for time machine backups, but all of the wired devices were routing to the internet properly.
  I purchased a new base station (5th gen), bringing my total to three extreme stations and two express base stations (one express for an old wired network printer, the other for streaming music).
  The old main base station is moved into the office, and the new base station (5th gen) becomes the "main" internet access point. I reset both devices and they install without a hiccup. Ditto the new express stations - they connect without having to reset them. Everything works as it did before the upgrade.
  I take the old office base station (the one that would not allow me to backup via time machine) and do a factory reset. It reboots, the light flashes yellow (not surprising). I hook an old macbook (10.6.8) up to the old base station (and turned off the wifi) using a wired ethernet cable the ethernet port is assigned an IP address (10.0.1.2) via DHCP. My other macbook pro (10.8.5) running the latest AirPort Utility sees the old base station using wifi (under other wifi network). I select the old base station it automatically connects it to my new base station stating:
  "This Airport Extreme will now be set up to extend <my new 5th gen AirPort Extreme base station>"
  I change the default name and click next.
  Now when the old office base station boots it will not connect to the network - it still flashes yellow. It will not assign itself an IP address, the macbook plugged into the ethernet port (using dhcp) shows (under network settings):
  "Ethernet has a self-assigned IP address and will not be able to connect to the internet."
  (the 169.... number)
  Now the funky part. I manually set the wired ethernet's IP4 configuration (IP, subnet, router and dns server) on the old Macbook running snow leapord (10.6.8) - remember the wifi is turned off - and bingo - I am connected to the internet. All the while my old AirPort Exreme continues to blink yellow. If I manually assign an IP address to the AirPort Exreme's light turns green.
  Clearly the old device is working. The ethernet port works, the wifi works - routing traffic from the wired ethernet through my home network and out to the internet. My AirPort utility on all my macs can see the base station, and can configure it (via wifi). I have even tried (via wifi) downgrading the firmware to 7.6.3 and then to 7.6.0 and the back up to 7.6.4. The only thing it will not do is give retrieve an IP address, or assign an IP address to wired devices.
  Any ideas?

  I attempted to see/access (via the Disk Utility on my iMac) two drives already connected to my AirPort Extreme, but could not.
  These drives are shared "network" drives, which Disk Utility cannot access. Disk Utility will only be able to access a drive if it is connected directly to a Mac.
  If you need to format the drive(s), partition them, etc., you must do so with the drive connected directly to the Mac, then move them to the USB powered hub location at the AirPort Extreme.
  These drives are available through the Finder and are used for Time Machine
  Apple does not officially support Time Machine backups to a drive connected to the AirPort Extreme, but some users seem to be able to make this work.
  1) Can I see/access USB drives (properly fomatted and visible/accessible in the Finder window) attached to my AirPort Extreme (2nd gen-firmware version 7.6.2)via a powered USB hub?
  Probably. Some users find that one powered hub will work for them while another might not. To "see" the drives, you must first click on the AirPort Extreme icon under the SHARED heading in the Finder. Then, if the drives are formatted in Mac OS Extended (Journaled), each drive will appear as a folder. Double click the folder name to mount the drive on the desktop.
  2) Can I use my iMac (running Lion 10.7.4) to create a concatenated disk set with USB drives (of varying size) attached to my AirPort Extreme via a powered USB hub?
  The drives will all appear as separate drives, which must be accessed separately. If you were thinking of trying to start Time Machine backups on one drive and have them continue automatically on another drive when the first drive is full, that will not work.

• Can I assign Airport Express to static IP Address?

  Current setup - Airport Extreme attached to cable modem with 2 hard drives, Airport Express as print server in separate room with USB printer attached (just changed from Linksys with sometimes working NetGear print server). Clients accessing the network: 2 Windows XP, 1 Windows 7, iPads, iPhones, iPods, Apple TV, and sometimes a Mac Book.
  The issue is that we don't keep the printing system on at all times (light switch with Express and printer plugged in); We dont't do much printing, and I print to pdf most of the time. As a result, the Express IP address changes every time it's turned on, requiring me to change the port settings on the printer properties before anyone can print. Is there a way to assign a static IP address to the Express so that I don't become tech support every time someone else in the house needs to print something?

  Is there a way to assign a static IP address to the Express so that I don't become tech support every time someone else in the house needs to print something?
  Yes. The first order of business is to find the AirPort ID for the AirPort Express. You do this by opening AirPort Utility and clicking once on the Express. In the area to the right, jot down the AirPort ID.
  Still in AirPort Utility, now click on the AirPort Extreme and click Manual Setup
  Click the Internet icon
  Click the DHCP tab below the Advanced icon
  Look for the DHCP Reservations area and click on the + (plus) button at the bottom
  Enter a description, for example AirPort Express
  Click the MAC Address button and click Continue
  Enter the AirPort ID in the MAC Address box
  Assign the IP address you want the Express to use, for example 10.0.1.20
  Click Done, then click Apply and the AirPort Extreme will restart
  It would be a good idea to power cycle the entire network as follows:
  Power everything down...all devices, order is not important
  Power up the modem first, then AirPort Extreme, then Express, then devices

• Can i use same address pool for different remote access VPN tunnel groups and policy

  Hi all,
  i want to create a different remote access VPN profile in ASA. ihave one RA vpn already configured for some purpose.
  can i use the same ip address pool used for the existing one for the new tunnel-group (to avoid add rotuing on internal devices for new pool) and its a temporary requirement)
  thanks in advance
  Shnail

  Thanks Karsten..
  but still i can have filtering right? iam planning to create a new group policy and tunnelgroup and use the existing pool for new RA  and i have to do some filetring also. for the new RA i have to restrict access to a particualr server ,my existing RA have full access.
  so iam planning to create new local usernames for the new RA and new group policy with vpn-filter value access-list to apply for that user as below,  this will achive waht i need right??
  access-list 15 extended permit tcp any host 192.168.205.134 eq 80
  username test password password test
  username test attributes
  vpn-group-policy TEST
  vpn-filter value 15
  group-policy TEST internal
  group-policy TEST attributes
  dns-server value 192.168.200.16
  vpn-filter value 15
  vpn-tunnel-protocol IPSec
  address-pools value existing-pool
  tunnel-group RAVPN type ipsec-ra
  tunnel-group RAVPN general-attributes
  address-pool existing-pool
  default-group-policy TEST
  tunnel-group Payroll ipsec-attributes
  pre-shared-key xxx

• WRT54G - Can't obtain an IP Address on ISP Side of Router Nor Does Statically Assigned Work

  For some reason I can no longer recieve or statically assign an IP Address to the Internet side of the router (ISP).  The workgroup side of the router is able to provide dhcp to the clients wired and wireless.  When I statically map the Internet side, the clients still can not get out to the internet.  When I use dhcp, the linksys router always 0's out the entrys. I have tried multiple home networks same problem.  I took the exact model and hooked it up and it works fine.  Flashed the bios, reset unit back to defaults using the admin console and push pin on the back.  Anyone else seen this?
  Message Edited by vinman on 05-31-200707:40 AM

  Go to the subtab MAC ADDRESS CLONE on the router's Setup page then clone the MAC address of your working computer on it.... save the settings then turn off your router....turn it on after 30 secs...wait for the lights to become stable then try getting online afterwards....
  "You tried your best and you failed miserably! "