Cannot telnet between machines behind cisco 1811
I have 2 separate exchange servers for 2 separate exchange organizations on
the same private network.
-One has an ip of 192.168.0.2
-Two has an ip of 192.168.0.3
The network is protected by a 1811 router/firewall and each server has their own
public IP.
I can telnet between these machines usign their private ips, but not using their public ips?
Here is the show run (attached):
Thanks for your help
No problem.
Here it is.
I don't have access to equipment to test at this time. I am just typing it in. Excuse me if there's problems with my syntax as it's 11:40pm over here in US and I am about to call it quit for the day.
int lo0
ip add x.x.x.x y.y.y.y
int vlan1
ip policy route-map test
route-map test permit 10
match ip address 150
set int lo0
route-map test permit 15
match ip address 151
set int lo0
access-list 150 permit tcp host x.y.z.230 host x.y.z.231 eq smtp
access-list 151 permit tcp host x.y.z.231 host x.y.z.230 eq smtp
Let me know if you had any questions.
HTH,
Sundar
Similar Messages
-
Forum,
I have set up telnet on two computers on a non-domain network. I have a user account on both machines linked to the same Microsoft account. My user account isn't an administrator, but I have added my user as a member of the TelnetClients group on the server.
I can connect to the server, but it will not authenticate me. Only NTLM authentication is allowed. When I enable password authentication, it prompts me for my password, and I can successfully log in. I can also successfully log in when I use the
built-in Administrator account and give it the same strong password on both computers. Here is how I'm invoking telnet:
telnet {target} -l {remote username}
Has anyone gotten telnet working using a Microsoft Account, workgroup computers, and NTLM authentication only?
KeepMyIdentities, Your Key to Password Security. Available now on the Windows Store: http://apps.microsoft.com/webpdp/en-US/app/keepmyidentities/61a9f340-97ac-4666-beab-39f9246cb6faHi,
Please make sure that your Telnet client supports the same authentication types as the Telnet server to which you are connecting, you can view this link to configure the authentication method
Configure How the Client Authenticates to a Telnet Server
http://technet.microsoft.com/en-us/library/cc732082(v=ws.10).aspx
Error Message: Telnet Server allows NTLM authentication only
http://technet.microsoft.com/en-us/library/cc731891(v=ws.10).aspx
Yolanda Zhu
TechNet Community Support -
Cant ping behind cisco router (site2site vpn)
Dears;
After configure site to site vpn between cisco router and fortigate firewall,
site A : 10.0.0.0/24 behind fortigate
site B: 10.10.10.0/24 behind cisco router
the tunnel is up and I can ping 10.0.0.1 from site B and can ping 10.10.10.1 from site A but I cant ping any ip inside 10.0.0.0/24 form site B or network 10.10.10.0/24 from site A
my cisco router configuration is
Current configuration : 2947 bytes
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
boot-start-marker
boot-end-marker
enable secret 4 EE103as6FtdocdBefpgugX6P9eGaDKDyBvwz7AywH5Q
no aaa new-model
memory-size iomem 10
clock timezone cairo 2 0
crypto pki token default removal timeout 0
ip source-route
ip dhcp excluded-address 192.168.16.1
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp pool GUEST
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool LAN
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 8.8.8.8 8.8.4.4
ip cef
controller VDSL 0
ip ssh version 2
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 5
crypto isakmp key 6 *********** address 4.x.x.x no-xauth
crypto ipsec transform-set myset esp-aes esp-sha256-hmac
crypto map kon-map 10 ipsec-isakmp
set peer 4.x.x.x
set transform-set myset
set pfs group5
match address 105
interface Ethernet0
no ip address
no fair-queue
interface ATM0
no ip address
ip mtu 1452
ip tcp adjust-mss 1452
no atm ilmi-keepalive
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
interface FastEthernet0
switchport mode trunk
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
switchport access vlan 2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan2
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username
crypto map kon-map
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 100 deny ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.16.0 0.0.0.255 any
access-list 105 permit ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
banner motd ^C^C
end
when ping from cisco router
konsuler#ping 10.0.0.27 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.27, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
Success rate is 0 percent (0/5)
help pleaseThank you karsten
I can ping interface of router from remote site but cant ping any device behind the router and can ping firewall interface but cant ping any device behind the firewall
-counters in
# sh crypto ipsec sa
increased only while ping 10.0.0.1 or 10.10.10.1 from both sides
r#show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: Dialer1
Uptime: 00:03:12
Session status: UP-ACTIVE
Peer: 4.x.x.x port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.x.x.x
Desc: (none)
IKEv1 SA: local 6.x.x.x/500 remote 4.x.x.x/500 Active
Capabilities:(none) connid:2001 lifetime:22:39:59
IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 10.0.0.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 9 drop 0 life (KB/Sec) 4605776/3407
Outbound: #pkts enc'ed 14 drop 0 life (KB/Sec) 4605775/3407 -
This is problably a stupid question but how do I open a prot on a cisco 1811? I have a cisco 1811 and a computer that has VNC installed on it. I want to be able to access that computer from out side the network using the external ip address and port 5950. People outside the network will be able to open vnc viewer and type in *external ip address*:5950 and it will be directed to the computer with a static internal ip address of 10.11.101.10. What commands do I use to do this?
Thanks,That didn't work. Here is the new running config:
Building configuration...
Current configuration : 12519 bytes
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname *Host Name*
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$3R6c$adcoV0cvM5hTzxOoPBByc0
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa session-id common
clock timezone PCTime -7
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1097866965
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1097866965
revocation-check none
rsakeypair TP-self-signed-1097866965
crypto pki certificate chain TP-self-signed-1097866965
certificate self-signed 01
30820256 308201BF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303937 38363639 3635301E 170D3131 30393039 31383130
32355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30393738
36363936 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1C3 0B9F3231 E9911C7A 7A84E566 F4530769 16830F32 4A61F775 12CDDB5C
23227963 5A53E5C5 2C0E8945 640DB32C ACD17F1A 2C52EC96 7C274099 5D4BBD26
6E7C4DA9 32C5162B 0A54D437 64B719B9 36904DDA 7B23FC3C E7763F5E BF651874
1870462E FA0ABE9C 37918D53 2B5B13A7 4FADFC9E 1D8B0B64 141733A7 8DC61C03
80E90203 010001A3 7E307C30 0F060355 1D130101 FF040530 030101FF 30290603
551D1104 22302082 1E426F77 5F49736C 616E6453 43414441 2E796F75 72646F6D
61696E2E 636F6D30 1F060355 1D230418 30168014 0AEF8942 249D4EF1 A18B1BA6
389822CB 16CB4922 301D0603 551D0E04 1604140A EF894224 9D4EF1A1 8B1BA638
9822CB16 CB492230 0D06092A 864886F7 0D010104 05000381 81008DC2 DFF3604C
93BE4175 7078AC30 7391F8AF 4A15E116 C53D523E 12F6B5F4 15CA5635 C12576F7
0D5D1A2A F330F781 459F3418 7E82FFBD 2679E17C CDF07A4F A257B599 E7CCC9C6
38617B96 F2E66F0D 6BFBC000 524B377B 969D51BD 48A9BF8F 8C0220D4 BB249435
08688D18 794CAFB3 1F74F2F9 4E0C0245 AEA8E55A 2AE758A0 36CC
quit
dot11 syslog
no ip source-route
ip dhcp excluded-address 10.11.101.1 10.11.101.99
ip dhcp pool ccp-pool1
import all
network 10.11.101.0 255.255.255.0
default-router 10.11.101.1
ip cef
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip inspect log drop-pkt
no ipv6 cef
multilink bundle-name authenticated
username *UserName* privilege 15 secret 5 $1$1O79$nIJGrBD9hCpDqheT3mDsC1
username VPNuser secret 5 $1$nPz8$Cni5jyIWv9zlKAU3B5no9.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key *Key* address *External VPN IP Address*
crypto isakmp client configuration group VPN_Users
key *Key*
pool *VPN_pool*
acl 102
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to*External VPN IP Address*
set peer *External VPN IP Address*
set transform-set ESP-3DES-SHA
match address 103
archive
log config
hidekeys
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
match access-group 105
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-all CCP_SSLVPN
match access-group name CCP_IP
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any SDM_WEBVPN
match access-group name SDM_WEBVPN
class-map type inspect match-all SDM_WEBVPN_TRAFFIC
match class-map SDM_WEBVPN
match access-group 101
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 104
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
class-map type inspect match-all VNC_CLASS
match access-group name VNC
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect VNC_POLICY
class type inspect VNC_CLASS
inspect
policy-map type inspect ccp-sslvpn-pol
class type inspect CCP_SSLVPN
pass
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class class-default
drop
policy-map type inspect sdm-pol-VPNOutsideToInside-1
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_VPN_PT
pass
class type inspect SDM_WEBVPN_TRAFFIC
inspect
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
drop
policy-map type inspect VNC-POLICY
class type inspect VNC_CLASS
inspect
zone security out-zone
zone security in-zone
zone security sslvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security zp-out-zone-sslvpn-zone source out-zone destination sslvpn-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security zp-sslvpn-zone-out-zone source sslvpn-zone destination out-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security zp-in-zone-sslvpn-zone source in-zone destination sslvpn-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security zp-sslvpn-zone-in-zone source sslvpn-zone destination in-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security sdm-zp-VPNOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-VPNOutsideToInside-1
interface FastEthernet0
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
crypto map SDM_CMAP_1
interface FastEthernet1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
interface FastEthernet9
interface Virtual-Template1
ip unnumbered FastEthernet0
zone-member security sslvpn-zone
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 10.11.101.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
ip local pool *VPN_pool* 10.11.101.50 10.11.101.99
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.11.101.10 5950 interface FastEthernet0 5950
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip access-list extended CCP_IP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_WEBVPN
remark CCP_ACL Category=1
permit tcp any any eq 443
ip access-list extended VNC
permit tcp any host 10.11.101.10 eq 5950
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.11.101.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip any host 70.65.185.156
access-list 102 remark CCP_ACL Category=4
access-list 102 permit ip 10.11.101.0 0.0.0.255 any
access-list 103 remark CCP_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.11.101.0 0.0.0.255 10.11.100.0 0.0.0.255
access-list 104 remark CCP_ACL Category=128
access-list 104 permit ip host *External VPN IP Address* any
access-list 105 remark CCP_ACL Category=0
access-list 105 permit ip 10.11.100.0 0.0.0.255 10.11.101.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.11.101.0 0.0.0.255 10.11.100.0 0.0.0.255
access-list 106 permit ip 10.11.101.0 0.0.0.255 any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 106
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username privilege 15 secret 0
Replace and with the username and password you want to
use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
scheduler interval 500
webvpn gateway gateway_1
ip address *External IP Address*port 443
http-redirect port 80
ssl trustpoint TP-self-signed-1097866965
inservice
webvpn install svc flash:/webvpn/sslclient-win-1.1.4.179-anyconnect.pkg sequence 1
webvpn install svc flash:/webvpn/sslclient-win-1.1.4.179.pkg sequence 2
webvpn context *VPN_pool*
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "*VPN_pool*"
svc keep-client-installed
virtual-template 1
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1
inservice
end -
Successmaker program not working behind Cisco SA520
My customer is a small school in British Columbia. They have used the Successmaker program (written by Pearson Education) to teach numeracy and literacy skills. Since installing a SA520 the teachers are saying that Successmaker does not work properly.
I am at my wits end.
I have disabled content filtering for the SA520, I have disabled IDS on the SA520. I am using the default outbound firewall rule allowing inside addresses access anywhere on the Internet, and I have created an inbound firewall rule allowing all traffic and all services from the Successmaker server IP address that their tech support gave us.Their app is still unable to work properly.
What am I missing?
Before the SA520 was installed the school was using PAT to map different ports on the public IP on the school cable modem to inside addresses. The whole school was a big DMZ, and any port scanning would have reached into their network. The port mappings were never communicated to the Successmaker folks, so I doubt they were ever relevant to the issue. The Successmaker App is web based, and according to their tech support uses "transfer encoding:chunked" technology. I read up on this and it dates back pre Web 2.0 (pre flash, pre silverlight, pre basically the silicon chip). It is discussed in RFC 2616, the SA520 is Linux based, not IOS based. Does that mean that it does not understand RFC2616? I doubt it, and even if it didn't understand RFC 2616 surely all the steps I have taken above would blow a hole the size of a barn door through the firewall?
If this weren't a school would not be as emotionally connected as I am to their situation. Without this firewall they will be without much protection at all.
Can you help?
Message was edited by: dirkventer - I added the feedback received from Successmaker tech support. It suggests that the Cisco SA520 may be a problem, something I don't want to believe.Hi Quendale
I'm sorry to say that putting a student computer in the DMZ didn't resolve the issue.
In setting up the DMZ I made the following changes -
1) I confirmed that the Option interface was in DMZ mode, and that it had a static IP on a new subnet.
2) We also configured the DMZ DHCP to assign addresses in the subnet, using the firewall DMZ IP as default gateway, and using the firewall DMZ IP as DNS server.
3) I created a default firewall rule allowing all outbound traffic from the DMZ to the Internet, and created a firewall rule allowing all inbound traffic from the Successmaker server on the Internet (insecure) zone to the DMZ.
4) I confirmed that IPS was off for the DMZ (Default) and that the content filter exception for the DMZ was still disabled.
The same problem occurred, which makes me believe that the reason for the application not working in the LAN zone had nothing to do with IPS or content filtering. As far as the firewall rule goes, the impact of the inbound rule seems to have been the same - i.e. ineffectual.
Connecting the PC running successmaker directly to the school cable modem works.
The possibility that the application in question has traffic blocked because of a RFC (2616?) governing the way get and post requests should be formatted would still exist so long as integrity/compliance checking of packets is something that cannot be bypassed via the firewall configuration. Suffice it to say that the application appears dated and uses nothing of web 2.0. One of the options available to my customer is the purchase of the Web 2.0 version of successmaker ($600/seat), but they are only prepared to explore this option if the indications are that the older application, not the firewall is at fault. Pearson Education support swears blindly that thousands of BC school children continue to use the old app behind Cisco firewalls. I don't deny that the possibility exists that the Pearson support technician is stretching the truth, having an older application that has ceased to function with more sophisticated firewalls because RFC violations in packet formatting have become significant would doubtless present a solid easy-sell for their upgraded version, which is expensive, especially for a school. -
Hi everyone,
I have to work on a 1811 Series router at my work and scrub some configurations off of it and hand it to another company.
As part of the process I had to configure a temporary easy telnet access and then leave the device to them so they can do what ever they want with it.
Here is the erroe I get after I did the configuration
telnet 10.x.x.x
Trying 10.x.x.x ... Open
[Connection to 10.x.x.x closed by foreign host]
The line vty 0 4 and 5 15 are both configured with a pass, login is configured and both tranport input and output are configured on both. they routing on other devices on the network is fine and I can ping this device but cannot telnet to it. There is no access lest configured and no other special configuration going on.
As you can see there is no message of password not set and it just says connection to 10.x.x.x is closed by foriedn host.
If anyone could come with a clue I really appreciate it as this device is 4 hours drive from here and I would like to avoid that by any means.
Best regards,Did you perhaps configure aaa new-model on that router? and going a step further did you perhaps configure aaa authentication login on that router?
Either of these could result in the symptoms that you describe.
HTH
Rick -
I have a cage containing "V" (Windows XP) and "R/S" (Cisco 1811 Router+Switch). V needs to talk (via R/S) to a service on port 6910 of "P", which is outside the cage.
P talks IPSec for port 6910 traffic.
I am handcuffed, I cannot change config of P or config of V. So I need to use R/S to gateway the IPSec. I will be happy if R/S does IPSec for traffic to port 6910 at any address external to the cage.
Is this problem going to have a solution?
Your first question might be "what is the config at P?". I don't know how to answer that directly, but I have provided all info about a Windows secpol that successfully talks to P, which should yield the P config, right?
For more complete problem description including beautiful diagrams and an equivalent security policy on Windows that I'm trying to mimic, please see http://sites.google.com/site/ipsecpuzzleoncisco1800/home
Thanks for any guidance.
John RuckstuhlHi,
Thanks for the reply.
Yes I found that page and carried out the instructions, but still no joy. Here is an update on my learning process:
-I now know that the rommon prompt (which I got to using Ctrl-Break from within hyperterm on window XP connected to the console) is the system that causes the IOS system to boot. When I changed the confreg parameter from the rommon prompt, I neglected to note what my current confreg setting was, so I cant change it back (help here please). At the moment, the confreg setting is 0x142. What should it be to get this router back to the state where I started with it?
-In the flash filespace, I have a number of files, all dated Nov 22 of this year, which Im assuming are what I need to get this back and going the way it was when I first poweed it up. These files are:
c181x-advipservicesk9-mz.124-2.T2.bin
sdmconfig-1811-1812.cfg
sdm.tar
es.tar
common.tar
home.shtml
home.tar
128MB.sdf
At the moment when I power-off and power-on the router, Im prompted with the following question:
Would you like to enter the initial configuration dialog [yes/no]. I anwser no. Im imagining that I need to change the rommon confreg setting to aviod this message and continue with the boot process.
Can someone instruct me as to how this is done?
TIA
Charlie -
Dear all,
I have a problem telnetting to a Solaris 10 server (sunFire V240) after it reboots.
If I do an svcs -a | grep milestone
It tells me that the muti-user and multi-user-server processes are running. I did notice that the multi-user-server did not always start during start up.
I tried to do an svcadm enable -r svc://milestone/multi-user-server:default
but, it took a long time for it to come into the "ONLINE" state.
The strangest thing is this: I can ping, but I cannot telnet into the machine.
I did an svcs -a | grep telnet and the telnet process is running. (obviously, i checked that before).
Now the current state is this:
I can telnet FROM this server to other servers, but I cannot telnet from this server TO other servers. I always get: "Connection Refused"
Has anyone else here been in this situation? I'm new to svm, and perhaps I'm missing something? I read all the manuals I could find, but still no luck.
Please, if you can help me, I'd really appreciate this as this server's state is causing me a lot of problems.Out of curiosity, I'd like to know something also:
when doing an svcs -a | grep milestone, the server tells me the following:
online svc:/milestone/name-services:default
online svc:/milestone/devices:default
online svc:/milestone/network:default
online svc:/milestone/single-user:default
online svc:/milestone/sysconfig:default
online svc:/milestone/multi-user:default
online svc:/milestone/multi-user-server:default
I'm just curious,but how is it both single-user AND multi-user-server BOTH can be default?? I specified that I want the multi-user-server to ALWAYS be the default for when an init 6 is issued, and I'm not entirely sure the machine has respected my wishes.
Have I misunderstood the above concept of what the svcs -a is producing, or is my Solaris 10 server not behaving normally? -
Cannot swap between windows in windows menu
Since some time (during which I have not installed any plugins) I cannot swap between windows listed in the windows menu. The window I want to access stays in the background.
Permissions repair and restart have not fixed the problem.Hi,
Please make sure that your Telnet client supports the same authentication types as the Telnet server to which you are connecting, you can view this link to configure the authentication method
Configure How the Client Authenticates to a Telnet Server
http://technet.microsoft.com/en-us/library/cc732082(v=ws.10).aspx
Error Message: Telnet Server allows NTLM authentication only
http://technet.microsoft.com/en-us/library/cc731891(v=ws.10).aspx
Yolanda Zhu
TechNet Community Support -
Remotely accessing machines behind my WRT54GS2
My ISP recently changed the way that I connect to the internet. Previously, I was given a "live" IP address, and now I'm given a non-routeable IP. Is there any way to establish a VPN connection to my WRT54GS2, or am I out of luck and have to use something like LogMeIn to connect to a machine behind my router?
Message Edited by John Aldrich on 03-24-2010 07:14 AM
Solved!
Go to Solution.You are out of luck. With non-routable/private IP addresses on the WAN interface of the WRT you cannot use port forwarding. Any incoming connection from the internet ends at the NAT router of your ISP which has the public IP address.
Thus, to get into the LAN of your WRT from the internet any connection must first be initiated from inside your LAN. You have to use a software/service which allows that. I don't know LogMeIn and whether it can do that or not. -
Cannot Telnet to ACE 4710 after upgrade to A4(2.3)
I have a pair of ACE 4710s with 12 contexts sharing the load, running A4(2.1). Yesterday I upgraded one of them to A4(2.3)
now I cannot telnet to the Admin context.Pings ok. I can telnet to other contexts on the box and everything seems to be working ok
when i do a " sh telnet"
comes back with
No Session Information is available
sh telnet maxsessions
telnet maxsessions 16
Can anybody help?further this post, it was not a resource problem as had allocated 5% for the Admin context.
I up graded IOS Saturday evening, could not Telnet in, tried again on Sunday same result,
though this morning (Monday) Can now telnet in ok very strange
I was connecting via the AUX line of a 2851 router to the console port.
whe I disconnected this morning I saw the following message
INIT: id "T0" respawning too fast : disabled for 5 minutes
not sure if this is a 2851 message or an ACE message, but after getting that message is when I was able to Telnet in
was it a coincidence
anybody any ideas -
Can you share photos on i-photo between machines that use the same network or even between different accounts on the same machine? I know you can share music on i-tunes but can you do the same on i-photo? Thanks for your help.
Yes.
If you want the other user to be able to see the pics, but not add to, change or alter your library, then enable Sharing in your iPhoto (Preferences -> Sharing), leave iPhoto running and use Fast User Switching to open the other account. In that account, enable 'Look For Shared Libraries'. Your Library will appear in the other source pane.
Any user can drag a pic from the Shared Library to their own in the iPhoto Window.
Remember iPhoto must be running in both accounts for this to work.
You can figure out using it with another machine from that too -
I cannot toggle between front and rear cameras on my iPad 4; any ideas?
I cannot toggle between front and rear cameras on my iPad 4; Any ideas?
Make sure IOS is updated to latest version
Reboot device by pressing both the home button and sleep/wake (power) buttons at the same time for 10-15 seconds until the apple logo appears on the screen, then let go.
If that doesn't work then reset the device by going to settings/general/reset/reset all settings -
Cannot convert between unicode and non-unicode string datatypes
My source is having 3 fields :
ItemCode nvarchar(50)
DivisionCode nvarchar(50)
Salesplan (float)
My destination is :
ItemCode nvarchar(50)
DivisionCode nvarchar(50)
Salesplan (float)
But still I am getting this error :
Column ItemCode cannot convert between unicode and non-unicode string datatypes.
As I am new to SSIS , please show me step by step.
Thanks In Advance.My source is having 3 fields :
ItemCode nvarchar(50)
DivisionCode nvarchar(50)
Salesplan (float)
My destination is :
ItemCode nvarchar(50)
DivisionCode nvarchar(50)
Salesplan (float)
But still I am getting this error :
Column ItemCode cannot convert between unicode and non-unicode string datatypes.
As I am new to SSIS , please show me step by step.
Thanks In Advance.
HI Subu ,
there is some information gap , what is your source ? are there any transformation in between ?
If its SQL server source and destination and the datatype is as you have mentioned I dont think you should be getting such errors ... to be sure check advance properties of your source and check metada of your source columns
just check simple oledb source as
SELECT TOP 1 ItemCode = cast('111' as nvarchar(50)),DivisionCode = cast('222' AS nvarchar(50)), Salesplan = cast(3.3 As float) FROM sys.sysobjects
and destination as you mentioned ... it should work ...
somewher in your package the source columns metadata is not right .. and you need to convert it or fix the source.
Hope that helps
-- Kunal
Hope that helps ... Kunal -
Disk image moved between machines--shouldn't this work?
Hello, I am having a problem making a functional DVD. Here's the scenario:
I have a MacBook Pro (2009) with iMovie '09 installed, and I have a project I want to burn. The optical drive is broken, and the smart folks at Apple decided that they'd make it impossible for my shiny new external superdrive to work with my MacBook Pro. BUT, I also have a MacBook Air 2012 which can use the superdrive just fine. I can't transfer the iMovie project between machines--iMovie '11 has some terrible bugs when you try to import still photographs. So my solution was this:
--on the MBP, export the movie from iMovie as a quicktime .mov,
--open the .mov in iDVD (after experimentation, this gives MUCH better results than choosing "export to iDVD" in iMovie)
--in iDVD, save as a disk image
--copy the .img file (using a thumb drive) to the MBA
--Use Disk Utility on the MBA to burn the disk image just transferred onto a DVD using the external superdrive
Could someone tell me where this elaborate chain is likely to go wrong? The first disc I tried creating like this could be played on a computer using VLC (and the menu was operational, it wasn't just reading the video file), but it didn't work on either of the regular DVD players I tried.
Any help troubleshooting would be greatly appreciated. Here are the details of all the settings:iMovie 09 -> export using quicktime -> file type .mov -> compression type H.264, Frame rate current, Key frames automatic, compressor quality Best, encoding Best Quality, Data Rate automatic. In iDVD Preferences I chose NTSC (I'm in North America), encoding Professional Quality, and the correct DVD type (dual layer). In Disk Utility on the MBP I just dragged the transferred .img file into the left-hand pane, selected it and hit Burn.
When I transferred the .img file, that was all I transferred between machines.
Thank you!the .img file was only ~700 MB (it's a short film). Should it have worked, in this case?
Don't know - May be ?
How can I find out whether it (the ext Hard Disk) is formatted as Mac OS extended?
• Select it on DeskTop/Finder (one Click)
• then go to File and down to Show Info - or - [cmd+I]
• read formatted as : nnnnnnnnnnnnnnnnnnn
And lastly I read elsewhere that DVD-R would be more reliable than DVD+R.
DVD+R are a more modern format and by so more reliable - BUT OLD DVD-Players can not read them so I chose them due to not knowing what player it will be played on.
And I think that if the DVD was able to be read on another computer, then it could not have had burn errors right?
No - but different devices has better or worse Error Correcting Functions - so keeping the amount of Burn Errors dowm = More devices can play them.
Good Luck.
Yours Bengt W
Maybe you are looking for
-
Connecting the MacBook to a Samsung HD TV - Confused !!!
Hi Guys, Waiting for my new Alluminium MACBOOK and I am totally confused over the issue of connecting it to my Samsung 37 inch 2 year old HD TV. This is what I have on the back of the TV ........ DV IN - Audio R L (Red and White) HDMI/DVI IN - Thin S
-
Issues Transferring Video Purchased on iTunes to My Video iPod..Help!
Just bought a new 60 BG Video iPod. I purchased a few videos from iTunes. However, when I connect my iPod to iTunes, only my music is transferred. The videos are not transferred. When I try to transfer the video to my iPod, I get the following messag
-
Syncing from iTunes to iPad deletes content from iTunes
I recently bought three TV series to watch while going away for a few days. They downloaded fine to my iTunes Library and I synced them to my iPad. I watched them on my iPad through ATV2 and today I went back to the iTunes library only to find that n
-
Why two different explain plan for same objects?
Believe or not there are two different databases, one for processing and one for reporting, plan is show different for same query. Table structure and indexes are same. It's 11G Thanks Good explain plan .. works fine.. Plan SELECT STATEMENT ALL_ROWS
-
Customer clearing process (F-32)
Hi, Please help me with this scenario. Please provide the some solutions to automize the process of customer clearing on FIFO basis. as it take lots of manhour to clear near about 1000 customers account individually on every month. so please guide me