Communication , firewall

Similar Messages

• Exchange 2010 Required Communication (Firewall Ports and Protocols)

  Forgive me if this question has been asked before, but a search did not give me much on my scenario.
  We currently have one Forest with multiple Domains and Child Domains. We have two departments that have Exchange 2010 running and control their own individual users and mailboxes inside their Domains. These two Exchange servers communicate with each other
  just fine.
  We now have a department (another domain) that needs control of their own Exchange 2010 server, but here is the catch. They are behind a Firewall. My question is, what Ports and Protocols do I need opened for the Exchange server behind the Firewall to properly
  communicate to the two other Exchange servers knowing that the Exchange Environment is  a Forest wide activity.
  At this point in time, we cannot get Exchange installed as the prereq check fails with an error that we need to prep the AD schema for Exchange, but we know this has been done since we have to other servers in the Forest.
  Perhaps we need ports not only opened to the two other exchange servers, but also the Forest Root controller?
  Any help is appreciated.

  Exchange needs to be able to fully access all other Exchange servers, Active Directory Domain Controllers, and Active Directory Global Catalogs. Additionally, if I remember correctly, there was a blog from the Exchange team a couple of years ago that said
  Exchange wasn't supported with firewalls between the various Exchange servers in the environment.
  I will ask one question - why aren't you centralizing your Exchange management and servers, and granting rights to these groups for their mailbox management (based on an Organizational Unit that their accounts are in, and granted at the Active Directory
  level)?  You would no longer have this issue each time another group decides they want to host their own Exchange system.

• Prblem while adding firewall in ciscoworks lms 2.6

  We are not able to add firewall ASA5510 in ciscoworks LMS 2.6.
  SNMP configuration on firewall is as follows
  snmp-server host inside 10.48.2.54 community firewall version 2c
  no snmp-server location
  no snmp-server contact
  snmp-server community ****
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  Please check attached file for ciscoworks configuration, SNMP Walk command output and Firewall "show version" output.

  Now I am able to add firewall but when i am trying to access firewall through Cisco View> Chassis View I am getting following error.
  Message
  Can't find applicable device package for 10.44.100.37.
  Cause
  Device package for this device type is not installed or device support for this device type might not be available or you are attempting to open a component inside a device.
  Action
  Please install a device package for the device type or open the parent device to manage the component.
  When I configured netshow job for "show running-config" and "show tech-support" it ends with following error
  Command(s) failed on the device Insufficient no. of interactive responses(or timeout) for command: show tech-support. Insufficient no. of interactive responses(or timeout) for command: show tech-support.

• Communication between 2 vlans on firewall.

  communication between 2 vlans.
  i have 2 vlans
  Vlan 100
  ip add 1.1.1.1
  Vlan 200
  ip add    2.2.2.2
  i want to make communication between 2 vlans on firewall 5520 ASA 8.2.
  Please provide configuration for same.

  You need to follow this guide the configuration which you have pasted has got nothing but the IP. Other parameters are also required to configure ASA firewall.
  http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/intrface.html
  Thanks
  Ajay

• How do I set my firewall settings in Avasti to allow communications between my HP 8600 and my comput

  How do I set my firewall settings in Avasti to allow communications between my HP 8600 and my computer

  Something to Consider:
  If you are talking about "Avast!" Security Software, either the free or the paid version, the following may apply to you:
  There are three main levels of Security in the Avast! software:  Home, Work, and Public
  Home is the setting many people use when "at home", that is, connected to the home network.  The home network is sometimes defined as the "192.168" network:  these are the computers and printers that you have and use in your home environment.  The network is (most usually) private and (should be) secured with with a passphrase at your router.  The Avast! Software sees the "Home" network as a "safe" environment:  devices connected within the "Home" network are allowed to "talk" (communicate) with one another without undue restrictions.
  Work is the next setting.  The software places some restrictions on this level of communication.  Home users can certainly use this setting -- in many (most) cases, the "Work" setting is a solution that provides for communication and a bit more security for the home network and its devices.
  Public is the strictest setting and is meant to keep your computer safe in a public place:  the library, coffee shop, on a street corner.  Outside "prying eyes" are prevented from peeping and outside communications are restricted.
  If you have set (or left) your Avast! software set to Public, or even Work (and you do not know how to handle the restrictions), then you may have simply locked out the communication between the printer and the computer(s) on your home network.
  Open your Avast! Software and set the security level to either "Home" or "Work".
  You can find out more about how to use the software settings at the Avast! website.
  Advanced Users Only - You will  know if you changed the Rules... this is not something one does by accident.
  If you have changed the rules within the settings, you may have locked yourself out.  Make sure you have both "in" and "out" traffic settings adjusted correctly for each rule you change / adapt / add.
  Kind Regards,
  Dragon-Fur

• My first generation AppleTV will not sync with iTunes anymore.  I get an error message that says: "The Apple TV is not responding Check that any firewall software running on this comptuter has been set to allow communication on port 3689"  firewall is off

  My first generation AppleTV will not sync with iTunes anymore.  I get an error message that says: "The Apple TV is not responding Check that any firewall software running on this comptuter has been set to allow communication on port 3689"  firewall is turned off.. Any ideas?

  Thanks Rudegar,
  I only synch and do not stream off of my 1st Gen AppleTV
  I will try with ethernet but will be a pain in the butt if i can not fix it with wifi for long term fix
  I may end up trying to do a named IP address vs DHCP for this appleTV (not sure if i can do both and do not want to remove DHCP as i have a bunch of sensors and other devices that I prefer to dynamically add to the network via DHCP vs. assign each one
  Will keep working on other fix options (factory reset, etc.)
  Thanks again

• Crystal Reports logon issue across firewall - Transport error:communication

  Hi,
  We are facing an error when we try to logon to the BO server using the crystal reports tool (Crystal Reports Enterprise XI Release 2 ) outside the firewall. The login is working fine when inside the firewall. The BO server is on a unix box within the customer network and we are trying to login from a PC (using Crystal Reports Enterprise XI Release 2) which is outside that network. The following are the errors we get when trying to logon using authentication as "Enterprise" and system name as "fully qualified server name:6400"
  1. Without including any IP addresses in the PC host file we get "Transport error:communication failure" on login.
  2. When I included the IP and name of the BO server in the PC host file (xx.xx.xx.xx host name) we get an error - "CMS host 'xxxx' address was resolved properly,but cannot be reached to establish a CMS connection.Verify your router/firewall allows communication on port 6400."
  (The IP address I include in the PC host file is the actual IP address of the BO server)
  3. I know we have natted IP addresses.. and the IP address of the BO server appears to be different when I do a ping to the BO server from outside the customer network i.e from the external PC. When I include the IP address in the host file (which I get from the ping <servername> outside the customer network from my PC) I get "Transport error:communication failure".
  The port 6400 has been opened in the firewall. We are able to login to the CMC link and the Info view without any issues.
  It will be great to get some advise on this as it has become a high priority issue in our workspace now.
  Thanks,
  Reeti

  Hi All,
  I had a breakthrough in logging to BOX1R2 Crystal Reports client outside the firewall. The following was done in our case:
  1. Open the port 6400 on the server to allow traffic from outside the firewall.
  2. Add the following command at the end in the cmsLAUNCH command line in ccm.config (ours is a BO server on Sun OS)
  -port FQDN:6400 -requestport XXXX
  The -port parameter was explicitly specified to make CMS explicitly listen on port 6400.
  The -requestport parameter was added to configure the server to register a fixed port (which has external access) with the CMS rather than letting it choose a dynamically selected one...so XXXX can be any port which is not allocated to any app and is also open in the firewall)
  Thanks,
  Reeti

• How to solve this. It happens even when firewall is disabled. Apple TV: "Check that any firewall software running on this computer has been set to allow communication on port 3689" alert in Windows

  How to fix this. Happens even when firewall is disabled.  (Apple TV 1st generation)
  Apple TV: "Check that any firewall software running on this computer has been set to allow communication on port 3689" alert in Windows

  After a few hours the same issue started again. (Port 3689 error) I checked my router settings and it shows ATV asd connected to my netrwork. ATV also shows in iTunes devices. It asll works till I try to sync. Then the error pops up
  I tired restoring ATV to factory settings. Even backed iTunes up to version 8 and every combonation therein. I started an older Gateway running Vista 64bit and it syncs fine with ATV although it's slow and I have to transfer movies  from my Win 7 to tyhe Vista machiner.
  I cannot find any reason for this issue. Can anybody solve this before it dribves me crazy? (Crazier)

• Broken Link - Firewall and Virtual Private Network Communication for Oracle

  The link for Firewall and Virtual Private Network Communication for Oracle Enterprise Manager on http://otn.oracle.com/products/oem/files/best_practices.html returns a 404 error. It is not pointing to the correct document

  This link is still broken !
  Can you please correct this ASAP ?
  Best regards, Yolanda
  Oracle HUB support services

• Cant add an ASA firewall on the Cisco Network Assistant community

  I've tried to add my ASA firewall on the modify button of my current community and after i entered the ip of the ASA it prompted me to accept the certificate and enter my credentials but after all that it returned an error "unsupported device type: Unknown cannot add device 192.168.x.x to community"
  how do i add my ASA firewall so that i could see it in my topology view?
  please help. thanks

  Cisco PIX 515E Firewalls. PIX Firewalls do not support the Cisco Discovery Protocol, so they are not automatically shown as neighbors in the Topology view. They are shown only after you add them to a community by using a Create Community or Modify Community window. To see a PIX Firewall link to another community member, you must add the link manually by selecting Add Link in a Topology popup menu

• Firewall disrupting network communication...

  Hey,
  This Mac connects to the Internet via a USB modem, and then shares that connection through its Airport card on 128-bit WEP, on "Fruity'.
  The XP machine can connect to "Fruity" just fine, when the Macs standard firewall is off.
  But once I turn on the Mac's firewall, the XP machine can no longer use the Internet, still the network connection is live and well (the iTunes on the machines stream music just fine).
  Also, when the firewall is on, the XP machine has an IP address such as 196.x.x.x or 192.x.x.x (something like that), but when its off it gets 10.0.2.2 (which I can connect to perfectly through smb://10.0.2.2).
  All appropriate services that the Mac tells me to have turned on are on to allow Internet sharing.
  The Internet works fine with the firewall Mac's internal firewall turned off and a third-party firewall doing the job (demo / trial version), such as DoorStop X, though I don't really want a third-party firewall running.
  I've searched afar, but I can't seem to find a way to tell the Mac firewall to let XP through.
  Anyway to do so?
  Any help is greatly appreciated,
  Thank you.
  iMac G5 - PowerMac12,1.   Mac OS X (10.4.4)  

  Hi,
  It seems like this issue is more related to Microsoft Azure SQL Database, I will move this thread to Microsoft Azure SQL Database Forum for a better help.
  Thank you for your understanding.
  Best Regards 
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• I recently upgraded to Fios Quantum and have a new ActionTech router. As a result my PC is no longer communicating with my APPLE TV.It must have a firewall or ports beegin blocked preventing the homesharing and communication even though the APPLE TV is on

  I recently upgraded to Verizon Fios Quantum high speed internet and was given an ActionTec router. I sucessfully installed all and connected wth my Apple TV. Although it worked initially it no longer does.  Something appears to be blocking  the Homesharing between my PC and the AppleTV even though the Apple TV is successfully connected to my home network. I spoke with an Apple Support Tech who was unable to help me becuase I have a PC! He admitted this is a common problem with FIOS and PCS. There must be a port that needs to be opened in the router. I do not beleive it is anything to do with my antivirus software or Windows Defender as i uninstalled all and still not communication. Must be a port within the routter that is blocking tis communication. On my Itunes you can see that it does not see the Apple TV. Please advise.

  I'd have to agree. I set my vms and two clients on Saturday in one hour. I think the picture is better I did not see an issue with the brightness. For the heck of it I recorded five channels at once to test it. I've also noticed when playing a recorded show on the client everything responds a lot quicker. So I am impressed and curious to see what new features come later.
  Kudos to verizon.

• Printer communication error and cannot add a new printer

  I was happily using my Epson Artisan 810 printer this morning, connected wirelessly to my iMac.  All of a sudden I cannot print, get "Communication Error".  Checked Epson's website, no luck there.  Re-checked my wireless settings on the printer itself and re-confirmed them, it will print test pages from the printer, but still not communicating with the iMac.  I thought that removing the printer and then adding it back in might help, but now I cannot add any printer at all.
  I resorted to my MacBook Pro, and now have the same problem with this as well.
  Any ideas please?  What else can I check.  My internet and so on are fine.  The printer itself shows the wireless icon and says the reception is excellent on the printout it produced.
  Thanks so much!
  L.

  It would be unusual for only Bonjour to stop working in the printer. The more likely is that the printer is set to a different network subnet to that for your Mac or, as you mentioned, something like a firewall is blocking it.
  The IP addressing is the most common cause. If there is a process to view or print the network settings for the Epson, then this will show what IP address range it has, which should be the same as your Mac. With the IP address, there will be four sets of numbers. For a typical home network, the first three sets are known as the IP subnet, while the last set is the network address. For example, a device with an IP address of 10.0.1.5, has an IP subnet of 10.0.1 and a network address of 5. For your Mac to 'see' the printer, both devices would need the same IP subnet, while having a different network address. So if you can check what IP address the Epson has, you may find it is using a different IP subnet to your Mac.

• Webserver on DMZ cannot send email via php script using SMTP (cisco firewall pix 515e)

  Hello,
  I have two web servers that are sitting in a DMZ behind a Cisco Firewall PIX 515e. The webservers appear to be configured correctly as our website and FTP website are up. On two of our main website, we have two contact forms that use a simple html for to call a php script that uses smtp as its mailing protocol. Since, I am not the network administrator, I don't quite understand how to  read the current configurations on the firewall, but I suspect that port 25 is blocked, which prevents the script from actually working or sending out emails.  What I've done to narrow the problem done is the following: I used a wamp server to test our scripts with our smtp servers settings, was able to successfully send an email out to both my gmail and work place accounts. Currently, we have backupexec loaded on both of these servers, and when I try to send out an alert I never receive it. I think because port 25 is closed on both of those servers.  I will be posting our configuration. if anyone can take a look and perhaps explain to me how I can change our webservers to communicate and successfully deliver mail via that script, I would gladly appreciate it. our IP range is 172.x.x.x, but it looks like our webservers are using 192.x.x.x with NAT in place. Please someone help.
  Thanks,
  Jeff Mateo
  PIX Version 6.3(4)
  interface ethernet0 100full
  interface ethernet1 100full
  interface ethernet2 100full
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  nameif ethernet2 DMZ security50
  enable password GFO9OSBnaXE.n8af encrypted
  passwd GFO9OSBnaXE.n8af encrypted
  hostname morrow-pix-ct
  domain-name morrowco.com
  clock timezone EST -5
  clock summer-time EDT recurring
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  no fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  name 12.42.47.27 LI-PIX
  name 172.20.0.0 CT-NET
  name 172.23.0.0 LI-NET
  name 172.22.0.0 TX-NET
  name 172.25.0.0 NY-NET
  name 192.168.10.0 CT-DMZ-NET
  name 1.1.1.1 DHEC_339849.ATI__LEC_HCS722567SN
  name 1.1.1.2 DHEC_339946.ATI__LEC_HCS722632SN
  name 199.191.128.105 web-dns-1
  name 12.127.16.69 web-dns-2
  name 12.3.125.178 NY-PIX
  name 64.208.123.130 TX-PIX
  name 24.38.31.80 CT-PIX
  object-group network morrow-net
  network-object 12.42.47.24 255.255.255.248
  network-object NY-PIX 255.255.255.255
  network-object 64.208.123.128 255.255.255.224
  network-object 24.38.31.64 255.255.255.224
  network-object 24.38.35.192 255.255.255.248
  object-group service morrow-mgmt tcp
  port-object eq 3389
  port-object eq telnet
  port-object eq ssh
  object-group network web-dns
  network-object web-dns-1 255.255.255.255
  network-object web-dns-2 255.255.255.255
  access-list out1 permit icmp any any echo-reply
  access-list out1 permit icmp object-group morrow-net any
  access-list out1 permit tcp any host 12.193.192.132 eq ssh
  access-list out1 permit tcp any host CT-PIX eq ssh
  access-list out1 permit tcp any host 24.38.31.72 eq smtp
  access-list out1 permit tcp any host 24.38.31.72 eq https
  access-list out1 permit tcp any host 24.38.31.72 eq www
  access-list out1 permit tcp any host 24.38.31.70 eq www
  access-list out1 permit tcp any host 24.38.31.93 eq www
  access-list out1 permit tcp any host 24.38.31.93 eq https
  access-list out1 permit tcp any host 24.38.31.93 eq smtp
  access-list out1 permit tcp any host 24.38.31.93 eq ftp
  access-list out1 permit tcp any host 24.38.31.93 eq domain
  access-list out1 permit tcp any host 24.38.31.94 eq www
  access-list out1 permit tcp any host 24.38.31.94 eq https
  access-list out1 permit tcp any host 24.38.31.71 eq www
  access-list out1 permit tcp any host 24.38.31.71 eq 8080
  access-list out1 permit tcp any host 24.38.31.71 eq 8081
  access-list out1 permit tcp any host 24.38.31.71 eq 8090
  access-list out1 permit tcp any host 24.38.31.69 eq ssh
  access-list out1 permit tcp any host 24.38.31.94 eq ftp
  access-list out1 permit tcp any host 24.38.31.92 eq 8080
  access-list out1 permit tcp any host 24.38.31.92 eq www
  access-list out1 permit tcp any host 24.38.31.92 eq 8081
  access-list out1 permit tcp any host 24.38.31.92 eq 8090
  access-list out1 permit tcp any host 24.38.31.93 eq 3389
  access-list out1 permit tcp any host 24.38.31.92 eq https
  access-list out1 permit tcp any host 24.38.31.70 eq https
  access-list out1 permit tcp any host 24.38.31.74 eq www
  access-list out1 permit tcp any host 24.38.31.74 eq https
  access-list out1 permit tcp any host 24.38.31.74 eq smtp
  access-list out1 permit tcp any host 24.38.31.75 eq https
  access-list out1 permit tcp any host 24.38.31.75 eq www
  access-list out1 permit tcp any host 24.38.31.75 eq smtp
  access-list out1 permit tcp any host 24.38.31.70 eq smtp
  access-list out1 permit tcp any host 24.38.31.94 eq smtp
  access-list dmz1 permit icmp any any echo-reply
  access-list dmz1 deny ip any 10.0.0.0 255.0.0.0
  access-list dmz1 deny ip any 172.16.0.0 255.240.0.0
  access-list dmz1 deny ip any 192.168.0.0 255.255.0.0
  access-list dmz1 permit ip any any
  access-list dmz1 deny ip any any
  access-list nat0 permit ip CT-NET 255.255.0.0 192.168.220.0 255.255.255.0
  access-list nat0 permit ip host 172.20.8.2 host 172.23.0.2
  access-list nat0 permit ip CT-NET 255.255.0.0 LI-NET 255.255.0.0
  access-list nat0 permit ip CT-NET 255.255.0.0 NY-NET 255.255.0.0
  access-list nat0 permit ip CT-NET 255.255.0.0 TX-NET 255.255.0.0
  access-list vpn-split-tun permit ip CT-NET 255.255.0.0 192.168.220.0 255.255.255
  .0
  access-list vpn-split-tun permit ip CT-DMZ-NET 255.255.255.0 192.168.220.0 255.2
  55.255.0
  access-list vpn-dyn-match permit ip any 192.168.220.0 255.255.255.0
  access-list vpn-ct-li-gre permit gre host 172.20.8.2 host 172.23.0.2
  access-list vpn-ct-ny permit ip CT-NET 255.255.0.0 NY-NET 255.255.0.0
  access-list vpn-ct-ny permit ip CT-DMZ-NET 255.255.255.0 NY-NET 255.255.0.0
  access-list vpn-ct-tx permit ip CT-NET 255.255.0.0 TX-NET 255.255.0.0
  access-list vpn-ct-tx permit ip CT-DMZ-NET 255.255.255.0 TX-NET 255.255.0.0
  access-list static-dmz-to-ct-2 permit ip host 192.168.10.141 CT-NET 255.255.248.
  0
  access-list nat0-dmz permit ip CT-DMZ-NET 255.255.255.0 192.168.220.0 255.255.25
  5.0
  access-list nat0-dmz permit ip CT-DMZ-NET 255.255.255.0 LI-NET 255.255.0.0
  access-list nat0-dmz permit ip CT-DMZ-NET 255.255.255.0 NY-NET 255.255.0.0
  access-list nat0-dmz permit ip CT-DMZ-NET 255.255.255.0 TX-NET 255.255.0.0
  access-list static-dmz-to-ct-1 permit ip host 192.168.10.140 CT-NET 255.255.248.
  0
  access-list static-dmz-to-li-1 permit ip CT-DMZ-NET 255.255.255.0 CT-NET 255.255
  .248.0
  access-list vpn-ct-li permit ip CT-NET 255.255.0.0 LI-NET 255.255.0.0
  access-list vpn-ct-li permit ip CT-DMZ-NET 255.255.255.0 LI-NET 255.255.0.0
  access-list vpn-ct-li permit ip host 10.10.2.2 host 10.10.1.1
  access-list in1 permit tcp host 172.20.1.21 any eq smtp
  access-list in1 permit tcp host 172.20.1.20 any eq smtp
  access-list in1 deny tcp any any eq smtp
  access-list in1 permit ip any any
  access-list in1 permit tcp any any eq smtp
  access-list cap4 permit ip host 172.20.1.82 host 192.168.220.201
  access-list cap2 permit ip host 172.20.1.82 192.168.220.0 255.255.255.0
  access-list in2 deny ip host 172.20.1.82 any
  access-list in2 deny ip host 172.20.1.83 any
  access-list in2 permit ip any any
  pager lines 43
  logging on
  logging timestamp
  logging buffered notifications
  logging trap notifications
  logging device-id hostname
  logging host inside 172.20.1.22
  mtu outside 1500
  mtu inside 1500
  mtu DMZ 1500
  ip address outside CT-PIX 255.255.255.224
  ip address inside 172.20.8.1 255.255.255.0
  ip address DMZ 192.168.10.1 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool ctpool 192.168.220.100-192.168.220.200
  ip local pool ct-thomson-pool-201 192.168.220.201 mask 255.255.255.255
  pdm history enable
  arp timeout 14400
  global (outside) 1 24.38.31.81
  nat (inside) 0 access-list nat0
  nat (inside) 1 CT-NET 255.255.0.0 2000 10
  nat (DMZ) 0 access-list nat0-dmz
  static (inside,DMZ) CT-NET CT-NET netmask 255.255.0.0 0 0
  static (inside,outside) 24.38.31.69 172.20.8.2 netmask 255.255.255.255 0 0
  static (DMZ,outside) 24.38.31.94 192.168.10.141 netmask 255.255.255.255 0 0
  static (inside,outside) 24.38.31.71 172.20.1.11 dns netmask 255.255.255.255 0 0
  static (DMZ,outside) 24.38.31.93 192.168.10.140 netmask 255.255.255.255 0 0
  static (DMZ,inside) 24.38.31.93 access-list static-dmz-to-ct-1 0 0
  static (DMZ,inside) 24.38.31.94 access-list static-dmz-to-ct-2 0 0
  static (inside,outside) 24.38.31.92 172.20.1.56 netmask 255.255.255.255 0 0
  static (DMZ,outside) 24.38.31.91 192.168.10.138 netmask 255.255.255.255 0 0
  static (DMZ,outside) 24.38.31.90 192.168.10.139 netmask 255.255.255.255 0 0
  static (inside,outside) 24.38.31.72 172.20.1.20 netmask 255.255.255.255 0 0
  static (inside,outside) 24.38.31.73 172.20.1.21 netmask 255.255.255.255 0 0
  static (inside,outside) 24.38.31.70 172.20.1.91 netmask 255.255.255.255 0 0
  static (DMZ,outside) 24.38.31.88 192.168.10.136 netmask 255.255.255.255 0 0
  static (DMZ,outside) 24.38.31.89 192.168.10.137 netmask 255.255.255.255 0 0
  static (inside,outside) 24.38.31.74 172.20.1.18 netmask 255.255.255.255 0 0
  static (inside,outside) 24.38.31.75 172.20.1.92 netmask 255.255.255.255 0 0
  access-group out1 in interface outside
  access-group dmz1 in interface DMZ
  route outside 0.0.0.0 0.0.0.0 24.38.31.65 1
  route inside 10.10.2.2 255.255.255.255 172.20.8.2 1
  route inside CT-NET 255.255.248.0 172.20.8.2 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server TACACS+ max-failed-attempts 3
  aaa-server TACACS+ deadtime 10
  aaa-server RADIUS protocol radius
  aaa-server RADIUS max-failed-attempts 3
  aaa-server RADIUS deadtime 10
  aaa-server LOCAL protocol local
  aaa-server ct-rad protocol radius
  aaa-server ct-rad max-failed-attempts 2
  aaa-server ct-rad deadtime 10
  aaa-server ct-rad (inside) host 172.20.1.22 morrow123 timeout 7
  aaa authentication ssh console LOCAL
  aaa authentication http console LOCAL
  aaa authentication serial console LOCAL
  aaa authentication telnet console LOCAL
  http server enable
  http 173.220.252.56 255.255.255.248 outside
  http 65.51.181.80 255.255.255.248 outside
  http 208.65.108.176 255.255.255.240 outside
  http CT-NET 255.255.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community m0rroW(0
  no snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  sysopt connection permit-pptp
  crypto ipsec transform-set 3des-sha esp-3des esp-sha-hmac
  crypto ipsec transform-set 3des-md5 esp-3des esp-md5-hmac
  crypto dynamic-map dyn_map 20 match address vpn-dyn-match
  crypto dynamic-map dyn_map 20 set transform-set 3des-sha
  crypto map ct-crypto 10 ipsec-isakmp
  crypto map ct-crypto 10 match address vpn-ct-li-gre
  crypto map ct-crypto 10 set peer LI-PIX
  crypto map ct-crypto 10 set transform-set 3des-sha
  crypto map ct-crypto 15 ipsec-isakmp
  crypto map ct-crypto 15 match address vpn-ct-li
  crypto map ct-crypto 15 set peer LI-PIX
  crypto map ct-crypto 15 set transform-set 3des-sha
  crypto map ct-crypto 20 ipsec-isakmp
  crypto map ct-crypto 20 match address vpn-ct-ny
  crypto map ct-crypto 20 set peer NY-PIX
  crypto map ct-crypto 20 set transform-set 3des-sha
  crypto map ct-crypto 30 ipsec-isakmp
  crypto map ct-crypto 30 match address vpn-ct-tx
  crypto map ct-crypto 30 set peer TX-PIX
  crypto map ct-crypto 30 set transform-set 3des-sha
  crypto map ct-crypto 65535 ipsec-isakmp dynamic dyn_map
  crypto map ct-crypto client authentication ct-rad
  crypto map ct-crypto interface outside
  isakmp enable outside
  isakmp key ******** address LI-PIX netmask 255.255.255.255 no-xauth no-config-mo
  de
  isakmp key ******** address 216.138.83.138 netmask 255.255.255.255 no-xauth no-c
  onfig-mode
  isakmp key ******** address NY-PIX netmask 255.255.255.255 no-xauth no-config-mo
  de
  isakmp key ******** address TX-PIX netmask 255.255.255.255 no-xauth no-config-mo
  de
  isakmp identity address
  isakmp nat-traversal 20
  isakmp policy 10 authentication pre-share
  isakmp policy 10 encryption 3des
  isakmp policy 10 hash sha
  isakmp policy 10 group 2
  isakmp policy 10 lifetime 86400
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption 3des
  isakmp policy 20 hash md5
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  isakmp policy 30 authentication pre-share
  isakmp policy 30 encryption 3des
  isakmp policy 30 hash md5
  isakmp policy 30 group 1
  isakmp policy 30 lifetime 86400
  vpngroup remotectusers address-pool ctpool
  vpngroup remotectusers dns-server 172.20.1.5
  vpngroup remotectusers wins-server 172.20.1.5
  vpngroup remotectusers default-domain morrowny.com

  Amit,
  I applaud your creativity in seeking to solve your problem, however, this sounds like a real mess in the making. There are two things I don't like about your approach. One, cron -> calling Java -> calling PHP -> accessing database, it's just too many layers, in my opinion, where things can go wrong. Two it seems to me that you are exposing data one your website (with the PHP) that you may not want expose and this is an important consideration when you are dealing with emails and privacy and so on.
  I think the path of least resistance would be to get a new user account added to the MySQL database that you can access remotely with your Java program. This account can be locked down for read only access and be locked down to the specific IP or IP range that your Java program will be connecting from.
  Again I applaud your creativity but truly this seems like a hack because of the complexity and security concerns you are introducing and I think is a path to the land of trouble. Hopefully you will be able to get a remote account set up.

• Wireless Communication Problems

  Hi Everyone!
  I have to mention a problem I face with my brand new OfficeJet AllinOne 8500 wireless.
  First of all, I use a laptop HP Pavilion and I have a wirelss network at home with other 2 PCs connected that run XP. Installing the printer software on these 2 xp PCs all run excellent.
  In contrast, I tried to install the software on the Vista HP Laptop and the problem is that the printer works just like printer. It cannot fax, scan or use it throught the HP Solution Center. When I click on the HP Solution Center icon I get the message that says the printer is not connected. Actually, during installation, the software locates the printer in the wireless network but it fails installing it. Then, opening the printers' window I see the icon of the HP 8500 wireless just like printer and not the icon of the scanner and the icon of the fax. What I get is not a both way communication, since I can send documents to be printed but I cannot gat any information from the printer to my laptop.
  Needless to say that I have disabled every firewall and every antivirus program.
  Important thing to add is that running the HP Network Diagnostic Tool the software sees that the Windows Firewall as Disabled, but clicking on the icon "Done with Firewall" I get the message "Your printer still seems to be blocked by a firewall. Are you sure you want to exit?".
  I do not know what else to disable or to do!
  Can you help me out?

  I had a similar problem with my OfficeJet L7680 and here's how I fixed it.  I'll probably post as a separate thread.  I hope this works:
  18APR10 - from Dan
  I lost my L7680 network link to my hard-wired router and could not print to it over the network.  I think I have a viable solution for anyone with the same problem.  First of all, I went to the HP site and downloaded the program for the L7680, Critical Update to Enhance Reliability of Network and USB Connectivity and Improve System Responsive....  This worked wonders until my modem and/or router went down.  Then I lost my network connection.  When I checked the network settings on the printer panel, I noticed a different IP address than the original 192.168.1.100.  Once I figured out how to reset it to that one, it worked as it should.  Here's how I reset it:  1.  Power down all devices (wired and wireless) to the router; 2. Power down the modem and router - wait a minute or so before powering back up;  3.  Power up the modem and give it a minute or so to go through system checks, which will normally acquire a new IP address from your ISP;  4. Power up the router and let it go through its system checks; 5.  Connect the CAT5 cable from the printer to the router and power it up before you power up and connect any other computers.  This should assign the printer the first IP address from the router, which should be 192.168.1.100.  Once the printer goes through its start-up checks, you can check its assigned IP address from its panel.  6.  Power up any other PCs or devices to the router.  They should be assigned successive IP address numbers.  You can check these using a browser in the PC after typing in 192.168.1.1, logging in to the router, and checking the appropriate place in the router driver/software displayed in the browser.  I was not able to reassign IP addresses in my router's driver/software, but this method did the trick.  I did not try to change the IP address of the printer from its panel to match what had been inadvertently reassigned to it.  That might be another option to synchronize the printer and router with the same IP address.