Client behind nat (on a vmware guest os)

Similar Messages

• Client behind NAT

  I have been searching for a solution for this issue with all that google knows......
  I have my client behind NAT with ip 192.168.27.1
  And the server behind NAT with some ip (i am not really worried abt this)
  Now I register a client object to server for notification. SImply a hash table in server stores all my client objects. On a expected change, I invoke a method in my client objects.
  In this scenario I happened to observer that the client objects sent to server had the client ip (192.168.27.1) inside it and not the NAT ip through which they went out.
  So when I went invoke the remote method nothing interestingly happens as the client cannot be located.
  I tried creating custom sockets in client and binding it to NAT ip --> obvious bind exception for a ip that is not with client
  Setting the NAT ip as java.rmi.hostname in client --> no effect, since still the server is trying to notify (192.16827.1)
  Help me to root out this issue. I feel that there must be a solution for this, otherwise RMI it would not have been this much successful.

  Hi turing,
  thanks for your reply
  actually my question is
  "maybe if you try using the "real" ip (www,whatismyip.com)
  your program will work. "
  how to do this in the scenario I explained.
  Most of the discussions I saw in this forum are about server behind NAT and resolution approach for it. I can't find an answer for this even in the post you mentioned.
  Simply,
  When I register a client object in server, how will the server identify the client to notify, when the client is behind NAT.
  Will the ip address that the remote object carries will also be NAT'ed. I don't see this happening.

• Cisco VPN client behind NAT

  Hi,
  We have to setup a VPN connection from a user workstation in our private
  network to a third party host.
  We have to use the Cisco VPN client v4.0.2 (B).
  BM 3.8SP3 with static and dynamic NAT.
  2 filter exceptions:
  UDP port 500 stateful private network to public host IP
  UDP port 10000 stateful private network to public host IP.
  We can login to their Cisco box but after that we cannot ping to their
  hosts.

  Bert wrote:
  > Hi Caterina,
  >
  > I get it worked!
  >
  > I changed the connection type in the Cisco client to TCP (port 10000).
  >
  > I deleted the UDP filter exception for port 10000.
  > Finally I added a filter for TCP.
  >
  > So with 2 filter exceptions it seems to work now:
  > VPN1 -> source: port 500, destination port 500, stateful, UDP
  > VPN2 -> source: port All, destination port 10000, stateful TCP
  >
  > Now I can ping to hosts at the other side and connect to their
  > network with Net use etc.
  >
  > Thanks for your help.
  >
  > Regards,
  > Bert.
  Thank you Bert, you just save me hours of work!
  Dan Verbarg
  BHDP Architecture
  Cincinnati, OH

• VMWare Guests can't bridge in to Wifi

  Network setup: WLC4402, 1141 APs.  DHCP is required on all SSIDs. 
  A co-worker has a setup where his laptop runs VMWare and is attached to Wifi.  On his guest Virtual Machines, he notices that they work fine when in NAT mode, but when he tries to bridge them on to the WiFi network, DHCP requests timeout.  I duplicated his configuration with VMWare player, and got the same behavior.  
  When we plug in to wired connections, the Guests are able to bridge on to the network just fine.
  Any ideas on this?  I'm thinking perhaps the DHCP requirement option may be preventing the VMWare guests from bridging. 

  Forgot to mention we're running 6.0.202.0 on the 4402.  Haven't bothered upgrading to 7.0 as I don't think there's any new features.
  Sounds like changing the APs to H-REAP mode is the best fix.  Our network is already configured for trunking so it shouldn't be that big of an issue.

• MapVewer Behind NAT

  Hi,
  I'm using MapViewer and I integrated it with my ADF application. I've generally no problem. I deployed both of them on weblogic server, and they work great. But when I want to have access to my app server (weblogic) from another place behind NAT, MapViewer doesn't work any longer!
  My application page (ADF/JSP) works, but the map object (dvt:map) on my page, doesn't render! I think it causes by IP difference. Everything is the same, but just the IP changes behind the NAT.
  Because of network back bone, we forced to have another Server IP in client side for Weblogic Server, instead of real Server IP. (e.g. real server IP is 172.18.10.1 but the client machine behind the NAT can see the server by 172.16.2.3)
  I want to emphasize that all pages and all other features in my web applications works, and I can see and have access to MapViewer Server from client (behind the NAT) too. But my Map object (dvt:map) on my pages, doesn't render and just show a blank area without any error!
  I know, I don't have any problem in accessing to MapViewer server, because I have access to my MapViewer server control panel from client side (behind the NAT) and MapViewer is installed on Weblogic which my Application is installed on. So, my question is if I can work with my application behind the NAT, why I can't see my map on it!

  The key is that the NAT-enabled router is the one that will require port mapping/forwarding to be configured. In addition, you don't necessarily need for the Internet router to have a static IP address, but it MUST be a Public IP address. If your HOA controls this router, then most likely, they will NOT be willing to configure it to allow port mapping to your IP camera.

• FTP-client behind RRAS - unable to connect to external FTP servers

  FTP-client behind RRAS - unable to connect to external FTP servers
  A small network (10-20PCs) without any segmentation - one LAN with one Gateway.
  1. If the Gateway is some small hardware device, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
  2. If the Gateway is Win2003+RRAS+NAT or Win2003+ISA2005, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
  3. But if the gateway is Win2008+RAS+NAT or Win2012+RRAS+NAT, the computers in the LAN are not able to connect to Internet FTP-servers
  I made a few tests:
  1. On Win2012+RRAS+NAT
  TurnOff Windows Firewall for All profiles (Domain, Private, Public) - the problem disappears, it it possible to connect to external Internet FTP-servers.
  2. On Win2012+RRAS+NAT
  TurnOff Windows Firewall only for Domain profile - the problem disappears, it it possible to connect to Internet FTP-servers.
  3. On Win2012+RRAS+NAT
  TurnOn Windows Firewall for All profiles (Domain, Private, Public)
  But I excluded the Internal NIC in this list
  Windows Firewall / Properties / Domain Profile / Protected network connections 
  and the problem disappears again
  My question is:
  What new Firewall rule  I have to make and where to place it (to be able to make FTP-connection from LAN to Internet FTP-servers)?
  I made some attempts to allow port21, but any success.

  Thank you, but did you try this ? 
  Can you describe in detail "exclusion rule for FTP traffic" ?!
  In my previous post, I want to say that if you use Win 2008/2012 RAS+NAT as a network gateway, than it is not possible to make FTP-connections to external FTP servers from the computers behind that gateway.
  And the standard attempts to make "Allow"-rules for port 21 in the gateway firewall (Win 2008/2012), do not solve the problem.
  No matter which FTP-client you can try to use.
  To see this problem, just make few simple tests: 
  ">telnet <ftp-server> 21" 
  with firewall on/off  and inbound/outbound "Allow port 21 rule (All/Domain/Private/Public)"
  In my country, the Government Tax Department uses FTP-protocol to collect monthly data from companies. 
  And it is too stupid scenario (to be a small company and to) upgrade from Win 2003 to a newer 2008/2012 and than to not be able to make all your jobs.
  -------EDIT---------
  The same problem (and its solution) is described here:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0c68aed6-e22b-4cd4-86bd-f3c767e88349/advanced-firewall-blocking-through-ftp-traffic-rras
  The magic command:
  ">netsh routing ip nat delete ftp"
  solved the problem for me.
  And here is the description of this command - "Disables the FTP proxy on the NAT server."
  http://technet.microsoft.com/en-us/library/cc754535(v=ws.10).aspx#BKMK_106

• Contivity vpn client behind router with easy server

  Hi, I've seen this argument before, but without an effective solution.
  I have a contivity client behind a 857 cisco router. This client needs to connect to a remote VPN server.
  With NAT enable and easy VPN server disable all works fine.
  When I enable easy VPN server on the 857 (I need to connect several dial-up cisco vpn client from outside to this office) the contivity client can't connect anymore to the remote vpn server and hang up with the famous "bannet text" error.
  I think that because the external interface of the 857 is waiting for cisco vpn client to connect, it intercepts also the data from the remote contivity vpn server, not forwarding to the client inside the LAN.
  If there is a way to "passthrough" the contivity connection data to the internal client it would be very nice.
  Many thanks, Stefano.

  Hi, I found a possible solution. At this page
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080235197.shtml
  this is the interesting part:
  !--- Dynamic crypto map.
  crypto dynamic-map dynmap 1
  set transform-set foo
  match address 199
  access-list 199 permit ip 10.100.100.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 199 permit ip host 172.16.142.191 192.168.1.0 0.0.0.255
  I try to put the contivity vpn client to another subnet (192.168.3.10) but the easy vpn server still intercepts its encrypted data.
  Salutes.

• Implementing BitLocker on Windows 7 Ultimate in a VMWare Guest

  Wow...Prior to this problem, printer issues were the most annoying.I have a 32-bit instance of Windows 7 Ultimate installed in a VMWare guest. The host is a brand new business class Core i7 laptop with 16 GB RAM.I am trying to implement BitLocker in the guest OS, but the first issue was that it couldn't find a TPM (Trusted Platform Module). Understandable considering it was in a virtual world. So I found the group policy option to allow BitLocker to work without a TPM; check. BitLocker let me go to the next step. I saved the startup key to a USB flash drive (which it prompts me to do), and it appears it did what it needed to do because it wouldn't let me go to the next step otherwise. There is then a checkbox with an option to check the system before disk encryption begins. I check that because I need to know it works 100% before I...
  This topic first appeared in the Spiceworks Community

  Hi,
  Have you tried using manage-bde command to decrypt this partition?
  manage-bde -unlock Volume -pw *********
  Andy Altmann
  TechNet Community Support

• Same Numbers file opens fine under host but blank under VMWare guest

  Am working toward a daily use virtual machine as an operating environment.  Using VMWare Fusion 4 and Lion 10.7.4 for both host and guest.  Host and guest each have 4 GB RAM allocated and gobs of disk space.
  Have iWork '09 installed under both host and guest.  Trying to use a Numbers worksheet that's stored both in iCloud and DropBox - doesn't matter which, same results.  This is the same physical file accessed from both host and guest.  In the host, worksheet opens fine.  In the guest, Numbers '09 starts fine, but no worksheet contents show - the tree shows on the left, but worksheet shows blank.  Have tried pulling in backup copy and re-uploading to DropBox.  Same results.  Same behavior for Pages .09.
  Other applications (other than iWork) seem OK so far.
  Anyone have an idea what may be going on?
  Thanks!

  UPDATE:
  I have backed up to Lion 10.7.3 in a new vmware guest, reinstalled iWork '09 from the retail disk into the guest.  No change.  Pages, Numbers and Keynote work spaces all show empty on guest screen (even though same files open fine under hot side).
  I have downloaded latest Parallels, installed, created Lion 10.7.4 guest, installed iWork '09 from retail disk and same results.  Host works fine, guest loads but shows blanks screen.
  I had a note from one person who said they had similar setup and same s/w versions all around.  Says his works fine under guest.  So far, only difference I can see is that he's running Numbers and Pages apps he downloaded from the App Store whereas I'm using an iWork retail disk.  We're both using iWork '09 version 2.1.
  Really now, could THAT be the problem? 
  Ideas anyone?
  Thanks.

• DMVPN Hub and Spoke behind NAT device

  Hi All,
  I have seen many documents stating about DMVPN Hub behind NAT or DMVPN Spoke behind NAT.
  But My case i involve in both situation.
  1) HUB have a Load Balancer (2 WAN Link) ISP A & B
  2) Spoke have Load Balancer (2 WAN Link) ISP A & B
  Now the requirement is Spoke ISP A Tunnel to HUB ISP A.  Spoke ISP B tunnel to HUB ISP B
  So total of two DMVPN tunnel from spoke to hub, and i will use EIGRP and PBR to select path.
  As I know at HUB site, LB must do Static NAT for HUB router IP, so spoke will point to it as tunnel destination address. At spoke LB, i will do policy route to reach HUB ISP A IP via Spoke ISP A link, HUB ISP B IP via Spoke ISP B link.
  HUB and Spoke have to create 2 tunnel with two different network ID but using same source interface.
  The Tunnel destination IP at spoke router is not directly belongs to HUB router. Its hold by HUB LB , and forwarded to HUB router by Static NAT.
  Any problem will face with this setup? Any guide?
  Sample config at HUB.
  interface Tunnel0
  bandwidth 1000
  ip address 172.16.1.1 255.255.255.0
  ip mtu 1440
  ip nhrp authentication cisco123
  ip nhrp map multicast dynamic
  ip nhrp network-id 1
  ip nhrp holdtime 600
  delay 1000
  tunnel source FastEthernet0/0
  tunnel mode gre multipoint
  tunnel key 0
  tunnel protection ipsec profile cisco
  interface Tunnel1
  bandwidth 1000
  ip address 172.17.1.1 255.255.255.0
  ip mtu 1440
  ip nhrp authentication cisco123
  ip nhrp map multicast dynamic
  ip nhrp network-id 2
  ip nhrp holdtime 600
  delay 1000
  tunnel source FastEthernet0/0
  tunnel mode gre multipoint
  tunnel key 1
  tunnel protection ipsec profile cisco
  Spoke Config
  interface Tunnel0
  bandwidth 1000
  ip address 172.16.1.2 255.255.255.0
  ip mtu 1440
  ip nhrp authentication cisco123
  ip nhrp map 172.16.1.1 199.1.1.1
  ip nhrp network-id 1
  ip nhrp holdtime 300
  ip nhrp nhs 172.16.1.1
  delay 1000
  tunnel source FastEthernet0/0
  tunnel destination 199.1.1.1
  tunnel key 0
  tunnel protection ipsec profile cisco
  interface Tunnel1
  bandwidth 1000
  ip address 172.17.1.2 255.255.255.0
  ip mtu 1440
  ip nhrp authentication cisco123
  ip nhrp map 172.17.1.1 200.1.1.1
  ip nhrp network-id 2
  ip nhrp holdtime 300
  ip nhrp nhs 172.17.1.1
  delay 1500
  tunnel source FastEthernet0/0
  tunnel destination 200.1.1.1
  tunnel key 1
  tunnel protection ipsec profile cisco

  Hi Marcin,
  thanks for your reply. The NAT was set up in a way it was/is just to simulate the spoke to be behind NAT device.
  About AH and ESP, you are correct there... this was actually my issue. I should have used pure ESP. At the end, TAC actually assisted me with this. Before I called TAC, i did notice the following. ISAKMP traffic was NATed to 3.3.3.3, as expected. Anything after that, did not work and it has to with NAT and AH. Traffic was no longer NATed so the hub, saw the traffic come from 2.2.2.2 rather than 3.3.3.3, you can also see that in the error message you have pointed out. I also saw it in my packet captures. That caught my eye and i started troubleshooting it. I did not understand that AH can't be NATed, Below  is TAC's explanation. All is good now. Thanks
  .  Essentially, it comes down to the fact that AH will encapsulate the entire IP packet (hence why it is the outermost header) with the exception of a few mutable fields, including the DSCP/ToS, ECN, flags, fragment offset, TTL, and the header checksum.  Since the source/destination IP addresses & port numbers are actually protected by the AH integrity checking, this means that a device performing a NAT operation on the packet will alter these IP header fields and effectively cause the hub router to drop the packet due to AH failure.
  Conversely, ESP traffic is able to properly traverse NAT because it doesn't include the IP header addresses & ports in its integrity check.  In addition, ESP doesn't need to be the outermost header of the packet in order to work, which is why devices will attach an outer UDP/4500 header on the traffic going over NAT."

• Problems with Arrowpoint cookies for clients behind a Proxy

  I have in a WebSite clients being load balanced using Arrowpoint cookies to a virtual Server. The CSS load balance between three Apache real servers.
  I have some clients that are behind some kind of Proxy Cache and I have seen with a sniffer that the proxies causing the problem Re-use proxy to our server connections for different requests for multiple clients.
  Then, as I understand the CSS make the forwarding decission based on the cookie of the first request for the first client behind the proxy after establishing the HTTP connection, but when there is a request from other client using this same connection (that must be forwarded to other real server) the request is forwarded to the original web server and fails because we need sticky connections.
  I thought that this wasn't correct but I have read some documents that say that this is called a Proxy role as a "connection cache". Then my question is if there is any workaround for this problem.
  Thanks

  I believe your problem is that the proxy open a few persistent connections with the CSS and loadbalance your client's request over them.
  Once the CSS has associated a connection with a service, it does not look into the request anymore.
  The solution is to disable persistence on the CSS with the command 'no persistent' and 'persistence reset'.
  Find more info at :
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093e06.shtml#crp
  Gilles.

• Multiple ichat clients behind firewall?

  IS it possible to have multiple ichat clients behind a firewall? I've just bought a macbook pro and would like to purchase two more for ichat functionality. Two of these will be behind one firewall, the other across the country. I can't find any documentation other than how to configure a single ichat client.
  Is it possible? It's ok if we have to purchase an xserve and run some kind of server our end - I just want it to work.
  Message was edited by: paulgami

  Hi paulgami,
  iChat will work behind a firewall or routing device.
  With routing device the easiest method is UPnP which allows the Apps to open the ports and allows multiple computers to use the same ports.
  A device that has Port Triggering can also allow multiple computers to use the same ports.
  If you mean that you want the Bonjour side or even the Jabber side (in the iChat Server in OS X serve) to be in the same Network you will have to look to setting up VPNs (virtual Private Networks) to cover the distances you are talking about.
  It may be just semantics but it helps if we know which bit of iChat you are talking about.
  Tiger 10.4.x OS X Serve has an Jabber Server that can be used with the Jabber side of iChat (iChat 3.x)
  Each computer already has the iChat Client.
  There are also Public Jabber servers including Googletalk to use with the Jabber side of iChat.
  The Main Buddy list obviously uses the AIM service and again this can be world wide.
  iChat also has the Bonjour side. This can find any other Mac on the same network. It uses the user's Address Book to broadcast a Screen Name for the other iChat clients (separate buddy List)
  Possibly start here
  http://www.ralphjohnsuk.dsl.pipex.com/index.html
  Just getting started ?
  http://www.siriusaddict.com/ichat.html
  Collaboration Services Forum in OS XServer
  http://discussions.apple.com/forum.jspa?forumID=700
  8:44 PM Monday; August 13, 2007

• Deploy Server 2012 to VMWare Guest using Paravirtual SCSI

  Hi,
  I attempting to use Boot Media to boot a VMware Guest OS to image with Server 2012.
  I have imported the following drivers from the x64 VMware Tools:
  VMware PVSCSI Controller
  VMware PCI Ethernet Adapter
  vmxnet3 Ethernet Adapter
  I have added the drivers to the x64 Boot image in SCCM 20012 R2 then I went ahead and created the Boot media
  When the VMware Guest boots up the boot image I can manually configure an IP address and successfully retrieve the Assigned Task Sequence (Based on a manually imported Computer Object/MAC address)
  Long story short... I realized that the Imaging process is failing at the Partition/Format section of the Task Sequence.
  Upon further investigation I can clearly see that the "C:\ Drive" is not being detected.
  what am I missing? are there any suggestions out there or has someone else had any similar issues in their environment?

  Hi,
  The smsts.log does explicitly reflect all activity so if you have a specific point in time you are curious about, you can easily verify by checking the log.
  Press F8, use the Diskpart command to format partition.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• DMVPN behind NAT

  Hi,
  I'm having a little trouble getting a DMVPN up using a host that is behind a NAT device. It looks as though with my version of IOS i need to use IPSec tunnel mode, but the NHRP registeration on the hub shows the Real address of the spoke and not the NAT'd address. Because of this the spoke can't be seen by any others.
  Any idea's where i may be going wrong here?
  Thanks in advance for your help!
  Andy

  DMVPN is supported behind NAT. This is usually seen on routers. Upgrade the router software to12.3(11)T6 or greater to fix this issue.

• OEAP602 - Support for APs behind NAT

     Support for APs behind NAT
  In the 7.2.103.0 release, you can deploy up to 3 OfficeExtend access points (OEAPs) behind a NAT device. You can deploy up to 50 FlexConnect access points (with or without Data DTLS) behind a NAT device.
              Source: http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_2.html
  I'm confused, does it mean I can't have more than 3 OEAP602s deployed in the same remote site (let say, a Hotel) with the same Public IP back to my OEAP-WLC ?

  I know on 7.0 MR1 only supports 1. I learned that the hard way doing a meeting at a hotel for our staff.
  One thing we did was hook up a switch to port 4 and did HREAP with 2 other aps.. Not ideal but I like to test limits ..
  Sent from Cisco Technical Support iPhone App