CMAK support for L2TP IP/Sec VPN

I have used the CMAK to create connections my users use to connect over VPN.  We are standing up a L2TP IP/Sec VPN solution and while I see that as a VPN option when manually creating the VPN connection option, I don't see L2TP IP/Sec as an option
in CMAK.   Is this option supported in CMAK?

Hi,
This should support this setting, you can refer to this tutorial:
VPN setting in CMAK:
http://blog.lan-tech.ca/tag/cmak/
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support

Similar Messages

  • Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

    I've got a NAS setup with various services running on custom ports to help minimize exposure (especially to script kiddies). I've tested everything both internally and externally to confirm they all work, and even had someone at a remote location confirm accessibility as well.  Port forward configurations performed on the Actiontec are working well. 
    I installed an L2TP/IPSec VPN server, tested internally and it connected successfully.  So for all intents & purposes, this validates that the VPN server is correctly configured to accept inbound connections and functioning correctly.
    I logged into the Verizon Actiontec MI424WR router, setup port forwarding for UDP ports 500, 1701 & 4500.
    Note: I added the AH & ESP protocols based on what I saw on the built-in L2TP/IPSec rules
    With the port forwarding in place, I tested VPN externally but it didn't connect.
    I've done the following so far to no avail:
    Double & triple checked the port forwards, deleted & recreated the rules a few times to be sure
    There are no other pre-existing L2RP/IPSec port forward rules or otherwise conflicting port forward rules (e.g.: another rule for ports 500, 1701 or 4500)
    There was an L2TP port triggering rule enabled, that I toggled on and off with no change
    Verified the firewall on VPN server had an exclusion for L2TP, or that the firewall is off. (Firewall is off to reduce a layer of complexity, but it worked internally to begin with so I doubt that's the issue.)
    Since it works internally, and there are no entries in the logs on the device indicating inbound connections, I'm convinced its an issue with the Verizon Actiontec router.  But unfortunately, I'm not sure what else to try or where else to look to troubleshoot this.  For instance, is there a log on the router that I can view in real time (e.g.: tail) that would show me whether or not the inbound connection attempt is reaching the device, and whether or not the device allowed or blocked it?
    My router details:
    Verizon Actiontec
    MI424WR-GEN2
    Revision E
    Firmware 20.21.0.2
    Verizon Actiontec built-in L2TP/IPSec rule templates.  They're not currently in use, but are baked into the firmware for easy configuration/selection from a drop down menu.
    Solved!
    Go to Solution.

    normally a vpn on that router, will have a GRE tunneling protocol as well.
    two ways to build the PF rules,
    Manually
    Preconfigured
    I know the preconfigured VPN rules will do the GRE protocol as well, but if you do it by hand you can't get it.

  • MPLS VPN support for VPNv6

    All,
    which routers and IOS has MPLS VPN support for VPNv6?
    regards
    Devang Patel

    Hello Devang,
    in the feature navigator look for the 6VPE feature for example a C7609 with sup720 3BXL and IOS 12.2(33)SxHa2 has the vpnv6 address-family.
    see for example
    http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-ov_mpls_6vpe.html
    you still need an MPLS/Ipv4 core or an ipv4 core if using GRE tunnels:
    Table 1 Feature Information for Implementing IPv6 VPN over MPLS
    Feature Name Releases Feature Information
    IPv6 VPN over MPLS (6VPE)
    12.2(28)SB
    12.2(33)SRB
    12.4(20)T
    The IPv6 VPN (6VPE) over a MPLS IPv4 core infrastructure feature allows ISPs to offer IPv6 VPN services to their customers.
    This entire document provides information about this feature.
    MPLS VPN 6VPE support over IP tunnels
    12.2(33)
    SRB1
    This feature allows the use of IPv4 GRE tunnels to provide IPv6 VPN over MPLS functionality to reach the BGP next hop.
    This following sections provide information about this feature:
    •6VPE Over GRE Tunnels
    Hope to help
    Giuseppe

  • Cisco ASA 5505 Remote Access IP/Sec VPN Connectivity Issues

    We have a Cisco ASA that we use just for Remote Access VPN. It uses UDP and was working fine for about 2 months. Recently clients have had intermittent issues when connecting from home. The following message is display by the Cisco VPN Client :
    "Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding"
    Upon looking at a client side packet capture, I notice that no response is being given back to the client for the udp packets sent to the ASA on udp 500. If I login to the ASA from the LAN and send a single ping FROM the ASA, then the client can connect without issue. I don't understand the significance of the needed outbound ping since ping is not used by the client to test if the ASA is alive.
    Once again this is a remote access udp ip/sec VPN. I set most of it up with the VPN wizard and then backed up the config. The issue started happening at least a month after setup (maybe two) and I restored to the saved config just in-case, but the issue remains.
    Any insight would be greatly appreciated.
    I'm using IOS 831 and have tried 821 and 823 as one thread that I found recommended downgraded to 821.
    Thanks much,
    Justin

    Javier,
    I logged into the ASA last time the VPN went down. I issued the following commands:
    debug crypto isakmp 190
    debug crypto ipsec 190
    capture outside-cap interface outside match udp any any
    I then used a remote access tool to access the client and tried to connect. I got absolutely nothing from debugging. So I issued the following command:
    show capture outside | include 500
    and also got nothing. So I issued the following command:
    ping 4.2.2.2
    Upon which my normal deug messaged began to showup, so I issued the show capture outside command again and recieved the expected output below:
       1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 868
       2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 444
       3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 172
       4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
       5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
       6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
       7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 60
       8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 204
       9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
      10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 252
      11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 868
      12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 444
      13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 172
      14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
      15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
      16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
      17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
      18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 204
      19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 252
      20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 1036
      21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
      22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 188
      23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
      34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
      35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
      70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 100
    174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 500
    377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000:  udp 100    1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 868
       2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 444
       3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 172
       4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
       5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
       6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
       7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 60
       8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 204
       9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
      10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 252
      11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 868
      12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 444
      13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 172
      14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
      15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
      16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
      17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
      18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 204
      19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 252
      20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 1036
      21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
      22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 188
      23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
      34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
      35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
      70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 100
    174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 500
    377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000:  udp 100
    It would seem as if no traffic reached the ASA until some outbound traffic to an arbitrary public IP. In this case I sent an echo request to a public DNS server. It seems almost like a state-table issue although I don't know how ICMP ties in.
    Once again, any insight would be greatly appreciated.
    Thanks,
    Justin

  • MST Support for MacBook Pro Retina Late 2013 - DisplayPort 1.2 - Will it ever happen? (with sources)

    So back in October, I purchased a brand new Macbook Pro Retina (MBPr), fully loaded with top of the line specs.  I was soooo excited to have Thunderbolt 2 tech which Intel AND Apple describes as having DisplayPort 1.2a compatibility - which up to this point is unfortunately NOT the case.  The point of the information/questions and requests in this article is to engage a conversation about the issues of not having MST support after Apple falsely mislead their consumers to think otherwise - especially when it is clear the MBPr is capable.  Please read on...
    Apple advertises that the Thunderbolt 2 ports on BOTH the MBPr and the new Mac Pro (NMP) will have 4K Display support with the famed 20gb/sec Ports (DisplayPort 1.2 only requires a little above 17gb/sec).  Now that the 10.9.1 update has been released, we have failed to see MST or Multi-Stream Transport enabled on the MBPr Late 2013.  Now, as for the New Mac Pro- it DOES have MST enabled in 10.9.1 with the AMD GPUs.  For all of you out there that's questioning what this means, short answer is basically the Mac Pro will be able to power a 4K Monitor at 60Hz through the Thunderbolt 2 Port but the New MBPr is stuck with only HDMI 1.4 support which tops out at 4K 30Hz. 30Hz is unacceptable for anything but movies or a photo slideshow.  At 30Hz the cursor will jump across the screen, eliminating any of the benefits of 4K.
    BUT it gets worse...
    Apple can be seen advertising that the new MBPr 15" model can power a 4K monitor THROUGH the Thunderbolt 2 Port here: http://www.apple.com/thunderbolt - This article quotes the following:
    "Now with Thunderbolt 2 built into the new Mac Pro and MacBook Pro with Retina display, you can connect the latest 4K desktop displays and get double the bandwidth for your peripherals. And the two generations of Thunderbolt technology are compatible with each other."
    Does this not let the consumer assume that the newest MBPr will be able to drive a 4K display through the Thunderbolt 2 Port?  I would say yes it does, but at the time I wrote this, the TB2 Ports can't power a 4K display because, as previously stated, MST is disabled in Mavericks for the 15" MBPr Late 2013.
    NOW, later on Apple posted the following article on 4K support here: http://support.apple.com/kb/HT6008
    4K support on the MacBook Pro (Retina, Late 2013)
    MacBook Pro supports 4K displays and Ultra HD TVs at the following resolutions and refresh rates with the built-in HDMI port:
    3840 x 2160 at 30 Hz refresh rate
    4096 x 2160 at 24 Hz refresh rate (mirroring is not supported at this resolution)
    In the article above the New Mac Pro is listed as having support for a 4K Display with the Thunderbolt 2 Port (or MST DisplayPort 1.2a Technology) at 60Hz with no problem.  This leads myself and many others to believe that MST will NEVER be enabled on the newest MacBook Pro Retina with Nvidia GPUs. Yes, 4K IS supported but ONLY through the HDMI 1.4 port, which has the limitation of only 30hz.  This two-faced advertising is extremely upsetting to a LOT of people, including myself.
    Interestingly enough, THIS IS NOT a hardware issue.  If one ventures into Windows 8.1 via Bootcamp and connects a 4K Display via the Thunderbolt 2 (or through DP1.2) Port, the Display registers at 60Hz, thus proving that the Thundberbolt 2 Hub Controller is completely capable of MST DisplayPort functionality.  Clearly this a driver issue with Apple, Nvidia or Intel or any combination.  What Apple has done here is forcing any professional that desires stable and clear 4K technology through their MacBook Pro Retina to do so only using Windows 8.1 on their own machines!  Definitely an oxymoron if you ask me...
    Later on when the Mac Pro was ready for ordering, Apple placed the Sharp PN-K321 as a compatible option for a 4K Display.  On the Store page featuring the (over three thousand dollar) Sharp 4K display, located here http://store.apple.com/us/product/HD971LL/A/sharp-32-pn-k321-4k-ultra-hd-led-mon itor?fnode=53 Apple states the following:
    "Note that 4K DisplayPort operation is only compatible with the new Mac Pro (Late 2013)."
    All of that being said, and I'm terribly sorry for my wordy ranting...
    This brings me to a final two requests to ANYONE reading this post:
    a) Has anyone working with the new 10.9.2 Beta Update seen evidence that DisplayPort 1.2 capabilities will be enabled for the new MacBook Pro Retina (Nvidia 750M) with the promised "Graphics Driver Updates" within the next Mavericks update?
    and
    b) To others that purchased or were/are thinking of purchasing a new MacBook Pro Retina with TB2 Ports: If you are just as upset as me about this crushing blow to consumers that just purchased a $3,000 laptop that were promised something that wasn't delivered - I urge you please, write to Apple and let them know they are making a mistake.  You can do this though the support page or through http://www.apple.com/feedback
    Thank you for your precious time, and if anyone has anything to contribute to this issue, please jump in....

    GOOD NEWS!
    The Mavericks 10.9.3 update adds official support for Thunderbolt 2, 4K!
    I'm not sure if you will be able to daisy chain anything to the 4K display.  I've read that the design of Thunderbolt 2 includes support for DisplayPort 1.2 multi-stream (MST), which allows this type of daisy chaining with 4K, but we don't know if Apple has this supported on it's machines.  Apparently it's been buggy in development because the graphics driver needs to work correctly with the Thunderbolt 2 host controller.  I'm sure they will work it out if they haven't already.
    The above is all via found information on this topic, but you can follow some more discussion here:
    http://forums.macrumors.com/showthread.php?t=1713876
    One more note on Thunderbolt worth sharing: always keep your fastest peripherals closer to the computer in the chain. If you have a TB1 device directly connected to the computer, anything further down the chain will be limited to TB1 speed/capability regardless of it's native speed.  Always connect TB2 devices first, and save anything TB1 for the end of the chain.

  • Lack of support for rented movies

    Last night I rented a movie from the AppleTV. It appeared to download okay. But when I tried to play it, all I got was a white screen.
    I immediately tried to call Apple support. After a few minutes with the voice response system, it told me they were closed – call tomorrow. Why didn’t the voice response system say that at the beginning?
    I called early next morning (6:30am PDT). After navigating through the voice response system, I got a technician who asked for my AppleTV serial number and verified that I had an AppleCare agreement. After about 20 min of research, he told me to unplug the AppleTV, wait 30 sec., then plug it back in and see if that fixes the problem. Well, it did – I could view the movie. He told me the problem is due to the way the firmware handles an HDMI connection – but only with rented movies. What??? The technician then said “good, we fixed the problem you’re good to go.”
    I said not so fast – and asked how Apple was going to compensate me for going through the motions of downloading a rented movie, trying to troubleshoot and calling in (only to be told I was SOL), spending 45 min the next morning, and never being able to see the movie due to an Apple hardware problem. The technician put me on the phone with his “supervisor” - again a 5 min wait on hold.
    The supervisor asked what was the problem – since I still had 12 more hours to watch the movie (we were talking at 6:30am). Then she had the audacity to say there wasn’t a “technical problem” since un-plugging the AppleTV reset it and I could now see the movie. I told her that I wanted to watch the movie last night and there most certainly was a technical problem at that time - i.e., white screen. She reluctantly said that she would “try” to get me a refund for the movie.
    I then asked her how was I suppose to get support in real-time for AppleTV download issues? She again reiterated that their hours are 6-6 and they don’t accept support calls after 6pm PDT. She asked why I didn’t go on-line and seek help on the Apple Web site. Excuse me? I was sitting down to dinner with my family who wanted to watch the rented movie. Going off to a computer to research an Apple hardware problem wouldn’t have been politically correct under the circumstances.
    I also told her that the technician wouldn’t talk to me without evidence of a AppleCare support agreement on the AppleTV. Hey, a rented movie wouldn’t play. Why do I need an Apple support agreement to merely get what I paid for? I asked, what if I had just purchased the AppleTV, how would I solve this sort of problem? She said that I could have paid a one time $49 support charge to get someone to tell me to unplug the AppleTV. Mind you, that’s a $49 charge to see a $4.99 movie due to a known problem with Apple’s firmware. Unbelievable!
    Given the frustration of not getting the movie to play (at dinner time), no realistic support to fix the problem, and the baffling conversation with Apple’s insensitive support manager - all I was offered is someone will “try” to get me a refund.
    Okay, this won’t happen to me again. Because I won’t be renting or downloading movies from Apple’s service. Sorry I bought the AppleTV - wonder if I can get a refund for it?

    I agree the OP could not have known to restart the device but I do rather think their expectations after receiving help were unrealistic.
    From the Applecare diagnosis it was an issue with the tv that led to the OP being unable to watch their movie when they wanted, not the rental, and technically one would need warranty or Applecare to receive phone based support for the tv.
    I accept it was unfortunate the OP's experience wasn't as it should have been and that it was made a little worse by not being able to speak to someone out of hours, although I do see the need for staff to verify that Applecare has been purchased with each caller.
    At the end of the day, the OP's issue was resolved and their was no financial loss to the OP. These things happen, it's unreasonable to expect, or fulminate over not getting, some form of compensation, (although it wouldn't be unreasonable to ask for the rental for free without expectation). What sort of compensation does one thing you would get from Canon if your video camera broke down in the middle of filming your sons graduation day ceremony.

  • [SOLVED] How to install and run (on debian) a separate, downlevel version of firefox for the F5/firepass VPN?

    (Note: my problem is similar to [https://support.mozilla.org/en-US/questions/931534?e=es&as=aaq another current problem] except that
    * OP is running windows (I'm running a debian linux)
    * OP is asking a more general question (how to fix?) while I'm asking for details on a proposed fix)
    I'm currently running
    $ lsb_release -ds
    Linux Mint Debian Edition
    $ cat /etc/debian_version
    wheezy/sid
    $ uname -rv
    3.2.0-2-amd64 #1 SMP Sun Mar 4 22:48:17 UTC 2012
    $ iceweasel --version
    Mozilla Iceweasel 13.0.1
    I'd like to continue running an uplevel iceweasel ([http://en.wikipedia.org/wiki/Mozilla_Corporation_software_rebranded_by_the_Debian_project which is firefox]) but apparently need to run a downlevel version in order to run a particular vendor-supplied plugin. How best to do that (i.e., with minimal performance degradation, and without affecting my package management)? Or is there another way to solve the general problem (running the F5 Network Access Plugin)? Why I ask:
    My employer is giving me remote access via a SecurID token and the F5 Network Access Plugin (F5NAP). The latter is in fact a browser plugin, which seems to me an odd way to implement a VPN, but it's the only offered option. Unfortunately,
    * the only browsers supported for linux are Firefox 3 and Firefox 8 (per [http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm_compatibility_matrix_10_2_1.html this]--scroll to "Linux Operating Systems")
    * my primary laptop runs LMDE (see above) with Iceweasel 13 (from the mozilla.debian.net repository), which I want to keep. (It's the uplevel browser, dammit !-)
    So I first tried to install the F5NAP on my iceweasel, hoping it was sufficiently like the listed versions. I browsed to my employer's site, logged in using the token, and followed the link to install the plugin. Unfortunately, that failed: the xpi began running, but then quit with the message
    > F5 Network Access Plugin could not be installed because it is not compatible with Iceweasel 13.0.1
    Hoping for a simple workaround, I told the often-useful User Agent Switcher plugin to emulate Firefox 8, but no fix. Hence it seems like I will hafta
    * install Firefox 3 or Firefox 8
    * run that downlevel browser whenever I want remote access
    * run the uplevel browser for everything else
    This definitely seems like a kludge, so I am open to alternatives. Meanwhile I'm wondering:
    # Which of the F5-supported downlevel browsers (Firefox 3 or Firefox 8) has the smaller memory footprint?
    # How to install the downlevel browser so that it does not interfere with my uplevel browser's configuration, operation, and updating via debian package management?
    # How to run the downlevel browser so that its operation does not interfere with my uplevel browser? I know firefox typically wants to run singleton.

    @[https://support.mozilla.org/en-US/user/160087 verdi]: thanks for your helpful suggestions. The "fix" (actually a kludge, but I gotta work with what F5 and my employer give me) was:
    # Install/run latest Firefox 3 (despite there being [https://support.mozilla.org/en-US/questions/932269 no 64-bit version for linux]) using [https://docs.google.com/open?id=0BzDAFHgIxRzKbmJDUGZqTzhfbDg this bash scriptlet].
    # Create a [https://docs.google.com/open?id=0BzDAFHgIxRzKQjRyQndqUTJpRXM run script] to start firefox so that one can
    #* choose the appropriate profile (I was unable to set it from the script without startup error)
    #* run multiple instances (I don't want 3.x firefox touching my uplevel profile)
    # Run Firefox 3.x with the runner, then point it to my employer's site to install the [http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm_compatibility_matrix_10_2_1.html F5 Network Access Plugin] (restarting firefox as required).
    The gnome-terminal tab from which I invoke the runner spews a bazillion "wrong ELF class: ELFCLASS64" errors, but the plugin runs, and I can SSH normally (though more slowly) to servers on the VLAN from another terminal tab.

  • JSONP support for APEX RSS feed

    Hi,
    We have an APEX application that leverage's APEX and UCM API to create a RSS feed that is displayed on the Content Portal.
    http://contentportal.oraclecorp.com/
    The feed XML is converted to a JSON object and displayed on the home page using jquery.
    Up until last week this feed was displaying fine but now its broken and can no longer be seen on the home page.
    Our logs indicate that the feed content is being pulled as before without errors.
    https://apex.oraclecorp.com/pls/apex/IBUSCP.RSS
    A test page created to investigate the issue shows the following error -
    Resource interpreted as Script but transferred with MIME type application/rss+xml: "https://apex.oraclecorp.com/pls/apex/IBUSCP.RSS?callback=jsonp1347857472289&feed=1&itemCount=20"
    URL to the test page is :- http://apps-stage.oraclecorp.com/rss-test.html
    Could this possibly have to do with the recent upgrade on the APEX server as this worked perfectly earlier?
    Could the JSON support for RSS feed might have been affected?
    Thanks and Regards,
    Priya Jetley

    Your servers are in a personal network and we can not connect to them without setting up some kind of vpn connection.
    I would suggest that you install firebug in firefox and just look in the console what is happening.
    Firebug can monitor json to.
    Regards
    Nico

  • Determing IP Address Ranges for Setting up a VPN

    Following the directions that I've found here ... I'm attempting to setup a VPN for my company to share documents.
    I am using a mac mini, which is connected to a router, and the router to a cable modem.
    In order to set up the VPN using L2TP over IPsec, I need to enter both a Starting and Ending IP Address.
    I have found only a single IP address for the mac mini, and when going into system profiler have found various other addresses and am not sure how to properly setup the IP Address Range.
    Some of the categories shown in the System Profiler are:
    IPv4 Addresses, IPv4 Configuration Method, Interface Name, Router, Subnet Masks, IPv6 Configuration Method, DNS Server Addresses, etc.
    However, I only see 1 single IP Address.
    Any help would be greatly appreciated.
    ~ JJL

    OK, that's good, you have all you need.
    You are probably going to need to read up on the management of the base station as this is going to be your NAT router (remember that from my earlier post?) and your internet firewall. Management will be via a web browser, on a computer directly connected to base station's ethernet port. There will be a default IP address to put into the web browser to reach the management page. This IP address can probably be found by opening the Network prefs on one of your airport computers and looking to see what the 'Router' IP is set to (I'm presuming that the base station is still in its default function). It will also be in the base station documentation.
    The base station will act as your DHCP server (we could alternatively use the server but lets keep it as the base station - no real difference). There will be a management page for this where you can specify its own IP address and also what range you want to distribute to other computers. For example...
    192.168.1.1 for base station
    192.168.1.2 to 192.168.1.40 for DHCP
    Remember, we do not want to hand out all the IP addresses by DHCP because we need to keep some back for the server's static IP and the VPN users. So maybe we keep...
    192.168.1.100 for the server
    192.168.1.200-219 for L2TP vpn
    192.168.1.220-239 for PPTP vpn (if this is also needed for PCs and the like).
    Via management screen, confirm that NAT routing on the base station is enabled (this allows all LAN computers to access internet via your base station which is now your 'Internet Router'.
    Confirm that the firewall on the base station is enabled. This protects your LAN (on the private side of the router) from all other traffic on the internet (the public WAN).
    Switch off both the modem and the base station.
    Connected the modem to the WAN port of the base station (ordinary ethernet cable).
    Keep modem off for 5 - 10 minutes (this clears any cached settings at the ISP end). Switch on the cable modem and wait a few minutes for it to settle.
    Switch on the base station and reconnect to the management screen. There will probably be an Internet Wizard or some such thing in the management page to establish the connection with the modem.
    When the connection to the modem is OK, you should be able to browse rest of internet from the computer you have directly connect to the base station
    Restart any computers connected by airport. They should now also be able to browse internet.
    Disconnect computer which is directly connected to base station.
    The ethernet port on base station now gets connected to your switch.
    The Server connects to the switch too.
    You are probably going to need to give your server a new IP address, in the same network range as now being used elsewhere in your LAN. This is not quite as trivial as just changing it in the Network Prefs although you may well be able to get it going fine doing just that (to be honest, I'm not sure I want to add that bit into this already lengthening post
    If you want to just change the IP address in Network Prefs just now, remember that the Router field will be the IP address of your base station. The DNS server (in server network prefs) will also be base station.
    I have skipped past a bit regarding the server setup and also omitted how to get the vpn traffic from the WAN to the server (hint: port forwarding in router) but i think it is wise just to get the rest of the network up and running behind a secure router/firewall first.
    -david

  • UC560 WAN PORT support for dot1q?

    Hi,
    should be a fairly simple question but does UC560 WAN port support dot1q trunking back to switch? Can't see any doc on this.
    Aim is to run 3 VLAN's back to switch one for data,voice,SSL VPN for remote teleworker.
    Thanks,
    Joseph

    I believe the WAN port is a L3 interface.  You will have to use subinterfaces to do specific vlan communication between a switch. 
    You may look at this document.  By the way, this is not possible via CCA and can only be done via CLI.
    http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intrface.html#wp1044006

  • WMF Support for iPod anyone?

    Hey,
    Am I the only one, who would like to play wmf files with iPod?
    IMHO they sound better than mp3 to my ears. I know, I know, this is very personal statement and you are free to disagree, but I'd just prefer wmf over mp3.
    I am not an iPod owner yet, but I consider buying one.
    Although I am impressed with iPod - the slick design, UI, etc are all unrivaled, the lack of wmf support is THE major drawback, which makes me look at other players. iPod is the only player which does NOT support wmf. I ripped most of my cd collection to wmf, so conversion to mp3 would be a pain.
    Does anybody know if Apple might add support for wmf (or other formats, like flac, ape) anytime soon?
    Sorry, AAC/AIFF is not an option either.
    PC   Windows XP Pro  

    if you read the tech specs for the 5g ipod link below
    http://www.apple.com/ipod/specs.html
    under audio support its as follows "AAC (16 to 320 Kbps), Protected AAC (from iTunes Music Store), MP3 (16 to 320 Kbps), MP3 VBR, Audible (formats 2, 3 and 4), Apple Lossless, WAV, AIFF"
    THere is no WMA format suported. If you look further on video support (just as a notice) there is no WMA format supported. "H.264 video: up to 768 Kbps, 320 x 240, 30 frames per sec., Baseline Profile up to Level 1.3 with AAC-LC up to 160 Kbps, 48 Khz, stereo audio in .m4v, .mp4 and .mov file formats
    MPEG-4 video: up to 2.5 mbps, 480 x 480, 30 frames per sec., Simple Profile with AAC-LC up to 160 Kbps, 48 Khz, stereo audio in .m4v, .mp4 and .mov file formats"
    I am sure but dont know of any WMA file converter. And since you state AAC/AIFF is out of the quesiton well then see on converting the files to MP# sicne thats more universal. Why should apple ipod support for windows media files. when microsoft is so rankerous in being so proprietary on their software as well. I am sure you can find a converter and i recommend googleing for such info. But i highly doubt apple will add support for a proprietary file format that comes from a competing software company. Im not bashing jsut making a real observation. =)
    GFF

  • Does Leopard support pure L2TP?

    I was using a pure L2TP VPN service (without IPSec). But I can't find such connection option in the network preferences. And then I tried l2tpd, an open-source l2tp daemon, but it can't work correctly under Leopard.
    I wonder whether Leopard support pure L2TP. If so, how can I set up it? Thanks.

    Archive Assistant should extract the contents of a .rar archive; however, if there are multiple segments it will not join them back together.
    -Douggo

  • Configurate L2tp over ipsec vpn at ASA

    Hi dear i want to  configurate L2tp over ipsec vpn at asa. my asa behind nat device(nat device is router).
    is it working?

    thanks to reply me.
    i have a transfor set for ipsec vpn client.  yes you are rigth i have same sequence dynamic map. which one i changed? and then what about  crytpto map? how i do it? please write to me how to do at my configuration??
    i have real working network i confused to test it. please write me how to do it.
    thanks.

  • IPv6 Multicast support for service providers 6PE / 6VPE

    Hi,
    Can anyone comment on the current state of development for IPv6 Multicast support for Service Providers who are using 6PE or 6VPE in their MPLS core.
    (6PE - SP is running MPLS in its IPv4 core, it uses IPv6-enabled provider edge (PE) routers to transport IPv6 traffic over an IPv4-only enabled core. 6PE does not support VPN,s it just provides a mechanism for tunneling IPv6 packets from ingress PE to egress PE routers)
    (6VPE - refers to a PE router capable of supporting IPv6 VPNs. A 6VPE solution can be used to provide IPv6 based layer 3 VPN services in a similar way to IPv4 based Layer 3 VPN services.)
    My understanding is that 6PE and 6VPE solution are unable to support IPv6 multicast traffic.
    Any further information on configuration, design or development work in the pipeline would be gratefully received,
    kind regards John

    Hi John,
    From our question I understand you are sking about the MVPN support for IPv6 multicast. It is actually supported on the XR platform as of now. Please refer:
    http://www.cisco.com/en/US/docs/routers/xr12000/software/xr12k_r4.0/multicast/configuration/guide/mc40mcst.html#wp2890031
    I hope this helps.
    Regards,
    Ruchir

  • Can Cisco 7200VXR support for VPLS?

    Hi all,
    I check Cisco Nagivator Feature to find which IOS support for VPLS on Cisco Router 7200VXR and found that IOS image "c7200-spservicesk9-mz.122-33.SRD.bin" can do it as below;
    - VPLS Autodiscovery, BGP-based
    - VPLS Multiple VCs per Spoke
    When I try to configure Virtual Forwarding Instance, it's not allow me to configure the above features (VPLS Autodiscovery: BGP Based, Manual Configuration of VPLS) and only support point-to-point configuration mode you can see it as below
    R1#show version
    Cisco IOS Software, 7200 Software (C7200-SPSERVICESK9-M), Version 12.2(33)SRD, RELEASE SOFTWARE (fc2)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by Cisco Systems, Inc.
    Compiled Thu 23-Oct-08 12:58 by prod_rel_team
    R1(config)#l2 vfi ?
    WORD VFI name
    R1(config)#l2 vfi VPLS_A ?
    point-to-point Point-to-point configuration mode
    R1(config)#l2 vfi VPLS_A point-to-point ?
    <cr>
    R1(config)#router bgp 100
    R1(config-router)#bgp router-id 150.1.1.1
    R1(config-router)#neighbor 150.1.12.2 remote-as 100
    R1(config-router)#neighbor 150.1.12.2 update-source lo0
    R1(config-router)#address-family ?
    ipv4 Address family
    ipv6 Address family
    l2vpn Address family
    nsap Address family
    vpnv4 Address family
    vpnv6 Address family
    R1(config-router)#address-family l2vpn ?
    vpls Address Family modifier
    <cr>
    R1(config-router)#address-family l2vpn vpls ?
    <cr>
    R1(config-router)#address-family l2vpn vpls
    % BGP: Error initializing topology
    R1(config-router)#
    I can use "l2 vfi VPLS_A point-to-point" for Layer 2 VPN Pseudo-Wire Switching but not for VPLS multipoint configuration mode. Can Cisco 7200VXR support VPLS on this IOS image? If it can't, which IOS image can do it on this platform.

    VPLS is not supported on 7200, you can configure point to point here but not point to multipoint, you will have to move to 7600 for that.

Maybe you are looking for