Cannot remotely access Ciscoworks page
Hi All,
When I try to access Ciscoworks remotely on a client PC, I don't even get to the login page. I only get a "Page cannot be displayed." Is there a way I can test why this happened? Back then I was able to access it remotely but now I cannot.
Appreciate your feedback. Thanks in advance.
Hi Joe,
I tried to test if port 1741 is open via "telnet 1741" on the command prompt of a remote laptop. The port seems to be open because a blinking cursor appeared and when you press Enter, you will get back to the command prompt. When I tried to access it on the internet explorer, a page cannot be displayed appears.
Any suggestions on what else can I check to verify Ciscoworks is working? Thanks in advance.
Similar Messages
-
Cannot remotely access DVR after second DVR was installed
We installed a second DVR and cannot remotely access the old one. The new one can be accessed from Android or HTML. When I attempt to access the old DVR I get the message "Internal Server Error"
Sorry to hear about the problems accessing the second DVR. Have you rebooted the DVR by unplugging the DVR box? If that does not fix your problem please send me a private message so I can re-do the port mapping.
Anthony_VZ
**If someones post has helped you, please acknowledge their assistance by clicking the red thumbs up button to give them Kudos. If you are the original poster and any response gave you your answer, please mark the post that had the answer as the solution**
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or plan -
I am new to RemoteApp. I have been using WSE 2012 R2 for some time, mainly for the remote web access web site. I would log into my site (<my name>.remotewebaccess.com/Remote). Then, I would see my server listed under "DEVICES".
I would click on the tile for the server, and the Dashboard would open.
I just followed a tutotial to install the role for RemoteApp publishing. It looks like it worked. I now go to my RD Web App site (<my name>.remotewebaccess.com/RDWeb), and I can log in and see my RemoteApp. But now I cannot
figure out how to get to my server's Dashboard, because when I go to my main web acess site (that ends with "/Remote"), the server is not listed under devices.
Ideally, I would like to see all of my computers, including the server, on the main Remote Web Access site. Also, it would be great if I could see my RemoteApps there too. But I don't know if that is possible. Can anyone help me get
to that state, or know if what I want is possible? I want everything on the same web page:
Devices
Shared Folders
Links
RemoteAppsHi,
Based on your description, I understand that DEVICES tab disappears from Remote Web Access website after RemoteApp
configured. If anything I misunderstand, please don’t hesitate to let me know.
à
But now I cannot figure out how to get to my server's Dashboard, because when I go to my main web acess site (that ends with "/Remote"), the server is not listed
under devices.
Did all users encounter the same issue when access RWA? Please open Dashboard and navigate to USERS tab, then
click the problematic user account and select View the account properties. In Properties of this user account, please navigate to Anywhere Access, then please check if Computer option was checked in
Show selected links on Remote Web Access. Meanwhile, please also use an administrator user account to check if this issue still exists.
In addition, please follow the path: C:\ProgramData\Microsoft\Windows Server\Logs\WebApps folder and check
RemoteAccess log file if find more clues.
Hope this helps.
Best regards,
Justin Gu -
Cannot remotely access mac mini via Chicken of the VNC post recent updates
Hi, updated my remote mac mini A running OS X 10.4 with QuickTime 7.5 for Tiger and AirPort Utility 5.3.2 Tiger yesterday. I can connect from my mac mini B via ssh into the mac mini A, but for some reason Chicken of the VNC will not work (it was working prior to the updates). I get the following message "channel 3: open failed: connect failed: Connection refused" in the command window when I try to get access to the computer via Chicken of the VNC and Chicken of the VNC itself tells me that the connection is refused.
Any suggestions? How can I remove the AirPort Utility 5.3.2 Tiger which I assume is the culprit? Thanks
(mac mini A is miles away, the only access I have is via the command window)Welcome to the forums, and thanks for the tip!
-
LMS 4.0 Remote Access Issue
My issues is that I cannot remotely access my LMS 4.0 installation. On the server itself, the UI comes up immediately (via https) in a browser. If I browse to the server using http (from the server itself), it redirects to https and comes right up also.I'm using a 3rd party (Thawte) certificate which seems to be installed properly - certificate info is retrievable from the browser address bar.
When browsing to it from a desktop, the attempted connection times out.
My normal method is to point to the server's FQDN (it resolves fine via nslookup of ping servername) but I have also tried using the server's IP in the URL, still no success. I captured the traffic from my desktop at the server using Wireshark. I see the incoming https traffic (syn, syn, syn - never an outgoing ack).
Suggestions?
addendum:
The system is listening on port 443. Partial output for "netstat -a" follows:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:22 CiscoWorks:0 LISTENING
TCP 0.0.0.0:135 CiscoWorks:0 LISTENING
TCP 0.0.0.0:443 CiscoWorks:0 LISTENINGThis sounds like a host-based firewall preventing the SYNs from making it up the stack. Disable all IPS functions on the server (e.g. Windows Firewall), then see if you can access the server from remote.
-
Time Capsule files remote access on Microsoft windows 7
Hi,
I have been always a Microsoft Windows user (currently with a laptop and a desktop) but now I have bought a MacBook air. I am planning to acquire a time capsule mainly for 2 reasons: backup my hard drive data (Stored in Windows 7 computers) and enable remote access away from home (my personal cloud ?).
In order to acquire a Time capsule, do I have to buy additional equipment such as the Airport Extreme ? At the current moment I have a standard wifi router supplied by my local ISP.
I have read many posts related with my problem but almost all of them are addressed to Mac systems. Please can help me if it is possible to enable this (or any) solution so that my Win7 laptop can remotely access to the time capsule.
Thank you very much from a very novice mac user.You cannot remotely access the TC from windows.. safely.
Let me explain. The TC really only offers AFP for remote access.. all the normal formats are missing. TC is not a NAS.. if you want a NAS buy Synology or QNAP, not TC. They will happily work with both Mac and Windows. A TC will not.
The work arounds are using vpn.. buy a VPN router to replace the ISP one.. The TC will be in bridge mode.
Some people make suggestions of using SMB (windows file protocol) over the internet.. this is very very unsafe.. SMB is blocked by the vast majority of ISP because it is so unsafe.. but people use it on non-standard ports. These will eventually be discovered and hacked. You have almost zero security.
You really need to use the Air or some device that uses AFP.. remember apple build their stuff for apple.. with the occasional glance at the rest of the world.
TC is a combined router and hard disk but that is of no help to you. It will simply not allow SMB access on the WAN port. -
Remote Access VPN Clients Cannot Access inside LAN
I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with. I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA. Thay can ping each other. The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10. I do not need split tunneling to be enabled. The active WAN interface is the one labeled outside_cable.
: Saved
ASA Version 8.2(1)
hostname ASA5505
domain-name default.domain.invalid
enable password eelnBRz68aYSzHyz encrypted
passwd eelnBRz68aYSzHyz encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group dataDSL
ip address 76.244.75.57 255.255.255.255 pppoe
interface Vlan3
nameif dmz
security-level 50
ip address 192.168.9.1 255.255.255.0
interface Vlan10
nameif outside_cable
security-level 0
ip address 50.84.96.178 255.255.255.240
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 10
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group service Netbios udp
port-object eq 139
port-object eq 445
port-object eq netbios-ns
object-group service Netbios_TCP tcp
port-object eq 445
port-object eq netbios-ssn
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.100.177
network-object host 192.168.100.249
object-group service Web_Services tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_10
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_11
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_2
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_3
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_4
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_5
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_6
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_7
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_8
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_9
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network VPN
network-object 192.168.255.0 255.255.255.0
access-list outside_access_in extended permit icmp any host 76.244.75.61
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp-data
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq https
access-list dmz_access_in remark Quickbooks
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_6 host 192.168.100.5 eq 56719
access-list dmz_access_in remark Quickbooks range
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_7 host 192.168.100.5 range 55333 55337
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_8 host 192.168.100.5 eq 1434
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 host 192.168.100.5 eq 49398
access-list dmz_access_in remark QB
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 host 192.168.100.5 eq 8019
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_2 host 192.168.100.5 eq 2638
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_11 host 192.168.100.5 object-group Netbios
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.100.5 object-group Netbios_TCP
access-list dmz_access_in extended deny ip host 192.168.9.4 host 192.168.100.5 inactive
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_4 any
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any
access-list dmz_access_in remark Printer
access-list dmz_access_in extended permit ip 192.168.9.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list dmz_access_in extended permit tcp 192.168.9.0 255.255.255.0 any object-group Web_Services
access-list dmz_access_in extended permit udp 192.168.9.0 255.255.255.0 any eq domain
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.255.0 255.255.255.0 echo-reply
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.100.0 255.255.255.0 echo-reply log disable
access-list dmz_access_in remark QB probably does not need any udp
access-list dmz_access_in extended permit udp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark QB included in other rule range
access-list dmz_access_in extended permit tcp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark May be required for Quickbooks
access-list dmz_access_in extended permit icmp host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.100.5 host 192.168.9.4
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.10.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.20.0 255.255.255.240
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0
access-list dmz_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list outside_cable_access_in extended permit icmp any host 50.84.96.182
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp-data
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq https
access-list Local_LAN_Access standard permit host 0.0.0.0
access-list vpnusers_spitTunnelACL extended permit ip 192.168.100.0 255.255.255.0 any
access-list nonat-in extended permit ip 192.168.100.0 255.255.255.0 172.16.20.0 255.255.255.0
pager lines 24
logging enable
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu outside_cable 1500
ip local pool VPN_IP_range 192.168.255.1-192.168.255.10 mask 255.255.255.0
ip local pool VPN_Phone 172.16.20.1-172.16.20.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 10 interface
global (outside_cable) 10 interface
nat (inside) 0 access-list nonat-in
nat (inside) 10 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list dmz_nat0_outbound
nat (dmz) 10 0.0.0.0 0.0.0.0
static (inside,outside) 76.244.75.62 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.61 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.59 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.58 192.168.9.4 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
static (dmz,outside) 76.244.75.60 192.168.9.10 netmask 255.255.255.255 dns
static (inside,outside_cable) 50.84.96.183 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.182 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.180 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.179 192.168.9.4 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.181 192.168.9.10 netmask 255.255.255.255 dns
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
access-group outside_cable_access_in in interface outside_cable
route outside_cable 0.0.0.0 0.0.0.0 50.84.96.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.100.0 255.255.255.0 inside
http 204.107.173.0 255.255.255.0 outside
http 204.107.173.0 255.255.255.0 outside_cable
http 0.0.0.0 0.0.0.0 outside_cable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_cable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_cable_map interface outside_cable
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp enable outside_cable
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 192.168.100.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh 204.107.173.0 255.255.255.0 outside
ssh 204.107.173.0 255.255.255.0 outside_cable
ssh 0.0.0.0 0.0.0.0 outside_cable
ssh timeout 15
console timeout 0
vpdn group dataDSL request dialout pppoe
vpdn group dataDSL localname [email protected]
vpdn group dataDSL ppp authentication pap
vpdn username [email protected] password *********
dhcpd address 192.168.100.30-192.168.100.99 inside
dhcpd dns 192.168.100.5 68.94.156.1 interface inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy cad_supplies_RAVPN internal
group-policy cad_supplies_RAVPN attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cad_supplies_RAVPN_splitTunnelAcl
group-policy VPNPHONE internal
group-policy VPNPHONE attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec
split-tunnel-policy excludespecified
split-tunnel-network-list value Local_LAN_Access
client-firewall none
client-access-rule none
username swinc password BlhBNWfh7XoeHcQC encrypted
username swinc attributes
vpn-group-policy cad_supplies_RAVPN
username meredithp password L3lRjzwb7TnwOyZ1 encrypted
username meredithp attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username ipphone1 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone1 attributes
vpn-group-policy VPNPHONE
username ipphone2 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone2 attributes
vpn-group-policy VPNPHONE
username ipphone3 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone3 attributes
vpn-group-policy VPNPHONE
username oethera password WKJxJq7L6wmktFNt encrypted
username oethera attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username markh password nqH+bk6vj0fR83ai0SAxkg== nt-encrypted
username markh attributes
vpn-group-policy cad_supplies_RAVPN
tunnel-group DefaultRAGroup general-attributes
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cad_supplies_RAVPN type remote-access
tunnel-group cad_supplies_RAVPN general-attributes
address-pool VPN_IP_range
default-group-policy cad_supplies_RAVPN
tunnel-group cad_supplies_RAVPN ipsec-attributes
pre-shared-key *
tunnel-group VPNPHONE type remote-access
tunnel-group VPNPHONE general-attributes
address-pool VPN_Phone
default-group-policy VPNPHONE
tunnel-group VPNPHONE ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 1500
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8b25ecc61861a2baa6d2556a3679cc7c
: endHi,
You have your "group-policy" set so that you have excluding some networks from being tunneled.
In this access-list named Local_LAN_Access you specify "0.0.0.0"
Doesnt this mean you are excluding all networks from being tunneled? In other words no traffic goes to your tunnel.
This access-list should only contain your local LAN network from where you are connecting with the VPN Client. If you dont need to access anything on your local LAN while having the VPN on, you don't even need this setting on. You could just tunnel all traffic instead of excluding some networks.
- Jouni -
Cannot login to Cisco Jabber 10.5.1 over Mobile and Remote Access
Hi,
We have deployed sucessfully VCS Expressway-C and VCS Expressway-E with only 1 zone which is "Unified Communication Traversal" and is for Mobile and Remote Access only. VCS-C and VCS-E are communicating and in statuses everything is active and working. Also VCS-C can communicate with CUCM and CUP (both version 10.5).
Problem is when I deploy Cisco Jabber 10.5.1 on computer outside of LAN and without VPN it start communicating with VCS-E, ask me for accepting certificate (we have certificate only intenally generated on Windows CA) and after that it is trying to connect and after few seconds it will tell me that it can't communicate with server.
Did any of you had same problem or can you advice how to troubleshoot? In Jabber logs there is only something like "Cannot authenticate" error message, but when I startup VPN I can authenticate without any problems.
ThanksOn Expressway-C are your HTTP Allow Lists setup properly? By default, and auto discovered CUCM and IMP should be listed via IP and Hostname, but if not, you'll need to insert manually.
Also, you can look at the config file your Expressway-E would be handing out to Jabber via this method.
From the internet, browse to:
https://vcse.yourdomain.com:8443/Y29sbGFiLmNvbQ/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin
Where:
vcse is your Expressway-E hostname (or CNAME/A record)
yourdomain.com is your own domain
The first directory is your Base64 encoded domain name, remove and trailing equal signs (=)
The XML returned is basically the DNS SRV record information available as if internal for _cisco-uds and _cuplogin
TFTP DNS SRV is optional if you configured TFTP in IMP for your Legacy Clients. -
Remote access vpn connects to 5505 but cannot ping any servers
I have a cisco 5505 and am trying to configure it with ASDM 6.4.
My vpn client connects ok to the network but I am unable to reach any of the servers.
I'm sure its a simple configuration issue as I don't have much experience with Cisco configuation.
Any suggestions on where to look would be much appreciated.
Thanks in advance
GrahamThanks Jennifer.
Running config:
Cryptochecksum: 21ec6d8c 73515258 ed808b45 e154b1c6
: Saved
: Written by admin at 17:42:19.318 GMT/IDT Thu Sep 20 2012
ASA Version 8.2(5)
hostname IS-18241
enable password p2SKmVPuBXX32cE encrypted
passwd 2KFnbXXKXX encrypted
names
name 78.129.xxx.xx IS-18223_External
name 192.168.100.2 IS-18223_Internal
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
nameif Inside
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Vlan2
nameif Outside
security-level 0
ip address 78.129.xxx.xx 255.255.255.0
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone GMT/IST 0
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list basic extended permit tcp any any eq 3389
access-list basic extended permit tcp any any eq ssh
access-list basic extended permit tcp any any eq www
access-list basic extended permit tcp any any eq 902
access-list basic extended permit tcp any any eq https
access-list basic extended permit icmp any any
access-list allow extended permit ip any any
access-list Inside_nat0_outbound extended permit ip any host IS-18223_Internal
access-list SplitTunnel standard permit 192.168.100.0 255.255.255.0
access-list Inside_nat_outbound extended permit ip 192.168.100.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
ip local pool RemoteAddressPool 192.168.100.100-192.168.100.150 mask 255.255.255.128
icmp unreachable rate-limit 1 burst-size 1
asdm location IS-18223_External 255.255.255.255 Inside
asdm location IS-18223_Internal 255.255.255.255 Inside
no asdm history enable
arp timeout 14400
global (Inside) 1 interface
global (Outside) 1 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 1 access-list Inside_nat_outbound
static (Inside,Outside) IS-18223_External IS-18223_Internal netmask 255.255.255.255
access-group allow in interface Inside
access-group allow out interface Inside
access-group basic in interface Outside
access-group allow out interface Outside
route Outside 0.0.0.0 0.0.0.0 78.129.xxx.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 Outside
no snmp-server location
no snmp-server contact
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Outside
ssh timeout 60
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
dns-server value 87.117.198.200 87.117.237.100
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SplitTunnel
username XX password uvgXvd9nQEHdkA73 encrypted privilege 15
username XX password 3CUtfh8r/IKb6DxX encrypted
username XX attributes
service-type remote-access
tunnel-group Remote type remote-access
tunnel-group Remote general-attributes
address-pool RemoteAddressPool
tunnel-group Remote ipsec-attributes
pre-shared-key 5|J5XX&6u*
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:21ec6d8c73515258ed808b45e154b1c6
: end -
ASA Remote Access VPN: internal LAN cannot connect to connected VPN clients
Hi community,
I configured IPSec remote Access VPN in ASA, and remote client use Cisco VPN client to connect to the HQ. The VPN is working now, VPN clients can connect to Servers inside and IT's subnet, but from my PC or Servers inside LAN cannot ping or initial a RDP to connected VPN clients. Below is my configuration:
object-group network RemoteVPN_LocalNet
network-object 172.29.168.0 255.255.255.0
network-object 172.29.169.0 255.255.255.0
network-object 172.29.173.0 255.255.255.128
network-object 172.29.172.0 255.255.255.0
access-list Split_Tunnel remark The Corporation network behind ASA
access-list Split_Tunnel extended permit ip object-group RemoteVPN_LocalNet 10.88.61.0 255.255.255.0
ip local pool remotevpnpool 10.88.61.10-10.88.61.15 mask 255.255.255.0
nat (inside,outside) source static Allow_Go_Internet Allow_Go_Internet destination static remotevpnpool remotevpnpool
crypto ipsec ikev1 transform-set myset esp-aes esp-sha-hmac
crypto dynamic-map dyn1 1 set ikev1 transform-set myset
crypto map mymap 65000 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
tunnel-group remotevpngroup type remote-access
tunnel-group remotevpngroup general-attributes
address-pool remotevpnpool
authentication-server-group MS_LDAP LOCAL
default-group-policy Split_Tunnel_Policy
I don't know what I miss in order to have internal LANs initial connection to connected vpn clients. Please guide me.
Thanks in advanced.Hi tranminhc,
Step 1: Create an object.
object network vpn_clients
subnet 10.88.61.0 mask 255.255.255.0
Step 2: Create a standard ACL.
access-list my-split standard permit ip object RemoteVPN_LocalNet
Step 3: Remove this line, because I am not sure what "Allow_Go_Internet" included for nat-exemption.
no nat (inside,outside) source static Allow_Go_Internet Allow_Go_Internet destination static remotevpnpool remotevpnpool
Step 4: Create new nat exemption.
nat (inside,outside) source static RemoteVPN_LocalNet RemoteVPN_LocalNet destination static vpn_clients vpn_clients
Step 5: Apply ACL on the tunnel.
group-policy Split_Tunnel_Policy attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value my-split
Step 6:
I assume you have a default route on your inside L3 switch point back to ASA's inside address. If you don't have one.
Please add a default or add static route as shown below.
route 10.88.61.0 mask 255.255.255.0 xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx = equal to ASA's inside interface address.
Hope this helps.
Thanks
Rizwan Rafeek -
Cannot access web page anymore
I can no longer access my banks web page anymore. I was able to get to the page and sign in up to a few days ago.
When I try to get to the page I get a message that says "Safari can’t open the page “https://www.essabank.com/index.cfm?” because the server where this page is located isn’t responding."
I never had this issue before.
I have Firefox and it does not work on that browser either.
I have also tried RockMelt and Opera, again without any luck.
I have searched on the web on several forums and the advice I saw there for similar issues did not work.
I called my bank and they were not having any problems and told me the problem was on my end.
I called Verizon and they tried to help, even took over the computer and they could not get the page to come up.
I can access the page if I use Kproxy, but, I cannot access the bill pay feature that has a totally different error message.
Does anybody know how I can fix this issue and gain access to my bank's page as I did before.
This is extremely important as I need to get to the page and to my bill pay feature without any issues.
As I said, this had been working fine up to about 2 or 3 days ago.
I am using Safari Version 5.0.5 (6533.21.1)
When I go to my bookmarks and previews, the preview for my bank is blank or black with the Safari logo and a lock on it, if this helps...
Any help is greatly appreciated as we really need access to our banks page and features that we use all the time....
Thank you in advance for any help with this problem.....Greetings,
As you've tried multiple web browsers, try creating a new user account, log out of your current account, log in to the new account and try from the new user to see what happens: http://docs.info.apple.com/article.html?path=Mac/10.6/en/8235.html
Cheers. -
Cannot acces the login page of Access Manager 7.1 amserver
I am new to Access Manager 7.1. After a successfull installation on Solaris 10 11/06 x86, SUN Java Directory Server 6 EE, SUN Java Application Server 8.2 i cannot reach the login page of amserver. The Application Server registers properly the Web Applications, the configuration of the Access Manager was good in my best knowledge. The exeption is as follows
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: AMSetupFilter.doFilter
com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:100)
root cause
com.iplanet.jato.CompleteRequestException
com.sun.identity.authentication.UI.AuthenticationServletBase.onUncaughtException(AuthenticationServletBase.java:122)
com.iplanet.jato.ApplicationServletBase.fireUncaughtException(ApplicationServletBase.java:1164)
com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:639)
com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
javax.servlet.http.HttpServlet.service(HttpServlet.java:747)
javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
sun.reflect.GeneratedMethodAccessor73.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
java.security.AccessController.doPrivileged(Native Method)
com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:86)
note The full stack trace of the root cause is available in the Sun-Java-System/Application-Server logs.
Could anybody help me to solve this situation.
ThanksHey,
were you able to resolve this issue???
I am getting the same error after I re-installed the SUN suite(including portal,access manager ,directory server etc)
Please let me know If you can help.!
Thanks
Deepak -
Skype payment error. "You cannot access this page....
Hi,
I'm trying to purchase $10 worth of Skypre credit. I entered my card information and clicked next and this error massage appeared.
You cannot access this page.
This may be due to one of two reasons:
1. The FI you are trying to access is deactivated
2. The access to the FI is restricted for specific IP addresses, and your address is not one of them.
Does anyone have a solution?OK. So this is an ongoing problem and has been for over 1 month. The only way I could submit a payment is using paypal. I tried a mastercard and Visa - neither worked. Use paypal or transfer a bank payment - that is your best chance of updating it. Apparently their technicians are working very hard to fix this but it's still not working. Changing web browsers, computers etc don't work. Good luck. It's taken me 3 weeks to finally give up and use paypal.
-
Cannot display Access Control Rules page --- BUG REPORT
iWS 4.1sp9 on Linux Admin GUI cannot display Access Control Rules page for Netscape browsers 4.7 and 6.2 or for IE 4.
It does work for IE 5.5 (running this in Vmware).
I'm reporting this bug here as I can't see anywhere else to put it.It could be a firmware bug, or it could be something else bugging out. If the router hasn't been factory reset and it's been through a few firmware upgrades, try resetting it to factory defaults. Take note of any custom settings you have, so you can go in and manually re-configure the router. I would avoid importing a backed up config file in case the config turns out to be the problem, but it doesn't hurt to download a copy of your config now.
Give that a try. Others might have some more ideas.
========
The first to bring me 1Gbps Fiber for $30/m wins! -
I can't connect to facebook. It keeps saying cannot connect to the internet but I am connected as I can access we pages with no problem
Hello there, Patrick.
The following Knowledge Base article offers up some great steps to try when troubleshooting issues with an app you've downloaded to your iOS device:
iOS: An app you installed unexpectedly quits, stops responding, or won’t open
http://support.apple.com/kb/ts1702
Thanks for reaching out to Apple Support Communities.
Cheers,
Pedro.
Maybe you are looking for
-
My Time Capsule won't allow my computer to back up. It says it is already in use but that is what it is being used for. It has been working fine for years. All of a sudden I keep getting a message that TC (time capsule) cannot complete back up as i
-
Euro-sign (and Greek) doesn't work even with nchar/nvarchar2
This is something that has been blocking me for a few days now, and I'm running out of ideas. Basically, the problem can be summarised as follows: declare text nvarchar2(100) := 'Make €€€ fast!'; begin dbms_output.put_line( text ); end;And the
-
Command to compile fmb,pll,mmb in 10g(10.1.2.0.2)
Hi, We are migrating from Oracle Forms 6i to 10.1.2.0.2 version. 1. what will be command to compile PLL,MMB,FMBs on unix box? 2. which location and directory I can find that script? Do I need to create that compilation script from scratch or i just n
-
ISE is unable to retrieve groups and attributes
Hello guys, I have Cisco ISE installed on EXSi in a lab. I was able to join the ISE server to my test Active Directory server, and under the OU=Computers, I can see my ISE hostname. However, when I go to Administrator > External Identity Sources > Ac
-
How to access .asmx from java application
Hi All, I want to access .asmx file using java application. I am using Eclipse IDE and created some samples from this url: http://www.eclipse.org/webtools/jst/components/ws/M5/tutorials/BottomUpWebService.html I got the Soap request and response form