Compactrio not on RT target access list

Similar Messages

• ACL - extended access lists

  Hi, I'm working through the CCNA ICND2.  Section:  IP Access Control Lists
  On p246 it says "the access-list command must use protocol keywork tcp to be able to match TCP ports and the udp keyword to be able to match UPD ports"
  in an example on p264 they list the statement "access-list 101 permit any any eq telnet"
  I would assume that "telnet" is a word value for "port 23" (just like you can type  "eq www" instead of "port 80")
  therefore does it not have to read "access-list 101 permit tcp any any eq telnet"
  ??? many thanks for your answers - much appreciated.

  it's a typo!!

• NEXUS Access list

  I have a setup in which there are two Nexus in redundancy and few 4500 connected to them. I am using VRF solution in which there are many subnets defined and the management subnets are only defined in management VRF.
  Currently I am using cross VRF functionality in my core VDC so that my res VRF can communicate with managment VRF.
  I also have an access list defined in the cross VRF connection to allow RES subnets to communicate with one particular server in office network , for echo-reply and between two res subnets.
  Now for two subnets which are in RES VRF i have defined scope in my ip tool (QIP) and want to modify my access list to allow the DHCP requests/replies to flow. The DHCP clients will only communicate inside the "res" VRF, so the ACL does not need to allow any specific network traffic to/from these DHCP clients.
  I want help in that. I am not able create this access list.

  Can anyone please provide any suggestion on the above query.

• IP address is not on the target's allowable access list.

  when trying to deploy a lvlib or downloading code from a PC to a FP controller I get this error message "Access denied: This host computer's IP address is not on the target's allowable access list.". I have added the PC's IP address from within Max on the access list of the FP target (althoug default is full access to everyone). This did not help, I still get the same error message. Both systems are on the same IP segment.
  sincerely
  søren h. jensen

  Hello,
  Short of time right now, but I had the same problem: Here is a dump of my own notes on how I solved the pbolem (not necessary to reinstall software):
  I attempted to update these data with Measurement & Automation Explorer (MAX) using the "FieldPoint Access Control" panel in MAX: I set "*" and Read/Write and pressed "Apply": MAX Claims it has updated the Access Rightsm, but we are still unable to Deploy the CFP from the Project Explorer.
  SOLUTION:
  Use WS_FTP-PRO (or any FTP Client) and access the IP Address of the FieldPoint using anonymous login.
  Transfer the file ni-rt.ini from the root of c:\ on the Fieldpoint to the local PC and edit the settings as shown below.
  FTP the file back to the Fieldpoint.
  Set the following settings in "server.tcp.access" and "RTTarget.IPAccess":
  server.tcp.access=""+*""
  NOTE: Double Quotes here
  RTTarget.IPAccess="+*"
  NOTE: Single Quotes here
  +* means every IP address can access.
  It turned out that MAX had left the following (probably illegal) values in the fields:
  """" and ""
  Geir Ove

• IOS XR deny ace not supported in access list

  Hi everybody,
  We´ve a 10G interface, this is a MPLS trunk between one ASR 9010 and a 7613, and the first thing that we do is through a policy-map TK-MPLS_TG we make a shape of 2G to the interface to the output:
  interface TenGigE0/3/0/0
   cdp
   mtu 1568
   service-policy output TK-MPLS_TG
   ipv4 address 172.16.19.134 255.255.255.252
   mpls
    mtu 1568
  policy-map TK-MPLS_TG
  class class-default
    service-policy TK-MPLS_EDGE-WAN
    shape average 2000000000 bps
    bandwidth 2000000 kbps
  and we´ve the policy TK-MPLS_EDGE-WAN as a service-policy inside, this new policy  help us to asign bandwidth percent to 5 class-map, wich in turn match with experimental values classified when they got in to the router:
  class-map match-any W_RTP
   match mpls experimental topmost 5
   match dscp ef
   end-class-map
  class-map match-any W_EMAIL
   match mpls experimental topmost 1
   match dscp cs1
   end-class-map
  class-map match-any W_VIDEO
   match mpls experimental topmost 4 3
   match dscp cs3 cs4
   end-class-map
  class-map match-any W_DATOS-CR
   match mpls experimental topmost 2
   match dscp cs2
   end-class-map
  class-map match-any W_AVAIL
   match mpls experimental topmost 0
   match dscp default
   end-class-map
  policy-map TK-MPLS_EDGE-WAN
  class W_RTP
    bandwidth percent 5
  class W_VIDEO
    bandwidth percent 5
  class W_DATOS-CR
    bandwidth percent 30
  class W_EMAIL
    bandwidth percent 15
  class W_AVAIL
    bandwidth percent 2
  class class-default
  end-policy-map
  what we want to do is to assign a especific bandwidth to the proxy to the output using the class W_AVAIL, the proxy is 150.2.1.100. We´ve an additional requirement, wich is not apply this "rate" to some networks we are going to list only 4 in the example, so what we did was a new policy-map with a new class-map and a new ACL :
  ipv4 access-list PROXY-GIT-MEX
  10 deny ipv4 host 150.2.1.100 10.15.142.0 0.0.0.255
  20 deny ipv4 host 150.2.1.100 10.15.244.0 0.0.0.255
  30 deny ipv4 host 150.2.1.100 10.18.52.0 0.0.0.127
  40 deny ipv4 host 150.2.1.100 10.16.4.0 0.0.0.255
  50 permit tcp host 150.2.1.100 any
  60 permit tcp host 10.15.221.100 any
  policy-map EDGE-MEX3-PXY
   class C_PXY-GIT-MEX3
    police rate 300 mbps
   class class-default
   end-policy-map
  class-map match-any C_PXY-GIT-MEX3
   match access-group ipv4 PROXY-GIT-MEX
   end-class-map
  we asign a policy rate of 300 mbps to the class inside the policy EDGE-MEX3-PXY and finally we put this new policy inside the class W_AVAIL of the policy TK-MPLS_EDGE-WAN
  policy-map TK-MPLS_EDGE-WAN
  class W_RTP
    bandwidth percent 5
  class W_VIDEO
    bandwidth percent 5
  class W_DATOS-CR
    bandwidth percent 30
  class W_EMAIL
    bandwidth percent 15
  class W_AVAIL
    service-policy EDGE-MEX3-PXY
  class class-default
  end-policy-map
  and we get this:
  Wed Sep 17 18:35:36.537 UTC
  % Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed' from this session to view the errors
  RP/0/RSP1/CPU0:ED_MEX_1(config-pmap-c)#show configuration failed
  Wed Sep 17 18:35:49.662 UTC
  !! SEMANTIC ERRORS: This configuration was rejected by
  !! the system due to semantic errors. The individual
  !! errors with each failed configuration command can be
  !! found below.
  !!% Deny ace not supported in access-list: InPlace Modify Error: Policy TK-MPLS_TG: 'km' detected the 'warning' condition 'Deny ace not supported in access-list'
  end
  Any  kind of help is very appreciated.

  That is correct, due to the way the class-matching is implemented in the TCAM, only permit statements in an ACL can be used for QOS class-matching based on ACL.
  unfortunately, you'll need to redefine the policy class match in such a way that it takes the permit only.
  if you have some traffic that you want to exclude you could do something like this:
  access-list PERMIT-ME
  1 permit
  2 permit
  3 permit
  access-list DENY-me
  !the exclude list
  1 permit
  2 permit
  3 permit
  policy-map X
  class DENY-ME
  <dont do anything> or set something rogue (like qos-group)
  class PERMIT-ME
  do here what you wanted to do as earlier.
  eventhough the permit and deny may be overlapping in terms of match.
  only the first class is matched here, DENY-ME.
  cheers!
  xander

• Illegal dependency access list does not allow use of caf/eu/gp/api

  I am using NWDS 2004s and working with GP implementation.
  I am also able to see the development components as caf/eu/gp/api and sap.com/caf/gp/api/wd after copying the required files.
  But while selecting caf/eu/gp/api i am getting following exception
  Illegal dependency access list does not allow use of caf/eu/gp/api
  Please suggest if you have any idea regarding this.
  Regards
  Satya

  Hi Satyabrata,
  Are you using NWDI for development, or local development?
  I had the same problem when using local development components. I read somewhere in the documentation that for this you have to use the NWDI.
  Now I am using NWDI and this is working correctly.
  Johan

• How to specify target host in Access-list on 1700 router

  I want to be able to specify the target host on an access list and when I try to enter the IP and sub-net mask I get wierd result. This is on a 1700 router. I type: access-list 100 permit tcp any XXX.XXX.XXX.XXX 255.255.255.248 eq smtp where XXX.XXX.XXX.XXX is a public IP of a virtual email server on my inside.
  I get:
  access-list 100 permit tcp any 0.0.0.2 255.255.255.248 eq smtp
  Why does XXX.XXX.XXX.XXX get interpreted as 0.0.0.2?
  Thanks,
  Dave

  Dave,
  The address got converted to 0.0.0.2 because you used a subnet mask (255.255.255.248) where you should have used a wildcard mask (0.0.0.7).
  Regardless of what the network portion of the address was, when the router sees "255" in any position in the wildcard mask, it interprets that as "it really doesn't matter what number is in this part of the IP address". So it corrects your notation and replaces that part of the IP address with the placeholder "0".
  The fact that it put a ".2" at the end of the address indicates that the binary pattern of whatever XXX.XXX.XXX.XXX was ended in "010". The last octet was one of the numbers in this sequence: .2, .10, .18, ... (increments of 8), .114, or .122. The "248" in the last part of your wildcard mask told the router "it doesn't matter what number's here, as long as the last three binary bits match". The router just simplified the last .XXX you entered to the smallest number that had a matching binary pattern; in this case it was ".2".
  Something to remember: Use subnet masks for static routes and interface addressing; and wildcard masks for ACLs.
  The easiest way to calculate the wildcard mask you want, if you're used to seeing things in subnet mask format, is to subtract the subnet mask from 255.255.255.255. For example:
  255.255.255.255
  -255.255.255.248 (subnet mask)
  0.0.0.7 (wildcard mask)
  If you want to specify a single host address rather than a masked range of addresses, use the notation "host XXX.XXX.XXX.XXX". If you use the notation "XXX.XXX.XXX.XXX 0.0.0.0" where 0.0.0.0 is the wildcard mask, the router will convert it to "host XXX.XXX.XXX.XXX". (Go ahead, try it and see.)
  Similarly, if you want to specify all host addresses, use "any" as you have already done; or you can try "0.0.0.0 255.255.255.255" and the router will convert it to "any" for you. (Try this one too.)
  Check out the useful IP Subnet Calculator download at http://www.Boson.com -- it's free:
  Wildcard Mask Checker & Decimal-to-IP Calculator
  a neat little utility to check what your wildcard mask actually matches, and, converts from Decimal to IP address format.
  http://www.boson.com/promo/utilities.htm
  Hope this helps.

• Packets not hitting the route-map's NAT access-list

  Hi Everyone,
  I've been struggling with this issue for two days, I have couple of VPN tunnels on a router and all are working fine with NAT because I created route-maps for nat to deny the packets that are going to the tunnel from getting NATed, I have the same config for all the tunnels but the issue is with xxx_NAT access-list that is not even being hit by the packets so my xxx tunnel wont come up. I am positive that the problem is NAT because when I remove NAT from the 0/1.102 interface it starts to work. here is my config :
  interface GigabitEthernet0/1.102
  description "xxx"
  encapsulation dot1Q 102
  ip address 10.300.301.1 255.255.255.0
  ip access-group xxx_ACL in
  ip nat inside
  ip virtual-reassembly
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat pool ???_POOL ??
  ip nat pool ???_POOL ??
  ip nat pool ???_POOL ??
  ip nat pool xxx_POOL ??
  ip nat inside source route-map ??? pool ???_POOL overload
  ip nat inside source route-map ??? pool ???_POOL overload
  ip nat inside source route-map xxx pool xxx_POOL overload
  ip nat inside source route-map ??? pool ???_POOL overload
  ip access-list extended xxx-VPN
  remark VPN to xxx
  permit ip 10.300.301.0 0.0.0.255 192.168.45.0 0.0.0.255
  permit ip 192.168.45.0 0.0.0.255 10.300.301.0 0.0.0.255
  ip access-list extended xxx_ACL
  deny   ip 10.300.301.0 0.0.0.255 192.168.56.0 0.0.0.255
  permit ip any any
  ip access-list extended xxx_NAT
  deny   ip 10.300.301.0 0.0.0.255 110.110.2.0 0.0.0.255
  deny   ip 10.300.301.0 0.0.0.255 192.168.45.0 0.0.0.255
  permit ip 10.300.301.0 0.0.0.255 any
  route-map ??? permit 10
  match ip address ???_NAT
  route-map xxx permit 10
  match ip address xxx_NAT
  route-map ??? permit 10
  match ip address NAT_???
  route-map ??? permit 10
  match ip address ???_NAT
  control-plane
  banner motd ^C

  As that is probably *not* the config you are having problems with (or are your route-maps really named ???, xxx etc. ?) it is hard to help.
  So just a guess:
  The "ip nat inside source route-map-"staements are processed in a lexical order. The naming of your route-maps has to reflect the order you want to achieve. If you have the wrong order your traffic will end in the wrong translation which you should see with "show ip nat translation".
  HTH, Karsten

• RoleEntityACL|Role Access List | no values, guest and authenticated not shown

  All,
  I enabled RoleEntityACL from configuration manager. Role access list field shows up, but when I type **, there are no values at all. Not even guest and authenticated, OOTB values.
  I added UseEntitySecurity=true, I am able to see add Users and Groups when i type ** in the input field.
  Any pointers here?
  Thanks
  ~

  Srinath,
  I need to see the guest and authenticated values by default after enabling the "RoleEntityACL". Am i missing something here. I have Roles text box enabled, but it is not giving any values even if type **, g or a.
  If i get those values, i can go to configuration manager applet and then add more values.
  However, I did all those u mentioned. Added a new role in ExternalRoleView, Published Schema and Schema Base. Restarted UCM server. But i see null results.
  In General Configuration:
  UseEntitySecurity=true
  SpecialAuthGroups=TestGroup,Public
  In Advanced Component Manager:
  Enabled RoleEntityACL.
  I am able to add users and groups(aliases) in the access control list at the folder level. but not any roles. Am i missing something here?

• I need to restore a calendar to my iPad. I checked Itunes but the iPad is not listed as I ahave never sync'd it before. I do have iCloud but not sure how to access to sync. Thanks for any help.

  Need to find out how to get a calendar back on my iPad. Pretty new to Apple. Only one pf my 5 calendars was deleted. Do have iCloud backup just not sure how to access. iTunes has never been sync'd with iPad. Thanks for any help.

  No problem. See the restoring topic of:
  iTunes: Backing up, updating, and restoring your iPhone, iPad, or iPod touch software

• Why does MAX say %22The remote access list on this system is blank%22%3F

  I am building and deploying a real-time data acquisition/control system using LabVIEW RT (2012 SP1) and a PXI controller.  I've tested my software, and it runs fine, now that I've figured out how to build stand-alone executables for both the Host and RT Target systems.
  Due to a bug on the RT side (which I hope I've now fixed), I needed to "rebuild" my PXI Controller, reinstall LabVIEW RT and related software, and reconfigure all of the Tasks in MAX (version 5.5).  To save the Configuration (and simplify reconfiguring the Tasks and Channels), I tried to export the configuration using the Configuration Export Wizard in MAX.  However, there were some (minor?) inconsistencies in some of the devices (such as NI-488.2) between the Host and Remote systems that generated some errors.  I was able to correct this by asking MAX to do a Reset Configuration Data on the Host, and those problems went away.
  After exporting the NI Configuration Export File for my PXI, I decided to use MAX to Create Reports on both my Host and Remote PXI systems.  While reviewing the PXI's report, I noticed that the last entry in the report, called "Security", reads as follows:
  "The remote access list on this system is blank. This means that no remote system has access to this system."
  What does this mean?  Where is the "remote access list on this system", and how is it maintained?  Note that I haven't (yet) tried deploying my (formerly-working) Project to this (rebuilt) Controller, but I haven't made changes in LabVIEW, itself.
  If I look at the Properties of the RT Target in Project, the VI Server properties (still) show TCP/IP enabled (port 3363) with Machine Access given to "*" (all machines) and, similarly, all Exported VIs allowed access.
  Am I missing something?  Can I safely ignore the above Security report entry generated by MAX, or is there a hidden setting I need to find and change?
  Bob Schor
  Solved!
  Go to Solution.

  Norbert_B wrote:
  Bob,
  i am not sure about your situation, but it seems to me that it is connected to "Security" Settings. Please refer to the help in MAX, topic "Logging into your System".
  Norbert
  I agree, but I've never heard about "Security Settings" in MAX. When I first read your note, I went looking and couldn't find "Logging into your System".  I came back a day later, was going to write a "There is not such topic!" reply, but fortunately I looked again, and found it.  I suspect the reason I never ran into this was that my controllers were all using older BIOSes -- I'd just "rebuilt" this controller, including updating its BIOS, and ran into the Login prompt for the first time ...
  Thanks for pointing me in (what turns out to be) the right direction!
  BS

• Certain Artists Do Not Show Up On Artist List

  I recently purchased a new iPod Classic and everything is lovely, but a few artists just aren't showing up on my artists list. The files are there - I can access the music in question through the album search feature - but the name does not show up. Out of my 50 gigs of music, there are only a handful of artists that I am having this problem with. I've tried reentering the names for each of the albums, but to know avail. Do you know why some artists/discs just aren't showing up on my main organizational menu? Thanks so much for the help.

  rockmyplimsoul wrote:
  Alternatively, just turn off the Compilation feature on the iPod -- go to +Settings / Main Menu+ and uncheck Compilation, and +Settings / Music Menu+ and uncheck Compilation.
  I'm not sure that will do the trick. Artists not showing up on the Artist menu is usually because the album is marked a "Part of a Compilation" - as you say.
  This is why, look what happens in this case; I have only two songs by the artist Oasis, one on the album *Acoustic 3* and the other on *Top of the Pops 2* . Both of these albums are true compilation albums, that is - they have songs by various artists on the one album and therefore the *album artist* is _various artists_ and it's marked as a compilation. As a result, the artist Oasis does not appear in my artist list. However, if I were to add an album where the only artist is Oasis, the *album artist* would be Oasis and therefore Oasis would appear in the artist list _and in that list_ would be all three albums! (The comp albums would only show the Oasis track of course.)
  But there could be another reason! iTunes uses Gracenote to provide information about an album. If whoever created the Gracenote entry has listed an album as a compilation album (the compilation box is marked yes) because it is a _compilation of tracks by one artist but from different albums_ , guess what? It's a compilation! The album *The Whole Story* by Kate Bush is such an album. If that was the only album of hers that I had, she would not be on the artist list, but if I had her *Hounds of Love* album, she would be on the artist list and The Whole Story would show up!
  I know - it drives you crazy!
  The solutions: if a complete "one artist" album - The Whole Story for instance - is missing, go to *Get Info* for the whole album and mark the "Part of a Compilation" box as No . If you are about to import a new album, make sure the "Part of a Compilation" is off before importing it into iTunes. For a true compilation album (various artists) - that's a bit more difficult. Either accept it or, do you have one track (even the same one) from another album, or a CD single or single song that you can import to iTunes and mark as *not part of a compilation* ? If so, import it in order to create an entry for that artist.
  By the way, while we are discussing all this - Greatest Hits albums. If you have albums by different artists but with the same album name, Greatest Hits for instance, add the artist name to the album title (Greatest Hits, Santana) so that your iPod can differentiate between their album and Greatest Hits, Alice Cooper. If you don't do this, when you look at Albums /album title you will see tracks from both albums together on one album.

• When a Safari download is interrupted, I get the message "You do not have permission to access the requested resource" when I try to restart it.

  I have had this issue with my Macbook Pro ever since I bought it in November.  If I start downloading a file with Safari, and the download gets interrupted, I am unable to resume downloading from the point where it was interrupted.  Clicking on "resume downloading" button in the downloads list works fine it I do it immediately after the download is interrupted, but if a little time has elapsed (as little as a few minutes) since the interruption it will not let me resume the download, and I get the message in the downloads list "You do not have permission to access the requested resource."  I have repaired my permissions...I don't know what else to do.  Here's my system configuration:
  Macbook Pro Mid-2012 Retina Display
  2.3 GHz Intel Core i7
  8 GB RAM
  System 10.8.2
  I just have to editorialize for a moment:  My old Macbook Pro and my Mac Pro both worked great with Snow Leopard, but since upgrading the Mac Pro to Mountain Lion and buying the new Macbook I have had all kinds of issues like this.  Tech support at Panic software, that I contacted because of issues with some of their software, told me that I was only one of many with Mountain Lion issues, but here we're over half a year since the release of 10.8 and we're only on system 10.8.2.  Is anybody at Apple actually trying to fix the issues?
  Thanks for anything you can tell me!

  If you think this is a bug, you can report it here:
  Apple - Mac OS X - Feedback

• SSL VPN message "This (client) machine does not have the web access privilege."

  Hello!
  I am trying to configure the SSL VPN (WebVPN) and I am almost done but when clicking on the URL's I configured in the bookmarks, I get the message "This (client) machine does not have the web access privilege. Please contact your SSLVPN provider for assistance." I looked through the many tutorials and guides in existence and none talks about such error and the fix for it. In fact, if I search the net for this error message I get only one match, in the Cisco website, where is say that "The client computer does not meet the security criteria of having web access functionality through the SSL VPN gateway." and as fix it gave this tip "Check the URL to the gateway or contact the administrator if it persists." So, nothing on the website about what this issue is and how to fix it. I will provide my IOS configuration and hopefully someone will spot the issue. Here it goes:
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname R1
  boot-start-marker
  boot-end-marker
  logging message-counter syslog
  no logging buffered
  enable secret 5 $1$1LLX$u7aTc8XfNqPZhPVGwEF/J0
  enable password xxxxxxxx
  aaa new-model
  aaa authentication login userAuthen local
  aaa authentication login sdm_vpn_xauth_ml_1 local
  aaa authorization network groupauthor local
  aaa session-id common
  crypto pki trustpoint TP-self-signed-1279712955
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1279712955
  revocation-check none
  rsakeypair TP-self-signed-1279712955
  crypto pki certificate chain TP-self-signed-1279712955
  certificate self-signed 01
    3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31323739 37313239 3535301E 170D3130 30333233 31313030
    33375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32373937
    31323935 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100A8EF 34E3E792 36660498 9801F934 E8A41865 3599EA35 B073AC91 D7A53AF4
    A4390D2F CB3DB2DE 936B28F0 A25F3CE1 6F40FD9E E79096F2 F89620E0 B31A7B34
    649BBA22 AE44CB55 9F38BF0C 2F2770CF 8380C167 C17D760C 380E28E4 FF7D6874
    9EFC310A 2AA60835 F1AA384F CD1A0173 19C98192 EBFBD531 24CB9203 EA9E7D54
    B2C30203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603
    551D1104 06300482 02523130 1F060355 1D230418 30168014 0D9D62EC DA77EAF3
    11ABF64D 933633F9 2BA362DC 301D0603 551D0E04 1604140D 9D62ECDA 77EAF311
    ABF64D93 3633F92B A362DC30 0D06092A 864886F7 0D010104 05000381 81006853
    48ED4E3E 5721C653 D9A2547C 36E4F0CB A6764B29 9AFFD30A 1B382C8C C6FDAA55
    265BCF6C 51023F5D 4AF6E177 C76C4560 57DE5259 40DE4254 E79B3E13 ABD0A78D
    7E0B623A 0F2D9C01 E72EF37D 5BAB72FF 65A176A1 E3709758 0229A66B 510F9AA2
    495CBB4B 2CD721A7 D6F6EB43 65538BE6 B45550D7 A80A4504 E529D092 73CD
     quit
  dot11 syslog
  ip source-route
  ip dhcp excluded-address 192.168.0.1 192.168.0.10
  ip dhcp pool myPOOL
     network 192.168.0.0 255.255.255.0
     default-router 192.168.0.1
     dns-server 87.216.1.65 87.216.1.66
  ip cef
  ip name-server 87.216.1.65
  ip name-server 87.216.1.66
  ip ddns update method mydyndnsupdate
  HTTP
    add http://username:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
  interval maximum 1 0 0 0
  no ipv6 cef
  multilink bundle-name authenticated
  vpdn enable
  vpdn-group pppoe
  request-dialin
    protocol pppoe
  username cisco privilege 15 password 0 xxxxxxxx
  crypto isakmp policy 3
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp fragmentation
  crypto isakmp client configuration group vpnclient
  key cisco123
  domain selfip.net
  pool ippool
  acl 110
  crypto ipsec transform-set myset esp-3des esp-md5-hmac
  crypto dynamic-map dynmap 10
  set transform-set myset
  reverse-route
  crypto map clientmap client authentication list userAuthen
  crypto map clientmap isakmp authorization list groupauthor
  crypto map clientmap client configuration address respond
  crypto map clientmap 10 ipsec-isakmp dynamic dynmap
  archive
  log config
    hidekeys
  interface Loopback0
  ip address 10.11.0.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface Loopback2
  description SSL VPN Website IP address
  ip address 10.10.10.1 255.255.255.0
  interface Loopback1
  description SSL DHCP Pool Gateway Address
  ip address 192.168.250.1 255.255.255.0
  interface FastEthernet0
  description $ES_LAN$
  ip address 192.168.0.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface BRI0
  no ip address
  encapsulation hdlc
  shutdown
  interface FastEthernet1
  interface FastEthernet2
  switchport access vlan 2
  interface FastEthernet3
  interface FastEthernet4
  interface FastEthernet5
  interface FastEthernet6
  interface FastEthernet7
  interface FastEthernet8
  interface ATM0
  no ip address
  no atm ilmi-keepalive
  pvc 8/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
  bundle-enable
  dsl operating-mode auto
  interface Vlan1
  no ip address
  interface Dialer1
  ip ddns update hostname myserver.selfip.net
  ip ddns update mydyndnsupdate host members.dyndns.org
  ip address negotiated
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  ip policy route-map VPN-Client
  dialer pool 1
  ppp chap hostname xxx
  ppp chap password 0 xxxx
  ppp pap sent-username xxx password 0 xxxx
  crypto map clientmap
  ip local pool ippool 192.168.50.100 192.168.50.200
  ip local pool sslvpnpool 192.168.250.2 192.168.250.100
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip http server
  ip http authentication local
  ip http secure-server
  ip nat inside source static tcp 192.168.0.2 21 interface Dialer1 790
  ip nat inside source static tcp 192.168.0.15 21 interface Dialer1 789
  ip nat inside source list 102 interface Dialer1 overload
  ip nat inside source static tcp 10.10.10.1 443 interface Dialer1 443
  ip nat inside source static tcp 10.10.10.1 80 interface Dialer1 80
  access-list 102 deny   ip 192.168.0.0 0.0.0.255 192.168.50.0 0.0.0.255
  access-list 102 permit ip 192.168.0.0 0.0.0.255 any
  access-list 110 permit ip 192.168.0.0 0.0.0.255 192.168.50.0 0.0.0.255
  access-list 144 permit ip 192.168.50.0 0.0.0.255 any
  route-map VPN-Client permit 10
  match ip address 144
  set ip next-hop 10.11.0.2
  control-plane
  banner motd ^C
  ================================================================
                  UNAUTHORISED ACCESS IS PROHIBITED!!!
  =================================================================
  ^C
  line con 0
  line aux 0
  line vty 0 4
  password mypassword
  transport input telnet ssh
  webvpn gateway MyGateway
  ip address 10.10.10.1 port 443 
  http-redirect port 80
  ssl trustpoint TP-self-signed-1279712955
  inservice
  webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
  webvpn install csd flash:/webvpn/sdesktop.pkg
  webvpn context SecureMeContext
  title "My SSL VPN Service"
  secondary-color #C0C0C0
  title-color #808080
  ssl authenticate verify all
  url-list "MyServers"
     heading "My Intranet"
     url-text "Cisco" url-value "http://192.168.0.2"
     url-text "NetGear" url-value "http://192.168.0.3"
  login-message "Welcome to My VPN"
  policy group MyDefaultPolicy
     url-list "MyServers"
     functions svc-enabled
     svc address-pool "sslvpnpool"
     svc keep-client-installed
  default-group-policy MyDefaultPolicy
  aaa authentication list userAuthen
  gateway MyGateway domain testvpn
  max-users 100
  csd enable
  inservice
  end
  Thank you!

  Hi,
  Please check SAP note:
  2004579 - You cannot create a FR company from a Package
  Thanks & Regards,
  Nagarajan

• Failed to start hibernate.target: Access denied

  I upgraded my machine yesterday and  the Hibernate item in kmenu->Leave are missing. also "systemctl hibernate" dont work:
  $ systemctl hibernate
  Failed to execute operation: Sleep verb not supported
  Failed to start hibernate.target: Access denied
  log:
  Mar 08 22:50:56 arch polkitd[720]: Registered Authentication Agent for unix-process:2370:106040 (system bus name :1.86 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
  Mar 08 22:50:56 arch dbus[363]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.87" (uid=1000 pid=2370 comm="systemctl hibernate -i ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
  Mar 08 22:50:56 arch polkitd[720]: Unregistered Authentication Agent for unix-process:2370:106040 (system bus name :1.86, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
  Suspend works fine.
  Last edited by ReiserFS (2014-03-09 12:35:46)

  I've got this same problem. For me it's because I haven't got a swap partition (even though I thought I set this machine up with one...). Perhaps you also don't have a swap partition, or maybe it's not mounted? Anyway, I would start with the Swap page of the wiki.